Home/paperless-gpt/Trust report

Trust and health report

paperless-gpt - trust report

Sourced, dated trust signals - maintenance label posture, repository provenance, and security scan status. Not a composite safety grade.

GraphCanon updated today · GitHub synced today

Maintenance

Recency and activity heuristics from public GitHub metadata (maintenance label, momentum); methodology: github_public_v1.

Very active96% signal

last push 2d ago · last release 1w · 2 releases (90d)

Provenance

Repository identity and fork provenance (github_public_v1).

  • GitHub repo id: 861746639
  • Not a fork
  • Personal account
  • Computed today

Security intelligence

Source-by-source security scan results from public intelligence providers. Missing, partial, or failed queries are shown explicitly and are not treated as clean.

OSV dependency advisories

Published findings
Last query
today
Scanner
osv@v1
Stored findings
59
View source evidence

deps.dev advisories

Not queried
Scanner
deps.dev@v1
View source evidence

OpenSSF Scorecard

Not queried
Scanner
openssf-scorecard@v1

Weekly public scans omit some checks at scale.

View source evidence

Dependency advisories (deduplicated)

GHSA-q7pp-wcgr-pffx
github.com/disintegration/imaging@v1.6.2 · osv@v1
go.sum
GHSA-47m2-4cr7-mhcw
github.com/quic-go/quic-go@v0.54.0 · osv@v1
go.sum
GHSA-g754-hx8w-x2g6
github.com/quic-go/quic-go@v0.54.0 · osv@v1
go.sum
GHSA-vvgj-x9jq-8cj9
github.com/quic-go/quic-go@v0.54.0 · osv@v1
go.sum
GO-2025-4017
github.com/quic-go/quic-go@v0.54.0 · osv@v1
go.sum
GO-2025-4233
github.com/quic-go/quic-go@v0.54.0 · osv@v1
go.sum
GO-2026-5676
github.com/quic-go/quic-go@v0.54.0 · osv@v1
go.sum
GHSA-mh2q-q3fh-2475
go.opentelemetry.io/otel@v1.38.0 · osv@v1
go.sum
GHSA-9h8m-3fm2-qjrq
go.opentelemetry.io/otel/sdk@v1.38.0 · osv@v1
go.sum
GHSA-hfvc-g4fc-pqhx
go.opentelemetry.io/otel/sdk@v1.38.0 · osv@v1
go.sum
GO-2026-4394
go.opentelemetry.io/otel/sdk@v1.38.0 · osv@v1
go.sum
GHSA-45gg-vh54-h5m9
golang.org/x/crypto@v0.45.0 · osv@v1
go.sum
GHSA-5cgq-3rg8-m6cv
golang.org/x/crypto@v0.45.0 · osv@v1
go.sum
GHSA-78mq-xcr3-xm33
golang.org/x/crypto@v0.45.0 · osv@v1
go.sum
GHSA-89gr-r52h-f8rx
golang.org/x/crypto@v0.45.0 · osv@v1
go.sum
GHSA-9m57-25v3-79x9
golang.org/x/crypto@v0.45.0 · osv@v1
go.sum
GHSA-f5wc-c3c7-36mc
golang.org/x/crypto@v0.45.0 · osv@v1
go.sum
GHSA-jppx-rxg9-jmrx
golang.org/x/crypto@v0.45.0 · osv@v1
go.sum
GHSA-q4h4-gmj2-qvw2
golang.org/x/crypto@v0.45.0 · osv@v1
go.sum
GHSA-qpw4-5x99-6vjp
golang.org/x/crypto@v0.45.0 · osv@v1
go.sum
GHSA-rm3j-f69w-wqmq
golang.org/x/crypto@v0.45.0 · osv@v1
go.sum
GHSA-vgwf-h737-ff37
golang.org/x/crypto@v0.45.0 · osv@v1
go.sum
GHSA-w879-237q-wc7r
golang.org/x/crypto@v0.45.0 · osv@v1
go.sum
GHSA-x527-x647-q7gg
golang.org/x/crypto@v0.45.0 · osv@v1
go.sum
GO-2026-5005
golang.org/x/crypto@v0.45.0 · osv@v1
go.sum
GO-2026-5006
golang.org/x/crypto@v0.45.0 · osv@v1
go.sum
GO-2026-5013
golang.org/x/crypto@v0.45.0 · osv@v1
go.sum
GO-2026-5014
golang.org/x/crypto@v0.45.0 · osv@v1
go.sum
GO-2026-5015
golang.org/x/crypto@v0.45.0 · osv@v1
go.sum
GO-2026-5016
golang.org/x/crypto@v0.45.0 · osv@v1
go.sum
GO-2026-5017
golang.org/x/crypto@v0.45.0 · osv@v1
go.sum
GO-2026-5018
golang.org/x/crypto@v0.45.0 · osv@v1
go.sum
GO-2026-5019
golang.org/x/crypto@v0.45.0 · osv@v1
go.sum
GO-2026-5020
golang.org/x/crypto@v0.45.0 · osv@v1
go.sum
GO-2026-5021
golang.org/x/crypto@v0.45.0 · osv@v1
go.sum
GO-2026-5023
golang.org/x/crypto@v0.45.0 · osv@v1
go.sum
GO-2026-5033
golang.org/x/crypto@v0.45.0 · osv@v1
go.sum
GO-2026-5932
golang.org/x/crypto@v0.45.0 · osv@v1
go.sum
GHSA-44p7-9xx4-hf2g
golang.org/x/image@v0.32.0 · osv@v1
go.sum
GHSA-q675-qj96-32m9
golang.org/x/image@v0.32.0 · osv@v1
go.sum
GO-2026-4815
golang.org/x/image@v0.32.0 · osv@v1
go.sum
GO-2026-4961
golang.org/x/image@v0.32.0 · osv@v1
go.sum
GO-2026-4962
golang.org/x/image@v0.32.0 · osv@v1
go.sum
GO-2026-5031
golang.org/x/image@v0.32.0 · osv@v1
go.sum
GO-2026-5032
golang.org/x/image@v0.32.0 · osv@v1
go.sum
GO-2026-5061
golang.org/x/image@v0.32.0 · osv@v1
go.sum
GO-2026-5062
golang.org/x/image@v0.32.0 · osv@v1
go.sum
GO-2026-5066
golang.org/x/image@v0.32.0 · osv@v1
go.sum
GHSA-5cv4-jp36-h3mw
golang.org/x/net@v0.47.0 · osv@v1
go.sum
GO-2026-4918
golang.org/x/net@v0.47.0 · osv@v1
go.sum
GO-2026-5025
golang.org/x/net@v0.47.0 · osv@v1
go.sum
GO-2026-5026
golang.org/x/net@v0.47.0 · osv@v1
go.sum
GO-2026-5027
golang.org/x/net@v0.47.0 · osv@v1
go.sum
GO-2026-5028
golang.org/x/net@v0.47.0 · osv@v1
go.sum
GO-2026-5029
golang.org/x/net@v0.47.0 · osv@v1
go.sum
GO-2026-5030
golang.org/x/net@v0.47.0 · osv@v1
go.sum
GO-2026-5024
golang.org/x/sys@v0.38.0 · osv@v1
go.sum
GHSA-p77j-4mvh-x3m3
google.golang.org/grpc@v1.77.0 · osv@v1
go.sum
GO-2026-4762
google.golang.org/grpc@v1.77.0 · osv@v1
go.sum

