Skip to content
Tools / zenml / Security

Security Deep Dive

zenml

Security posture and CVE patch evidence from tracked releases.

Back to Tool

1 actively-exploited dependency CVE affects 0.94.6.

KEV-listed CVEs are confirmed exploited in the wild — patch urgently.

Versions by Severity

CVEs are attributed to tracked releases published before the patch release.

10 versions tracked
Version Published C H M L KEV Notes
0.94.6 2026-06-02
Latest
0.94.5 2026-05-29
0.94.4 2026-05-12
Patches CVE-2023-4863
0.94.3 2026-04-24 1 KEV 1
0.94.2 2026-04-08 1 KEV 1
0.94.1 2026-03-19 1 KEV 1
0.94.0 2026-03-04 1 KEV 1
0.93.3 2026-02-19 1 KEV 1
0.93.2 2026-01-29 1 KEV 1
0.93.1 2026-01-14 1 KEV 1
— Signed — SLSA — SBOM ✓ Security policy Monthly cadence · 15d median Active maintainer

Trust Signals — 3 of 9 Present

Evidence already collected from releases and repository metadata.

3/9 Present
Signed releases Unknown
Latest release artifact signature Latest release
SLSA provenance Unknown
Attestation predicate level Latest release
SBOM published Unknown
GitHub SBOM API Latest release
SECURITY.md Present
GitHub repository metadata Repository policy
Checked: 23d ago
Release cadence: monthly Present
15d median over recent releases Release history
Latest release: 1d ago
Maintainer active Present
Recent commit activity Repository
Last commit: 1d ago
Checksums (SHA256SUMS) Not active yet
SHA256SUMS or equivalent Release asset
Latest release: 1d ago
GitHub Actions attestation Not active yet
actions/attest-build-provenance Workflow file
Latest release: 1d ago
Signing assets Not active yet
.sig, .crt, cosign.pub, or similar Release asset
Latest release: 1d ago
1.2/10 Security Score
6.8/10 Scorecard
Dependency Exposure 264 transitive dependency CVEs found in the latest SBOM. 33 critical.

Security Score

A composite score aggregating Scorecard performance, CVE patch history, OpenSSF badge tier, and dependency vulnerability exposure. Score ≥ 7.0 is healthy; < 4.0 warrants attention.

epss

0.00 / 0.5

Max EPSS 0.933

freshness

1.00 / 1.0

1d stale

scorecard

2.72 / 4.0

Score 6.8/10

cve health

0.00 / 2.5

⚠ No direct scan — 33c/106h transitive CVEs

patch speed

0.50 / 0.5

⚠ Estimated — no CVE patch history

kev exposure

-1.50 / 1.5

KEV exposure detected

supply chain risk

-1.50 / 10.0

Risk 100.0/100

Score breakdown

schema v2

Vulnerability posture

vulnerability posture

0.0

25%

direct cves: clear cve scan: estimated

Release responsiveness

release responsiveness

10.0

5%

patch speed days: no_history

Dependency exposure

dependency exposure

0.0

10%

supply chain risk: 100.0 transitive cves: 33c/106h

Provenance trust

provenance trust

6.8

40%

scorecard score: 6.8 openssf badge: none

Maintainer health

maintainer health

10.0

10%

activity freshness: 1d

Operational risk

operational risk

0.0

10%

kev exposure: detected epss max: 0.933
How is this calculated?

The six dimensions group the legacy score signals into weighted categories: direct vulnerability status, patch responsiveness, dependency exposure, provenance checks, maintainer activity, and exploitability risk. The flat component values above remain available for compatibility.

Supply Chain Risk

Risk 100.0/100
33 Transitive critical CVEs
1 KEV-transitive CVEs
78% Dependency freshness

Scorecard

Scorecard 6.8/10

OpenSSF Scorecard evaluates supply-chain security practices automatically. Score ≥ 6 is passing; ≥ 8 is excellent.

