Home/Open-LLM-VTuber/Trust report

Trust and health report

Open-LLM-VTuber - trust report

Sourced, dated trust signals - maintenance label posture, repository provenance, and security scan status. Not a composite safety grade.

GraphCanon updated today · GitHub synced today

Maintenance

Recency and activity heuristics from public GitHub metadata (maintenance label, momentum); methodology: github_public_v1.

Steady60% signal

last push 61d ago · last release 10mo

Provenance

Repository identity and fork provenance (github_public_v1).

Security intelligence

Source-by-source security scan results from public intelligence providers. Missing, partial, or failed queries are shown explicitly and are not treated as clean.

OSV dependency advisories

Published findings
Last query
today
Scanner
osv@v1
Stored findings
70
View source evidence

deps.dev advisories

Not queried
Scanner
deps.dev@v1
View source evidence

OpenSSF Scorecard

Not queried
Scanner
openssf-scorecard@v1

Weekly public scans omit some checks at scale.

View source evidence

Dependency advisories (deduplicated)

GHSA-2fqr-mr3j-6wp8
aiohttp@3.13.3 · osv@v1
requirements.txt
GHSA-2vrm-gr82-f7m5
aiohttp@3.13.3 · osv@v1
requirements.txt
GHSA-3wq7-rqq7-wx6j
aiohttp@3.13.3 · osv@v1
requirements.txt
GHSA-4fvr-rgm6-gqmc
aiohttp@3.13.3 · osv@v1
requirements.txt
GHSA-4m7w-qmgq-4wj5
aiohttp@3.13.3 · osv@v1
requirements.txt
GHSA-63hf-3vf5-4wqf
aiohttp@3.13.3 · osv@v1
requirements.txt
GHSA-63hw-fmq6-xxg2
aiohttp@3.13.3 · osv@v1
requirements.txt
GHSA-966j-vmvw-g2g9
aiohttp@3.13.3 · osv@v1
requirements.txt
GHSA-9x8q-7h8h-wcw9
aiohttp@3.13.3 · osv@v1
requirements.txt
GHSA-c427-h43c-vf67
aiohttp@3.13.3 · osv@v1
requirements.txt
GHSA-g3cq-j2xw-wf74
aiohttp@3.13.3 · osv@v1
requirements.txt
GHSA-hcc4-c3v8-rx92
aiohttp@3.13.3 · osv@v1
requirements.txt
GHSA-hg6j-4rv6-33pg
aiohttp@3.13.3 · osv@v1
requirements.txt
GHSA-hpj7-wq8m-9hgp
aiohttp@3.13.3 · osv@v1
requirements.txt
GHSA-jg22-mg44-37j8
aiohttp@3.13.3 · osv@v1
requirements.txt
GHSA-m5qp-6w8w-w647
aiohttp@3.13.3 · osv@v1
requirements.txt
GHSA-m6qw-4cw2-hm4m
aiohttp@3.13.3 · osv@v1
requirements.txt
GHSA-mwh4-6h8g-pg8w
aiohttp@3.13.3 · osv@v1
requirements.txt
GHSA-p998-jp59-783m
aiohttp@3.13.3 · osv@v1
requirements.txt
GHSA-w2fm-2cpv-w7v5
aiohttp@3.13.3 · osv@v1
requirements.txt
GHSA-xcgm-r5h9-7989
aiohttp@3.13.3 · osv@v1
requirements.txt
PYSEC-2026-2094
aiohttp@3.13.3 · osv@v1
requirements.txt
PYSEC-2026-2095
aiohttp@3.13.3 · osv@v1
requirements.txt
PYSEC-2026-2096
aiohttp@3.13.3 · osv@v1
requirements.txt
PYSEC-2026-2097
aiohttp@3.13.3 · osv@v1
requirements.txt
PYSEC-2026-2098
aiohttp@3.13.3 · osv@v1
requirements.txt
PYSEC-2026-2099
aiohttp@3.13.3 · osv@v1
requirements.txt
PYSEC-2026-2100
aiohttp@3.13.3 · osv@v1
requirements.txt
PYSEC-2026-2101
aiohttp@3.13.3 · osv@v1
requirements.txt
PYSEC-2026-2102
aiohttp@3.13.3 · osv@v1
requirements.txt
PYSEC-2026-2103
aiohttp@3.13.3 · osv@v1
requirements.txt
PYSEC-2026-2104
aiohttp@3.13.3 · osv@v1
requirements.txt
PYSEC-2026-2105
aiohttp@3.13.3 · osv@v1
requirements.txt
PYSEC-2026-2106
aiohttp@3.13.3 · osv@v1
requirements.txt
PYSEC-2026-2107
aiohttp@3.13.3 · osv@v1
requirements.txt
PYSEC-2026-2108
aiohttp@3.13.3 · osv@v1
requirements.txt
PYSEC-2026-2109
aiohttp@3.13.3 · osv@v1
requirements.txt
PYSEC-2026-2110
aiohttp@3.13.3 · osv@v1
requirements.txt
PYSEC-2026-2111
aiohttp@3.13.3 · osv@v1
requirements.txt
PYSEC-2026-2112
aiohttp@3.13.3 · osv@v1
requirements.txt
PYSEC-2026-2113
aiohttp@3.13.3 · osv@v1
requirements.txt
PYSEC-2026-237
aiohttp@3.13.3 · osv@v1
requirements.txt
PYSEC-2026-2132
click@8.3.1 · osv@v1
requirements.txt
GHSA-537c-gmf6-5ccf
cryptography@46.0.3 · osv@v1
requirements.txt
GHSA-m959-cc7f-wv43
cryptography@46.0.3 · osv@v1
requirements.txt
GHSA-p423-j2cm-9vmq
cryptography@46.0.3 · osv@v1
requirements.txt
GHSA-r6ph-v2qm-q3c2
cryptography@46.0.3 · osv@v1
requirements.txt
PYSEC-2026-2141
cryptography@46.0.3 · osv@v1
requirements.txt
PYSEC-2026-35
cryptography@46.0.3 · osv@v1
requirements.txt
PYSEC-2026-36
cryptography@46.0.3 · osv@v1
requirements.txt
GHSA-65pc-fj4g-8rjx
idna@3.11 · osv@v1
requirements.txt
PYSEC-2026-215
idna@3.11 · osv@v1
requirements.txt
GHSA-7gcm-g887-7qv7
protobuf@6.33.4 · osv@v1
requirements.txt
PYSEC-2026-1805
protobuf@6.33.4 · osv@v1
requirements.txt
GHSA-4xgf-cpjx-pc3j
pydantic-settings@2.12.0 · osv@v1
requirements.txt
GHSA-5239-wwwm-4pmq
pygments@2.19.2 · osv@v1
requirements.txt
PYSEC-2026-2987
pygments@2.19.2 · osv@v1
requirements.txt
GHSA-752w-5fwx-jx9f
pyjwt@2.10.1 · osv@v1
requirements.txt
GHSA-993g-76c3-p5m4
pyjwt@2.10.1 · osv@v1
requirements.txt
GHSA-fhv5-28vv-h8m8
pyjwt@2.10.1 · osv@v1
requirements.txt
GHSA-jq35-7prp-9v3f
pyjwt@2.10.1 · osv@v1
requirements.txt
GHSA-w7vc-732c-9m39
pyjwt@2.10.1 · osv@v1
requirements.txt
GHSA-xgmm-8j9v-c9wx
pyjwt@2.10.1 · osv@v1
requirements.txt
PYSEC-2025-183
pyjwt@2.10.1 · osv@v1
requirements.txt
PYSEC-2026-120
pyjwt@2.10.1 · osv@v1
requirements.txt
PYSEC-2026-175
pyjwt@2.10.1 · osv@v1
requirements.txt
PYSEC-2026-176
pyjwt@2.10.1 · osv@v1
requirements.txt
PYSEC-2026-177
pyjwt@2.10.1 · osv@v1
requirements.txt
PYSEC-2026-178
pyjwt@2.10.1 · osv@v1
requirements.txt
PYSEC-2026-179
pyjwt@2.10.1 · osv@v1
requirements.txt

