Home/CommonGen-Eval/Trust report

Trust and health report

CommonGen-Eval - trust report

Sourced, dated trust signals - maintenance label posture, repository provenance, and security scan status. Not a composite safety grade.

GraphCanon updated today · GitHub synced today

Maintenance

Recency and activity heuristics from public GitHub metadata (maintenance label, momentum); methodology: github_public_v1.

Dormant18% signal

last push 846d ago

Provenance

Repository identity and fork provenance (github_public_v1).

Security intelligence

Source-by-source security scan results from public intelligence providers. Missing, partial, or failed queries are shown explicitly and are not treated as clean.

OSV dependency advisories

Published findings
Last query
today
Scanner
osv@v1
Stored findings
94
View source evidence

deps.dev advisories

Not queried
Scanner
deps.dev@v1
View source evidence

OpenSSF Scorecard

Not queried
Scanner
openssf-scorecard@v1

Weekly public scans omit some checks at scale.

View source evidence

Dependency advisories (deduplicated)

GHSA-3mwp-wvh9-7528
vllm@0.2.6 · osv@v1
requirements.txt
GHSA-3ww4-5jv9-j5gm
vllm@0.2.6 · osv@v1
requirements.txt
GHSA-4qjh-9fv9-r85r
vllm@0.2.6 · osv@v1
requirements.txt
GHSA-5vqr-wprc-cpp7
vllm@0.2.6 · osv@v1
requirements.txt
GHSA-6pr9-rp53-2pmc
vllm@0.2.6 · osv@v1
requirements.txt
GHSA-7h4p-rffg-7823
vllm@0.2.6 · osv@v1
requirements.txt
GHSA-8fr4-5q9j-m8gm
vllm@0.2.6 · osv@v1
requirements.txt
GHSA-98f3-hwg4-4rf7
vllm@0.2.6 · osv@v1
requirements.txt
GHSA-cj47-qj6g-x7r4
vllm@0.2.6 · osv@v1
requirements.txt
GHSA-ggpf-24jw-3fcw
vllm@0.2.6 · osv@v1
requirements.txt
GHSA-hgg8-fqqc-vfmw
vllm@0.2.6 · osv@v1
requirements.txt
GHSA-mgrm-fgjv-mhv8
vllm@0.2.6 · osv@v1
requirements.txt
GHSA-pgr7-mhp5-fgjp
vllm@0.2.6 · osv@v1
requirements.txt
GHSA-q8gq-377p-jq3r
vllm@0.2.6 · osv@v1
requirements.txt
GHSA-qh4c-xf7m-gxfc
vllm@0.2.6 · osv@v1
requirements.txt
GHSA-rh4j-5rhw-hr54
vllm@0.2.6 · osv@v1
requirements.txt
GHSA-rm76-4mrf-v9r8
vllm@0.2.6 · osv@v1
requirements.txt
GHSA-rxc4-3w6r-4v47
vllm@0.2.6 · osv@v1
requirements.txt
GHSA-w2r7-9579-27hf
vllm@0.2.6 · osv@v1
requirements.txt
GHSA-wc36-9694-f9rf
vllm@0.2.6 · osv@v1
requirements.txt
GHSA-wr9h-g72x-mwhm
vllm@0.2.6 · osv@v1
requirements.txt
GHSA-x368-4g9h-fvv4
vllm@0.2.6 · osv@v1
requirements.txt
PYSEC-2025-222
vllm@0.2.6 · osv@v1
requirements.txt
PYSEC-2025-223
vllm@0.2.6 · osv@v1
requirements.txt
PYSEC-2025-42
vllm@0.2.6 · osv@v1
requirements.txt
PYSEC-2025-43
vllm@0.2.6 · osv@v1
requirements.txt
PYSEC-2025-50
vllm@0.2.6 · osv@v1
requirements.txt
PYSEC-2025-53
vllm@0.2.6 · osv@v1
requirements.txt
PYSEC-2025-58
vllm@0.2.6 · osv@v1
requirements.txt
PYSEC-2025-62
vllm@0.2.6 · osv@v1
requirements.txt
PYSEC-2026-2015
vllm@0.2.6 · osv@v1
requirements.txt
PYSEC-2026-2020
vllm@0.2.6 · osv@v1
requirements.txt
PYSEC-2026-2021
vllm@0.2.6 · osv@v1
requirements.txt
PYSEC-2026-2024
vllm@0.2.6 · osv@v1
requirements.txt
PYSEC-2026-2025
vllm@0.2.6 · osv@v1
requirements.txt
PYSEC-2026-2026
vllm@0.2.6 · osv@v1
requirements.txt
PYSEC-2026-227
vllm@0.2.6 · osv@v1
requirements.txt
PYSEC-2026-2298
vllm@0.2.6 · osv@v1
requirements.txt
PYSEC-2026-2300
vllm@0.2.6 · osv@v1
requirements.txt
PYSEC-2026-2301
vllm@0.2.6 · osv@v1
requirements.txt
PYSEC-2026-2304
vllm@0.2.6 · osv@v1
