Tools / MineContext / Security

Security Deep Dive

MineContext

Security posture and CVE patch evidence from tracked releases.

Back to Tool

1 actively-exploited dependency CVE affects v0.1.8.

KEV-listed CVEs are confirmed exploited in the wild — patch urgently.

— Signed — SLSA ✓ SBOM ✓ Security policy Weekly cadence · 9d median Active maintainer

Trust Signals — 4 of 9 Present

Evidence already collected from releases and repository metadata.

4/9 Present

Signed releases Unknown

Latest release artifact signature Latest release

—

SLSA provenance Unknown

Attestation predicate level Latest release

—

SBOM published Present

GitHub SBOM API Latest release

Last verified: 28d ago

SECURITY.md Present

GitHub repository metadata Repository policy

Checked: 23d ago

Release cadence: weekly Present

9d median over recent releases Release history

Latest release: 4mo ago

Maintainer active Present

Recent commit activity Repository

Last commit: 27d ago

Checksums (SHA256SUMS) Not active yet

SHA256SUMS or equivalent Release asset

Latest release: 4mo ago

GitHub Actions attestation Not active yet

actions/attest-build-provenance Workflow file

Latest release: 4mo ago

Signing assets Not active yet

.sig, .crt, cosign.pub, or similar Release asset

Latest release: 4mo ago

3.8/10 Security Score

Dependency Exposure 227 transitive dependency CVEs found in the latest SBOM. 16 critical.

Security Score

A composite score aggregating Scorecard performance, CVE patch history, OpenSSF badge tier, and dependency vulnerability exposure. Score ≥ 7.0 is healthy; < 4.0 warrants attention.

epss

0.25 / 0.5

No EPSS data

freshness

1.00 / 1.0

27d stale

scorecard

2.00 / 4.0

⚠ Estimated — not yet collected

cve health

0.00 / 2.5

⚠ No direct scan — 16c/95h transitive CVEs

patch speed

0.50 / 0.5

⚠ Estimated — no CVE patch history

kev exposure

1.50 / 1.5

No KEV exposure

supply chain risk

-1.50 / 10.0

Risk 100.0/100

Score breakdown

schema v2

Vulnerability posture

vulnerability posture

0.0

25%

direct cves: clear cve scan: estimated

Release responsiveness

release responsiveness

10.0

patch speed days: no_history

Dependency exposure

dependency exposure

0.0

10%

supply chain risk: 100.0 transitive cves: 16c/95h

Provenance trust

provenance trust

5.0

40%

scorecard score: estimated openssf badge: none

Maintainer health

maintainer health

10.0

10%

activity freshness: 27d

Operational risk

operational risk

8.5

10%

kev exposure: detected epss max: none

How is this calculated?

The six dimensions group the legacy score signals into weighted categories: direct vulnerability status, patch responsiveness, dependency exposure, provenance checks, maintainer activity, and exploitability risk. The flat component values above remain available for compatibility.

Supply Chain Risk

Risk 100.0/100

16 Transitive critical CVEs

1 KEV-transitive CVEs

46% Dependency freshness

OpenSSF Badge

OpenSSF none

Badge indicates adherence to open-source best practices.

Dependency Vulnerabilities

1479 dependencies scanned View full dependency list →

Scanning the SBOM (Software Bill of Materials) of the latest release for known vulnerabilities in transitive dependencies.

Critical

High

Medium

Low

Unknown

1 dependency vulnerabilities are in KEV.

CISA confirmed these vulnerabilities are actively exploited. Treat as critical priority.

Still affecting latest (108) All (227)