Check Score Reason
Maintained 10 30 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 10
Code-Review 9 Found 26/28 approved changesets -- score normalized to 9
Security-Policy 10 security policy file detected
CII-Best-Practices 0 no effort to earn an OpenSSF best practices badge detected
Dangerous-Workflow 10 no dangerous workflow patterns detected
License 10 license file detected
Binary-Artifacts 10 no binaries found in the repo
Token-Permissions 0 detected GitHub workflow tokens with excessive permissions
Fuzzing 0 project is not fuzzed
Signed-Releases -1 no releases found
Branch-Protection 3 branch protection is not maximal on development and all release branches
Packaging 10 packaging workflow detected
SAST 7 SAST tool detected but not run on all commits
Pinned-Dependencies 5 dependency not pinned by hash detected -- score normalized to 5

OpenSSF Badge

OpenSSF none

Badge indicates adherence to open-source best practices.

CVE Patch History

Tracks CVEs that were addressed in tagged releases. Shorter gap between disclosure and patch = faster response. EPSS = predicted probability of exploitation in next 30 days (FIRST.org); colored at ≥90%ile and ≥50%ile.

CVEs Patched by Year

Critical High Medium Low
2026
1
CVE Severity EPSS Disclosed Fixed in Days to fix vs Ecosystem Median KEV
CVE-2023-4863 HIGH 99%ile 0.94.4 KEV

KEV = CISA Known Exploited Vulnerabilities catalog — actively exploited in the wild.

Dependency Vulnerabilities

235 dependencies scanned View full dependency list →

Scanning the SBOM (Software Bill of Materials) of the latest release for known vulnerabilities in transitive dependencies.

Critical

33

High

106

Medium

103

Low

15

Unknown

7

1 dependency vulnerabilities are in KEV.

CISA confirmed these vulnerabilities are actively exploited. Treat as critical priority.