Method and caveats: these are sourced, dated heuristics from public GitHub data and external security intelligence providers. A status like "no published findings from this source" is not a guarantee of safety. Read the full trust methodology · JSON report at /api/graphcanon/tools/icereed-paperless-gpt/trust.

Common questions

Is paperless-gpt maintained?
GraphCanon rates paperless-gpt "Very active" (96% maintenance signal from public GitHub metadata, computed today). Last push was 2 days ago. 2 GitHub releases in the last 90 days. This is a recency heuristic, not a guarantee the project will stay maintained.
Is paperless-gpt safe to use?
Last scanned today (deps profile). Status: 59 low - 59 low finding(s) in the latest scan. GraphCanon does not claim the project is safe or vulnerability-free; review findings on the trust report. GraphCanon does not certify paperless-gpt as safe - review maintenance, provenance, and scan findings on this page before adopting.
Is paperless-gpt a fork?
No. paperless-gpt is not flagged as a fork in GitHub metadata at the time of the last refresh.
Does paperless-gpt have known security vulnerabilities?
Last scanned today (deps profile). Status: 59 low - 59 low finding(s) in the latest scan. GraphCanon does not claim the project is safe or vulnerability-free; review findings on the trust report.
How often is the paperless-gpt trust report updated?
Trust signals refresh on GitHub ingest/refresh cycles and optional dependency/MCP scans. This report was computed today (methodology github_public_v1).
What does GraphCanon never claim about paperless-gpt?
We never publish a composite safety grade, pen-test endorsement, or "verified secure" label for paperless-gpt. Signals are sourced heuristics with explicit limits - see trust methodology.
How does GraphCanon assess trust for paperless-gpt?
Signals are sourced from public GitHub metadata and optional dependency/MCP manifest scans, each tagged with methodology version and computed date. GraphCanon does not publish a composite safety grade. Read trust methodology for full scope and limits.

Was this helpful?

Anonymous feedback helps us improve pages and translations.