Critical 16 High 95 Medium 98 Low 14 Unknown 4

CVE	Severity	KEV	Dependency	Affected version	Cleared in release
CVE-2014-3007	critical	—	pillow	—	—
CVE-2016-4009	critical	—	pillow	—	—
CVE-2017-18342	critical	—	pyyaml	—	—
CVE-2019-20477	critical	—	pyyaml	—	—
CVE-2020-11538	critical	—	pillow	—	—
CVE-2020-14343	critical	—	pyyaml	—	—
CVE-2020-1747	critical	—	pyyaml	—	—
CVE-2020-5310	critical	—	pillow	—	—
CVE-2020-5311	critical	—	pillow	—	—
CVE-2020-5312	critical	—	pillow	—	—
CVE-2021-25289	critical	—	pillow	—	—
CVE-2021-34552	critical	—	pillow	—	—
CVE-2022-22817	critical	—	pillow	—	—
CVE-2023-50447	critical	—	pillow	—	—
CVE-2024-3829	critical	—	qdrant-client	—	—
CVE-2026-27699	critical	—	basic-ftp	5.0.5	—
CVE-2014-1402	high	—	jinja2	—	—
CVE-2014-1932	high	—	pillow	—	—
CVE-2014-3589	high	—	pillow	—	—
CVE-2014-3598	high	—	pillow	—	—
CVE-2014-9601	high	—	pillow	—	—
CVE-2016-0775	high	—	pillow	—	—
CVE-2016-10745	high	—	jinja2	—	—
CVE-2016-2533	high	—	pillow	—	—
CVE-2016-3076	high	—	pillow	—	—
CVE-2016-9190	high	—	pillow	—	—
CVE-2019-10906	high	—	jinja2	—	—
CVE-2019-16865	high	—	pillow	—	—
CVE-2019-19911	high	—	pillow	—	—
CVE-2020-10177	high	—	pillow	—	—
CVE-2020-10378	high	—	pillow	—	—
CVE-2020-10379	high	—	pillow	—	—
CVE-2020-10994	high	—	pillow	—	—
CVE-2020-35653	high	—	pillow	—	—
CVE-2020-35654	high	—	pillow	—	—
CVE-2020-5313	high	—	pillow	—	—
CVE-2020-7694	high	—	uvicorn	—	—
CVE-2020-7695	high	—	uvicorn	—	—
CVE-2021-23437	high	—	pillow	—	—
CVE-2021-25287	high	—	pillow	—	—
CVE-2021-25288	high	—	pillow	—	—
CVE-2021-25290	high	—	pillow	—	—
CVE-2021-25291	high	—	pillow	—	—
CVE-2021-25293	high	—	pillow	—	—
CVE-2021-27921	high	—	pillow	—	—
CVE-2021-27922	high	—	pillow	—	—
CVE-2021-27923	high	—	pillow	—	—
CVE-2021-28675	high	—	pillow	—	—
CVE-2021-28676	high	—	pillow	—	—
CVE-2021-28677	high	—	pillow	—	—
CVE-2021-32677	high	—	fastapi	—	—
CVE-2022-24303	high	—	pillow	—	—
CVE-2022-30595	high	—	pillow	—	—
CVE-2022-45198	high	—	pillow	—	—
CVE-2022-45199	high	—	pillow	—	—
CVE-2023-44271	high	—	pillow	—	—
CVE-2023-4863	high	KEV	pillow	—	—
CVE-2024-24762	high	—	python-multipart	—	—
CVE-2024-24762	high	—	fastapi	—	—
CVE-2024-28219	high	—	pillow	—	—
CVE-2024-53981	high	—	python-multipart	—	—
CVE-2025-48379	high	—	pillow	—	—
CVE-2025-59343	high	—	tar-fs	2.1.3	—
CVE-2025-64756	high	—	glob	10.4.5	—
CVE-2026-1526	high	—	undici	6.21.2	—
CVE-2026-1528	high	—	undici	6.21.2	—
CVE-2026-22029	high	—	@remix-run/router	1.23.0	—
CVE-2026-2229	high	—	undici	6.21.2	—
CVE-2026-23745	high	—	tar	6.2.1	—
CVE-2026-23950	high	—	tar	6.2.1	—
CVE-2026-24486	high	—	python-multipart	—	—
CVE-2026-24842	high	—	tar	6.2.1	—
CVE-2026-25547	high	—	@isaacs/brace-expansion	5.0.0	—
CVE-2026-25639	high	—	axios	1.12.2	—
CVE-2026-25990	high	—	pillow	—	—
CVE-2026-26960	high	—	tar	6.2.1	—
CVE-2026-26996	high	—	minimatch	5.1.6	—
CVE-2026-27606	high	—	rollup	4.46.3	—