Still affecting latest (0) All (264)
Critical 33 High 106 Medium 103 Low 15 Unknown 7
CVE Severity KEV Dependency Affected version Cleared in release
CVE-2012-0805 critical sqlalchemy 0.94.4
CVE-2015-7337 critical notebook 0.94.4
CVE-2017-18342 critical pyyaml 0.94.4
CVE-2018-20060 critical urllib3 0.94.4
CVE-2019-20477 critical pyyaml 0.94.4
CVE-2019-6446 critical numpy 0.94.4
CVE-2019-7164 critical sqlalchemy 0.94.4
CVE-2019-7548 critical sqlalchemy 0.94.4
CVE-2020-13092 critical scikit-learn 0.94.4
CVE-2020-14343 critical pyyaml 0.94.4
CVE-2020-1747 critical pyyaml 0.94.4
CVE-2021-43831 critical gradio 0.94.4
CVE-2022-24439 critical gitpython 0.94.4
CVE-2022-45907 critical torch 0.94.4
CVE-2023-40267 critical gitpython 0.94.4
CVE-2023-47248 critical pyarrow 14.0.0 0.94.4
CVE-2023-50447 critical pillow 10.0.0 0.94.4
CVE-2023-6572 critical gradio 0.94.4
CVE-2023-6730 critical transformers 0.94.4
CVE-2024-1728 critical gradio 0.94.4
CVE-2024-2083 critical zenml 0.94.4
CVE-2024-36039 critical pymysql 0.94.4
CVE-2024-48063 critical torch 2.2.0 0.94.4
CVE-2024-5452 critical lightning 2.0.0 0.94.4
CVE-2024-5751 critical litellm 1.40.0 0.94.4
CVE-2024-5980 critical lightning 2.0.0 0.94.4
CVE-2025-14009 critical nltk 0.94.4
CVE-2025-23042 critical gradio 0.94.4
CVE-2025-32434 critical torch 2.2.0 0.94.4
CVE-2025-68664 critical langchain-core 0.3.0 0.94.4
CVE-2026-25592 critical semantic-kernel 1.34.0 0.94.4
CVE-2026-26030 critical semantic-kernel 1.34.0 0.94.4
CVE-2026-35030 critical litellm 1.40.0 0.94.4
CVE-2013-1633 high setuptools 0.94.4
CVE-2013-4251 high scipy 0.94.4
CVE-2014-1858 high numpy 0.94.4
CVE-2014-1859 high numpy 0.94.4
CVE-2017-11424 high pyjwt 0.94.4
CVE-2017-12852 high numpy 0.94.4
CVE-2018-18074 high requests 0.94.4
CVE-2018-8768 high notebook 0.94.4
CVE-2019-11324 high urllib3 0.94.4
CVE-2019-12408 high pyarrow 0.94.4
CVE-2019-12410 high pyarrow 0.94.4
CVE-2019-14751 high nltk 0.94.4
CVE-2019-18874 high psutil 0.94.4
CVE-2020-28975 high scikit-learn 0.94.4
CVE-2020-7212 high urllib3 0.94.4
CVE-2020-7694 high uvicorn 0.94.4
CVE-2020-7695 high uvicorn 0.94.4
CVE-2021-32677 high fastapi 0.94.4
CVE-2021-32798 high notebook 0.94.4
CVE-2021-33503 high urllib3 0.94.4
CVE-2021-3828 high nltk 0.94.4
CVE-2021-3842 high nltk 0.94.4
CVE-2021-40978 high mkdocs 0.94.4
CVE-2021-41495 high numpy 0.94.4
CVE-2021-43854 high nltk 0.94.4
CVE-2022-24758 high notebook 0.94.4
CVE-2022-24770 high gradio 0.94.4
CVE-2022-29217 high pyjwt 0.94.4
CVE-2022-40897 high setuptools 0.94.4
CVE-2023-40590 high gitpython 0.94.4
CVE-2023-43804 high urllib3 0.94.4
CVE-2023-4863 high KEV pillow 10.0.0 0.94.5
CVE-2023-51449 high gradio 0.94.4
CVE-2023-7018 high transformers 0.94.4
CVE-2024-0964 high gradio 0.94.4
CVE-2024-10188 high litellm 1.40.0 0.94.4
CVE-2024-10569 high gradio 0.94.4
CVE-2024-10624 high gradio 0.94.4
CVE-2024-10648 high gradio 0.94.4
CVE-2024-11392 high transformers 0.94.4
CVE-2024-11393 high transformers 0.94.4
CVE-2024-11394 high transformers 0.94.4
CVE-2024-1561 high gradio 0.94.4
CVE-2024-2206 high gradio 0.94.4
CVE-2024-22190 high gitpython 0.94.4
CVE-2024-22421 high notebook 0.94.4
CVE-2024-24762 high python-multipart 0.94.4
CVE-2024-24762 high fastapi 0.94.4
CVE-2024-25723 high zenml 0.94.4
CVE-2024-27454 high orjson 0.94.4
CVE-2024-28219 high pillow 10.0.0 0.94.4
CVE-2024-31580 high torch 0.94.4
CVE-2024-31583 high torch 0.94.4
CVE-2024-34072 high sagemaker 0.94.4
