Home/mage-ai/Trust report

Trust and health report

mage-ai - trust report

Sourced, dated trust signals - maintenance label posture, repository provenance, and security scan status. Not a composite safety grade.

GraphCanon updated today · GitHub synced today

Maintenance

Recency and activity heuristics from public GitHub metadata (maintenance label, momentum); methodology: github_public_v1.

Active82% signal

last push 12d ago · last release 5mo

Provenance

Repository identity and fork provenance (github_public_v1).

Security intelligence

Source-by-source security scan results from public intelligence providers. Missing, partial, or failed queries are shown explicitly and are not treated as clean.

OSV dependency advisories

Published findings
Last query
today
Scanner
osv@v1
Stored findings
207
View source evidence

deps.dev advisories

Not queried
Scanner
deps.dev@v1
View source evidence

OpenSSF Scorecard

Not queried
Scanner
openssf-scorecard@v1

Weekly public scans omit some checks at scale.

View source evidence

Dependency advisories (deduplicated)

GHSA-3936-cmfr-pm3m
black@23.3.0 · osv@v1
poetry.lock
GHSA-fj7x-q9j7-g6q6
black@23.3.0 · osv@v1
poetry.lock
PYSEC-2024-48
black@23.3.0 · osv@v1
poetry.lock
PYSEC-2026-2120
black@23.3.0 · osv@v1
poetry.lock
PYSEC-2026-2121
black@23.3.0 · osv@v1
poetry.lock
PYSEC-2026-2132
click@8.1.3 · osv@v1
poetry.lock
GHSA-qmgc-5h2g-mvrw
filelock@3.12.0 · osv@v1
poetry.lock
GHSA-w853-jp5j-5j7f
filelock@3.12.0 · osv@v1
poetry.lock
PYSEC-2026-1374
filelock@3.12.0 · osv@v1
poetry.lock
PYSEC-2026-1375
filelock@3.12.0 · osv@v1
poetry.lock
GHSA-cpwx-vrp4-4pq7
jinja2@3.1.2 · osv@v1
poetry.lock
GHSA-gmj6-6f8f-6699
jinja2@3.1.2 · osv@v1
poetry.lock
GHSA-h5c8-rqwp-cp95
jinja2@3.1.2 · osv@v1
poetry.lock
GHSA-h75v-3vvj-5mfj
jinja2@3.1.2 · osv@v1
poetry.lock
GHSA-q2x7-8rv6-6q7h
jinja2@3.1.2 · osv@v1
poetry.lock
PYSEC-2026-1471
jinja2@3.1.2 · osv@v1
poetry.lock
PYSEC-2026-1472
jinja2@3.1.2 · osv@v1
poetry.lock
PYSEC-2026-1473
jinja2@3.1.2 · osv@v1
poetry.lock
PYSEC-2026-1474
jinja2@3.1.2 · osv@v1
poetry.lock
PYSEC-2026-1475
jinja2@3.1.2 · osv@v1
poetry.lock
GHSA-33p9-3p43-82vq
jupyter-core@5.3.0 · osv@v1
poetry.lock
PYSEC-2026-1477
jupyter-core@5.3.0 · osv@v1
poetry.lock
GHSA-5239-wwwm-4pmq
pygments@2.15.1 · osv@v1
poetry.lock
PYSEC-2026-2987
pygments@2.15.1 · osv@v1
poetry.lock
GHSA-6w46-j5rx-g56g
pytest@7.3.1 · osv@v1
poetry.lock
PYSEC-2026-1845
pytest@7.3.1 · osv@v1
poetry.lock
GHSA-5rjg-fvgr-3xxf
setuptools@67.7.2 · osv@v1
poetry.lock
GHSA-cx63-2mw6-8hw5
setuptools@67.7.2 · osv@v1
poetry.lock
PYSEC-2025-49
setuptools@67.7.2 · osv@v1
poetry.lock