CVE-2026-27903	high	—	minimatch	5.1.6	—
CVE-2026-27904	high	—	minimatch	5.1.6	—
CVE-2026-29786	high	—	tar	6.2.1	—
CVE-2026-31802	high	—	tar	6.2.1	—
CVE-2026-32141	high	—	flatted	3.3.3	—
CVE-2026-33228	high	—	flatted	3.3.3	—
CVE-2026-33671	high	—	picomatch	2.3.1	—
CVE-2026-34601	high	—	@xmldom/xmldom	0.8.11	—
CVE-2026-34769	high	—	electron	37.3.0	—
CVE-2026-34770	high	—	electron	37.3.0	—
CVE-2026-34771	high	—	electron	37.3.0	—
CVE-2026-34774	high	—	electron	37.3.0	—
CVE-2026-39363	high	—	vite	7.1.2	—
CVE-2026-39364	high	—	vite	7.1.2	—
CVE-2026-40192	high	—	pillow	—	—
CVE-2026-41324	high	—	basic-ftp	5.0.5	—
CVE-2026-41672	high	—	@xmldom/xmldom	0.8.11	—
CVE-2026-41673	high	—	@xmldom/xmldom	0.8.11	—
CVE-2026-41674	high	—	@xmldom/xmldom	0.8.11	—
CVE-2026-41675	high	—	@xmldom/xmldom	0.8.11	—
CVE-2026-42033	high	—	axios	1.12.2	—
CVE-2026-42035	high	—	axios	1.12.2	—
CVE-2026-42043	high	—	axios	1.12.2	—
CVE-2026-42264	high	—	axios	1.12.2	—
CVE-2026-42311	high	—	pillow	—	—
CVE-2026-42561	high	—	python-multipart	—	—
CVE-2026-44240	high	—	basic-ftp	5.0.5	—
CVE-2026-4800	high	—	lodash	4.17.21	—
CVE-2026-4800	high	—	lodash-es	4.17.21	—
CVE-2026-4926	high	—	path-to-regexp	8.3.0	—
CVE-2026-6321	high	—	fast-uri	3.1.0	—
CVE-2026-6322	high	—	fast-uri	3.1.0	—
GHSA-6v7q-wjvx-w8wg	high	—	basic-ftp	5.0.5	—
CVE-2014-0012	medium	—	jinja2	—	—
CVE-2014-1933	medium	—	pillow	—	—
CVE-2016-0740	medium	—	pillow	—	—
CVE-2016-9189	medium	—	pillow	—	—
CVE-2017-5992	medium	—	openpyxl	—	—
CVE-2020-28493	medium	—	jinja2	—	—
CVE-2020-35655	medium	—	pillow	—	—
CVE-2021-25292	medium	—	pillow	—	—
CVE-2021-28678	medium	—	pillow	—	—
CVE-2021-29510	medium	—	pydantic	—	—
CVE-2022-0338	medium	—	loguru	—	—
CVE-2022-22815	medium	—	pillow	—	—
CVE-2022-22816	medium	—	pillow	—	—
CVE-2023-36464	medium	—	pypdf	—	—
CVE-2023-46250	medium	—	pypdf	—	—
CVE-2024-22195	medium	—	jinja2	—	—
CVE-2024-34064	medium	—	jinja2	—	—
CVE-2024-3772	medium	—	pydantic	—	—
CVE-2024-53382	medium	—	prismjs	1.27.0	—
CVE-2024-56201	medium	—	jinja2	—	—
CVE-2024-56326	medium	—	jinja2	—	—
CVE-2025-13465	medium	—	lodash	4.17.21	—
CVE-2025-13465	medium	—	lodash-es	4.17.21	—
CVE-2025-13466	medium	—	body-parser	2.2.0	—
CVE-2025-15284	medium	—	qs	6.14.0	—
CVE-2025-15599	medium	—	dompurify	3.2.6	—
CVE-2025-27516	medium	—	jinja2	—	—
CVE-2025-55197	medium	—	pypdf	—	—
CVE-2025-55305	medium	—	electron	37.3.0	—
CVE-2025-62522	medium	—	vite	7.1.2	—
CVE-2025-62707	medium	—	pypdf	—	—
CVE-2025-62708	medium	—	pypdf	—	—
CVE-2025-62718	medium	—	axios	1.12.2	—
CVE-2025-64718	medium	—	js-yaml	4.1.0	—
CVE-2025-66019	medium	—	pypdf	—	—
CVE-2025-66400	medium	—	mdast-util-to-hast	13.2.0	—
CVE-2025-68470	medium	—	react-router	6.30.1	—
CVE-2025-69873	medium	—	ajv	8.17.1	—
CVE-2026-0540	medium	—	dompurify	3.2.6	—
CVE-2026-1525	medium	—	undici	6.21.2	—
CVE-2026-1527	medium	—	undici	6.21.2	—
CVE-2026-22036	medium	—	undici	6.21.2	—
