Home/faraday/Trust report

Trust and health report

faraday - trust report

Sourced, dated trust signals - maintenance label posture, repository provenance, and security scan status. Not a composite safety grade.

GraphCanon updated today · GitHub synced today

Maintenance

Recency and activity heuristics from public GitHub metadata (maintenance label, momentum); methodology: github_public_v1.

Active82% signal

last push 21d ago · last release 3w · 3 releases (90d)

Provenance

Repository identity and fork provenance (github_public_v1).

Security intelligence

Source-by-source security scan results from public intelligence providers. Missing, partial, or failed queries are shown explicitly and are not treated as clean.

OSV dependency advisories

Published findings
Last query
today
Scanner
osv@v1
Stored findings
95
View source evidence

deps.dev advisories

Not queried
Scanner
deps.dev@v1
View source evidence

OpenSSF Scorecard

Not queried
Scanner
openssf-scorecard@v1

Weekly public scans omit some checks at scale.

View source evidence

Dependency advisories (deduplicated)

GHSA-8rfp-98v4-mmr6
bleach@4.1.0 · osv@v1
requirements.txt
GHSA-gj48-438w-jh9v
bleach@4.1.0 · osv@v1
requirements.txt
PYSEC-2026-2132
click@8.0.1 · osv@v1
requirements.txt
GHSA-537c-gmf6-5ccf
cryptography@42.0.0 · osv@v1
requirements.txt
GHSA-6vqw-3v5j-54x4
cryptography@42.0.0 · osv@v1
requirements.txt
GHSA-79v4-65xg-pq4g
cryptography@42.0.0 · osv@v1
requirements.txt
GHSA-9v9h-cgj8-h64p
cryptography@42.0.0 · osv@v1
requirements.txt
GHSA-h4gh-qq45-vh27
cryptography@42.0.0 · osv@v1
requirements.txt
GHSA-m959-cc7f-wv43
cryptography@42.0.0 · osv@v1
requirements.txt
GHSA-r6ph-v2qm-q3c2
cryptography@42.0.0 · osv@v1
requirements.txt
PYSEC-2024-225
cryptography@42.0.0 · osv@v1
requirements.txt
PYSEC-2026-1284
cryptography@42.0.0 · osv@v1
requirements.txt
PYSEC-2026-1285
cryptography@42.0.0 · osv@v1
requirements.txt
PYSEC-2026-2141
cryptography@42.0.0 · osv@v1
requirements.txt
PYSEC-2026-35
cryptography@42.0.0 · osv@v1
requirements.txt
GHSA-68rp-wp8r-4726
flask@2.2.5 · osv@v1
requirements.txt
PYSEC-2026-2151
flask@2.2.5 · osv@v1
requirements.txt
GHSA-672h-6x89-76m5
flask-security-too@4.0.0 · osv@v1
requirements.txt
GHSA-6qmf-fj6m-686c
flask-security-too@4.0.0 · osv@v1
requirements.txt
PYSEC-2021-123
flask-security-too@4.0.0 · osv@v1
requirements.txt
PYSEC-2023-248
flask-security-too@4.0.0 · osv@v1
requirements.txt
GHSA-462w-v97r-4m45
jinja2@2.9.6 · osv@v1
requirements.txt
GHSA-cpwx-vrp4-4pq7
jinja2@2.9.6 · osv@v1
requirements.txt
GHSA-g3rq-g295-4j3m
jinja2@2.9.6 · osv@v1
requirements.txt
GHSA-h5c8-rqwp-cp95
jinja2@2.9.6 · osv@v1
requirements.txt
GHSA-h75v-3vvj-5mfj
jinja2@2.9.6 · osv@v1
requirements.txt
GHSA-q2x7-8rv6-6q7h
jinja2@2.9.6 · osv@v1
requirements.txt
PYSEC-2019-217
jinja2@2.9.6 · osv@v1
requirements.txt
PYSEC-2021-66
jinja2@2.9.6 · osv@v1
requirements.txt
PYSEC-2026-1471
jinja2@2.9.6 · osv@v1
requirements.txt
PYSEC-2026-1473
jinja2@2.9.6 · osv@v1
requirements.txt
PYSEC-2026-1474
jinja2@2.9.6 · osv@v1
requirements.txt
PYSEC-2026-1475
jinja2@2.9.6 · osv@v1
requirements.txt
GHSA-2h4p-vjrc-8xpq
mako@1.3.11 · osv@v1
requirements.txt
PYSEC-2026-2617
mako@1.3.11 · osv@v1
requirements.txt
GHSA-428g-f7cq-pgp5
marshmallow@3.19.0 · osv@v1
requirements.txt
PYSEC-2026-1605
marshmallow@3.19.0 · osv@v1
requirements.txt
