{"package":"paramiko","ecosystem":"pypi","latest_version":"4.0.0","description":"SSH2 protocol library","license":"LGPL-2.1","license_risk":"weak_copyleft","commercial_use_notes":"LGPL: dynamic linking from closed-source is OK; static linking triggers source disclosure.","homepage":"https://pypi.org/project/paramiko/","repository":"https://github.com/paramiko/paramiko","downloads_weekly":34131362,"health":{"score":74,"risk":"moderate","breakdown":{"maintenance":10,"popularity":20,"security":23,"maturity":15,"community":6},"deprecated":false,"max_score":100},"vulnerabilities":{"count":1,"critical":0,"high":0,"medium":1,"low":0,"details":[{"vuln_id":"CVE-2023-48795","severity":"medium","summary":"Prefix Truncation Attack against ChaCha20-Poly1305 and Encrypt-then-MAC aka Terrapin","affected_versions":"<0.40.2|>=0.1.0,<0.17.0|>=2.5.0,<3.4.0|<0.0.0-20231218163308-9d2ee975ef9f|=2.10.0|=2.10.1|=2.10.2|=2.10.3|=2.10.4|=2.10.5|=2.10.6|=2.11.0|=2.11.1|=2.12.0|=2.5.0|=2.5.1|=2.6.0|=2.7.0|=2.7.1|=2.7.2|=2.8.0|=2.8.1|=2.9.0|=2.9.1|=2.9.2|=2.9.3|=2.9.4|=2.9.5|=3.0.0|=3.1.0|=3.2.0|=3.3.0|=3.3.1|=3.3.2","fixed_version":"0.0.0-20231218163308-9d2ee975ef9f","source":"osv","published_at":"2023-12-18T19:22:09Z","in_kev":false,"epss_prob":0.58603,"epss_percentile":0.98219,"threat_tier":"likely_exploited"}],"actively_exploited_count":0,"likely_exploited_count":1},"versions":{"latest":"4.0.0","total_count":142,"recent":["2.10.1","2.10.2","2.10.3","2.10.4","2.10.5","2.10.6","2.11.0","2.11.1","2.12.0","3.0.0","3.1.0","3.2.0","3.3.0","3.3.1","3.3.2","3.4.0","3.4.1","3.5.0","3.5.1","4.0.0"]},"metadata":{"deprecated":false,"deprecated_message":null,"maintainers_count":0,"first_published":null,"last_published":"2025-08-04T01:02:02.029481Z","dependencies_count":7,"dependencies":["bcrypt>=3.2","cryptography>=3.3","invoke>=2.0","pynacl>=1.5","pyasn1>=0.1.7; extra == \"gssapi\"","gssapi>=1.4.1; platform_system != \"Windows\" and extra == \"gssapi\"","pywin32>=2.1.8; platform_system == \"Windows\" and extra == \"gssapi\""]},"bundle":null,"typescript":null,"known_issues":{"bugs_count":0,"bugs_severity":{},"status_breakdown":{},"link":null,"scope":"none"},"historical_compromise":null,"recommendation":{"action":"safe_to_use","issues":[],"use_version":"4.0.0","version_hint":"Update to >= 0.0.0-20231218163308-9d2ee975ef9f to fix known vulnerabilities","summary":"paramiko@4.0.0 is safe to use (health: 74/100)","alternatives":[{"name":"asyncssh","reason":"asyncssh has an async API","builtin":false}]},"version_scoped":null,"requested_version":null,"_cache":"miss","_response_ms":742,"_powered_by":"depscope.dev — free package intelligence for AI agents","typosquat":{"is_suspected":false},"maintainer_trust":{"available":true,"bus_factor_3m":1,"active_contributors_12m":1,"primary_author_ratio":1.0,"owner_account_age_days":5310,"is_archived":false,"stars":9730,"alerts":["single_active_maintainer_3m","single_author_dominance"]},"malicious":{"is_malicious":false},"scorecard":{"available":true,"score":4.2,"tier":"weak"},"quality":{"available":true,"criticality_score":0.496,"criticality_tier":"medium","velocity_pct":0.0,"velocity_trend":"stable","publish_security":null}}