Tools / ms-agent / Security

Security Deep Dive

ms-agent

Security posture and CVE patch evidence from tracked releases.

Back to Tool

1 actively-exploited dependency CVE affects v1.6.0.

KEV-listed CVEs are confirmed exploited in the wild — patch urgently.

— Signed — SLSA ✓ SBOM ✗ Security policy Weekly cadence · 13d median Sporadic maintainer

Trust Signals — 3 of 9 Present

Evidence already collected from releases and repository metadata.

3/9 Present

Signed releases Unknown

Latest release artifact signature Latest release

—

SLSA provenance Unknown

Attestation predicate level Latest release

—

SBOM published Present

GitHub SBOM API Latest release

Last verified: 28d ago

SECURITY.md Absent

GitHub repository metadata Repository policy

Checked: 17d ago

Release cadence: weekly Present

13d median over recent releases Release history

Latest release: 2mo ago

Maintainer sporadic Present

Recent commit activity Repository

Last commit: 1mo ago

Checksums (SHA256SUMS) Not active yet

SHA256SUMS or equivalent Release asset

Latest release: 2mo ago

GitHub Actions attestation Not active yet

actions/attest-build-provenance Workflow file

Latest release: 2mo ago

Signing assets Not active yet

.sig, .crt, cosign.pub, or similar Release asset

Latest release: 2mo ago

3.7/10 Security Score

Dependency Exposure 157 transitive dependency CVEs found in the latest SBOM. 19 critical.

Security Score

A composite score aggregating Scorecard performance, CVE patch history, OpenSSF badge tier, and dependency vulnerability exposure. Score ≥ 7.0 is healthy; < 4.0 warrants attention.

epss

0.25 / 0.5

No EPSS data

freshness

0.94 / 1.0

49d stale

scorecard

2.00 / 4.0

⚠ Estimated — not yet collected

cve health

0.00 / 2.5

⚠ No direct scan — 19c/64h transitive CVEs

patch speed

0.50 / 0.5

⚠ Estimated — no CVE patch history

kev exposure

1.50 / 1.5

No KEV exposure

supply chain risk

-1.50 / 10.0

Risk 100.0/100

Score breakdown

schema v2

Vulnerability posture

vulnerability posture

0.0

25%

direct cves: clear cve scan: estimated

Release responsiveness

release responsiveness

10.0

patch speed days: no_history

Dependency exposure

dependency exposure

0.0

10%

supply chain risk: 100.0 transitive cves: 19c/64h

Provenance trust

provenance trust

5.0

40%

scorecard score: estimated openssf badge: none

Maintainer health

maintainer health

9.4

10%

activity freshness: 49d

Operational risk

operational risk

8.5

10%

kev exposure: detected epss max: none

How is this calculated?

The six dimensions group the legacy score signals into weighted categories: direct vulnerability status, patch responsiveness, dependency exposure, provenance checks, maintainer activity, and exploitability risk. The flat component values above remain available for compatibility.

Supply Chain Risk

Risk 100.0/100

19 Transitive critical CVEs

1 KEV-transitive CVEs

52% Dependency freshness

OpenSSF Badge

OpenSSF none

Badge indicates adherence to open-source best practices.

Dependency Vulnerabilities

331 dependencies scanned View full dependency list →

Scanning the SBOM (Software Bill of Materials) of the latest release for known vulnerabilities in transitive dependencies.

Critical

High

Medium

Low

Unknown

1 dependency vulnerabilities are in KEV.

CISA confirmed these vulnerabilities are actively exploited. Treat as critical priority.

Still affecting latest (6) All (157)

