{"package":"lmdb","ecosystem":"conda","latest_version":"0.9.35","description":"A high-performance embedded transactional key-value store database.","license":"OLDAP-2.8","license_risk":"unknown","commercial_use_notes":"verify manually — license not parseable / not declared.","homepage":"https://www.openldap.org/software/repo.html","repository":"https://github.com/LMDB/lmdb","downloads_weekly":4487,"health":{"score":62,"risk":"moderate","breakdown":{"maintenance":20,"popularity":6,"security":25,"maturity":9,"community":2},"deprecated":false,"max_score":100},"vulnerabilities":{"count":5,"critical":0,"high":0,"medium":0,"low":5,"details":[{"vuln_id":"CVE-2019-16224","severity":"unknown","summary":"An issue was discovered in py-lmdb 0.97. For certain values of md_flags, mdb_node_add does not properly set up a memcpy destination, leading to an invalid write operation. NOTE: this outcome occurs when accessing a data.mdb file supplied by an attacker.","affected_versions":"<0.98|=0.58|=0.59|=0.60|=0.61|=0.62|=0.63|=0.64|=0.65|=0.66|=0.67|=0.68|=0.69|=0.70|=0.71|=0.73|=0.74|=0.75|=0.76|=0.77|=0.78|=0.79|=0.80|=0.81|=0.82|=0.83|=0.84|=0.85|=0.86|=0.87|=0.88|=0.89|=0.91|=0.92|=0.93|=0.94|=0.95|=0.96|=0.97","fixed_version":"0.98","source":"osv","published_at":"2019-09-11T15:15:00Z","in_kev":false,"epss_prob":0.00418,"epss_percentile":0.6183,"threat_tier":"theoretical"},{"vuln_id":"CVE-2019-16225","severity":"unknown","summary":"An issue was discovered in py-lmdb 0.97. For certain values of mp_flags, mdb_page_touch does not properly set up mc->mc_pg[mc->top], leading to an invalid write operation. NOTE: this outcome occurs when accessing a data.mdb file supplied by an attacker.","affected_versions":"<0.98|=0.58|=0.59|=0.60|=0.61|=0.62|=0.63|=0.64|=0.65|=0.66|=0.67|=0.68|=0.69|=0.70|=0.71|=0.73|=0.74|=0.75|=0.76|=0.77|=0.78|=0.79|=0.80|=0.81|=0.82|=0.83|=0.84|=0.85|=0.86|=0.87|=0.88|=0.89|=0.91|=0.92|=0.93|=0.94|=0.95|=0.96|=0.97","fixed_version":"0.98","source":"osv","published_at":"2019-09-11T15:15:00Z","in_kev":false,"epss_prob":0.00418,"epss_percentile":0.6183,"threat_tier":"theoretical"},{"vuln_id":"CVE-2019-16226","severity":"unknown","summary":"An issue was discovered in py-lmdb 0.97. mdb_node_del does not validate a memmove in the case of an unexpected node->mn_hi, leading to an invalid write operation. NOTE: this outcome occurs when accessing a data.mdb file supplied by an attacker.","affected_versions":"<0.98|=0.58|=0.59|=0.60|=0.61|=0.62|=0.63|=0.64|=0.65|=0.66|=0.67|=0.68|=0.69|=0.70|=0.71|=0.73|=0.74|=0.75|=0.76|=0.77|=0.78|=0.79|=0.80|=0.81|=0.82|=0.83|=0.84|=0.85|=0.86|=0.87|=0.88|=0.89|=0.91|=0.92|=0.93|=0.94|=0.95|=0.96|=0.97","fixed_version":"0.98","source":"osv","published_at":"2019-09-11T15:15:00Z","in_kev":false,"epss_prob":0.00433,"epss_percentile":0.62779,"threat_tier":"theoretical"},{"vuln_id":"CVE-2019-16227","severity":"unknown","summary":"An issue was discovered in py-lmdb 0.97. For certain values of mn_flags, mdb_cursor_set triggers a memcpy with an invalid write operation within