CVE-2024-34073 high sagemaker 0.94.4
CVE-2024-34510 high gradio 0.94.4
CVE-2024-39705 high nltk 0.94.4
CVE-2024-41950 high haystack-ai 2.0.0 0.94.4
CVE-2024-4325 high gradio 0.94.4
CVE-2024-43805 high notebook 0.94.4
CVE-2024-47084 high gradio 0.94.4
CVE-2024-47867 high gradio 0.94.4
CVE-2024-47870 high gradio 0.94.4
CVE-2024-47871 high gradio 0.94.4
CVE-2024-4941 high gradio 0.94.4
CVE-2024-53981 high python-multipart 0.94.4
CVE-2024-6345 high setuptools 0.94.4
CVE-2024-6587 high litellm 1.40.0 0.94.4
CVE-2024-8966 high gradio 0.94.4
CVE-2024-8984 high litellm 1.40.0 0.94.4
CVE-2024-9340 high zenml 0.94.4
CVE-2024-9606 high litellm 1.40.0 0.94.4
CVE-2025-0330 high litellm 1.40.0 0.94.4
CVE-2025-0628 high litellm 1.40.0 0.94.4
CVE-2025-47273 high setuptools 0.94.4
CVE-2025-55201 high copier 0.94.4
CVE-2025-65106 high langchain-core 0.3.0 0.94.4
CVE-2025-66418 high urllib3 0.94.4
CVE-2025-66471 high urllib3 0.94.4
CVE-2025-67221 high orjson 0.94.4
CVE-2025-6984 high langchain-community 0.3.0 0.94.4
CVE-2026-0846 high nltk 0.94.4
CVE-2026-0847 high nltk 0.94.4
CVE-2026-1777 high sagemaker 0.94.4
CVE-2026-1778 high sagemaker 0.94.4
CVE-2026-21441 high urllib3 0.94.4
CVE-2026-24486 high python-multipart 0.94.4
CVE-2026-2472 high google-cloud-aiplatform 0.94.4
CVE-2026-2473 high google-cloud-aiplatform 0.94.4
CVE-2026-28414 high gradio 0.94.4
CVE-2026-28416 high gradio 0.94.4
CVE-2026-32597 high pyjwt 0.94.4
CVE-2026-33231 high nltk 0.94.4
CVE-2026-33236 high nltk 0.94.4
CVE-2026-34070 high langchain-core 0.3.0 0.94.4
CVE-2026-35029 high litellm 1.40.0 0.94.4
CVE-2026-40171 high notebook 0.94.4
CVE-2026-42215 high gitpython 0.94.4
CVE-2026-42284 high gitpython 0.94.4
CVE-2026-42557 high notebook 0.94.4
CVE-2026-42561 high python-multipart 0.94.4
CVE-2026-44243 high gitpython 0.94.4
CVE-2026-44244 high gitpython 0.94.4
GHSA-5r2p-pjr8-7fh7 high sagemaker 0.94.4
GHSA-69x8-hrgq-fjj8 high litellm 1.40.0 0.94.4
GHSA-qr4w-53vh-m672 high opencv-python 4.8.0 0.94.4
CVE-2014-1829 medium requests 0.94.4
CVE-2014-1830 medium requests 0.94.4
CVE-2015-2296 medium requests 0.94.4
CVE-2015-6938 medium notebook 0.94.4
CVE-2016-9015 medium urllib3 0.94.4
CVE-2018-17175 medium marshmallow 0.94.4
CVE-2018-19351 medium notebook 0.94.4
CVE-2018-19352 medium notebook 0.94.4
CVE-2018-21030 medium notebook 0.94.4
CVE-2018-25091 medium urllib3 0.94.4
CVE-2019-10255 medium notebook 0.94.4
CVE-2019-10856 medium notebook 0.94.4
CVE-2019-11236 medium urllib3 0.94.4
CVE-2019-9644 medium notebook 0.94.4
CVE-2020-26137 medium urllib3 0.94.4
CVE-2021-28363 medium urllib3 0.94.4
CVE-2021-29510 medium pydantic 0.94.4
CVE-2021-32797 medium notebook 0.94.4
CVE-2021-33430 medium numpy 0.94.4
CVE-2021-34141 medium numpy 0.94.4
CVE-2021-41496 medium numpy 0.94.4
CVE-2022-29238 medium notebook 0.94.4
CVE-2022-30187 medium azure-storage-blob 0.94.4
CVE-2023-25823 medium gradio 0.94.4
CVE-2023-2800 medium transformers 0.94.4
CVE-2023-32681 medium requests 0.94.4
CVE-2023-34239 medium gradio 0.94.4
CVE-2023-41040 medium gitpython 0.94.4
CVE-2023-41626 medium gradio 0.94.4
CVE-2023-45803 medium urllib3 0.94.4
CVE-2024-10940 medium langchain-core 0.3.0 0.94.4
CVE-2024-1183 medium gradio 0.94.4
CVE-2024-12217 medium gradio 0.94.4
CVE-2024-12720 medium transformers 0.94.4
CVE-2024-1727 medium gradio 0.94.4
CVE-2024-1729 medium gradio 0.94.4
CVE-2024-2035 medium zenml 0.94.4
CVE-2024-22195 medium jinja2 3.1.0 0.94.4