requirements.txt
PYSEC-2026-2306
vllm@0.2.6 · osv@v1
requirements.txt
PYSEC-2026-3404
vllm@0.2.6 · osv@v1
requirements.txt
PYSEC-2026-3405
vllm@0.2.6 · osv@v1
requirements.txt
PYSEC-2026-3407
vllm@0.2.6 · osv@v1
requirements.txt
PYSEC-2026-3408
vllm@0.2.6 · osv@v1
requirements.txt
PYSEC-2026-566
vllm@0.2.6 · osv@v1
requirements.txt
PYSEC-2026-568
vllm@0.2.6 · osv@v1
requirements.txt
GHSA-29pf-2h5f-8g72
transformers@4.36.2 · osv@v1
requirements.txt
GHSA-37mw-44qp-f5jm
transformers@4.36.2 · osv@v1
requirements.txt
GHSA-37q5-v5qm-c9v8
transformers@4.36.2 · osv@v1
requirements.txt
GHSA-4w7r-h757-3r74
transformers@4.36.2 · osv@v1
requirements.txt
GHSA-59p9-h35m-wg4g
transformers@4.36.2 · osv@v1
requirements.txt
GHSA-69w3-r845-3855
transformers@4.36.2 · osv@v1
requirements.txt
GHSA-6rvg-6v2m-4j46
transformers@4.36.2 · osv@v1
requirements.txt
GHSA-9356-575x-2w9m
transformers@4.36.2 · osv@v1
requirements.txt
GHSA-fgcw-684q-jj6r
transformers@4.36.2 · osv@v1
requirements.txt
GHSA-fpwr-67px-3qhx
transformers@4.36.2 · osv@v1
requirements.txt
GHSA-hxxf-235m-72v3
transformers@4.36.2 · osv@v1
requirements.txt
GHSA-jjph-296x-mrcr
transformers@4.36.2 · osv@v1
requirements.txt
GHSA-phhr-52qp-3mj4
transformers@4.36.2 · osv@v1
requirements.txt
GHSA-q2wp-rjmx-x6x9
transformers@4.36.2 · osv@v1
requirements.txt
GHSA-qq3j-4f4f-9583
transformers@4.36.2 · osv@v1
requirements.txt
GHSA-qxrp-vhvm-j765
transformers@4.36.2 · osv@v1
requirements.txt
GHSA-rcv9-qm8p-9p6j
transformers@4.36.2 · osv@v1
requirements.txt
GHSA-wrfc-pvp9-mr9g
transformers@4.36.2 · osv@v1
requirements.txt
PYSEC-2024-227
transformers@4.36.2 · osv@v1
requirements.txt
PYSEC-2024-228
transformers@4.36.2 · osv@v1
requirements.txt
PYSEC-2024-229
transformers@4.36.2 · osv@v1
requirements.txt
PYSEC-2025-211
transformers@4.36.2 · osv@v1
requirements.txt
PYSEC-2025-212
transformers@4.36.2 · osv@v1
requirements.txt
PYSEC-2025-213
transformers@4.36.2 · osv@v1
requirements.txt
PYSEC-2025-214
transformers@4.36.2 · osv@v1
requirements.txt
PYSEC-2025-215
transformers@4.36.2 · osv@v1
requirements.txt
PYSEC-2025-216
transformers@4.36.2 · osv@v1
requirements.txt
PYSEC-2025-217
transformers@4.36.2 · osv@v1
requirements.txt
PYSEC-2025-218
transformers@4.36.2 · osv@v1
requirements.txt
PYSEC-2025-40
transformers@4.36.2 · osv@v1
requirements.txt
PYSEC-2026-1977
transformers@4.36.2 · osv@v1
requirements.txt
PYSEC-2026-1978
transformers@4.36.2 · osv@v1
requirements.txt
PYSEC-2026-1980
transformers@4.36.2 · osv@v1
requirements.txt
PYSEC-2026-1981
transformers@4.36.2 · osv@v1
requirements.txt
PYSEC-2026-1982
transformers@4.36.2 · osv@v1
requirements.txt
PYSEC-2026-1983
transformers@4.36.2 · osv@v1
requirements.txt
PYSEC-2026-1984
transformers@4.36.2 · osv@v1
requirements.txt
PYSEC-2026-1985
transformers@4.36.2 · osv@v1
requirements.txt
PYSEC-2026-1986
transformers@4.36.2 · osv@v1
requirements.txt
PYSEC-2026-1987
transformers@4.36.2 · osv@v1
requirements.txt
PYSEC-2026-1988
transformers@4.36.2 · osv@v1
requirements.txt
PYSEC-2026-2288
transformers@4.36.2 · osv@v1
requirements.txt
PYSEC-2026-2289
transformers@4.36.2 · osv@v1
requirements.txt
PYSEC-2026-2290
transformers@4.36.2 · osv@v1
requirements.txt
GHSA-g7vv-2v7x-gj9p
tqdm@4.66.1 · osv@v1
requirements.txt
PYSEC-2026-1976
tqdm@4.66.1 · osv@v1
requirements.txt

