{"package":"rsa","ecosystem":"pypi","latest_version":"4.9.1","description":"Pure-Python RSA implementation","license":"Apache-2.0","license_risk":"permissive","commercial_use_notes":"Permissive: commercial closed-source use OK; preserve the copyright notice.","homepage":"https://pypi.org/project/rsa/","repository":"https://github.com/sybrenstuvel/python-rsa","downloads_weekly":0,"health":{"score":44,"risk":"high","breakdown":{"maintenance":5,"popularity":0,"security":25,"maturity":12,"community":2},"deprecated":false,"max_score":100},"vulnerabilities":{"count":0,"critical":0,"high":0,"medium":0,"low":0,"details":[]},"versions":{"latest":"4.9.1","total_count":37,"recent":["3.2.3","3.3","3.4","3.4.1","3.4.2","4.0","4.1","4.1.1","4.2","4.3","4.4","4.4.1","4.5","4.6","4.7","4.7.1","4.7.2","4.8","4.9","4.9.1"]},"metadata":{"deprecated":false,"deprecated_message":null,"maintainers_count":1,"first_published":null,"last_published":"2025-04-16T09:51:17.142309Z","dependencies_count":1,"dependencies":["pyasn1>=0.1.3"]},"github_stats":null,"bundle":null,"typescript":null,"known_issues":{"bugs_count":4,"bugs_severity":{"high":1,"medium":3},"status_breakdown":{"fixed":4},"link":"/api/bugs/pypi/rsa?version=4.9.1","scope":"version","details":[{"title":"Python-RSA decryption of ciphertext leads to DoS","severity":"high","status":"fixed","affected_version":null,"fixed_version":"4.1","url":"https://nvd.nist.gov/vuln/detail/CVE-2020-13757"},{"title":"PYSEC-2020-99: advisory","severity":"medium","status":"fixed","affected_version":null,"fixed_version":"4.1","url":"https://github.com/sybrenstuvel/python-rsa/issues/146"},{"title":"PYSEC-2016-10: advisory","severity":"medium","status":"fixed","affected_version":null,"fixed_version":"3.3","url":"http://www.openwall.com/lists/oss-security/2016/01/05/3"},{"title":"Python RSA allows attackers to spoof signatures","severity":"medium","status":"fixed","affected_version":null,"fixed_version":"3.3","url":"https://nvd.nist.gov/vuln/detail/CVE-2016-1494"}]},"historical_compromise":null,"recommendation":{"action":"safe_to_use","issues":[],"use_version":"4.9.1","version_hint":null,"summary":"rsa@4.9.1 is safe to use (health: 44/100)"},"version_scoped":null,"requested_version":null,"_cache":"hit","_response_ms":0,"_powered_by":"depscope.dev — free package intelligence for AI agents","typosquat":{"is_suspected":false},"maintainer_trust":{"available":true,"bus_factor_3m":1,"active_contributors_12m":0,"primary_author_ratio":0.0,"owner_account_age_days":5317,"is_archived":true,"stars":491,"alerts":["single_active_maintainer_3m","archived_repo"]},"malicious":{"is_malicious":false},"scorecard":{"available":true,"score":5.6,"tier":"moderate"},"quality":{"available":true,"criticality_score":0.515,"criticality_tier":"high","velocity_pct":5.3,"velocity_trend":"stable","publish_security":"api_token"},"version_history_summary":{"total_versions":20,"first_release_age_days":null,"last_release_days_ago":378,"avg_days_between_releases":null,"release_velocity":"stale"},"popularity_warning":{"this_ecosystem_downloads":0,"more_popular_in":{"ecosystem":"cargo","downloads_weekly":30846160},"hint":"This is the pypi package 'rsa' (0 dl/week). A much more popular package with the same name exists in cargo (30,846,160 dl/week). Confirm you queried the right ecosystem."}}