{"package":"dgl","ecosystem":"conda","latest_version":"2.3.0","description":"A deep graph library","license":"Apache-2.0","license_risk":"permissive","commercial_use_notes":"Permissive: commercial closed-source use OK; preserve the copyright notice.","homepage":"https://github.com/dmlc/dgl","repository":"","downloads_weekly":2932,"health":{"score":39,"risk":"critical","breakdown":{"maintenance":5,"popularity":6,"security":20,"maturity":6,"community":2},"deprecated":false,"max_score":100},"vulnerabilities":{"count":1,"critical":0,"high":1,"medium":0,"low":0,"details":[{"vuln_id":"GHSA-3x5x-fw77-g54c","severity":"high","summary":"dmlc/dgl Vulnerable to Remote Code Execution by Pickle Deserialization via rpc.recv_request()","affected_versions":"<=2.4.0|=0.0.1|=0.1.0|=0.1.2|=0.1.3|=0.2|=0.3|=0.3.1|=0.4|=0.4.1|=0.4.2|=0.4.3|=0.4.3.post1|=0.4.3.post2|=0.4rc190819|=0.4rc190821|=0.4rc190822|=0.4rc190823|=0.4rc190824|=0.4rc190826|=0.4rc190902|=0.4rc190903|=0.4rc190904|=0.4rc190905|=0.4rc190906|=0.4rc190908|=0.4rc190909|=0.4rc190910|=0.4rc190911|=0.4rc190912|=0.4rc190915|=0.4rc190916|=0.4rc190917|=0.4rc190918|=0.4rc190920|=0.4rc190921|=0.4rc190923|=0.4rc190924|=0.4rc190927|=0.4rc190928|=0.4rc190929|=0.4rc191001|=0.4rc191003|=0.4rc191004|=0.4rc191005|=0.5.0|=0.5.1|=0.5.2|=0.5.3|=0.6.0|=0.6.0.post1|=0.6.1|=0.8.0.post1|=0.9.0|=0.9.1|=1.0.0|=1.0.1|=1.0.4|=1.1.0|=1.1.1|=1.1.2|=1.1.2.post1|=1.1.3|=2.0.0|=2.1.0|=2.2.0|=2.2.1","fixed_version":null,"source":"osv","published_at":"2025-03-05T19:50:09Z"}],"actively_exploited_count":0,"likely_exploited_count":0},"versions":{"latest":"2.3.0","total_count":8,"recent":["1.1.0","1.1.1","1.1.2","1.1.3","2.0.0","2.1.0","2.2.1","2.3.0"]},"metadata":{"deprecated":false,"deprecated_message":null,"maintainers_count":1,"first_published":"2023-08-18 00:06:53.114000+00:00","last_published":"2025-04-22 14:58:46.461000+00:00","dependencies_count":0,"dependencies":[]},"bundle":null,"typescript":null,"known_issues":{"bugs_count":0,"bugs_severity":{},"status_breakdown":{},"link":null,"scope":"none"},"historical_compromise":null,"recommendation":{"action":"update_required","issues":["Low health score (39/100)","1 high severity vulnerabilities"],"use_version":"2.3.0","version_hint":null,"summary":"dgl@2.3.0 has vulnerabilities — update to latest"},"version_scoped":null,"requested_version":null,"_cache":"hit","_response_ms":0,"_powered_by":"depscope.dev — free package intelligence for AI agents","typosquat":{"is_suspected":false},"maintainer_trust":{"available":false},"malicious":{"is_malicious":false},"scorecard":{"available":false},"quality":{"available":false}}