PYSEC-2026-1918
setuptools@67.7.2 · osv@v1
poetry.lock
PYSEC-2026-3447
setuptools@67.7.2 · osv@v1
poetry.lock
GHSA-3x9g-8vmp-wqvf
tornado@6.3.1 · osv@v1
poetry.lock
GHSA-753j-mpmx-qq6g
tornado@6.3.1 · osv@v1
poetry.lock
GHSA-78cv-mqj4-43f7
tornado@6.3.1 · osv@v1
poetry.lock
GHSA-7cx3-6m66-7c5m
tornado@6.3.1 · osv@v1
poetry.lock
GHSA-8w49-h785-mj3c
tornado@6.3.1 · osv@v1
poetry.lock
GHSA-cx3h-4qpv-8hc9
tornado@6.3.1 · osv@v1
poetry.lock
GHSA-fqwm-6jpj-5wxc
tornado@6.3.1 · osv@v1
poetry.lock
GHSA-hj3f-6gcp-jg8j
tornado@6.3.1 · osv@v1
poetry.lock
GHSA-mgf9-4vpg-hj56
tornado@6.3.1 · osv@v1
poetry.lock
GHSA-pw6j-qg29-8w7f
tornado@6.3.1 · osv@v1
poetry.lock
GHSA-qjxf-f2mg-c6mc
tornado@6.3.1 · osv@v1
poetry.lock
GHSA-qppv-j76h-2rpx
tornado@6.3.1 · osv@v1
poetry.lock
GHSA-w235-7p84-xx57
tornado@6.3.1 · osv@v1
poetry.lock
PYSEC-2023-75
tornado@6.3.1 · osv@v1
poetry.lock
PYSEC-2025-265
tornado@6.3.1 · osv@v1
poetry.lock
PYSEC-2025-266
tornado@6.3.1 · osv@v1
poetry.lock
PYSEC-2025-267
tornado@6.3.1 · osv@v1
poetry.lock
PYSEC-2026-140
tornado@6.3.1 · osv@v1
poetry.lock
PYSEC-2026-1974
tornado@6.3.1 · osv@v1
poetry.lock
PYSEC-2026-1975
tornado@6.3.1 · osv@v1
poetry.lock
PYSEC-2026-2287
tornado@6.3.1 · osv@v1
poetry.lock
PYSEC-2026-3387
tornado@6.3.1 · osv@v1
poetry.lock
PYSEC-2026-3388
tornado@6.3.1 · osv@v1
poetry.lock
PYSEC-2026-3389
tornado@6.3.1 · osv@v1
poetry.lock
GHSA-597g-3phw-6986
virtualenv@20.23.0 · osv@v1
poetry.lock
GHSA-rqc4-2hc7-8c8v
virtualenv@20.23.0 · osv@v1
poetry.lock
PYSEC-2024-187
virtualenv@20.23.0 · osv@v1
poetry.lock
PYSEC-2026-2009
virtualenv@20.23.0 · osv@v1
poetry.lock
GHSA-jfmj-5v4g-7637
zipp@3.15.0 · osv@v1
poetry.lock
PYSEC-2026-2074
zipp@3.15.0 · osv@v1
poetry.lock
GHSA-7545-fcxq-7j24
GitPython@3.1.41 · osv@v1
requirements.txt
GHSA-mv93-w799-cj2w
GitPython@3.1.41 · osv@v1
requirements.txt
GHSA-rpm5-65cw-6hj4
GitPython@3.1.41 · osv@v1
requirements.txt
GHSA-v87r-6q3f-2j67
GitPython@3.1.41 · osv@v1
requirements.txt
GHSA-x2qx-6953-8485
GitPython@3.1.41 · osv@v1
requirements.txt
PYSEC-2026-2160
GitPython@3.1.41 · osv@v1
requirements.txt
PYSEC-2026-2161
GitPython@3.1.41 · osv@v1
requirements.txt
PYSEC-2026-2162
GitPython@3.1.41 · osv@v1
requirements.txt
PYSEC-2026-2163
GitPython@3.1.41 · osv@v1
requirements.txt
GHSA-cfh3-3jmp-rvhc
Pillow@10.3.0 · osv@v1
requirements.txt
GHSA-pwv6-vv43-88gr
Pillow@10.3.0 · osv@v1
requirements.txt
GHSA-r73j-pqj5-w3x7
Pillow@10.3.0 · osv@v1
requirements.txt
GHSA-whj4-6x5x-4v2j
Pillow@10.3.0 · osv@v1
requirements.txt
GHSA-wjx4-4jcj-g98j
Pillow@10.3.0 · osv@v1
requirements.txt
PYSEC-2026-165
Pillow@10.3.0 · osv@v1
requirements.txt
