114,569
Total Packages
running…
Last Scan
· 1,251 checked
14
High
8,616
Medium
4,437
Low
84,726
Clean
Flagged packages — last 6 scan runs
Recently flagged (last 24h)
200
| Package | Maintainer | Votes | Severity | Triggered rules |
|---|---|---|---|---|
| logseq-desktop | xiota | 32 | HIGH | npm/yarn/pnpm install of an undeclared external package, AI review |
| gisto | carolinedroz | 14 | HIGH | npx/bunx/deno executes a remote package, AI review |
| knowte | xiota | 3 | HIGH | npm/yarn/pnpm install of an undeclared external package, AI review |
| php-browscap | — | 3 | HIGH | Remote download executed by a shell, External download from an untrusted host, not in source=(), AI review |
| youzone | NeroBlackstone | 1 | HIGH | External download from an untrusted host, not in source=(), AI review of an ambiguous pattern |
| chromium-pdfjs-git | yar | 0 | HIGH | npm/yarn/pnpm install of an undeclared external package, AI review |
| gitify-git | xiota | 0 | HIGH | npm/yarn/pnpm install of an undeclared external package, AI review |
| gnome-shell-extension-mosaic | yochananmarqos | 0 | HIGH | npm/yarn/pnpm install of an undeclared external package, AI review |
| hera-git | zxp19821005 | 0 | HIGH | npm/yarn/pnpm install of an undeclared external package, AI review |
| jprq | pro_username | 0 | HIGH | Downloaded file is executed, AI review |
| knowte-git | xiota | 0 | HIGH | npm/yarn/pnpm install of an undeclared external package, AI review |
| lichess-mobile | ezberlin | 0 | HIGH | Few votes, recently uploaded, AI review of an ambiguous pattern |
| slune | davygora | 0 | HIGH | Remote download executed by a shell, External download from an untrusted host, not in source=(), pip install of an external package, External install via pipx/uv/poetry/cargo/go/gem, AI review |
| weaver-git | RedVelvetCake11 | 0 | HIGH | pip install of an external package, AI review of an ambiguous pattern |
| staruml | CookieUniverse | 72 | MEDIUM | source=() URL on a non-standard host, AI review |
| savage2 | Slash | 65 | MEDIUM | source=() URL on a non-standard host, AI review |
| quake4 | Slash | 55 | MEDIUM | source=() URL on a non-standard host, AI review |
| warsaw-bin | tioguda | 47 | MEDIUM | source=() URL on a non-standard host, AI review |
| qarte | ktalog | 42 | MEDIUM | source=() URL on a non-standard host, AI review |
| warsaw | nicolascomman | 39 | MEDIUM | source=() URL on a non-standard host, AI review |
| slimjet | ahmedmoselhi | 36 | MEDIUM | External download from an untrusted host, not in source=(), AI review |
| vim-c | fredericcarron | 36 | MEDIUM | source=() URL on a non-standard host, AI review |
| x3270 | tuftedocelot | 36 | MEDIUM | source=() URL on a non-standard host, AI review |
| rtl-sdr-git | robertfoster | 30 | MEDIUM | source=() URL on a non-standard host, AI review |
| whatpulse | otsegolo | 29 | MEDIUM | source=() URL on a non-standard host, AI review |
| vk-messenger | CryZFix | 27 | MEDIUM | source=() URL on a non-standard host, AI review |
| windsurf | watzon | 27 | MEDIUM | source=() URL on a non-standard host, AI review |
| windsurf-electron-latest | watzon | 27 | MEDIUM | source=() URL on a non-standard host, AI review |
| xlhtml | jose1711 | 27 | MEDIUM | source=() URL on a non-standard host, AI review |
| spacecadetpinball-git | nulldev | 24 | MEDIUM | source=() URL on a non-standard host, AI review |
| r-linux | mrxx | 23 | MEDIUM | source=() URL on a non-standard host, AI review |
| yandex-music-windows | CucumberSpace | 23 | MEDIUM | source=() URL on a non-standard host, AI review |
| z-library-bin | macdems | 23 | MEDIUM | source=() URL on a non-standard host, AI review |
| xfractint | andreas_baumann | 22 | MEDIUM | source=() URL on a non-standard host, AI review |
| write_stylus | envolution | 21 | MEDIUM | source=() URL on a non-standard host, AI review |