Method and caveats: these are sourced, dated heuristics from public GitHub data and external security intelligence providers. A status like "no published findings from this source" is not a guarantee of safety. Read the full trust methodology · JSON report at /api/graphcanon/tools/open-llm-vtuber-open-llm-vtuber/trust.

Common questions

Is Open-LLM-VTuber maintained?
GraphCanon rates Open-LLM-VTuber "Steady" (60% maintenance signal from public GitHub metadata, computed today). Last push was 61 days ago. This is a recency heuristic, not a guarantee the project will stay maintained.
Is Open-LLM-VTuber safe to use?
Last scanned today (deps profile). Status: 70 low - 70 low finding(s) in the latest scan. GraphCanon does not claim the project is safe or vulnerability-free; review findings on the trust report. GraphCanon does not certify Open-LLM-VTuber as safe - review maintenance, provenance, and scan findings on this page before adopting.
Is Open-LLM-VTuber a fork?
No. Open-LLM-VTuber is not flagged as a fork in GitHub metadata at the time of the last refresh.
Does Open-LLM-VTuber have known security vulnerabilities?
Last scanned today (deps profile). Status: 70 low - 70 low finding(s) in the latest scan. GraphCanon does not claim the project is safe or vulnerability-free; review findings on the trust report.
How often is the Open-LLM-VTuber trust report updated?
Trust signals refresh on GitHub ingest/refresh cycles and optional dependency/MCP scans. This report was computed today (methodology github_public_v1).
What does GraphCanon never claim about Open-LLM-VTuber?
We never publish a composite safety grade, pen-test endorsement, or "verified secure" label for Open-LLM-VTuber. Signals are sourced heuristics with explicit limits - see trust methodology.
How does GraphCanon assess trust for Open-LLM-VTuber?
Signals are sourced from public GitHub metadata and optional dependency/MCP manifest scans, each tagged with methodology version and computed date. GraphCanon does not publish a composite safety grade. Read trust methodology for full scope and limits.

Was this helpful?

Anonymous feedback helps us improve pages and translations.