Skip to content
Tools / Nexterm / Security

Security Deep Dive

Nexterm

Security posture and CVE patch evidence from tracked releases.

Back to Tool

21 high-severity dependency CVEs affects v1.2.1-BETA.

Review the dependency vulnerabilities below.

— Signed — SLSA — SBOM ✗ Security policy Unknown cadence Active maintainer

Trust Signals — 1 of 9 Present

Evidence already collected from releases and repository metadata.

1/9 Present
Signed releases Unknown
Latest release artifact signature Latest release
SLSA provenance Unknown
Attestation predicate level Latest release
SBOM published Unknown
GitHub SBOM API Latest release
SECURITY.md Absent
GitHub repository metadata Repository policy
Checked: 17d ago
Release cadence Unknown
12-release median Release history
Latest release: 10d ago
Maintainer active Present
Recent commit activity Repository
Last commit: 2d ago
Checksums (SHA256SUMS) Not active yet
SHA256SUMS or equivalent Release asset
Latest release: 10d ago
GitHub Actions attestation Not active yet
actions/attest-build-provenance Workflow file
Latest release: 10d ago
Signing assets Not active yet
.sig, .crt, cosign.pub, or similar Release asset
Latest release: 10d ago
5.2/10 Security Score
Dependency Exposure 75 transitive dependency CVEs found in the latest SBOM.

Security Score

A composite score aggregating Scorecard performance, CVE patch history, OpenSSF badge tier, and dependency vulnerability exposure. Score ≥ 7.0 is healthy; < 4.0 warrants attention.

epss

0.25 / 0.5

No EPSS data

freshness

1.00 / 1.0

2d stale

scorecard

2.00 / 4.0

⚠ Estimated — not yet collected

cve health

1.50 / 2.5

No open CVEs

patch speed

0.50 / 0.5

⚠ Estimated — no CVE patch history

kev exposure

1.50 / 1.5

No KEV exposure

supply chain risk

-1.50 / 10.0

Risk 42.9/100

Score breakdown

schema v2

Vulnerability posture

vulnerability posture

6.0

25%

direct cves: clear cve scan: available

Release responsiveness

release responsiveness

10.0

5%

patch speed days: no_history

Dependency exposure

dependency exposure

5.7

10%

supply chain risk: 42.85 transitive cves: 0c/21h

Provenance trust

provenance trust

5.0

40%

scorecard score: estimated openssf badge: none

Maintainer health

maintainer health

10.0

10%

activity freshness: 2d

Operational risk

operational risk

8.5

10%

kev exposure: clear epss max: none
How is this calculated?

The six dimensions group the legacy score signals into weighted categories: direct vulnerability status, patch responsiveness, dependency exposure, provenance checks, maintainer activity, and exploitability risk. The flat component values above remain available for compatibility.

Supply Chain Risk

Risk 42.9/100
0 Transitive critical CVEs
0 KEV-transitive CVEs
57% Dependency freshness

OpenSSF Badge

OpenSSF none

Badge indicates adherence to open-source best practices.

Dependency Vulnerabilities

2199 dependencies scanned View full dependency list →

Scanning the SBOM (Software Bill of Materials) of the latest release for known vulnerabilities in transitive dependencies.

