{"package":"uefi-firmware","ecosystem":"pypi","latest_version":"1.11","description":"Various data structures and parsing tools for UEFI firmware.","license":"BSD","license_risk":"permissive","commercial_use_notes":"BSD (unspecified clause count — likely 3-Clause): permissive, commercial safe.","homepage":"https://github.com/theopolis/uefi-firmware-parser","repository":"https://github.com/theopolis/uefi-firmware-parser","downloads_weekly":0,"health":{"score":13,"risk":"critical","breakdown":{"maintenance":0,"popularity":0,"security":5,"maturity":6,"community":2},"deprecated":false,"max_score":100},"vulnerabilities":{"count":2,"critical":2,"high":0,"medium":0,"low":0,"details":[{"vuln_id":"GHSA-2689-5p89-6j3j","severity":"critical","summary":"UEFI Firmware Parser has a stack out-of-bounds write in tiano decompressor MakeTable","affected_versions":"<=1.12|=1.1|=1.10|=1.11|=1.2|=1.3|=1.4|=1.6|=1.7|=1.8|=1.9","fixed_version":null,"source":"osv","published_at":"2026-04-16T01:30:48Z"},{"vuln_id":"GHSA-hm2w-vr2p-hq7w","severity":"critical","summary":"UEFI Firmware Parser has a heap out-of-bounds write in tiano decompressor ReadCLen","affected_versions":"<=1.12|=1.1|=1.10|=1.11|=1.2|=1.3|=1.4|=1.6|=1.7|=1.8|=1.9","fixed_version":null,"source":"osv","published_at":"2026-04-16T01:31:09Z"}],"actively_exploited_count":0,"likely_exploited_count":0},"versions":{"latest":"1.11","total_count":10,"recent":["1.1","1.2","1.3","1.4","1.6","1.7","1.8","1.9","1.10","1.11"]},"metadata":{"deprecated":false,"deprecated_message":null,"maintainers_count":1,"first_published":null,"last_published":"2023-08-10T20:00:06.491270Z","dependencies_count":1,"dependencies":["future"]},"github_stats":null,"bundle":null,"typescript":null,"known_issues":{"bugs_count":0,"bugs_severity":{},"status_breakdown":{},"link":null,"scope":"none"},"historical_compromise":null,"recommendation":{"action":"do_not_use","issues":["Low health score (13/100)","2 critical vulnerabilities"],"use_version":"1.11","version_hint":null,"summary":"uefi-firmware has critical vulnerabilities — do not use"},"version_scoped":null,"requested_version":null,"_cache":"hit","_response_ms":0,"_powered_by":"depscope.dev — free package intelligence for AI agents","typosquat":{"is_suspected":false},"maintainer_trust":{"available":false},"malicious":{"is_malicious":false},"scorecard":{"available":false},"quality":{"available":false},"version_history_summary":{"total_versions":10,"first_release_age_days":null,"last_release_days_ago":992,"avg_days_between_releases":null,"release_velocity":"stale"}}