PYSEC-2026-2249
Pillow@10.3.0 · osv@v1
requirements.txt
PYSEC-2026-2250
Pillow@10.3.0 · osv@v1
requirements.txt
PYSEC-2026-2252
Pillow@10.3.0 · osv@v1
requirements.txt
PYSEC-2026-2253
Pillow@10.3.0 · osv@v1
requirements.txt
PYSEC-2026-2254
Pillow@10.3.0 · osv@v1
requirements.txt
PYSEC-2026-2255
Pillow@10.3.0 · osv@v1
requirements.txt
PYSEC-2026-2256
Pillow@10.3.0 · osv@v1
requirements.txt
PYSEC-2026-2257
Pillow@10.3.0 · osv@v1
requirements.txt
PYSEC-2026-2874
Pillow@10.3.0 · osv@v1
requirements.txt
GHSA-752w-5fwx-jx9f
PyJWT@2.6.0 · osv@v1
requirements.txt
GHSA-993g-76c3-p5m4
PyJWT@2.6.0 · osv@v1
requirements.txt
GHSA-fhv5-28vv-h8m8
PyJWT@2.6.0 · osv@v1
requirements.txt
GHSA-xgmm-8j9v-c9wx
PyJWT@2.6.0 · osv@v1
requirements.txt
PYSEC-2025-183
PyJWT@2.6.0 · osv@v1
requirements.txt
PYSEC-2026-120
PyJWT@2.6.0 · osv@v1
requirements.txt
PYSEC-2026-175
PyJWT@2.6.0 · osv@v1
requirements.txt
PYSEC-2026-177
PyJWT@2.6.0 · osv@v1
requirements.txt
PYSEC-2026-179
PyJWT@2.6.0 · osv@v1
requirements.txt
GHSA-2fqr-mr3j-6wp8
aiohttp@3.10.0 · osv@v1
requirements.txt
GHSA-2vrm-gr82-f7m5
aiohttp@3.10.0 · osv@v1
requirements.txt
GHSA-3wq7-rqq7-wx6j
aiohttp@3.10.0 · osv@v1
requirements.txt
GHSA-4fvr-rgm6-gqmc
aiohttp@3.10.0 · osv@v1
requirements.txt
GHSA-4m7w-qmgq-4wj5
aiohttp@3.10.0 · osv@v1
requirements.txt
GHSA-54jq-c3m8-4m76
aiohttp@3.10.0 · osv@v1
requirements.txt
GHSA-63hf-3vf5-4wqf
aiohttp@3.10.0 · osv@v1
requirements.txt
GHSA-63hw-fmq6-xxg2
aiohttp@3.10.0 · osv@v1
requirements.txt
GHSA-69f9-5gxw-wvc2
aiohttp@3.10.0 · osv@v1
requirements.txt
GHSA-6jhg-hg63-jvvf
aiohttp@3.10.0 · osv@v1
requirements.txt
GHSA-6mq8-rvhq-8wgg
aiohttp@3.10.0 · osv@v1
requirements.txt
GHSA-8495-4g3g-x7pr
aiohttp@3.10.0 · osv@v1
requirements.txt
GHSA-9548-qrrj-x5pj
aiohttp@3.10.0 · osv@v1
requirements.txt
GHSA-966j-vmvw-g2g9
aiohttp@3.10.0 · osv@v1
requirements.txt
GHSA-9x8q-7h8h-wcw9
aiohttp@3.10.0 · osv@v1
requirements.txt
GHSA-c427-h43c-vf67
aiohttp@3.10.0 · osv@v1
requirements.txt
GHSA-fh55-r93g-j68g
aiohttp@3.10.0 · osv@v1
requirements.txt
GHSA-g3cq-j2xw-wf74
aiohttp@3.10.0 · osv@v1
requirements.txt
GHSA-g84x-mcqj-x9qq
aiohttp@3.10.0 · osv@v1
requirements.txt
GHSA-hcc4-c3v8-rx92
aiohttp@3.10.0 · osv@v1
requirements.txt
GHSA-hg6j-4rv6-33pg
aiohttp@3.10.0 · osv@v1
requirements.txt
GHSA-hpj7-wq8m-9hgp
aiohttp@3.10.0 · osv@v1
requirements.txt
GHSA-jg22-mg44-37j8
aiohttp@3.10.0 · osv@v1
requirements.txt
GHSA-jj3x-wxrx-4x23
aiohttp@3.10.0 · osv@v1
requirements.txt
GHSA-jwhx-xcg6-8xhj
aiohttp@3.10.0 · osv@v1
requirements.txt
GHSA-m5qp-6w8w-w647
aiohttp@3.10.0 · osv@v1
requirements.txt
GHSA-m6qw-4cw2-hm4m