CVE-2024-22420 medium notebook 0.94.4
CVE-2024-2260 medium zenml 0.94.4
CVE-2024-2383 medium zenml 0.94.4
CVE-2024-2965 medium langchain 0.2.0 0.94.4
CVE-2024-34064 medium jinja2 3.1.0 0.94.4
CVE-2024-34511 medium gradio 0.94.4
CVE-2024-35195 medium requests 0.94.4
CVE-2024-35255 medium azure-identity 0.94.4
CVE-2024-3772 medium pydantic 0.94.4
CVE-2024-37891 medium urllib3 0.94.4
CVE-2024-4311 medium zenml 0.94.4
CVE-2024-4460 medium zenml 0.94.4
CVE-2024-47081 medium requests 0.94.4
CVE-2024-47164 medium gradio 0.94.4
CVE-2024-47165 medium gradio 0.94.4
CVE-2024-47166 medium gradio 0.94.4
CVE-2024-47167 medium gradio 0.94.4
CVE-2024-47868 medium gradio 0.94.4
CVE-2024-47869 medium gradio 0.94.4
CVE-2024-47872 medium gradio 0.94.4
CVE-2024-48052 medium gradio 0.94.4
CVE-2024-4940 medium gradio 0.94.4
CVE-2024-5062 medium zenml 0.94.4
CVE-2024-51751 medium gradio 0.94.4
CVE-2024-5206 medium scikit-learn 0.94.4
CVE-2024-56201 medium jinja2 3.1.0 0.94.4
CVE-2024-56326 medium jinja2 3.1.0 0.94.4
CVE-2024-5710 medium litellm 1.40.0 0.94.4
CVE-2024-8021 medium gradio 0.94.4
CVE-2025-0508 medium sagemaker 0.94.4
CVE-2025-1194 medium transformers 0.94.4
CVE-2025-2099 medium transformers 0.94.4
CVE-2025-27516 medium jinja2 3.1.0 0.94.4
CVE-2025-3262 medium transformers 0.94.4
CVE-2025-3263 medium transformers 0.94.4
CVE-2025-3264 medium transformers 0.94.4
CVE-2025-3730 medium torch 2.2.0 0.94.4
CVE-2025-3933 medium transformers 0.94.4
CVE-2025-48889 medium gradio 0.94.4
CVE-2025-50181 medium urllib3 0.94.4
CVE-2025-50182 medium urllib3 0.94.4
CVE-2025-5197 medium transformers 0.94.4
CVE-2025-55214 medium copier 0.94.4
CVE-2025-6051 medium transformers 0.94.4
CVE-2025-6638 medium transformers 0.94.4
CVE-2025-68146 medium filelock 3.0.0 0.94.4
CVE-2025-68480 medium marshmallow 0.94.4
CVE-2025-6921 medium transformers 0.94.4
CVE-2025-71176 medium pytest 0.94.4
CVE-2025-8406 medium zenml 0.94.4
CVE-2026-1839 medium transformers 0.94.4
CVE-2026-22701 medium filelock 3.0.0 0.94.4
CVE-2026-23968 medium copier 0.94.4
CVE-2026-23986 medium copier 0.94.4
CVE-2026-25645 medium requests 0.94.4
CVE-2026-28277 medium langgraph 0.5.3 0.94.4
CVE-2026-28415 medium gradio 0.94.4
CVE-2026-33230 medium nltk 0.94.4
CVE-2026-34726 medium copier 0.94.4
CVE-2026-34730 medium copier 0.94.4
CVE-2026-40087 medium langchain-core 0.3.0 0.94.4
CVE-2026-40347 medium python-multipart 0.94.4
CVE-2026-42308 medium pillow 10.0.0 0.94.4
CVE-2026-42310 medium pillow 10.0.0 0.94.4
GHSA-rf74-v2fm-23pw medium nltk 0.94.4
CVE-2020-26215 low notebook 0.94.4
CVE-2024-2032 low zenml 0.94.4
CVE-2024-2171 low zenml 0.94.4
CVE-2024-2213 low zenml 0.94.4
CVE-2024-3568 low transformers 0.94.4
CVE-2024-4680 low zenml 0.94.4
CVE-2024-47168 low gradio 0.94.4
CVE-2024-53861 low pyjwt 0.94.4
CVE-2025-2953 low torch 2.2.0 0.94.4
CVE-2025-3777 low transformers 0.94.4
CVE-2025-5320 low gradio 0.94.4
CVE-2026-26013 low langchain-core 0.3.0 0.94.4
CVE-2026-27167 low gradio 0.94.4
CVE-2026-41488 low langchain-openai 0.2.0 0.94.4
GHSA-26jh-r8g2-6fpr low gradio 0.94.4
CVE-2020-13091 unknown pandas 0.94.4
CVE-2023-25399 unknown scipy 0.94.4
CVE-2023-29824 unknown scipy 0.94.4
CVE-2024-31584 unknown torch 0.94.4
CVE-2024-52338 unknown pyarrow 14.0.0 0.94.4
PYSEC-2023-175 unknown pillow 10.0.0 0.94.4
PYSEC-2023-183 unknown opencv-python 4.8.0 0.94.4

Showing 264 of 264

Beta — feedback welcome: [email protected]