Critical 19 High 64 Medium 53 Low 17 Unknown 4

CVE	Severity	KEV	Dependency	Affected version	Cleared in release
CVE-2014-3007	critical	—	pillow	—	—
CVE-2016-4009	critical	—	pillow	—	—
CVE-2017-18342	critical	—	pyyaml	—	—
CVE-2019-20477	critical	—	pyyaml	—	—
CVE-2019-6446	critical	—	numpy	—	—
CVE-2020-11538	critical	—	pillow	—	—
CVE-2020-14343	critical	—	pyyaml	—	—
CVE-2020-1747	critical	—	pyyaml	—	—
CVE-2020-5310	critical	—	pillow	—	—
CVE-2020-5311	critical	—	pillow	—	—
CVE-2020-5312	critical	—	pillow	—	—
CVE-2021-25289	critical	—	pillow	—	—
CVE-2021-34552	critical	—	pillow	—	—
CVE-2022-22817	critical	—	pillow	—	—
CVE-2023-50447	critical	—	pillow	—	—
CVE-2024-3098	critical	—	llama-index-core	—	—
CVE-2024-3271	critical	—	llama-index-core	—	—
CVE-2024-45201	critical	—	llama-index-core	—	—
CVE-2025-23042	critical	—	gradio	5.0.0	—
CVE-2014-1858	high	—	numpy	—	—
CVE-2014-1859	high	—	numpy	—	—
CVE-2014-1932	high	—	pillow	—	—
CVE-2014-3589	high	—	pillow	—	—
CVE-2014-3598	high	—	pillow	—	—
CVE-2014-9601	high	—	pillow	—	—
CVE-2016-0775	high	—	pillow	—	—
CVE-2016-2533	high	—	pillow	—	—
CVE-2016-3076	high	—	pillow	—	—
CVE-2016-9190	high	—	pillow	—	—
CVE-2017-12852	high	—	numpy	—	—
CVE-2018-18074	high	—	requests	—	—
CVE-2019-16865	high	—	pillow	—	—
CVE-2019-19911	high	—	pillow	—	—
CVE-2020-10177	high	—	pillow	—	—
CVE-2020-10378	high	—	pillow	—	—
CVE-2020-10379	high	—	pillow	—	—
CVE-2020-10994	high	—	pillow	—	—
CVE-2020-35653	high	—	pillow	—	—
CVE-2020-35654	high	—	pillow	—	—
CVE-2020-5313	high	—	pillow	—	—
CVE-2020-7694	high	—	uvicorn	—	—
CVE-2020-7695	high	—	uvicorn	—	—
CVE-2021-23437	high	—	pillow	—	—
CVE-2021-25287	high	—	pillow	—	—
CVE-2021-25288	high	—	pillow	—	—
CVE-2021-25290	high	—	pillow	—	—
CVE-2021-25291	high	—	pillow	—	—
CVE-2021-25293	high	—	pillow	—	—
CVE-2021-27921	high	—	pillow	—	—
CVE-2021-27922	high	—	pillow	—	—
CVE-2021-27923	high	—	pillow	—	—
CVE-2021-28675	high	—	pillow	—	—
CVE-2021-28676	high	—	pillow	—	—
CVE-2021-28677	high	—	pillow	—	—
CVE-2021-32677	high	—	fastapi	—	—
CVE-2021-41495	high	—	numpy	—	—
CVE-2022-24303	high	—	pillow	—	—
CVE-2022-30595	high	—	pillow	—	—
CVE-2022-45198	high	—	pillow	—	—
CVE-2022-45199	high	—	pillow	—	—
CVE-2023-44271	high	—	pillow	—	—
CVE-2023-4863	high	KEV	pillow	—	—
CVE-2024-12704	high	—	llama-index-core	—	—
CVE-2024-23334	high	—	aiohttp	3.9.0	—
CVE-2024-24762	high	—	fastapi	—	—
CVE-2024-28219	high	—	pillow	—	—
CVE-2024-30251	high	—	aiohttp	3.9.0	—
CVE-2024-8966	high	—	gradio	5.0.0	—
CVE-2025-48379	high	—	pillow	—	—
CVE-2025-5302	high	—	llama-index-core	—	—
CVE-2025-53365	high	—	mcp	—	—
CVE-2025-53366	high	—	mcp	—	—
CVE-2025-6209	high	—	llama-index-core	—	—
CVE-2025-66416	high	—	mcp	—	—
CVE-2025-69223	high	—	aiohttp	3.9.0	—
CVE-2025-7647	high	—	llama-index-core	—	—
CVE-2026-24009	high	—	docling-core	2.38.2	—
CVE-2026-25990	high	—	pillow	—	—
CVE-2026-27606	high	—	rollup	4.57.1	—
CVE-2026-28414	high	—	gradio	5.0.0	—
