{"package":"binderhub","ecosystem":"pypi","latest_version":"0.1.0","description":"Turn a Git repo into a collection of interactive notebooks","license":"BSD","license_risk":"permissive","commercial_use_notes":"BSD (unspecified clause count — likely 3-Clause): permissive, commercial safe.","homepage":"https://binderhub.readthedocs.io/en/latest/","repository":"https://github.com/jupyterhub/binderhub/","downloads_weekly":0,"health":{"score":17,"risk":"critical","breakdown":{"maintenance":0,"popularity":0,"security":15,"maturity":0,"community":2},"deprecated":false,"max_score":100},"vulnerabilities":{"count":2,"critical":1,"high":0,"medium":0,"low":1,"details":[{"vuln_id":"CVE-2021-39159","severity":"critical","summary":"remote code execution via git repo provider","affected_versions":"<0.2.0|=0.1.0","fixed_version":"0.2.0","source":"osv","published_at":"2021-08-30T16:16:58Z","in_kev":false,"epss_prob":0.01322,"epss_percentile":0.79978,"threat_tier":"theoretical"},{"vuln_id":"CVE-2021-39159","severity":"unknown","summary":"BinderHub is a kubernetes-based cloud service that allows users to share reproducible interactive computing environments from code repositories. In affected versions a remote code execution vulnerability has been identified in BinderHub, where providing BinderHub with maliciously crafted input could execute code in the BinderHub context, with the potential to egress credentials of the BinderHub deployment, including JupyterHub API tokens, kubernetes service accounts, and docker registry credenti","affected_versions":"<195caac172690456dcdc8cc7a6ca50e05abf8182.patch|<0.2.0-n653","fixed_version":"0.2.0-n653","source":"osv","published_at":"2021-08-25T19:15:00Z","in_kev":false,"epss_prob":0.01322,"epss_percentile":0.79978,"threat_tier":"theoretical"}],"actively_exploited_count":0,"likely_exploited_count":0},"versions":{"latest":"0.1.0","total_count":1,"recent":["0.1.0"]},"metadata":{"deprecated":false,"deprecated_message":null,"maintainers_count":1,"first_published":null,"last_published":"2018-11-07T17:41:58.649567Z","dependencies_count":9,"dependencies":["kubernetes (>=4.*)","escapism","tornado","traitlets","docker","jinja2","prometheus-client","python-json-logger","jupyterhub"]},"github_stats":null,"bundle":null,"typescript":null,"known_issues":{"bugs_count":0,"bugs_severity":{},"status_breakdown":{},"link":null,"scope":"none"},"historical_compromise":null,"recommendation":{"action":"do_not_use","issues":["Low health score (17/100)","1 critical vulnerabilities"],"use_version":"0.1.0","version_hint":"Update to >= 0.2.0-n653 to fix known vulnerabilities","summary":"binderhub has critical vulnerabilities — do not use"},"version_scoped":null,"requested_version":null,"_cache":"miss","_response_ms":883,"_powered_by":"depscope.dev — free package intelligence for AI agents","typosquat":{"is_suspected":false},"maintainer_trust":{"available":false},"malicious":{"is_malicious":false},"scorecard":{"available":false},"quality":{"available":false},"version_history_summary":{"total_versions":1,"first_release_age_days":null,"last_release_days_ago":2732,"avg_days_between_releases":null,"release_velocity":"stale"}}