{"package":"ember-source","ecosystem":"rubygems","latest_version":"2.18.2","description":"Ember.js source code wrapper for use with Ruby libs.","license":"MIT","license_risk":"permissive","commercial_use_notes":"Permissive: commercial closed-source use OK; preserve the copyright notice.","homepage":"https://github.com/emberjs/ember.js","repository":"https://github.com/emberjs/ember.js","downloads_weekly":384836,"health":{"score":46,"risk":"high","breakdown":{"maintenance":0,"popularity":14,"security":23,"maturity":9,"community":0},"deprecated":false,"max_score":100},"vulnerabilities":{"count":1,"critical":0,"high":0,"medium":1,"low":0,"details":[{"vuln_id":"CVE-2013-4170","severity":"medium","summary":"Ember.js Potential XSS Exploit When Binding `tagName` to User-Supplied Data","affected_versions":"<1.0.0.rc1.1|>=1.0.0.rc2.0,<1.0.0.rc2.1|>=1.0.0.rc3.0,<1.0.0.rc3.1|>=1.0.0.rc4.0,<1.0.0.rc4.1|>=1.0.0.rc5.0,<1.0.0.rc5.1|>=1.0.0.rc6.0,<1.0.0.rc6.1|=0.0.1|=0.0.2|=0.0.3|=0.0.4|=0.0.5|=0.0.6|=0.0.7|=0.0.8|=0.0.9|=1.0.0.pre4.0|=1.0.0.pre4.1|=1.0.0.pre4.2|=1.0.0.rc1.0.0|=1.0.0.rc2.0|=1.0.0.rc3.0|=1.0.0.rc3|=1.0.0.rc4.0|=1.0.0.rc4|=1.0.0.rc5.0|=1.0.0.rc5|=1.0.0.rc6.0|=1.0.0.rc6","fixed_version":"1.0.0.rc6.1","source":"osv","published_at":"2022-07-01T00:01:11Z","in_kev":false,"epss_prob":0.00336,"epss_percentile":0.56372,"threat_tier":"theoretical"}],"actively_exploited_count":0,"likely_exploited_count":0},"versions":{"latest":"2.18.2","total_count":20,"recent":["3.0.0.beta.2","3.0.0.beta.1","2.18.2","2.18.1","2.18.0","2.18.0.beta.5","2.18.0.beta.4","2.18.0.beta.3","2.18.0.beta.2","2.18.0.beta.1","2.17.2","2.17.1","2.17.0","2.17.0.beta.6","2.17.0.beta.5","2.17.0.beta.4","2.16.3","2.16.2","2.16.1","2.16.0"]},"metadata":{"deprecated":false,"deprecated_message":null,"maintainers_count":0,"first_published":null,"last_published":"2018-02-14T22:41:06.253Z","dependencies_count":0,"dependencies":[]},"github_stats":null,"bundle":null,"typescript":null,"known_issues":{"bugs_count":0,"bugs_severity":{},"status_breakdown":{},"link":null,"scope":"none"},"historical_compromise":null,"recommendation":{"action":"safe_to_use","issues":[],"use_version":"2.18.2","version_hint":"Update to >= 1.0.0.rc6.1 to fix known vulnerabilities","summary":"ember-source@2.18.2 is safe to use (health: 46/100)"},"version_scoped":null,"requested_version":null,"_cache":"hit","_response_ms":0,"_powered_by":"depscope.dev — free package intelligence for AI agents","typosquat":{"is_suspected":false},"maintainer_trust":{"available":false},"malicious":{"is_malicious":false},"scorecard":{"available":false},"quality":{"available":false},"version_history_summary":{"total_versions":20,"first_release_age_days":null,"last_release_days_ago":2995,"avg_days_between_releases":null,"release_velocity":"stale"}}