| swfdec-devel | ConnorBehan | 20 | MEDIUM | source=() URL on a non-standard host, AI review |
| ttf-humor-sans | alerque | 20 | MEDIUM | source=() URL on a non-standard host, AI review |
| zsa-keymapp-bin | swsnr | 19 | MEDIUM | source=() URL on a non-standard host, AI review |
| sdx | sparques | 18 | MEDIUM | source=() URL on a non-standard host, AI review |
| unrealtournament | XenGi | 18 | MEDIUM | source=() URL on a non-standard host, AI review |
| sunloginclient | — | 17 | MEDIUM | source=() URL on a non-standard host, AI review |
| webalizer | victor3d | 17 | MEDIUM | source=() URL on a non-standard host, AI review |
| quickmedia | DEC05EBA | 16 | MEDIUM | source=() URL on a non-standard host, AI review |
| sendanywhere | nailington | 16 | MEDIUM | source=() URL on a non-standard host, AI review |
| trillian | mwawrzyniak | 16 | MEDIUM | source=() URL on a non-standard host, AI review |
| ttf-tiresias | reskoldo73 | 16 | MEDIUM | source=() URL on a non-standard host, AI review |
| virtualbox-kvm | knoelli | 16 | MEDIUM | source=() URL on a non-standard host, AI review |
| qqmusic-bin | Rukkhadevata123 | 15 | MEDIUM | source=() URL on a non-standard host, AI review |
| soundfont-generaluser | kode54 | 15 | MEDIUM | source=() URL on a non-standard host, AI review |
| reminiscence | miffe | 14 | MEDIUM | source=() URL on a non-standard host, AI review |
| sac-core | grawity | 14 | MEDIUM | source=() URL on a non-standard host, AI review |
| sac-gui | grawity | 14 | MEDIUM | source=() URL on a non-standard host, AI review |
| selektor | allencch | 14 | MEDIUM | source=() URL on a non-standard host, AI review |
| sir | szlachar | 14 | MEDIUM | source=() URL on a non-standard host, AI review |
| soundfont-titanic | nerflad | 14 | MEDIUM | source=() URL on a non-standard host, AI review |
| quake3-osp | Slash | 13 | MEDIUM | source=() URL on a non-standard host, AI review |
| safesignidentityclient | pedrohqb | 12 | MEDIUM | source=() URL on a non-standard host, AI review |
| spotify-edge | Gobidev | 12 | MEDIUM | source=() URL on a non-standard host, AI review |
| qqmusic-electron | sukanka | 11 | MEDIUM | source=() URL on a non-standard host, AI review |
| ripcord-arch-libs | txtsd | 11 | MEDIUM | source=() URL on a non-standard host, AI review |
| rum-git | silentnoodle | 11 | MEDIUM | source=() URL on a non-standard host, AI review |
| sdrsharp | DodoGTA | 11 | MEDIUM | source=() URL on a non-standard host, AI review |
| soundfont-fatboy | 3ndymion | 11 | MEDIUM | source=() URL on a non-standard host, AI review |
| tresorit | chriffpy | 11 | MEDIUM | source=() URL on a non-standard host, AI review |
| ttf-glass-tty | chowbok | 11 | MEDIUM | source=() URL on a non-standard host, AI review |
| ttf-kanjistrokeorders | vatai | 11 | MEDIUM | source=() URL on a non-standard host, AI review |
| unity-editor-vrchat | sksat | 11 | MEDIUM | source=() URL on a non-standard host, AI review |
| wazuh-agent | madara125 | 11 | MEDIUM | source=() URL on a non-standard host, AI review |
| square1-wad | lapsus | 10 | MEDIUM | External download from an untrusted host, not in source=(), source=() URL on a non-standard host, AI review |
| sw4stm32 | robertfoster | 10 | MEDIUM | source=() URL on a non-standard host, AI review |
| tidal-dl-ng | rubin55 | 10 | MEDIUM | source=() URL on a non-standard host, AI review |
| ttf-technical | eworm | 10 | MEDIUM | source=() URL on a non-standard host, AI review |
| vmware-workstation12 | voxan24 | 10 | MEDIUM | source=() URL on a non-standard host, AI review |
| re3-git | eugene | 9 | MEDIUM | source=() URL on a non-standard host, AI review |
| shutter-encoder | gromain | 9 | MEDIUM | source=() URL on a non-standard host, AI review |
| uplink | heftig | 9 | MEDIUM | source=() URL on a non-standard host, AI review |
| vim-omlet | jeremioczko | 9 | MEDIUM | source=() URL on a non-standard host, AI review |
