{"package":"rencode","ecosystem":"pypi","latest_version":"1.0.8","description":"rencode is an object serialization library similar to bencode from the Bittorrent project.","license":"GPLv3","license_risk":"strong_copyleft","commercial_use_notes":"GPL-3.0: derivative works must release source under GPL; includes explicit patent grant.","homepage":"https://pypi.org/project/rencode/","repository":"","downloads_weekly":573,"health":{"score":46,"risk":"high","breakdown":{"maintenance":10,"popularity":3,"security":25,"maturity":6,"community":2},"deprecated":false,"max_score":100},"vulnerabilities":{"count":1,"critical":0,"high":0,"medium":0,"low":1,"details":[{"vuln_id":"CVE-2021-40839","severity":"unknown","summary":"The rencode package through 1.0.6 for Python allows an infinite loop in typecode decoding (such as via ;\\x2f\\x7f), enabling a remote attack that consumes CPU and memory.","affected_versions":"<572ff74586d9b1daab904c6f7f7009ce0143bb75|=1.0.3|=1.0.4|=1.0.5|=1.0.6|=1.0.7|=1.0.8","fixed_version":"572ff74586d9b1daab904c6f7f7009ce0143bb75","source":"osv","published_at":"2021-09-10T02:15:00Z","in_kev":false,"epss_prob":0.13839,"epss_percentile":0.94315,"threat_tier":"theoretical"}],"actively_exploited_count":0,"likely_exploited_count":0},"versions":{"latest":"1.0.8","total_count":6,"recent":["1.0.3","1.0.4","1.0.5","1.0.6","1.0.7","1.0.8"]},"metadata":{"deprecated":false,"deprecated_message":null,"maintainers_count":1,"first_published":null,"last_published":"2025-05-29T19:54:58.045916Z","dependencies_count":0,"dependencies":[]},"github_stats":null,"bundle":null,"typescript":null,"known_issues":{"bugs_count":0,"bugs_severity":{},"status_breakdown":{},"link":null,"scope":"none"},"historical_compromise":null,"recommendation":{"action":"safe_to_use","issues":[],"use_version":"1.0.8","version_hint":"Update to >= 572ff74586d9b1daab904c6f7f7009ce0143bb75 to fix known vulnerabilities","summary":"rencode@1.0.8 is safe to use (health: 46/100)"},"version_scoped":null,"requested_version":null,"_cache":"miss","_response_ms":728,"_powered_by":"depscope.dev — free package intelligence for AI agents","typosquat":{"is_suspected":false},"maintainer_trust":{"available":false},"malicious":{"is_malicious":false},"scorecard":{"available":false},"quality":{"available":false},"version_history_summary":{"total_versions":6,"first_release_age_days":null,"last_release_days_ago":335,"avg_days_between_releases":null,"release_velocity":"moderate"}}