Critical

0

High

21

Medium

25

Low

5

Unknown

24

Still affecting latest (41) All (75)
High 21 Medium 25 Low 5 Unknown 24
CVE Severity KEV Dependency Affected version Cleared in release
CVE-2026-22028 high preact 10.28.1 v1.2.1-BETA
CVE-2026-26996 high minimatch 3.1.2 v1.2.1-BETA
CVE-2026-27606 high rollup 4.55.1 v1.2.1-BETA
CVE-2026-27903 high minimatch 3.1.2 v1.2.1-BETA
CVE-2026-27904 high minimatch 3.1.2 v1.2.1-BETA
CVE-2026-29063 high immutable 5.1.4 v1.2.1-BETA
CVE-2026-32141 high flatted 3.3.3 v1.2.1-BETA
CVE-2026-33228 high flatted 3.3.3 v1.2.1-BETA
CVE-2026-33671 high picomatch 4.0.3 v1.2.1-BETA
CVE-2026-35209 high defu 6.1.4 v1.2.1-BETA
CVE-2026-39363 high vite 7.3.1 v1.2.1-BETA
CVE-2026-39364 high vite 7.3.1 v1.2.1-BETA
CVE-2026-41676 high openssl 0.10.75 v1.2.1-BETA
CVE-2026-41678 high openssl 0.10.75 v1.2.1-BETA
CVE-2026-41681 high openssl 0.10.75 v1.2.1-BETA
CVE-2026-41898 high openssl 0.10.75 v1.2.1-BETA
CVE-2026-42327 high openssl 0.10.75 v1.2.1-BETA
CVE-2026-4800 high lodash 4.17.21 v1.2.1-BETA
CVE-2026-4867 high path-to-regexp 0.1.12 v1.2.1-BETA
CVE-2026-4926 high path-to-regexp 8.3.0 v1.2.1-BETA
GHSA-82j2-j2ch-gfr8 high rustls-webpki 0.103.8 v1.2.1-BETA
CVE-2025-13465 medium lodash 4.17.21 v1.2.1-BETA
CVE-2025-69873 medium ajv 6.12.6 v1.2.1-BETA
CVE-2026-0540 medium dompurify 3.2.7 v1.2.1-BETA
CVE-2026-25541 medium bytes 1.11.0 v1.2.1-BETA
CVE-2026-25727 medium time 0.3.44 v1.2.1-BETA
CVE-2026-27837 medium dottie 2.0.6 v1.2.1-BETA
CVE-2026-2950 medium lodash 4.17.21 v1.2.1-BETA
CVE-2026-33672 medium picomatch 4.0.3 v1.2.1-BETA
CVE-2026-33750 medium brace-expansion 1.1.12 v1.2.1-BETA
CVE-2026-39365 medium vite 7.3.1 v1.2.1-BETA
CVE-2026-41238 medium dompurify 3.2.7 v1.2.1-BETA
CVE-2026-41239 medium dompurify 3.2.7 v1.2.1-BETA
CVE-2026-41240 medium dompurify 3.2.7 v1.2.1-BETA
CVE-2026-41305 medium postcss 8.5.6 v1.2.1-BETA
CVE-2026-42184 medium tauri 2.9.5 v1.2.1-BETA
CVE-2026-42338 medium ip-address 10.1.0 v1.2.1-BETA
CVE-2026-44662 medium openssl 0.10.75 v1.2.1-BETA
CVE-2026-4923 medium path-to-regexp 8.3.0 v1.2.1-BETA
GHSA-39q2-94rc-95cp medium dompurify 3.2.7 v1.2.1-BETA
GHSA-67mh-4wv8-2f99 medium esbuild 0.21.5 v1.2.1-BETA
GHSA-cj63-jhhr-wcxv medium dompurify 3.2.7 v1.2.1-BETA
GHSA-cjmm-f4jc-qw8r medium dompurify 3.2.7 v1.2.1-BETA
GHSA-h8r8-wccr-v5f2 medium dompurify 3.2.7 v1.2.1-BETA
GHSA-pwjx-qhcg-rvj4 medium rustls-webpki 0.103.8 v1.2.1-BETA
GHSA-wrw7-89jp-8q8g medium glib 0.18.5 v1.2.1-BETA
CVE-2026-2391 low qs 6.14.1 v1.2.1-BETA
CVE-2026-41677 low openssl 0.10.75 v1.2.1-BETA
GHSA-965h-392x-2mh5 low rustls-webpki 0.103.8 v1.2.1-BETA
GHSA-cq8v-f236-94qc low rand 0.7.3 v1.2.1-BETA
GHSA-xgp8-3hg3-c2mh low rustls-webpki 0.103.8 v1.2.1-BETA
RUSTSEC-2024-0370 unknown proc-macro-error 1.0.4 v1.2.1-BETA
RUSTSEC-2024-0411 unknown gdkwayland-sys 0.18.2 v1.2.1-BETA
RUSTSEC-2024-0412 unknown gdk 0.18.2 v1.2.1-BETA
RUSTSEC-2024-0413 unknown atk 0.18.2 v1.2.1-BETA
RUSTSEC-2024-0414 unknown gdkx11-sys 0.18.2 v1.2.1-BETA
RUSTSEC-2024-0415 unknown gtk 0.18.2 v1.2.1-BETA
RUSTSEC-2024-0416 unknown atk-sys 0.18.2 v1.2.1-BETA
RUSTSEC-2024-0417 unknown gdkx11 0.18.2 v1.2.1-BETA
RUSTSEC-2024-0418 unknown gdk-sys 0.18.2 v1.2.1-BETA
RUSTSEC-2024-0419 unknown gtk3-macros 0.18.2 v1.2.1-BETA
RUSTSEC-2024-0420 unknown gtk-sys 0.18.2 v1.2.1-BETA
RUSTSEC-2024-0429 unknown glib 0.18.5 v1.2.1-BETA
RUSTSEC-2025-0057 unknown fxhash 0.2.1 v1.2.1-BETA
RUSTSEC-2025-0075 unknown unic-char-range 0.9.0 v1.2.1-BETA
RUSTSEC-2025-0080 unknown unic-common 0.9.0 v1.2.1-BETA
RUSTSEC-2025-0081 unknown unic-char-property 0.9.0 v1.2.1-BETA
RUSTSEC-2025-0098 unknown unic-ucd-version 0.9.0 v1.2.1-BETA
RUSTSEC-2025-0100 unknown unic-ucd-ident 0.9.0 v1.2.1-BETA
RUSTSEC-2025-0119 unknown number_prefix 0.4.0 v1.2.1-BETA
RUSTSEC-2026-0049 unknown rustls-webpki 0.103.8 v1.2.1-BETA
RUSTSEC-2026-0097 unknown rand 0.7.3 v1.2.1-BETA
RUSTSEC-2026-0098 unknown rustls-webpki 0.103.8 v1.2.1-BETA
RUSTSEC-2026-0099 unknown rustls-webpki 0.103.8 v1.2.1-BETA
RUSTSEC-2026-0104 unknown rustls-webpki 0.103.8 v1.2.1-BETA

Showing 75 of 75

Beta — feedback welcome: [email protected]