Security Dashboard
69,901
Vulnerabilities
3,576
Critical CVEs
2,078,133
Credential Leaks
571,347
Critical Secrets
455,749
Open Issues
2246195h
Total Tech Debt
105,398
Gates Passed
Repobility · open methodology · https://repobility.com/research/
50,893
Gates Failed
Quality Gate Results
105,398 passed /
50,893 failed
(67% pass rate)
Risk Score Distribution
A
65,492
B
6,958
C
50
Tech Debt Breakdown (2,246,195h total)
Duplication
639,228h
Complexity
617,777h
Structure
410,328h
Practices
339,658h
Security
208,621h
Dependencies
30,164h
DORA Metrics Overview
Medium
8,954 repos
High
4,192 repos
Elite
802 repos
Integrated Security Tools
trivy Version:
syft syft
grype grype
bandit bandit
pip-audit pip-audit
retire 5.4.2
Most Vulnerable Repos
| Repository | Language | Vulnerabilities |
|---|---|---|
| Iranians-Vote-Digital-Democracy__vote-pass-monorepo | json | 321 40 critical |
| 0aub__saudi-sentinal | python | 324 36 critical |
| ponylight__TradingAgents-improved | python | 316 29 critical |
| Taurus-Ai-Corp__Comply.Q-Grid | typescript | 268 26 critical |
| mislavs__moonboard-grader | python | 272 24 critical |
| UMAprotocol__protocol | javascript | 188 23 critical |
| Optimal-Living-Systems__deepflow | json | 212 21 critical |
| Optimal-Living-Systems__deepflo | markdown | 209 21 critical |
| Brain-up__brn | kotlin | 198 21 critical |
| kipyin__handoff | python | 208 19 critical |
Top Credential Leaks
| Repository | Findings |
|---|---|
| AftermathFinance__aftermath-ts-sdk | 1912 1880 critical |
| QRun-IO__qbit-wms | 1620 1608 critical |
| ToaruPen__Caves-of-Qud_Japanese | 1314 1233 critical |
| bmo890__song-seed | 830 830 critical |
| HenryGill4__Vectrik | 820 820 critical |
| arwer13__life-dashboard | 788 784 critical |
| BizTechoff__donation | 804 780 critical |
| AdKats__Procon-1 | 733 695 critical |
| ARobicsek__howzeverything | 666 648 critical |
| dholab__nhp-immunogenomics | 879 636 critical |
Methodology: Repobility · https://repobility.com/research/state-of-ai-code-2026/
Binary Composition Intelligence BinComp v2
Binary-level security analysis of the Python ecosystem. 9 analysis techniques, 16 attack chains, N-way composition findings. Data updated hourly.
373
ELF Binaries Scanned
1,066
Composition Findings
343
Enriched (Gemma4)
39,861
3-Way Co-Occurrences
474
PyPI Pkgs Crawled
Enriched findings by severity:
214 CRITICAL125 HIGH4 MEDIUM
Top 10 Dangerous PyPI Packages
| Package | Grade | Gadgets | Bins | Risk | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Repobility · open methodology · https://repobility.com/research/ | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
pillow | F | 7,101 | 26 | 12,554 | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
urllib3 | N | 0 | 0 | 11,455 | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
transformers | N | 0 | 0 | 10,146 | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
aiohttp | F | 354 | 4 | 8,061 | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
cryptography | D | 2,147 | 1 | 7,302 | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
fastmcp | N | 0 | 0 | 5,776 | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
semver | N | 0 | 0 | 5,565 | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
litellm | N | 0 | 0 | 5,511 | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
langchain-core | N | 0 | 0 | 5,428 | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
torch | F | 1,257 | 13 | 5,117 | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Grade: A=hardened, F=unhardened. Risk combines CVE history + composition findings + hardening gaps.
Top Enriched Findings (AI-analyzed)
CRITICALCVSS 9.8ct
The use of `strcat` across multiple, unrelated libraries (e.g., `libarrow`, `libcrypto`, `libc`) indicates a widespread failure to use safe string handling functions. `strcat` is inherently unsafe as it relies on manual length checks, making it susceptible to classic stack-based …
CRITICALCVSS 9.8ct
The use of `strcpy` without explicit bounds checking constitutes a classic stack-based buffer overflow vulnerability. Since `strcpy` copies bytes until it encounters a null terminator, it blindly trusts the source buffer size. If the source string exceeds the allocated size of th…
CRITICALCVSS 9.8ct
The vulnerability stems from the widespread, unsafe use of `sprintf` across numerous core scientific and system libraries. `sprintf` writes to a destination buffer without bounds checking, leading to classic stack-based buffer overflows if the input data exceeds the allocated siz…