aiohttp@3.10.0 · osv@v1
requirements.txt
GHSA-mqqc-3gqh-h2x8
aiohttp@3.10.0 · osv@v1
requirements.txt
GHSA-mwh4-6h8g-pg8w
aiohttp@3.10.0 · osv@v1
requirements.txt
GHSA-p998-jp59-783m
aiohttp@3.10.0 · osv@v1
requirements.txt
GHSA-w2fm-2cpv-w7v5
aiohttp@3.10.0 · osv@v1
requirements.txt
GHSA-xcgm-r5h9-7989
aiohttp@3.10.0 · osv@v1
requirements.txt
PYSEC-2026-1097
aiohttp@3.10.0 · osv@v1
requirements.txt
PYSEC-2026-1099
aiohttp@3.10.0 · osv@v1
requirements.txt
PYSEC-2026-1100
aiohttp@3.10.0 · osv@v1
requirements.txt
PYSEC-2026-1101
aiohttp@3.10.0 · osv@v1
requirements.txt
PYSEC-2026-1103
aiohttp@3.10.0 · osv@v1
requirements.txt
PYSEC-2026-1104
aiohttp@3.10.0 · osv@v1
requirements.txt
PYSEC-2026-1105
aiohttp@3.10.0 · osv@v1
requirements.txt
PYSEC-2026-1106
aiohttp@3.10.0 · osv@v1
requirements.txt
PYSEC-2026-1107
aiohttp@3.10.0 · osv@v1
requirements.txt
PYSEC-2026-1108
aiohttp@3.10.0 · osv@v1
requirements.txt
PYSEC-2026-1109
aiohttp@3.10.0 · osv@v1
requirements.txt
PYSEC-2026-2094
aiohttp@3.10.0 · osv@v1
requirements.txt
PYSEC-2026-2095
aiohttp@3.10.0 · osv@v1
requirements.txt
PYSEC-2026-2096
aiohttp@3.10.0 · osv@v1
requirements.txt
PYSEC-2026-2097
aiohttp@3.10.0 · osv@v1
requirements.txt
PYSEC-2026-2098
aiohttp@3.10.0 · osv@v1
requirements.txt
PYSEC-2026-2099
aiohttp@3.10.0 · osv@v1
requirements.txt
PYSEC-2026-2100
aiohttp@3.10.0 · osv@v1
requirements.txt
PYSEC-2026-2101
aiohttp@3.10.0 · osv@v1
requirements.txt
PYSEC-2026-2102
aiohttp@3.10.0 · osv@v1
requirements.txt
PYSEC-2026-2103
aiohttp@3.10.0 · osv@v1
requirements.txt
PYSEC-2026-2104
aiohttp@3.10.0 · osv@v1
requirements.txt
PYSEC-2026-2105
aiohttp@3.10.0 · osv@v1
requirements.txt
PYSEC-2026-2106
aiohttp@3.10.0 · osv@v1
requirements.txt
PYSEC-2026-2107
aiohttp@3.10.0 · osv@v1
requirements.txt
PYSEC-2026-2108
aiohttp@3.10.0 · osv@v1
requirements.txt
PYSEC-2026-2109
aiohttp@3.10.0 · osv@v1
requirements.txt
PYSEC-2026-2110
aiohttp@3.10.0 · osv@v1
requirements.txt
PYSEC-2026-2111
aiohttp@3.10.0 · osv@v1
requirements.txt
PYSEC-2026-2112
aiohttp@3.10.0 · osv@v1
requirements.txt
PYSEC-2026-2113
aiohttp@3.10.0 · osv@v1
requirements.txt
PYSEC-2026-237
aiohttp@3.10.0 · osv@v1
requirements.txt
GHSA-537c-gmf6-5ccf
cryptography@42.0.4 · osv@v1
requirements.txt
GHSA-79v4-65xg-pq4g
cryptography@42.0.4 · osv@v1
requirements.txt
GHSA-h4gh-qq45-vh27
cryptography@42.0.4 · osv@v1
requirements.txt
GHSA-m959-cc7f-wv43
cryptography@42.0.4 · osv@v1
requirements.txt
GHSA-r6ph-v2qm-q3c2
cryptography@42.0.4 · osv@v1
requirements.txt
PYSEC-2026-1284
cryptography@42.0.4 · osv@v1
requirements.txt
PYSEC-2026-2141
cryptography@42.0.4 · osv@v1
requirements.txt
PYSEC-2026-35