GHSA-5xmw-vc9v-4wf2
pillow@12.1.1 · osv@v1
requirements.txt
GHSA-pwv6-vv43-88gr
pillow@12.1.1 · osv@v1
requirements.txt
GHSA-r73j-pqj5-w3x7
pillow@12.1.1 · osv@v1
requirements.txt
GHSA-whj4-6x5x-4v2j
pillow@12.1.1 · osv@v1
requirements.txt
GHSA-wjx4-4jcj-g98j
pillow@12.1.1 · osv@v1
requirements.txt
PYSEC-2026-165
pillow@12.1.1 · osv@v1
requirements.txt
PYSEC-2026-2250
pillow@12.1.1 · osv@v1
requirements.txt
PYSEC-2026-2251
pillow@12.1.1 · osv@v1
requirements.txt
PYSEC-2026-2252
pillow@12.1.1 · osv@v1
requirements.txt
PYSEC-2026-2253
pillow@12.1.1 · osv@v1
requirements.txt
PYSEC-2026-2254
pillow@12.1.1 · osv@v1
requirements.txt
PYSEC-2026-2255
pillow@12.1.1 · osv@v1
requirements.txt
PYSEC-2026-2256
pillow@12.1.1 · osv@v1
requirements.txt
PYSEC-2026-2257
pillow@12.1.1 · osv@v1
requirements.txt
PYSEC-2026-2874
pillow@12.1.1 · osv@v1
requirements.txt
GHSA-993g-76c3-p5m4
pyjwt@2.12.0 · osv@v1
requirements.txt
GHSA-fhv5-28vv-h8m8
pyjwt@2.12.0 · osv@v1
requirements.txt
GHSA-jq35-7prp-9v3f
pyjwt@2.12.0 · osv@v1
requirements.txt
GHSA-w7vc-732c-9m39
pyjwt@2.12.0 · osv@v1
requirements.txt
GHSA-xgmm-8j9v-c9wx
pyjwt@2.12.0 · osv@v1
requirements.txt
PYSEC-2026-175
pyjwt@2.12.0 · osv@v1
requirements.txt
PYSEC-2026-176
pyjwt@2.12.0 · osv@v1
requirements.txt
PYSEC-2026-177
pyjwt@2.12.0 · osv@v1
requirements.txt
PYSEC-2026-178
pyjwt@2.12.0 · osv@v1
requirements.txt
PYSEC-2026-179
pyjwt@2.12.0 · osv@v1
requirements.txt
GHSA-24wv-mv5m-xv4h
redis@4.3.4 · osv@v1
requirements.txt
GHSA-8fww-64cx-x8p5
redis@4.3.4 · osv@v1
requirements.txt
PYSEC-2023-45
redis@4.3.4 · osv@v1
requirements.txt
PYSEC-2023-46
redis@4.3.4 · osv@v1
requirements.txt
GHSA-5rjg-fvgr-3xxf
setuptools@61 · osv@v1
requirements.txt
GHSA-cx63-2mw6-8hw5
setuptools@61 · osv@v1
requirements.txt
GHSA-r9hx-vwmv-q579
setuptools@61 · osv@v1
requirements.txt
PYSEC-2022-43012
setuptools@61 · osv@v1
requirements.txt
PYSEC-2025-49
setuptools@61 · osv@v1
requirements.txt
PYSEC-2026-1918
setuptools@61 · osv@v1
requirements.txt
PYSEC-2026-3447
setuptools@61 · osv@v1
requirements.txt
GHSA-38fc-9xqv-7f7q
sqlalchemy@1.2.0 · osv@v1
requirements.txt
GHSA-887w-45rq-vxgf
sqlalchemy@1.2.0 · osv@v1
requirements.txt
PYSEC-2019-123
sqlalchemy@1.2.0 · osv@v1
requirements.txt
PYSEC-2019-124
sqlalchemy@1.2.0 · osv@v1
requirements.txt
GHSA-g7vv-2v7x-gj9p
tqdm@4.15.0 · osv@v1
requirements.txt
PYSEC-2026-1976
tqdm@4.15.0 · osv@v1
requirements.txt
GHSA-3j69-69wj-xqx2
ujson@5.12.0 · osv@v1
requirements.txt
GHSA-c38f-wx89-p2xg
ujson@5.12.0 · osv@v1
requirements.txt
PYSEC-2026-2293
ujson@5.12.0 · osv@v1
requirements.txt
PYSEC-2026-2294
ujson@5.12.0 · osv@v1
requirements.txt
GHSA-29vq-49wr-vm6x
werkzeug@2.3.8 · osv@v1
requirements.txt
GHSA-2g68-c3qc-8985
werkzeug@2.3.8 · osv@v1
requirements.txt
GHSA-87hc-h4r5-73f7
werkzeug@2.3.8 · osv@v1
requirements.txt
GHSA-f9vj-2wh5-fj8j
werkzeug@2.3.8 · osv@v1
requirements.txt
GHSA-hgf8-39gv-g3f2
werkzeug@2.3.8 · osv@v1
requirements.txt
GHSA-q34m-jh98-gwm2
werkzeug@2.3.8 · osv@v1
requirements.txt
PYSEC-2026-2043
werkzeug@2.3.8 · osv@v1
requirements.txt
PYSEC-2026-2044
werkzeug@2.3.8 · osv@v1
requirements.txt
PYSEC-2026-2045
werkzeug@2.3.8 · osv@v1
requirements.txt
PYSEC-2026-2046
werkzeug@2.3.8 · osv@v1
requirements.txt
PYSEC-2026-2320
werkzeug@2.3.8 · osv@v1
requirements.txt
PYSEC-2026-3417
werkzeug@2.3.8 · osv@v1
requirements.txt