| yumenikki-en | Davikch | 9 | MEDIUM | source=() URL on a non-standard host, AI review |
| larksuite-bin | aliu | 8 | MEDIUM | source=() URL on a non-standard host, AI review |
| quake3-reactionq3 | Slash | 8 | MEDIUM | source=() URL on a non-standard host, AI review |
| quake4-demo | Slash | 8 | MEDIUM | source=() URL on a non-standard host, AI review |
| revc-git | eugene | 8 | MEDIUM | source=() URL on a non-standard host, AI review |
| tencent-docs-bin | cheeseounce | 8 | MEDIUM | source=() URL on a non-standard host, AI review |
| utools | RRRRRm | 8 | MEDIUM | source=() URL on a non-standard host, AI review |
| vapoursynth-plugin-svpflow | AvianaCruz | 8 | MEDIUM | source=() URL on a non-standard host, AI review |
| wxmacmolplt | hseara | 8 | MEDIUM | source=() URL on a non-standard host, AI review |
| xdroid-bin | taotieren | 8 | MEDIUM | source=() URL on a non-standard host, AI review |
| r-studio-for-linux-bin | christoslongros | 7 | MEDIUM | source=() URL on a non-standard host, AI review |
| rollemup | bidulock | 7 | MEDIUM | source=() URL on a non-standard host, AI review |
| rxvt-unicode-truecolor | Rosy | 7 | MEDIUM | source=() URL on a non-standard host, AI review |
| tap-plugins | defaultxr | 7 | MEDIUM | source=() URL on a non-standard host, AI review |
| tksqlite | Foucault | 7 | MEDIUM | source=() URL on a non-standard host, AI review |
| vapoursynth-plugin-fmtconv | dummyx | 7 | MEDIUM | source=() URL on a non-standard host, AI review |
| x32edit | Gobidev | 7 | MEDIUM | source=() URL on a non-standard host, AI review |
| xfce4-notifyd-git | jgmdev | 7 | MEDIUM | source=() URL on a non-standard host, AI review |
| redact-bin | johnpyp | 6 | MEDIUM | source=() URL on a non-standard host, AI review |
| terrafire | kleintux | 6 | MEDIUM | External download from an untrusted host, not in source=(), AI review |
| th08 | chris_l | 6 | MEDIUM | source=() URL on a non-standard host, AI review |
| tunerstudio | fuhry | 6 | MEDIUM | source=() URL on a non-standard host, AI review |
| typhoon_2001 | McLenin | 6 | MEDIUM | source=() URL on a non-standard host, AI review |
| virtualjaguar-git | SebRmv | 6 | MEDIUM | source=() URL on a non-standard host, AI review |
| wmbattery | bidulock | 6 | MEDIUM | source=() URL on a non-standard host, AI review |
| xmage | aidonius | 6 | MEDIUM | source=() URL on a non-standard host, AI review |
| rakarrack | vitaliikuzhdin | 5 | MEDIUM | source=() URL on a non-standard host, AI review |
| rakarrack-docs | vitaliikuzhdin | 5 | MEDIUM | source=() URL on a non-standard host, AI review |
| scala-music | apicici | 5 | MEDIUM | source=() URL on a non-standard host, AI review |
| sitala-bin | urklang | 5 | MEDIUM | source=() URL on a non-standard host, AI review |
| solidigm-sst-storage-tool-cli | Malvineous | 5 | MEDIUM | source=() URL on a non-standard host, AI review |
| sound-icons | alex19EP | 5 | MEDIUM | source=() URL on a non-standard host, AI review |
| speed-dreams-svn | leillo1975 | 5 | MEDIUM | source=() URL on a non-standard host, AI review |
| streamlink-twitch-gui | bastimeyer | 5 | MEDIUM | source=() URL on a non-standard host, AI review |
| synergy3-bin | Thadah | 5 | MEDIUM | External download from an untrusted host, not in source=(), AI review |
| tonelib-jam-bin | ohli | 5 | MEDIUM | source=() URL on a non-standard host, AI review |
| ttf-oldeenglish | Archadept | 5 | MEDIUM | source=() URL on a non-standard host, AI review |
| ttf-win10 | pyxel | 5 | MEDIUM | source=() URL on a non-standard host, AI review |
| vhdl-simili | robertfoster | 5 | MEDIUM | source=() URL on a non-standard host, AI review |
| vmware-workstation-openrc | — | 5 | MEDIUM | source=() URL on a non-standard host, AI review |
| vmware-workstation14 | voxan24 | 5 | MEDIUM | source=() URL on a non-standard host, AI review |
