Tools / gamevault-app / Security

Security Deep Dive

gamevault-app

Security posture and CVE patch evidence from tracked releases.

Back to Tool

12 high-severity dependency CVEs affects 1.17.5.0.

Review the dependency vulnerabilities below.

— Signed — SLSA ✓ SBOM ✓ Security policy Weekly cadence · 14d median Sporadic maintainer

Trust Signals — 4 of 9 Present

Evidence already collected from releases and repository metadata.

4/9 Present

Signed releases Unknown

Latest release artifact signature Latest release

—

SLSA provenance Unknown

Attestation predicate level Latest release

—

SBOM published Present

GitHub SBOM API Latest release

Last verified: 28d ago

SECURITY.md Present

GitHub repository metadata Repository policy

Checked: 18d ago

Release cadence: weekly Present

14d median over recent releases Release history

Latest release: 5mo ago

Maintainer sporadic Present

Recent commit activity Repository

Last commit: 4mo ago

Checksums (SHA256SUMS) Not active yet

SHA256SUMS or equivalent Release asset

Latest release: 5mo ago

GitHub Actions attestation Not active yet

actions/attest-build-provenance Workflow file

Latest release: 5mo ago

Signing assets Not active yet

.sig, .crt, cosign.pub, or similar Release asset

Latest release: 5mo ago

4.9/10 Security Score

Dependency Exposure 79 transitive dependency CVEs found in the latest SBOM.

Security Score

A composite score aggregating Scorecard performance, CVE patch history, OpenSSF badge tier, and dependency vulnerability exposure. Score ≥ 7.0 is healthy; < 4.0 warrants attention.

epss

0.25 / 0.5

No EPSS data

freshness

0.65 / 1.0

148d stale

scorecard

2.00 / 4.0

⚠ Estimated — not yet collected

cve health

1.50 / 2.5

No open CVEs

patch speed

0.50 / 0.5

⚠ Estimated — no CVE patch history

kev exposure

1.50 / 1.5

No KEV exposure

supply chain risk

-1.50 / 10.0

Risk 24.0/100

Score breakdown

schema v2

Vulnerability posture

vulnerability posture

6.0

25%

direct cves: clear cve scan: available

Release responsiveness

release responsiveness

10.0

patch speed days: no_history

Dependency exposure

dependency exposure

7.6

10%

supply chain risk: 24.0 transitive cves: 0c/12h

Provenance trust

provenance trust

5.0

40%

scorecard score: estimated openssf badge: none

Maintainer health

maintainer health

6.5

10%

activity freshness: 148d

Operational risk

operational risk

8.5

10%

kev exposure: clear epss max: none

How is this calculated?

The six dimensions group the legacy score signals into weighted categories: direct vulnerability status, patch responsiveness, dependency exposure, provenance checks, maintainer activity, and exploitability risk. The flat component values above remain available for compatibility.

Supply Chain Risk

Risk 24.0/100

0 Transitive critical CVEs

0 KEV-transitive CVEs

100% Dependency freshness

OpenSSF Badge

OpenSSF none

Badge indicates adherence to open-source best practices.

Dependency Vulnerabilities

21 dependencies scanned View full dependency list →

Scanning the SBOM (Software Bill of Materials) of the latest release for known vulnerabilities in transitive dependencies.

Critical

High

Medium

Low

Unknown

Still affecting latest (79) All (79)