CVE-2026-2327	medium	—	markdown-it	14.1.0	—
CVE-2026-24688	medium	—	pypdf	—	—
CVE-2026-27024	medium	—	pypdf	—	—
CVE-2026-27025	medium	—	pypdf	—	—
CVE-2026-27026	medium	—	pypdf	—	—
CVE-2026-27888	medium	—	pypdf	—	—
CVE-2026-28351	medium	—	pypdf	—	—
CVE-2026-28804	medium	—	pypdf	—	—
CVE-2026-2950	medium	—	lodash-es	4.17.21	—
CVE-2026-2950	medium	—	lodash	4.17.21	—
CVE-2026-31826	medium	—	pypdf	—	—
CVE-2026-33123	medium	—	pypdf	—	—
CVE-2026-33672	medium	—	picomatch	2.3.1	—
CVE-2026-33699	medium	—	pypdf	—	—
CVE-2026-33750	medium	—	brace-expansion	2.0.2	—
CVE-2026-34765	medium	—	electron	37.3.0	—
CVE-2026-34767	medium	—	electron	37.3.0	—
CVE-2026-34772	medium	—	electron	37.3.0	—
CVE-2026-34773	medium	—	electron	37.3.0	—
CVE-2026-34775	medium	—	electron	37.3.0	—
CVE-2026-34776	medium	—	electron	37.3.0	—
CVE-2026-34777	medium	—	electron	37.3.0	—
CVE-2026-34778	medium	—	electron	37.3.0	—
CVE-2026-34779	medium	—	electron	37.3.0	—
CVE-2026-39365	medium	—	vite	7.1.2	—
CVE-2026-40175	medium	—	axios	1.12.2	—
CVE-2026-40260	medium	—	pypdf	—	—
CVE-2026-40347	medium	—	python-multipart	—	—
CVE-2026-41168	medium	—	pypdf	—	—
CVE-2026-41238	medium	—	dompurify	3.2.6	—
CVE-2026-41239	medium	—	dompurify	3.2.6	—
CVE-2026-41240	medium	—	dompurify	3.2.6	—
CVE-2026-41305	medium	—	postcss	8.5.6	—
CVE-2026-41312	medium	—	pypdf	—	—
CVE-2026-41313	medium	—	pypdf	—	—
CVE-2026-41314	medium	—	pypdf	—	—
CVE-2026-41907	medium	—	uuid	11.1.0	—
CVE-2026-42034	medium	—	axios	1.12.2	—
CVE-2026-42036	medium	—	axios	1.12.2	—
CVE-2026-42037	medium	—	axios	1.12.2	—
CVE-2026-42038	medium	—	axios	1.12.2	—
CVE-2026-42039	medium	—	axios	1.12.2	—
CVE-2026-42041	medium	—	axios	1.12.2	—
CVE-2026-42042	medium	—	axios	1.12.2	—
CVE-2026-42044	medium	—	axios	1.12.2	—
CVE-2026-42308	medium	—	pillow	—	—
CVE-2026-42309	medium	—	pillow	—	—
CVE-2026-42310	medium	—	pillow	—	—
CVE-2026-42338	medium	—	ip-address	10.0.1	—
CVE-2026-4923	medium	—	path-to-regexp	8.3.0	—
GHSA-39q2-94rc-95cp	medium	—	dompurify	3.2.6	—
GHSA-cj63-jhhr-wcxv	medium	—	dompurify	3.2.6	—
GHSA-cjmm-f4jc-qw8r	medium	—	dompurify	3.2.6	—
GHSA-h8r8-wccr-v5f2	medium	—	dompurify	3.2.6	—
GHSA-jgpv-4h4c-xhw3	medium	—	pillow	—	—
GHSA-r4q5-vmmm-2653	medium	—	follow-redirects	1.15.11	—
CVE-2025-48985	low	—	ai	5.0.30	—
CVE-2025-58751	low	—	vite	7.1.2	—
CVE-2025-58752	low	—	vite	7.1.2	—
CVE-2026-22690	low	—	pypdf	—	—
CVE-2026-22691	low	—	pypdf	—	—
CVE-2026-2391	low	—	qs	6.14.0	—
CVE-2026-27628	low	—	pypdf	—	—
CVE-2026-3449	low	—	@tootallnate/once	2.0.0	—
CVE-2026-34764	low	—	electron	37.3.0	—
CVE-2026-34766	low	—	electron	37.3.0	—
CVE-2026-34768	low	—	electron	37.3.0	—
CVE-2026-34781	low	—	electron	37.3.0	—
CVE-2026-42040	low	—	axios	1.12.2	—
GHSA-4fx9-vc88-q2xc	low	—	pillow	—	—
CVE-2020-13091	unknown	—	pandas	—	—
OSV-2022-1074	unknown	—	pillow	—	—
OSV-2022-715	unknown	—	pillow	—	—
PYSEC-2023-175	unknown	—	pillow	—	—

Showing 227 of 227