| webpatente | D3v1n | 5 | MEDIUM | source=() URL on a non-standard host, AI review |
| wxtoimg | gin078 | 5 | MEDIUM | source=() URL on a non-standard host, AI review |
| xonotic-autobuild | johnnybash | 5 | MEDIUM | source=() URL on a non-standard host, AI review |
| ynote-desktop-bin | zxp19821005 | 5 | MEDIUM | source=() URL on a non-standard host, AI review |
| rtl8761usb-dkms | MattKC | 4 | MEDIUM | source=() URL on a non-standard host, AI review |
| simple-scan-linuxmint | Santi-Burgos | 4 | MEDIUM | source=() URL on a non-standard host, AI review |
| sm64ex-redrawn-git | prurigro | 4 | MEDIUM | source=() URL on a non-standard host, AI review |
| spflashtool-standalone | — | 4 | MEDIUM | source=() URL on a non-standard host, AI review |
| stacher7 | BoredYama | 4 | MEDIUM | source=() URL on a non-standard host, AI review |
| stmcufinder | kumen | 4 | MEDIUM | source=() URL on a non-standard host, AI review |
| terabox-bin | okbzl | 4 | MEDIUM | source=() URL on a non-standard host, AI review |
| ttf-economica | mracos | 4 | MEDIUM | source=() URL on a non-standard host, AI review |
| ttf-germanica | Archadept | 4 | MEDIUM | source=() URL on a non-standard host, AI review |
| vapoursynth-plugin-scenechange | sl1pkn07 | 4 | MEDIUM | source=() URL on a non-standard host, AI review |
| vkteams-bin | sandboiii | 4 | MEDIUM | source=() URL on a non-standard host, AI review |
| vmware-workstation15 | voxan24 | 4 | MEDIUM | source=() URL on a non-standard host, AI review |
| vyprvpn-linux-cli | — | 4 | MEDIUM | source=() URL on a non-standard host, AI review |
| wahay-bin | — | 4 | MEDIUM | source=() URL on a non-standard host, AI review |
| winamax-bin | feydreva | 4 | MEDIUM | source=() URL on a non-standard host, AI review |
| zmeventnotification | Nocifer | 4 | MEDIUM | source=() URL on a non-standard host, AI review |
| qwarp | ashutoshtiwari | 3 | MEDIUM | source=() URL on a non-standard host, AI review |
| remotixqc | wellsgz | 3 | MEDIUM | source=() URL on a non-standard host, AI review |
| sakura-frp | yjun | 3 | MEDIUM | source=() URL on a non-standard host, AI review |
| sdkman-bin | rintim | 3 | MEDIUM | External download from an untrusted host, not in source=(), AI review |
| singular-factory | ConnorBehan | 3 | MEDIUM | source=() URL on a non-standard host, AI review |
| skia-sharp-atl | txtsd | 3 | MEDIUM | source=() URL on a non-standard host, AI review |
| soundfont-sm64 | bemxio | 3 | MEDIUM | source=() URL on a non-standard host, AI review |
| supercat | Dominiquini | 3 | MEDIUM | source=() URL on a non-standard host, AI review |
| tak | swordfeng | 3 | MEDIUM | source=() URL on a non-standard host, AI review |
| tembro | andreas_baumann | 3 | MEDIUM | source=() URL on a non-standard host, AI review |
| terasology-latest-bin | soloturn | 3 | MEDIUM | source=() URL on a non-standard host, AI review |
| termius-deb | inetol | 3 | MEDIUM | source=() URL on a non-standard host, AI review |
| tetrio-plus-bin | AzhamProdLive | 3 | MEDIUM | source=() URL on a non-standard host, AI review |
| the-dark-mod-bin | HMK | 3 | MEDIUM | source=() URL on a non-standard host, AI review |
| thunderbird-tbsync | Alfred456654 | 3 | MEDIUM | source=() URL on a non-standard host, AI review |
| ttf-impallari-cancelleresca-bastarda | — | 3 | MEDIUM | source=() URL on a non-standard host, AI review |
| ttf-impallari-formal-script-for-the-web | No1ne | 3 | MEDIUM | source=() URL on a non-standard host, AI review |
| via | sparques | 3 | MEDIUM | source=() URL on a non-standard host, AI review |
| vmware-workstation16 | voxan24 | 3 | MEDIUM | source=() URL on a non-standard host, AI review |
| waves-exchange | lcdss | 3 | MEDIUM | source=() URL on a non-standard host, AI review |
| xchat-se | — | 3 | MEDIUM | source=() URL on a non-standard host, AI review |
