Top issues
Detected presence of severe vulnerabilities with active exploitation.
Causes risk: actively exploited vulnerabilities
vulnerabilities
Problem
Software composition analysis has identified a component with one or more known severe vulnerabilities. Available threat intelligence telemetry has confirmed that the reported high or critical severity vulnerabilities are actively being exploited by malicious actors.Prevalence in PyPI community
38 packages
found in
Top 100
303 packages
found in
Top 1k
2611 packages
found in
Top 10k
103184 packages
in community
Next steps
We strongly advise updating the component to the latest version.
If the update can't resolve the issue, create a plan to isolate or replace the affected component.
Detected presence of high severity vulnerabilities.
Causes risk: high severity vulnerabilities
vulnerabilities
Problem
Software composition analysis has identified a component with one or more known vulnerabilities. Based on the CVSS scoring, these vulnerabilities have been marked as high severity.Prevalence in PyPI community
50 packages
found in
Top 100
352 packages
found in
Top 1k
2858 packages
found in
Top 10k
108771 packages
in community
Next steps
Perform impact analysis for the reported CVEs.
Update the component to the latest version.
If the update can't resolve the issue, create a plan to isolate or replace the affected component.
Detected Windows shared library files that do not suppress exports which reduces CFG vulnerability mitigation protection effectiveness.
Causes risk: low priority mitigations absent
hardening
Problem
Control Flow Guard (CFG/CFI) protects the code flow integrity by ensuring that dynamic calls are made only to vetted functions. Trusted execution paths rely on the ability of the operating system to build a list of valid function targets. Certain functions can intentionally be disallowed to prevent malicious code from deactivating vulnerability mitigation features. A list of such invalid function targets can include publicly exported symbols. Applications that enhance control flow integrity through export suppression rely on libraries to mark their publicly visible symbols as suppressed. This is done for all symbols that are considered to be sensitive functions, and to which access should be restricted. It is considered dangerous to mix applications that perform export suppression with libraries that do not.Prevalence in PyPI community
26 packages
found in
Top 100
130 packages
found in
Top 1k
732 packages
found in
Top 10k
14459 packages
in community
Next steps
To enable this mitigation on library code, refer to your programming language toolchain documentation.
In Microsoft VisualStudio, you can enable CFG mitigation by passing the /guard:cf parameter to the compiler and linker.
Detected Windows executable files that do not implement long jump control flow vulnerability mitigation protection.
Causes risk: low priority mitigations absent
hardening
Problem
Control Flow Guard (CFG/CFI) protects the code flow integrity by ensuring that indirect calls are made only to vetted functions. This mitigation protects dynamically resolved function targets by instrumenting the code responsible for transferring execution control. Higher-level programming languages implement structured exception handling by managing their own code flow execution paths. As such, they are subject to code flow hijacking during runtime. Language-specific exception handling mitigation enforces execution integrity by instrumenting calls to manage execution context switching. Any deviation from the known and trusted code flow paths will cause the application to terminate. This makes malicious code less likely to execute.Prevalence in PyPI community
30 packages
found in
Top 100
141 packages
found in
Top 1k
779 packages
found in
Top 10k
16437 packages
in community
Next steps
It's highly recommended to enable this option for all software components used at security boundaries, or those that process user controlled inputs.
To enable this mitigation, refer to your programming language toolchain documentation.
In Microsoft VisualStudio, you can enable CFG mitigation by passing the /guard:cf parameter to the compiler and linker.
Top behaviors
Decrypts data using the Windows Cryptography API.
packer
Prevalence in PyPI community
Behavior often found in this community (Common)
3 packages
found in
Top 100
8 packages
found in
Top 1k
48 packages
found in
Top 10k
821 packages
in community
Contains URLs that link to interesting file formats.
network
Prevalence in PyPI community
Behavior often found in this community (Common)
75 packages
found in
Top 100
451 packages
found in
Top 1k
3488 packages
found in
Top 10k
109392 packages
in community
Encrypts or encodes files and other data using the Windows Cryptography API.
file
Prevalence in PyPI community
Behavior uncommon for this community (Uncommon)
2 packages
found in
Top 100
7 packages
found in
Top 1k
23 packages
found in
Top 10k
434 packages
in community
Contains IP addresses.
network
Prevalence in PyPI community
Behavior often found in this community (Common)
67 packages
found in
Top 100
520 packages
found in
Top 1k
3993 packages
found in
Top 10k
158349 packages
in community
Writes to files in Windows system directories.
file
Prevalence in PyPI community
Behavior often found in this community (Common)
5 packages
found in
Top 100
30 packages
found in
Top 1k
161 packages
found in
Top 10k
3367 packages
in community
Top vulnerabilities
Vulnerability Exploitation Lifecycle
(2 Active Vulnerabilities)
None
2 (2 Fixable)
CVE-2024-56171h
CVE-2025-24928h
None
None
Exploits Unknown
Exploits Exist
Exploited by Malware
Patching Mandated