cryptography@42.0.4 · osv@v1
requirements.txt
GHSA-6hrg-qmvc-2xh8
joblib@1.1.0 · osv@v1
requirements.txt
PYSEC-2022-288
joblib@1.1.0 · osv@v1
requirements.txt
GHSA-24qx-w28j-9m6p
jupyter-server@2.14.1 · osv@v1
requirements.txt
GHSA-5789-5fc7-67v3
jupyter-server@2.14.1 · osv@v1
requirements.txt
GHSA-5mrq-x3x5-8v8f
jupyter-server@2.14.1 · osv@v1
requirements.txt
GHSA-fcw5-x6j4-ccmp
jupyter-server@2.14.1 · osv@v1
requirements.txt
GHSA-gf7q-q4j7-hp7c
jupyter-server@2.14.1 · osv@v1
requirements.txt
GHSA-qh7q-6qm3-653w
jupyter-server@2.14.1 · osv@v1
requirements.txt
GHSA-v42x-x7jp-845h
jupyter-server@2.14.1 · osv@v1
requirements.txt
PYSEC-2026-2187
jupyter-server@2.14.1 · osv@v1
requirements.txt
PYSEC-2026-2532
jupyter-server@2.14.1 · osv@v1
requirements.txt
PYSEC-2026-366
jupyter-server@2.14.1 · osv@v1
requirements.txt
PYSEC-2026-67
jupyter-server@2.14.1 · osv@v1
requirements.txt
PYSEC-2026-68
jupyter-server@2.14.1 · osv@v1
requirements.txt
PYSEC-2026-69
jupyter-server@2.14.1 · osv@v1
requirements.txt
GHSA-r374-rxx8-8654
paramiko@3.5.1 · osv@v1
requirements.txt
PYSEC-2026-2858
paramiko@3.5.1 · osv@v1
requirements.txt
PYSEC-2024-161
pyarrow@14.0.1 · osv@v1
requirements.txt
GHSA-g92j-qhmh-64v2
sentry-sdk@2.0.0 · osv@v1
requirements.txt
PYSEC-2026-1917
sentry-sdk@2.0.0 · osv@v1
requirements.txt
GHSA-29vq-49wr-vm6x
Werkzeug@3.0.3 · osv@v1
requirements.txt
GHSA-87hc-h4r5-73f7
Werkzeug@3.0.3 · osv@v1
requirements.txt
GHSA-f9vj-2wh5-fj8j
Werkzeug@3.0.3 · osv@v1
requirements.txt
GHSA-hgf8-39gv-g3f2
Werkzeug@3.0.3 · osv@v1
requirements.txt
GHSA-q34m-jh98-gwm2
Werkzeug@3.0.3 · osv@v1
requirements.txt
PYSEC-2026-2044
Werkzeug@3.0.3 · osv@v1
requirements.txt
PYSEC-2026-2045
Werkzeug@3.0.3 · osv@v1
requirements.txt
PYSEC-2026-2046
Werkzeug@3.0.3 · osv@v1
requirements.txt
PYSEC-2026-2320
Werkzeug@3.0.3 · osv@v1
requirements.txt
PYSEC-2026-3417
Werkzeug@3.0.3 · osv@v1
requirements.txt
GHSA-3644-q5cj-c5c7
langchain@0.2.5 · osv@v1
requirements.txt
GHSA-gr75-jv2w-4656
langchain@0.2.5 · osv@v1
requirements.txt
PYSEC-2024-323
langchain@0.2.5 · osv@v1
requirements.txt
PYSEC-2026-2192
langchain@0.2.5 · osv@v1
requirements.txt
PYSEC-2026-2555
langchain@0.2.5 · osv@v1
requirements.txt
GHSA-45pg-36p6-83v9
langchain_community@0.2.5 · osv@v1
requirements.txt
GHSA-pc6w-59fv-rh23
langchain_community@0.2.5 · osv@v1
requirements.txt
GHSA-q25c-c977-4cmh
langchain_community@0.2.5 · osv@v1
requirements.txt
PYSEC-2024-115
langchain_community@0.2.5 · osv@v1
requirements.txt
PYSEC-2026-1515
langchain_community@0.2.5 · osv@v1
requirements.txt
PYSEC-2026-1516
langchain_community@0.2.5 · osv@v1
requirements.txt