Method and caveats: these are sourced, dated heuristics from public GitHub data and external security intelligence providers. A status like "no published findings from this source" is not a guarantee of safety. Read the full trust methodology · JSON report at /api/graphcanon/tools/infobyte-faraday/trust.

Common questions

Is faraday maintained?
GraphCanon rates faraday "Active" (82% maintenance signal from public GitHub metadata, computed today). Last push was 21 days ago. 3 GitHub releases in the last 90 days. This is a recency heuristic, not a guarantee the project will stay maintained.
Is faraday safe to use?
Last scanned today (deps profile). Status: 95 low - 95 low finding(s) in the latest scan. GraphCanon does not claim the project is safe or vulnerability-free; review findings on the trust report. GraphCanon does not certify faraday as safe - review maintenance, provenance, and scan findings on this page before adopting.
Is faraday a fork?
No. faraday is not flagged as a fork in GitHub metadata at the time of the last refresh.
Does faraday have known security vulnerabilities?
Last scanned today (deps profile). Status: 95 low - 95 low finding(s) in the latest scan. GraphCanon does not claim the project is safe or vulnerability-free; review findings on the trust report.
How often is the faraday trust report updated?
Trust signals refresh on GitHub ingest/refresh cycles and optional dependency/MCP scans. This report was computed today (methodology github_public_v1).
What does GraphCanon never claim about faraday?
We never publish a composite safety grade, pen-test endorsement, or "verified secure" label for faraday. Signals are sourced heuristics with explicit limits - see trust methodology.
How does GraphCanon assess trust for faraday?
Signals are sourced from public GitHub metadata and optional dependency/MCP manifest scans, each tagged with methodology version and computed date. GraphCanon does not publish a composite safety grade. Read trust methodology for full scope and limits.

Was this helpful?

Anonymous feedback helps us improve pages and translations.