CVE-2026-28416	high	—	gradio	5.0.0	—
CVE-2026-40192	high	—	pillow	—	—
CVE-2026-42311	high	—	pillow	—	—
CVE-2014-1829	medium	—	requests	—	—
CVE-2014-1830	medium	—	requests	—	—
CVE-2014-1933	medium	—	pillow	—	—
CVE-2015-2296	medium	—	requests	—	—
CVE-2016-0740	medium	—	pillow	—	—
CVE-2016-9189	medium	—	pillow	—	—
CVE-2020-35655	medium	—	pillow	—	—
CVE-2021-25292	medium	—	pillow	—	—
CVE-2021-28678	medium	—	pillow	—	—
CVE-2021-33430	medium	—	numpy	—	—
CVE-2021-34141	medium	—	numpy	—	—
CVE-2021-41496	medium	—	numpy	—	—
CVE-2022-22815	medium	—	pillow	—	—
CVE-2022-22816	medium	—	pillow	—	—
CVE-2023-32681	medium	—	requests	—	—
CVE-2023-37276	medium	—	aiohttp	—	—
CVE-2023-47627	medium	—	aiohttp	—	—
CVE-2023-49081	medium	—	aiohttp	—	—
CVE-2023-49082	medium	—	aiohttp	—	—
CVE-2024-12217	medium	—	gradio	5.0.0	—
CVE-2024-23829	medium	—	aiohttp	3.9.0	—
CVE-2024-27306	medium	—	aiohttp	3.9.0	—
CVE-2024-35195	medium	—	requests	—	—
CVE-2024-42367	medium	—	aiohttp	—	—
CVE-2024-47081	medium	—	requests	—	—
CVE-2024-51751	medium	—	gradio	5.0.0	—
CVE-2024-52303	medium	—	aiohttp	—	—
CVE-2024-52304	medium	—	aiohttp	3.9.0	—
CVE-2024-53382	medium	—	prismjs	1.27.0	—
CVE-2025-3108	medium	—	llama-index-core	—	—
CVE-2025-48889	medium	—	gradio	5.0.0	—
CVE-2025-5472	medium	—	llama-index-core	—	—
CVE-2025-6208	medium	—	llama-index-core	—	—
CVE-2025-69227	medium	—	aiohttp	3.9.0	—
CVE-2025-69228	medium	—	aiohttp	3.9.0	—
CVE-2025-69229	medium	—	aiohttp	3.9.0	—
CVE-2025-69534	medium	—	markdown	—	—
CVE-2026-22815	medium	—	aiohttp	3.9.0	—
CVE-2026-25645	medium	—	requests	—	—
CVE-2026-28415	medium	—	gradio	5.0.0	—
CVE-2026-28684	medium	—	python-dotenv	—	—
CVE-2026-33532	medium	—	yaml	1.10.2	—
CVE-2026-34515	medium	—	aiohttp	3.9.0	—
CVE-2026-34516	medium	—	aiohttp	3.9.0	—
CVE-2026-34525	medium	—	aiohttp	3.9.0	—
CVE-2026-39365	medium	—	vite	5.4.21	—
CVE-2026-41305	medium	—	postcss	8.5.6	—
CVE-2026-42308	medium	—	pillow	—	—
CVE-2026-42309	medium	—	pillow	—	—
CVE-2026-42310	medium	—	pillow	—	—
GHSA-67mh-4wv8-2f99	medium	—	esbuild	0.21.5	—
GHSA-jgpv-4h4c-xhw3	medium	—	pillow	—	—
GHSA-pjjw-qhg8-p2p9	medium	—	aiohttp	—	—
CVE-2021-21330	low	—	aiohttp	—	—
CVE-2023-47641	low	—	aiohttp	—	—
CVE-2025-5320	low	—	gradio	5.0.0	—
CVE-2025-53643	low	—	aiohttp	3.9.0	—
CVE-2025-69224	low	—	aiohttp	3.9.0	—
CVE-2025-69225	low	—	aiohttp	3.9.0	—
CVE-2025-69226	low	—	aiohttp	3.9.0	—
CVE-2025-69230	low	—	aiohttp	3.9.0	—
CVE-2026-27167	low	—	gradio	5.0.0	—
CVE-2026-34513	low	—	aiohttp	3.9.0	—
CVE-2026-34514	low	—	aiohttp	3.9.0	—
CVE-2026-34517	low	—	aiohttp	3.9.0	—
CVE-2026-34518	low	—	aiohttp	3.9.0	—
CVE-2026-34519	low	—	aiohttp	3.9.0	—
CVE-2026-34520	low	—	aiohttp	3.9.0	—
CVE-2026-7597	low	—	mem0ai	—	—
GHSA-4fx9-vc88-q2xc	low	—	pillow	—	—
CVE-2020-13091	unknown	—	pandas	—	—
OSV-2022-1074	unknown	—	pillow	—	—
OSV-2022-715	unknown	—	pillow	—	—
PYSEC-2023-175	unknown	—	pillow	—	—

Showing 157 of 157