Method and caveats: these are sourced, dated heuristics from public GitHub data and external security intelligence providers. A status like "no published findings from this source" is not a guarantee of safety. Read the full trust methodology · JSON report at /api/graphcanon/tools/allenai-commongen-eval/trust.

Common questions

Is CommonGen-Eval maintained?
GraphCanon rates CommonGen-Eval "Dormant" (18% maintenance signal from public GitHub metadata, computed today). Last push was 846 days ago. This is a recency heuristic, not a guarantee the project will stay maintained.
Is CommonGen-Eval safe to use?
Last scanned today (deps profile). Status: 94 low - 94 low finding(s) in the latest scan. GraphCanon does not claim the project is safe or vulnerability-free; review findings on the trust report. GraphCanon does not certify CommonGen-Eval as safe - review maintenance, provenance, and scan findings on this page before adopting.
Is CommonGen-Eval a fork?
No. CommonGen-Eval is not flagged as a fork in GitHub metadata at the time of the last refresh.
Does CommonGen-Eval have known security vulnerabilities?
Last scanned today (deps profile). Status: 94 low - 94 low finding(s) in the latest scan. GraphCanon does not claim the project is safe or vulnerability-free; review findings on the trust report.
How often is the CommonGen-Eval trust report updated?
Trust signals refresh on GitHub ingest/refresh cycles and optional dependency/MCP scans. This report was computed today (methodology github_public_v1).
What does GraphCanon never claim about CommonGen-Eval?
We never publish a composite safety grade, pen-test endorsement, or "verified secure" label for CommonGen-Eval. Signals are sourced heuristics with explicit limits - see trust methodology.
How does GraphCanon assess trust for CommonGen-Eval?
Signals are sourced from public GitHub metadata and optional dependency/MCP manifest scans, each tagged with methodology version and computed date. GraphCanon does not publish a composite safety grade. Read trust methodology for full scope and limits.

Was this helpful?

Anonymous feedback helps us improve pages and translations.