Is chromadb safe to use?

chromadb has 1 known vulnerabilities on the latest version (1.5.9). DepScope rates its health at 40/100 (high risk).

What is the latest version of chromadb?

The latest version of chromadb is 1.5.9, released 2026-05-05.

Does chromadb have known vulnerabilities?

Yes. chromadb has 1 known vulnerabilities. See depscope.dev/pkg/pypi/chromadb for details.

Is chromadb deprecated?

No, chromadb is actively maintained. Latest release: 1.5.9 (2026-05-05).

What are alternatives to chromadb?

Popular alternatives to chromadb in PyPI include: boto3, packaging, certifi, urllib3, idna.

What license does chromadb use?

chromadb is licensed under Apache-2.0.

chromadb

pypiv1.5.9

Chroma.

License Apache-2.0permissive130 versions31 deps

chroma-core/chroma

/ 100

Health

do not use

chromadb has critical vulnerabilities — do not use

Moderate health score (40/100) — verify manually
1 critical vulnerabilities

Health breakdown0 – 100

20/25

maintenance

0/20

popularity

15/25

security

15/15

maturity

8/15

community

Vulnerabilities

1 critical

Advisories (1)

Severity	ID	Summary	Fixed in
critical	CVE-2026-45829	ChromaDB Python project has a pre-authentication code injection vulnerability	—

Quality signals

Publish security

API token

Health History

Dependency Tree

License Audit

API access

Get this data programmatically — free, no authentication.

curl https://depscope.dev/api/check/pypi/chromadb