High 12 Medium 52 Low 15

CVE	Severity	KEV	Dependency	Affected version	Cleared in release
CVE-2026-24485	high	—	Magick.NET-Q8-x64	14.9.1	—
CVE-2026-25794	high	—	Magick.NET-Q8-x64	14.9.1	—
CVE-2026-25965	high	—	Magick.NET-Q8-x64	14.9.1	—
CVE-2026-25968	high	—	Magick.NET-Q8-x64	14.9.1	—
CVE-2026-25985	high	—	Magick.NET-Q8-x64	14.9.1	—
CVE-2026-25989	high	—	Magick.NET-Q8-x64	14.9.1	—
CVE-2026-28494	high	—	Magick.NET-Q8-x64	14.9.1	—
CVE-2026-28691	high	—	Magick.NET-Q8-x64	14.9.1	—
CVE-2026-28693	high	—	Magick.NET-Q8-x64	14.9.1	—
CVE-2026-30929	high	—	Magick.NET-Q8-x64	14.9.1	—
CVE-2026-33901	high	—	Magick.NET-Q8-x64	14.9.1	—
CVE-2026-33908	high	—	Magick.NET-Q8-x64	14.9.1	—
CVE-2025-68950	medium	—	Magick.NET-Q8-x64	14.9.1	—
CVE-2026-22770	medium	—	Magick.NET-Q8-x64	14.9.1	—
CVE-2026-23874	medium	—	Magick.NET-Q8-x64	14.9.1	—
CVE-2026-23952	medium	—	Magick.NET-Q8-x64	14.9.1	—
CVE-2026-24484	medium	—	Magick.NET-Q8-x64	14.9.1	—
CVE-2026-25576	medium	—	Magick.NET-Q8-x64	14.9.1	—
CVE-2026-25637	medium	—	Magick.NET-Q8-x64	14.9.1	—
CVE-2026-25638	medium	—	Magick.NET-Q8-x64	14.9.1	—
CVE-2026-25795	medium	—	Magick.NET-Q8-x64	14.9.1	—
CVE-2026-25796	medium	—	Magick.NET-Q8-x64	14.9.1	—
CVE-2026-25797	medium	—	Magick.NET-Q8-x64	14.9.1	—
CVE-2026-25799	medium	—	Magick.NET-Q8-x64	14.9.1	—
CVE-2026-25897	medium	—	Magick.NET-Q8-x64	14.9.1	—
CVE-2026-25969	medium	—	Magick.NET-Q8-x64	14.9.1	—
CVE-2026-25970	medium	—	Magick.NET-Q8-x64	14.9.1	—
CVE-2026-25971	medium	—	Magick.NET-Q8-x64	14.9.1	—
CVE-2026-25982	medium	—	Magick.NET-Q8-x64	14.9.1	—
CVE-2026-25983	medium	—	Magick.NET-Q8-x64	14.9.1	—
CVE-2026-25986	medium	—	Magick.NET-Q8-x64	14.9.1	—
CVE-2026-25987	medium	—	Magick.NET-Q8-x64	14.9.1	—
CVE-2026-26066	medium	—	Magick.NET-Q8-x64	14.9.1	—
CVE-2026-26283	medium	—	Magick.NET-Q8-x64	14.9.1	—
CVE-2026-26284	medium	—	Magick.NET-Q8-x64	14.9.1	—
CVE-2026-26983	medium	—	Magick.NET-Q8-x64	14.9.1	—
CVE-2026-27798	medium	—	Magick.NET-Q8-x64	14.9.1	—
CVE-2026-27799	medium	—	Magick.NET-Q8-x64	14.9.1	—
CVE-2026-28493	medium	—	Magick.NET-Q8-x64	14.9.1	—
CVE-2026-28686	medium	—	Magick.NET-Q8-x64	14.9.1	—
CVE-2026-28687	medium	—	Magick.NET-Q8-x64	14.9.1	—
CVE-2026-28688	medium	—	Magick.NET-Q8-x64	14.9.1	—
CVE-2026-28689	medium	—	Magick.NET-Q8-x64	14.9.1	—
CVE-2026-28690	medium	—	Magick.NET-Q8-x64	14.9.1	—
CVE-2026-28692	medium	—	Magick.NET-Q8-x64	14.9.1	—
CVE-2026-30883	medium	—	Magick.NET-Q8-x64	14.9.1	—
CVE-2026-30931	medium	—	Magick.NET-Q8-x64	14.9.1	—
CVE-2026-30935	medium	—	Magick.NET-Q8-x64	14.9.1	—
CVE-2026-30936	medium	—	Magick.NET-Q8-x64	14.9.1	—
CVE-2026-30937	medium	—	Magick.NET-Q8-x64	14.9.1	—
CVE-2026-31853	medium	—	Magick.NET-Q8-x64	14.9.1	—
CVE-2026-32636	medium	—	Magick.NET-Q8-x64	14.9.1	—
CVE-2026-33535	medium	—	Magick.NET-Q8-x64	14.9.1	—
CVE-2026-33536	medium	—	Magick.NET-Q8-x64	14.9.1	—
CVE-2026-33899	medium	—	Magick.NET-Q8-x64	14.9.1	—
CVE-2026-33902	medium	—	Magick.NET-Q8-x64	14.9.1	—
CVE-2026-33905	medium	—	Magick.NET-Q8-x64	14.9.1	—
CVE-2026-40169	medium	—	Magick.NET-Q8-x64	14.9.1	—
CVE-2026-40183	medium	—	Magick.NET-Q8-x64	14.9.1	—
CVE-2026-40310	medium	—	Magick.NET-Q8-x64	14.9.1	—
CVE-2026-40311	medium	—	Magick.NET-Q8-x64	14.9.1	—
CVE-2026-40312	medium	—	Magick.NET-Q8-x64	14.9.1	—
GHSA-98cp-rj9f-6v5g	medium	—	Magick.NET-Q8-x64	14.9.1	—
GHSA-qp59-x883-77qv	medium	—	Magick.NET-Q8-x64	14.9.1	—
CVE-2026-25984	low	—	Magick.NET-Q8-x64	14.9.1	—
GHSA-2gq3-ww97-wfjm	low	—	Magick.NET-Q8-x64	14.9.1	—
GHSA-3j4x-rwrx-xxj9	low	—	Magick.NET-Q8-x64	14.9.1	—
GHSA-3q5f-gmjc-38r8	low	—	Magick.NET-Q8-x64	14.9.1	—
GHSA-6p22-q7w5-33pg	low	—	Magick.NET-Q8-x64	14.9.1	—
GHSA-8vfj-q2cp-5m5j	low	—	Magick.NET-Q8-x64	14.9.1	—
GHSA-9r56-3gjq-hqf7	low	—	Magick.NET-Q8-x64	14.9.1	—
GHSA-gq5v-qf8q-fp77	low	—	Magick.NET-Q8-x64	14.9.1	—
GHSA-pmpg-6pww-fg6q	low	—	Magick.NET-Q8-x64	14.9.1	—
GHSA-q8h3-jv9v-57qx	low	—	Magick.NET-Q8-x64	14.9.1	—
GHSA-w54j-7wpm-crhj	low	—	Magick.NET-Q8-x64	14.9.1	—
GHSA-wfx3-6g53-9fgc	low	—	Magick.NET-Q8-x64	14.9.1	—
GHSA-wgxp-q8xq-wpp9	low	—	Magick.NET-Q8-x64	14.9.1	—
GHSA-x928-4434-crqj	low	—	Magick.NET-Q8-x64	14.9.1	—
GHSA-xpg8-7m6m-jf56	low	—	Magick.NET-Q8-x64	14.9.1	—

Showing 79 of 79