{"package":"mdanter/ecc","ecosystem":"composer","latest_version":"v1.0.0","description":"PHP Elliptic Curve Cryptography library","license":"MIT","license_risk":"permissive","commercial_use_notes":"Permissive: commercial closed-source use OK; preserve the copyright notice.","homepage":"https://github.com/phpecc/phpecc","repository":"https://github.com/phpecc/phpecc","downloads_weekly":0,"health":{"score":0,"risk":"critical","breakdown":{"maintenance":0,"popularity":0,"security":13,"maturity":9,"community":4},"deprecated":true,"max_score":100},"vulnerabilities":{"count":2,"critical":1,"high":0,"medium":1,"low":0,"details":[{"vuln_id":"GHSA-346h-749j-r28w","severity":"critical","summary":"PHPECC vulnerable to multiple cryptographic side-channel attacks","affected_versions":"<=1.0.0|=0.2.0|=v0.3.0|=v0.3.1|=v0.3.2|=v0.4.0|=v0.4.1|=v0.4.2|=v0.4.3|=v0.4.4|=v0.4.5|=v0.4.6|=v0.4.7|=v0.5.0|=v0.5.1|=v0.5.2|=v1.0.0","fixed_version":null,"source":"osv","published_at":"2024-04-25T18:31:58Z","in_kev":false,"threat_tier":"unknown"},{"vuln_id":"CVE-2024-33851","severity":"medium","summary":"mdanter/ecc affected by timing vulnerability in cryptographic side-channels","affected_versions":"<2.0.1|<=1.0.0|=v2.0.0|=0.2.0|=v0.3.0|=v0.3.1|=v0.3.2|=v0.4.0|=v0.4.1|=v0.4.2|=v0.4.3|=v0.4.4|=v0.4.5|=v0.4.6|=v0.4.7|=v0.5.0|=v0.5.1|=v0.5.2|=v1.0.0","fixed_version":"2.0.1","source":"osv","published_at":"2024-04-28T00:30:22Z","in_kev":false,"epss_prob":0.00119,"epss_percentile":0.3039,"threat_tier":"theoretical"}],"actively_exploited_count":0,"likely_exploited_count":0},"versions":{"latest":"v1.0.0","total_count":16,"recent":["v1.0.0","v0.5.2","v0.5.1","v0.5.0","v0.4.7","v0.4.6","v0.4.5","v0.4.4","v0.4.3","v0.4.2","v0.4.1","v0.4.0","v0.3.2","v0.3.1","v0.3.0","0.2.0"]},"metadata":{"deprecated":true,"deprecated_message":"paragonie/ecc","maintainers_count":3,"first_published":null,"last_published":"2021-01-16T19:42:14+00:00","dependencies_count":3,"dependencies":["php","ext-gmp","fgrosse/phpasn1"]},"github_stats":null,"bundle":null,"typescript":null,"known_issues":{"bugs_count":0,"bugs_severity":{},"status_breakdown":{},"link":null,"scope":"none"},"historical_compromise":null,"recommendation":{"action":"do_not_use","issues":["Low health score (0/100)","Package is deprecated","1 critical vulnerabilities"],"use_version":"v1.0.0","version_hint":"Update to >= 2.0.1 to fix known vulnerabilities","summary":"mdanter/ecc has critical vulnerabilities — do not use"},"version_scoped":null,"requested_version":null,"_cache":"miss","_response_ms":334,"_powered_by":"depscope.dev — free package intelligence for AI agents","typosquat":{"is_suspected":false},"maintainer_trust":{"available":true,"bus_factor_3m":1,"active_contributors_12m":0,"primary_author_ratio":0.0,"owner_account_age_days":3892,"is_archived":false,"stars":347,"alerts":["single_active_maintainer_3m"]},"malicious":{"is_malicious":false},"scorecard":{"available":true,"score":2.6,"tier":"poor"},"quality":{"available":false},"version_history_summary":{"total_versions":16,"first_release_age_days":4315,"last_release_days_ago":1929,"avg_days_between_releases":288,"release_velocity":"stale"}}