{"package":"qiskit-terra","ecosystem":"conda","latest_version":"0.46.3","description":"SDK for working with quantum computers at the level of extended quantum circuits, operators, and primitives.","license":"Apache-2.0","license_risk":"permissive","commercial_use_notes":"Permissive: commercial closed-source use OK; preserve the copyright notice.","homepage":"https://www.ibm.com/quantum/qiskit","repository":"https://github.com/Qiskit/qiskit","downloads_weekly":2471,"health":{"score":40,"risk":"high","breakdown":{"maintenance":15,"popularity":6,"security":10,"maturity":12,"community":2},"deprecated":false,"max_score":100},"vulnerabilities":{"count":2,"critical":1,"high":1,"medium":0,"low":0,"details":[{"vuln_id":"CVE-2025-2000","severity":"critical","summary":"Qiskit allows arbitrary code execution decoding QPY format versions < 13","affected_versions":">=0.18.0,<=0.46.3|<1.4.2|>=2.0.0rc1,<2.0.0rc2|=0.18.0|=0.18.1|=0.18.2|=0.18.3|=0.19.0|=0.19.1|=0.19.2|=0.20.0|=0.20.1|=0.20.2|=0.21.0|=0.21.0rc1|=0.21.1|=0.21.2|=0.22.0|=0.22.0rc1|=0.22.1|=0.22.2|=0.22.3|=0.22.4|=0.23.0|=0.23.0rc1|=0.23.1|=0.23.2|=0.23.3|=0.24.0|=0.24.0rc1|=0.24.1|=0.24.2|=0.25.0|=0.25.0rc1|=0.25.1|=0.25.2|=0.25.2.1|=0.25.3|=0.45.0|=0.45.0rc1|=0.45.1|=0.45.2|=0.45.3|=0.46.0|=0.46.1|=0.46.2|=0.46.3|=0.10.0|=0.10.1|=0.10.2|=0.10.3|=0.10.4|=0.10.5|=0.11.0|=0.11.1|=0.11.2|=0.12.0|=0.12.1|=0.12.2|=0.13.0|=0.14.0|=0.14.1|=0.15.0|=0.16.0|=0.16.1|=0.16.2|=0.17.0|=0.18.0|=0.18.1|=0.18.2|=0.18.3|=0.19.0|=0.19.1|=0.19.2|=0.19.3|=0.19.4|=0.19.5|=0.19.6|=0.20.0|=0.20.1|=0.21.0|=0.22.0|=0.23.0|=0.23.1|=0.23.2|=0.23.3|=0.23.4|=0.23.5|=0.23.6|=0.24.0|=0.24.1|=0.25.0|=0.25.1|=0.25.2|=0.25.3|=0.25.4|=0.26.0|=0.26.1|=0.26.2|=0.27.0|=0.28.0|=0.29.0|=0.29.1|=0.3.10|=0.3.11|=0.3.12|=0.3.13|=0.3.14|=0.3.15|=0.3.16|=0.3.2|=0.3.3|=0.3.4|=0.3.5|=0.3.6|=0.3.7|=0.3.8|=0.3.9|=0.30.0|=0.30.1|=0.31.0|=0.32.0|=0.32.1|=0.33.0|=0.33.1|=0.34.0|=0.34.1|=0.34.2|=0.35.0|=0.36.0|=0.36.1|=0.36.2|=0.37.0|=0.37.1|=0.37.2|=0.38.0|=0.39.0|=0.39.1|=0.39.2|=0.39.3|=0.39.4|=0.39.5|=0.4.0|=0.4.1|=0.4.10|=0.4.11|=0.4.12|=0.4.13|=0.4.14|=0.4.15|=0.4.2|=0.4.3|=0.4.4|=0.4.5|=0.4.6|=0.4.7|=0.4.8|=0.4.9|=0.40.0|=0.41.0|=0.41.1|=0.42.0|=0.42.1|=0.43.0|=0.43.1|=0.43.2|=0.43.3|=0.44.0|=0.44.1|=0.44.2|=0.44.3|=0.45.0|=0.45.0rc1|=0.45.1|=0.45.2|=0.45.3|=0.46.0|=0.46.1|=0.46.2|=0.46.3|=0.5.0|=0.5.1|=0.5.2|=0.5.3|=0.5.4|=0.5.5|=0.5.6|=0.5.7|=0.6.0|=0.6.1|=0.7.0|=0.7.1|=0.7.2|=0.7.3|=0.8.0|=0.8.1|=0.9.0|=1.0.0|=1.0.0b1|=1.0.0rc1|=1.0.1|=1.0.2|=1.1.0|=1.1.0rc1|=1.1.1|=1.1.2|=1.2.0|=1.2.0rc1|=1.2.1|=1.2.2|=1.2.3|=1.2.4|=1.3.0|=1.3.0b1|=1.3.0rc1|=1.3.0rc2|=1.3.1|=1.3.2|=1.3.3|=1.4.0|=1.4.1|=2.0.0rc1","fixed_version":"2.0.0rc2","source":"osv","published_at":"2025-03-14T19:56:14Z","in_kev":false,"epss_prob":0.00168,"epss_percentile":0.37556,"threat_tier":"theoretical"},{"vuln_id":"CVE-2025-1403","severity":"high","summary":"Malciously crafted QPY files can allows Remote Attackers to Cause Denial of Service in