{"package":"kedro","ecosystem":"conda","latest_version":"1.2.0","description":"Kedro helps you build production-ready data and analytics pipelines.","license":"Apache-2.0","license_risk":"permissive","commercial_use_notes":"Permissive: commercial closed-source use OK; preserve the copyright notice.","homepage":"https://github.com/quantumblacklabs/kedro","repository":"https://github.com/quantumblacklabs/kedro","downloads_weekly":548,"health":{"score":55,"risk":"high","breakdown":{"maintenance":20,"popularity":3,"security":10,"maturity":12,"community":10},"deprecated":false,"max_score":100},"vulnerabilities":{"count":2,"critical":1,"high":1,"medium":0,"low":0,"details":[{"vuln_id":"CVE-2026-35167","severity":"high","summary":"Kedro: Path Traversal in versioned dataset loading via unsanitized version string","affected_versions":"<1.3.0|=0.14.0|=0.14.1|=0.14.2|=0.14.3|=0.15.0|=0.15.1|=0.15.2|=0.15.3|=0.15.4|=0.15.5|=0.15.6|=0.15.7|=0.15.8|=0.15.9|=0.16.0|=0.16.1|=0.16.2|=0.16.3|=0.16.4|=0.16.5|=0.16.6|=0.17.0|=0.17.1|=0.17.2|=0.17.3|=0.17.4|=0.17.5|=0.17.6|=0.17.7|=0.18.0|=0.18.1|=0.18.10|=0.18.11|=0.18.12|=0.18.13|=0.18.14|=0.18.2|=0.18.3|=0.18.4|=0.18.5|=0.18.6|=0.18.7|=0.18.8|=0.18.9|=0.19.0|=0.19.1|=0.19.10|=0.19.11|=0.19.12|=0.19.13|=0.19.14|=0.19.15|=0.19.2|=0.19.3|=0.19.4|=0.19.5|=0.19.6|=0.19.7|=0.19.8|=0.19.9|=1.0.0|=1.0.0rc1|=1.0.0rc2|=1.0.0rc3|=1.1.0|=1.1.1|=1.2.0","fixed_version":"1.3.0","source":"osv","published_at":"2026-04-03T03:46:48Z","in_kev":false,"epss_prob":0.00019,"epss_percentile":0.05154,"threat_tier":"theoretical"},{"vuln_id":"CVE-2026-35171","severity":"critical","summary":"Kedro has Arbitrary Code Execution via Malicious Logging Configuration","affected_versions":"<1.3.0|=0.14.0|=0.14.1|=0.14.2|=0.14.3|=0.15.0|=0.15.1|=0.15.2|=0.15.3|=0.15.4|=0.15.5|=0.15.6|=0.15.7|=0.15.8|=0.15.9|=0.16.0|=0.16.1|=0.16.2|=0.16.3|=0.16.4|=0.16.5|=0.16.6|=0.17.0|=0.17.1|=0.17.2|=0.17.3|=0.17.4|=0.17.5|=0.17.6|=0.17.7|=0.18.0|=0.18.1|=0.18.10|=0.18.11|=0.18.12|=0.18.13|=0.18.14|=0.18.2|=0.18.3|=0.18.4|=0.18.5|=0.18.6|=0.18.7|=0.18.8|=0.18.9|=0.19.0|=0.19.1|=0.19.10|=0.19.11|=0.19.12|=0.19.13|=0.19.14|=0.19.15|=0.19.2|=0.19.3|=0.19.4|=0.19.5|=0.19.6|=0.19.7|=0.19.8|=0.19.9|=1.0.0|=1.0.0rc1|=1.0.0rc2|=1.0.0rc3|=1.1.0|=1.1.1|=1.2.0","fixed_version":"1.3.0","source":"osv","published_at":"2026-04-03T03:48:48Z","in_kev":false,"epss_prob":0.00137,"epss_percentile":0.3314,"threat_tier":"theoretical"}],"actively_exploited_count":0,"likely_exploited_count":0},"versions":{"latest":"1.2.0","total_count":50,"recent":["0.18.14","0.19.0","0.19.1","0.19.2","0.19.3","0.19.4","0.19.5","0.19.6","0.19.7","0.19.8","0.19.9","0.19.10","0.19.11","0.19.12","0.19.13","0.19.14","1.0.0","1.1.0","1.1.1","1.2.0"]},"metadata":{"deprecated":false,"deprecated_message":null,"maintainers_count":1,"first_published":"2020-06-15 19:33:44.852000+00:00","last_published":"2026-01-29 19:44:00.943000+00:00","dependencies_count":0,"dependencies":[]},"github_stats":{"stars":10855,"forks":1032,"open_issues":184,"is_archived":false,"pushed_at":"2026-04-29T11:05:15Z","subscribers_count":100},"bundle":null,"typescript":null,"known_issues":{"bugs_count":0,"bugs_severity":{},"status_breakdown":{},"link":null,"scope":"none"},"historical_compromise":null,"recommendation":{"action":"do_not_use","issues":["1 high severity vulnerabilities","1 critical vulnerabilities"],"use_version":"1.2.0","version_hint":"Update to >= 1.3.0 to fix known vulnerabilities","summary":"kedro has critical vulnerabilities — do not use"},"version_scoped":null,"requested_version":null,"_cache":"hit","_response_ms":0,"_powered_by":"depscope.dev — free package intelligence for AI agents","typosquat":{"is_suspected":false},"maintainer_trust":{"available":false},"malicious":{"is_malicious":false},"scorecard":{"available":false},"quality":{"available":false},"version_history_summary":{"total_versions":20,"first_release_age_days":2143,"last_release_days_ago":89,"avg_days_between_releases":113,"release_velocity":"active"}}