Spectra Assure
Community
Docs
failIncident: Removal
Scanned: 14 days ago

xgboost

Artifact:
removed
Top 1k
XGBoost Python Package
License: Permissive (Apache-2.0)
Published: over 1 year ago
See on PyPI

SAFE Assessment

Compliance

Licenses
No license compliance issues
Secrets
2 debugging symbols found

Security

Vulnerabilities
1 severe vulnerabilities exploited
Hardening
2 execution hijacking concerns

Threats

Tampering
No evidence of software tampering
Malware
No evidence of malware inclusion

INCIDENTS:

removal
over 1 year agoReported By: Community
List of known vulnerabilities affecting the software package and the components it embeds. Last refreshed on: 2025/10/18
CVSS Score
CVE
Name
Tags
critical
9.8
CVE-2020-13092
Exploits Exist
Vulnerability Triaged
critical
9.8
CVE-2022-37434
Exploits Exist
Fix Available
high
8.8
CVE-2022-33891
Exploits Exist
Exploited by Malware
Patching Mandated
Vulnerability Triaged

Did you know...

... that you can use ReversingLabs’ Spectra Assure platform to perform regular risk assessments of packages you develop in-house?

We recommend continuous software safeness monitoring through CI/CD integrations and pre-release/deployment checks. In addition to basic package information found on this page our platform offers rich reports for developers and DevSecOps that help them remediate all reported issues.