{"package":"buildbot","ecosystem":"conda","latest_version":"4.3.0","description":"Python-based continuous integration testing framework","license":"GPL-2.0","license_risk":"strong_copyleft","commercial_use_notes":"GPL-2.0: derivative works must release source under GPL; static linking forces disclosure.","homepage":"https://buildbot.net/","repository":"","downloads_weekly":584,"health":{"score":48,"risk":"high","breakdown":{"maintenance":10,"popularity":3,"security":21,"maturity":12,"community":2},"deprecated":false,"max_score":100},"vulnerabilities":{"count":2,"critical":0,"high":0,"medium":2,"low":0,"details":[{"vuln_id":"CVE-2009-2959","severity":"medium","summary":"Buildbot Cross-site scripting (XSS) vulnerability","affected_versions":">=0.7.6,<0.7.11p3|=0.7.10|=0.7.11|=0.7.12|=0.7.6|=0.7.7|=0.7.8|=0.7.9|=0.8.0|=0.8.1|=0.8.10|=0.8.12|=0.8.13|=0.8.14|=0.8.2|=0.8.3|=0.8.4|=0.8.5|=0.8.6|=0.8.7|=0.8.8|=0.8.9|=0.9.0|=0.9.0.post1|=0.9.0b1|=0.9.0b2|=0.9.0b3|=0.9.0b4|=0.9.0b5|=0.9.0b6|=0.9.0b7|=0.9.0b8|=0.9.0b9|=0.9.0rc1|=0.9.0rc2|=0.9.0rc3|=0.9.0rc4|=0.9.1|=0.9.10|=0.9.11|=0.9.12|=0.9.13|=0.9.14|=0.9.15|=0.9.15.post1|=0.9.2|=0.9.3|=0.9.4|=0.9.5|=0.9.6|=0.9.7|=0.9.8|=0.9.9|=0.9.9.post1|=0.9.9.post2|=1.0.0|=1.1.0|=1.1.1|=1.1.2|=1.2.0|=1.3.0|=1.4.0|=1.5.0|=1.6.0|=1.7.0|=1.8.0|=1.8.1|=1.8.2|=2.0.1|=2.1.0|=2.10.0|=2.10.1|=2.10.2|=2.10.3|=2.10.4|=2.10.5|=2.2.0|=2.3.0|=2.3.1|=2.4.0|=2.4.1|=2.5.0|=2.5.1|=2.6.0|=2.7.0|=2.8.0|=2.8.1|=2.8.2|=2.8.3|=2.8.4|=2.9.0|=2.9.1|=2.9.2|=2.9.3|=2.9.4|=3.0.0|=3.0.1|=3.0.2|=3.0.3|=3.1.0|=3.1.1|=3.10.0|=3.10.1|=3.11.0|=3.11.1|=3.11.2|=3.11.3|=3.11.5|=3.11.6|=3.11.7|=3.2.0|=3.3.0|=3.4.0|=3.4.1|=3.5.0|=3.6.0|=3.6.1|=3.7.0|=3.8.0|=3.9.0|=3.9.1|=3.9.2|=4.0.0|=4.0.1|=4.0.2","fixed_version":"0.7.11p3","source":"osv","published_at":"2022-05-02T03:40:27Z","in_kev":false,"epss_prob":0.00467,"epss_percentile":0.6452,"threat_tier":"theoretical"},{"vuln_id":"CVE-2009-2967","severity":"medium","summary":"Buildbot vulnerable to cross-site scripting","affected_versions":">=0.7.6,<0.7.11p3|=0.7.10|=0.7.11|=0.7.12|=0.7.6|=0.7.7|=0.7.8|=0.7.9|=0.8.0|=0.8.1|=0.8.10|=0.8.12|=0.8.13|=0.8.14|=0.8.2|=0.8.3|=0.8.4|=0.8.5|=0.8.6|=0.8.7|=0.8.8|=0.8.9|=0.9.0|=0.9.0.post1|=0.9.0b1|=0.9.0b2|=0.9.0b3|=0.9.0b4|=0.9.0b5|=0.9.0b6|=0.9.0b7|=0.9.0b8|=0.9.0b9|=0.9.0rc1|=0.9.0rc2|=0.9.0rc3|=0.9.0rc4|=0.9.1|=0.9.10|=0.9.11|=0.9.12|=0.9.13|=0.9.14|=0.9.15|=0.9.15.post1|=0.9.2|=0.9.3|=0.9.4|=0.9.5|=0.9.6|=0.9.7|=0.9.8|=0.9.9|=0.9.9.post1|=0.9.9.post2|=1.0.0|=1.1.0|=1.1.1|=1.1.2|=1.2.0|=1.3.0|=1.4.0|=1.5.0|=1.6.0|=1.7.0|=1.8.0|=1.8.1|=1.8.2|=2.0.1|=2.1.0|=2.10.0|=2.10.1|=2.10.2|=2.10.3|=2.10.4|=2.10.5|=2.2.0|=2.3.0|=2.3.1|=2.4.0|=2.4.1|=2.5.0|=2.5.1|=2.6.0|=2.7.0|=2.8.0|=2.8.1|=2.8.2|=2.8.3|=2.8.4|=2.9.0|=2.9.1|=2.9.2|=2.9.3|=2.9.4|=3.0.0|=3.0.1|=3.0.2|=3.0.3|=3.1.0|=3.1.1|=3.10.0|=3.10.1|=3.11.0|=3.11.1|=3.11.2|=3.11.3|=3.11.5|=3.11.6|=3.11.7|=3.2.0|=3.3.0|=3.4.0|=3.4.1|=3.5.0|=3.6.0|=3.6.1|=3.7.0|=3.8.0|=3.9.0|=3.9.1|=3.9.2|=4.0.0|=4.0.1|=4.0.2","fixed_version":"0.7.11p3","source":"osv","published_at":"2022-05-02T03:40:28Z","in_kev":false,"epss_prob":0.00604,"epss_percentile":0.69671,"threat_tier":"theoretical"}],"actively_exploited_count":0,"likely_exploited_count":0},"versions":{"latest":"4.3.0","total_count":50,"recent":["3.6.1","3.7.0","3.8.0","3.9.0","3.9.1","3.9.2","3.10.0","3.10.1","3.11.0","3.11.1","3.11.2","3.11.3","3.11.5","4.0.1","4.0.2","4.0.3","4.1.0","4.2.0","4.2.1","4.3.0"]},"metadata":{"deprecated":false,"deprecated_message":null,"maintainers_count":1,"first_published":"2020-05-28 05:58:03.147000+00:00","last_published":"2025-05-13 11:35:44.706000+00:00","dependencies_count":0,"dependencies":[]},"bundle":null,"typescript":null,"known_issues":{"bugs_count":0,"bugs_severity":{},"status_breakdown":{},"link":null,"scope":"none"},"historical_compromise":null,"recommendation":{"action":"safe_to_use","issues":[],"use_version":"4.3.0","version_hint":"Update to >= 0.7.11p3 to fix known vulnerabilities","summary":"buildbot@4.3.0 is safe to use (health: 48/100)"},"version_scoped":null,"requested_version":null,"_cache":"hit","_response_ms":0,"_powered_by":"depscope.dev — free package intelligence for AI agents","typosquat":{"is_suspected":false},"maintainer_trust":{"available":false},"malicious":{"is_malicious":false},"scorecard":{"available":false},"quality":{"available":false}}