Method and caveats: these are sourced, dated heuristics from public GitHub data and external security intelligence providers. A status like "no published findings from this source" is not a guarantee of safety. Read the full trust methodology · JSON report at /api/graphcanon/tools/mage-ai-mage-ai/trust.

Common questions

Is mage-ai maintained?
GraphCanon rates mage-ai "Active" (82% maintenance signal from public GitHub metadata, computed today). Last push was 12 days ago. This is a recency heuristic, not a guarantee the project will stay maintained.
Is mage-ai safe to use?
Last scanned today (deps profile). Status: 207 low - 207 low finding(s) in the latest scan. GraphCanon does not claim the project is safe or vulnerability-free; review findings on the trust report. GraphCanon does not certify mage-ai as safe - review maintenance, provenance, and scan findings on this page before adopting.
Is mage-ai a fork?
No. mage-ai is not flagged as a fork in GitHub metadata at the time of the last refresh.
Does mage-ai have known security vulnerabilities?
Last scanned today (deps profile). Status: 207 low - 207 low finding(s) in the latest scan. GraphCanon does not claim the project is safe or vulnerability-free; review findings on the trust report.
How often is the mage-ai trust report updated?
Trust signals refresh on GitHub ingest/refresh cycles and optional dependency/MCP scans. This report was computed today (methodology github_public_v1).
What does GraphCanon never claim about mage-ai?
We never publish a composite safety grade, pen-test endorsement, or "verified secure" label for mage-ai. Signals are sourced heuristics with explicit limits - see trust methodology.
How does GraphCanon assess trust for mage-ai?
Signals are sourced from public GitHub metadata and optional dependency/MCP manifest scans, each tagged with methodology version and computed date. GraphCanon does not publish a composite safety grade. Read trust methodology for full scope and limits.

Was this helpful?

Anonymous feedback helps us improve pages and translations.