mdb_xcursor_init1. NOTE: this outcome occurs when accessing a data.mdb file supplied by an attacker.","affected_versions":"<0.98|=0.58|=0.59|=0.60|=0.61|=0.62|=0.63|=0.64|=0.65|=0.66|=0.67|=0.68|=0.69|=0.70|=0.71|=0.73|=0.74|=0.75|=0.76|=0.77|=0.78|=0.79|=0.80|=0.81|=0.82|=0.83|=0.84|=0.85|=0.86|=0.87|=0.88|=0.89|=0.91|=0.92|=0.93|=0.94|=0.95|=0.96|=0.97","fixed_version":"0.98","source":"osv","published_at":"2019-09-11T15:15:00Z","in_kev":false,"epss_prob":0.00402,"epss_percentile":0.60846,"threat_tier":"theoretical"},{"vuln_id":"CVE-2019-16228","severity":"unknown","summary":"An issue was discovered in py-lmdb 0.97. There is a divide-by-zero error in the function mdb_env_open2 if mdb_env_read_header obtains a zero value for a certain size field. NOTE: this outcome occurs when accessing a data.mdb file supplied by an attacker.","affected_versions":"<0.98|=0.58|=0.59|=0.60|=0.61|=0.62|=0.63|=0.64|=0.65|=0.66|=0.67|=0.68|=0.69|=0.70|=0.71|=0.73|=0.74|=0.75|=0.76|=0.77|=0.78|=0.79|=0.80|=0.81|=0.82|=0.83|=0.84|=0.85|=0.86|=0.87|=0.88|=0.89|=0.91|=0.92|=0.93|=0.94|=0.95|=0.96|=0.97","fixed_version":"0.98","source":"osv","published_at":"2019-09-11T15:15:00Z","in_kev":false,"epss_prob":0.00247,"epss_percentile":0.47917,"threat_tier":"theoretical"}],"actively_exploited_count":0,"likely_exploited_count":0},"versions":{"latest":"0.9.35","total_count":12,"recent":["0.9.18","0.9.21","0.9.22","0.9.23","0.9.24","0.9.25","0.9.26","0.9.27","0.9.28","0.9.29","0.9.31","0.9.35"]},"metadata":{"deprecated":false,"deprecated_message":null,"maintainers_count":1,"first_published":"2022-02-24 06:41:11.711000+00:00","last_published":"2026-01-31 02:22:34.237000+00:00","dependencies_count":0,"dependencies":[]},"github_stats":null,"bundle":null,"typescript":null,"known_issues":{"bugs_count":0,"bugs_severity":{},"status_breakdown":{},"link":null,"scope":"none"},"historical_compromise":null,"recommendation":{"action":"safe_to_use","issues":[],"use_version":"0.9.35","version_hint":"Update to >= 0.98 to fix known vulnerabilities","summary":"lmdb@0.9.35 is safe to use (health: 62/100)"},"version_scoped":null,"requested_version":null,"_cache":"miss","_response_ms":616,"_powered_by":"depscope.dev — free package intelligence for AI agents","typosquat":{"is_suspected":false},"maintainer_trust":{"available":true,"bus_factor_3m":1,"active_contributors_12m":4,"primary_author_ratio":0.5,"owner_account_age_days":4023,"is_archived":false,"stars":2960,"alerts":["single_active_maintainer_3m"]},"malicious":{"is_malicious":false},"scorecard":{"available":false},"quality":{"available":false},"version_history_summary":{"total_versions":12,"first_release_age_days":1525,"last_release_days_ago":88,"avg_days_between_releases":139,"release_velocity":"active"},"popularity_warning":{"this_ecosystem_downloads":4487,"more_popular_in":{"ecosystem":"npm","downloads_weekly":4940895},"hint":"This is the conda package 'lmdb' (4,487 dl/week). A much more popular package with the same name exists in npm (4,940,895 dl/week). Confirm you queried the right ecosystem."}}