| xconvers | not_anonymous | 3 | MEDIUM | source=() URL on a non-standard host, AI review |
| zwcad-bin | — | 3 | MEDIUM | source=() URL on a non-standard host, AI review |
| fcitx5-mozc-git | farseerfc | 2 | MEDIUM | Encoded/compressed payload decoded and executed, source=() URL on a non-standard host, AI review downgraded a static finding |
| quake-rocketarena | Slash | 2 | MEDIUM | source=() URL on a non-standard host, AI review |
| quake3-edawn | — | 2 | MEDIUM | source=() URL on a non-standard host, AI review |
| readarr-nightly-bin | txtsd | 2 | MEDIUM | source=() URL on a non-standard host, AI review |
| regressi-bin | polix_minus | 2 | MEDIUM | source=() URL on a non-standard host, AI review |
| replit-desktop-app | matthewq337 | 2 | MEDIUM | source=() URL on a non-standard host, AI review |
| otf-ronduit-capitals | alerque | 2 | MEDIUM | source=() URL on a non-standard host, AI review |
| rootchat-bin | cloudwithax | 2 | MEDIUM | source=() URL on a non-standard host, AI review |
| rupost-desktop | TitaniumHocker | 2 | MEDIUM | source=() URL on a non-standard host, AI review |
| samsung-ssd-fwupdate | eerielili | 2 | MEDIUM | source=() URL on a non-standard host, AI review |
| seadrive-cli | sclu1034 | 2 | MEDIUM | source=() URL on a non-standard host, AI review |
| seafile-client-appimage | SomeAspy | 2 | MEDIUM | source=() URL on a non-standard host, AI review |
| seamonkey-i18n-hu | voxan24 | 2 | MEDIUM | source=() URL on a non-standard host, AI review |
| seismic-unix | kelen | 2 | MEDIUM | source=() URL on a non-standard host, AI review |
| sferum | lesf0 | 2 | MEDIUM | source=() URL on a non-standard host, AI review |
| sincon-git | napaalm | 2 | MEDIUM | source=() URL on a non-standard host, AI review |
| slic3r-dev | msrd0 | 2 | MEDIUM | External download from an untrusted host, not in source=(), AI review |
| speed-dreams-bin | baboon | 2 | MEDIUM | source=() URL on a non-standard host, AI review |
| spinnaker-sdk | — | 2 | MEDIUM | source=() URL on a non-standard host, AI review |
| sql-power-architect | mrxx | 2 | MEDIUM | source=() URL on a non-standard host, AI review |
| superflu-riteurnz | envolution | 2 | MEDIUM | source=() URL on a non-standard host, AI review |
| sys-pc-tool | antoine163 | 2 | MEDIUM | source=() URL on a non-standard host, AI review |
| termius-beta | tbk | 2 | MEDIUM | source=() URL on a non-standard host, AI review |
| textedit.app | — | 2 | MEDIUM | source=() URL on a non-standard host, AI review |
| tgl-ttf | jjbeard | 2 | MEDIUM | source=() URL on a non-standard host, AI review |
| thunderbird-grammalecte | frankendres | 2 | MEDIUM | source=() URL on a non-standard host, AI review |
| tightvnc-jviewer | maxdevaine | 2 | MEDIUM | source=() URL on a non-standard host, AI review |
| tonespace | ildus | 2 | MEDIUM | source=() URL on a non-standard host, AI review |
| tpasm | uffe | 2 | MEDIUM | source=() URL on a non-standard host, AI review |
| ttf-cmu-sans-serif | stvhuang | 2 | MEDIUM | source=() URL on a non-standard host, AI review |
| ttf-font-awesome-pro | mpldr | 2 | MEDIUM | Package install from an untrusted index/registry host, AI review |
| ttf-hellvetica | Dvd-Znf | 2 | MEDIUM | source=() URL on a non-standard host, AI review |
| ttf-ingleby | bunder | 2 | MEDIUM | source=() URL on a non-standard host, AI review |
| ttf-sil-padauk | alerque | 2 | MEDIUM | source=() URL on a non-standard host, AI review |
| ttf-timetable-latest | dreieck | 2 | MEDIUM | source=() URL on a non-standard host, AI review |
| univga | Vain | 2 | MEDIUM | source=() URL on a non-standard host, AI review |
| upak | donpicoro | 2 | MEDIUM | source=() URL on a non-standard host, AI review |
| ut2004-data-archiveorg | jmsq | 2 | MEDIUM | source=() URL on a non-standard host, AI review |
| virtualhere-client | craggles17 | 2 | MEDIUM | source=() URL on a non-standard host, AI review |