Qiskit","affected_versions":">=0.45.0,<1.3.0|>=0.45.0,<=0.46.3|=0.45.0|=0.45.1|=0.45.2|=0.45.3|=0.46.0|=0.46.1|=0.46.2|=0.46.3|=1.0.0|=1.0.0b1|=1.0.0rc1|=1.0.1|=1.0.2|=1.1.0|=1.1.0rc1|=1.1.1|=1.1.2|=1.2.0|=1.2.0rc1|=1.2.1|=1.2.2|=1.2.3|=1.2.4|=1.3.0b1|=1.3.0rc1|=1.3.0rc2|=0.45.0|=0.45.1|=0.45.2|=0.45.3|=0.46.0|=0.46.1|=0.46.2|=0.46.3","fixed_version":"1.3.0","source":"osv","published_at":"2025-02-21T21:42:43Z","in_kev":false,"epss_prob":0.00099,"epss_percentile":0.27282,"threat_tier":"theoretical"}],"actively_exploited_count":0,"likely_exploited_count":0},"versions":{"latest":"0.46.3","total_count":30,"recent":["0.22.3","0.23.0","0.23.1","0.23.2","0.23.3","0.24.0","0.24.1","0.24.2","0.25.0","0.25.1","0.25.2.1","0.25.3","0.45.0","0.45.1","0.45.2","0.45.3","0.46.0","0.46.1","0.46.2","0.46.3"]},"metadata":{"deprecated":false,"deprecated_message":null,"maintainers_count":1,"first_published":"2022-03-23 12:03:59.315000+00:00","last_published":"2025-12-23 19:47:44.859000+00:00","dependencies_count":0,"dependencies":[]},"github_stats":null,"bundle":null,"typescript":null,"known_issues":{"bugs_count":0,"bugs_severity":{},"status_breakdown":{},"link":null,"scope":"none"},"historical_compromise":null,"recommendation":{"action":"do_not_use","issues":["Moderate health score (40/100) — verify manually","1 high severity vulnerabilities","1 critical vulnerabilities"],"use_version":"0.46.3","version_hint":"Update to >= 1.3.0 to fix known vulnerabilities","summary":"qiskit-terra has critical vulnerabilities — do not use"},"version_scoped":null,"_meta":{"endpoint":"check","tier":"full","philosophy":"DepScope is free. Use the cheapest endpoint that answers your real question.","cheaper_alternatives":[{"endpoint":"/api/exists/conda/qiskit-terra","tokens_estimated":12,"use_when":"you only need to know if the package exists (hallucination guard)"},{"endpoint":"/api/health/conda/qiskit-terra","tokens_estimated":80,"use_when":"you only need a 0-100 score for go/no-go (>=70 = safe)"},{"endpoint":"/api/prompt/conda/qiskit-terra","tokens_estimated":280,"use_when":"you want a plain-text LLM-friendly brief instead of JSON"},{"endpoint":"POST /api/check_bulk","tokens_estimated":60,"use_when":"you have 5+ packages to check; sends one round-trip instead of N"}],"docs":"https://depscope.dev/integrate","hint_bulk":"You've called /api/check 21 times in 60s. Save bandwidth + tokens with POST /api/check_bulk (1 round-trip for N pkgs)."},"requested_version":null,"_cache":"miss","_response_ms":1569,"_powered_by":"depscope.dev — free package intelligence for AI agents","typosquat":{"is_suspected":false},"maintainer_trust":{"available":true,"bus_factor_3m":22,"active_contributors_12m":22,"primary_author_ratio":0.24,"owner_account_age_days":3193,"is_archived":false,"stars":7326,"alerts":[]},"malicious":{"is_malicious":false},"scorecard":{"available":false},"quality":{"available":false},"version_history_summary":{"total_versions":20,"first_release_age_days":1502,"last_release_days_ago":131,"avg_days_between_releases":79,"release_velocity":"moderate"}}