Home/Good-GYM/Trust report

Trust and health report

Good-GYM - trust report

Sourced, dated trust signals - maintenance label posture, repository provenance, and security scan status. Not a composite safety grade.

GraphCanon updated today · GitHub synced today

Maintenance

Recency and activity heuristics from public GitHub metadata (maintenance label, momentum); methodology: github_public_v1.

Active82% signal

last push 9d ago · last release 1w · 1 releases (90d)

Provenance

Repository identity and fork provenance (github_public_v1).

  • GitHub repo id: 985542819
  • Not a fork
  • Personal account
  • Computed today

Security scan

Dependency advisory security scan when a lockfile is present. Not a full code audit.

Status
79 low
Last scan
today
Scanner
osv@v1

Findings

GHSA-qr4w-53vh-m672
opencv-python@4.5.0 · requirements.txt
PYSEC-2023-183
opencv-python@4.5.0 · requirements.txt
GHSA-6p56-wp2h-9hxr
numpy@1.19.0 · requirements.txt
GHSA-fpfv-jqm9-f5jm
numpy@1.19.0 · requirements.txt
PYSEC-2021-856
numpy@1.19.0 · requirements.txt
GHSA-9w2p-rh8c-v9g5
pyinstaller@5.0.0 · requirements.txt
GHSA-p2xp-xx3r-mffc
pyinstaller@5.0.0 · requirements.txt
PYSEC-2023-292
pyinstaller@5.0.0 · requirements.txt
PYSEC-2026-1813
pyinstaller@5.0.0 · requirements.txt
GHSA-3f63-hfp8-52jq
Pillow@8.0.0 · requirements.txt
GHSA-3wvg-mj6g-m9cv
Pillow@8.0.0 · requirements.txt
GHSA-44wm-f244-xhp3
Pillow@8.0.0 · requirements.txt
GHSA-4fx9-vc88-q2xc
Pillow@8.0.0 · requirements.txt
GHSA-57h3-9rgr-c24m
Pillow@8.0.0 · requirements.txt
GHSA-7534-mm45-c74v
Pillow@8.0.0 · requirements.txt
GHSA-77gc-v2xv-rvvh
Pillow@8.0.0 · requirements.txt
GHSA-7r7m-5h27-29hp
Pillow@8.0.0 · requirements.txt
GHSA-8ghj-p4vj-mr35
Pillow@8.0.0 · requirements.txt
GHSA-8vj2-vxx3-667w
Pillow@8.0.0 · requirements.txt
GHSA-8xjq-8fcg-g5hw
Pillow@8.0.0 · requirements.txt
GHSA-95q3-8gr9-gm8w
Pillow@8.0.0 · requirements.txt
GHSA-98vv-pw6r-q6q4
Pillow@8.0.0 · requirements.txt
GHSA-9hx2-hgq2-2g4f
Pillow@8.0.0 · requirements.txt
GHSA-9j59-75qj-795w
Pillow@8.0.0 · requirements.txt
GHSA-f4w8-cv6p-x6r5
Pillow@8.0.0 · requirements.txt
GHSA-f5g8-5qq7-938w
Pillow@8.0.0 · requirements.txt
GHSA-g6rj-rv7j-xwp4
Pillow@8.0.0 · requirements.txt
GHSA-hf64-x4gq-p99h
Pillow@8.0.0 · requirements.txt
GHSA-hjfx-8p6c-g7gx
Pillow@8.0.0 · requirements.txt
GHSA-j7hp-h8jx-5ppr
Pillow@8.0.0 · requirements.txt
GHSA-jgpv-4h4c-xhw3
Pillow@8.0.0 · requirements.txt
GHSA-m2vv-5vj5-2hm7
Pillow@8.0.0 · requirements.txt
GHSA-mvg9-xffr-p774
Pillow@8.0.0 · requirements.txt
GHSA-p43w-g3c5-g5mq
Pillow@8.0.0 · requirements.txt
GHSA-pw3c-h7wp-cvhx
Pillow@8.0.0 · requirements.txt
GHSA-q5hq-fp76-qmrc
Pillow@8.0.0 · requirements.txt
GHSA-r73j-pqj5-w3x7
Pillow@8.0.0 · requirements.txt
GHSA-rwv7-3v45-hg29
Pillow@8.0.0 · requirements.txt
GHSA-vqcj-wrf2-7v73
Pillow@8.0.0 · requirements.txt
GHSA-wjx4-4jcj-g98j
Pillow@8.0.0 · requirements.txt
GHSA-xrcv-f9gm-v42c
Pillow@8.0.0 · requirements.txt
PYSEC-2021-137
Pillow@8.0.0 · requirements.txt
PYSEC-2021-138
Pillow@8.0.0 · requirements.txt
PYSEC-2021-139
Pillow@8.0.0 · requirements.txt
PYSEC-2021-317
Pillow@8.0.0 · requirements.txt
PYSEC-2021-331
Pillow@8.0.0 · requirements.txt
PYSEC-2021-35
Pillow@8.0.0 · requirements.txt
PYSEC-2021-36
Pillow@8.0.0 · requirements.txt
PYSEC-2021-37
Pillow@8.0.0 · requirements.txt
PYSEC-2021-38
Pillow@8.0.0 · requirements.txt
PYSEC-2021-39
Pillow@8.0.0 · requirements.txt
PYSEC-2021-40
Pillow@8.0.0 · requirements.txt
PYSEC-2021-41
Pillow@8.0.0 · requirements.txt
PYSEC-2021-42
Pillow@8.0.0 · requirements.txt
PYSEC-2021-69
Pillow@8.0.0 · requirements.txt
PYSEC-2021-70
Pillow@8.0.0 · requirements.txt
PYSEC-2021-71
Pillow@8.0.0 · requirements.txt
PYSEC-2021-92
Pillow@8.0.0 · requirements.txt
PYSEC-2021-93
Pillow@8.0.0 · requirements.txt
PYSEC-2021-94
Pillow@8.0.0 · requirements.txt
PYSEC-2022-10
Pillow@8.0.0 · requirements.txt
PYSEC-2022-168
Pillow@8.0.0 · requirements.txt
PYSEC-2022-42979
Pillow@8.0.0 · requirements.txt
PYSEC-2022-42980
Pillow@8.0.0 · requirements.txt
PYSEC-2022-8
Pillow@8.0.0 · requirements.txt
PYSEC-2022-9
Pillow@8.0.0 · requirements.txt
PYSEC-2023-175
Pillow@8.0.0 · requirements.txt
PYSEC-2023-227
Pillow@8.0.0 · requirements.txt
PYSEC-2026-165
Pillow@8.0.0 · requirements.txt
PYSEC-2026-1793
Pillow@8.0.0 · requirements.txt
PYSEC-2026-1794
Pillow@8.0.0 · requirements.txt
PYSEC-2026-457
Pillow@8.0.0 · requirements.txt
GHSA-9hjg-9r4m-mvj7
requests@2.25.0 · requirements.txt
GHSA-9wx4-h78v-vm56
requests@2.25.0 · requirements.txt
GHSA-gc5v-m9x4-r6x2
requests@2.25.0 · requirements.txt
GHSA-j8r2-6x86-q33q
requests@2.25.0 · requirements.txt
PYSEC-2023-74
requests@2.25.0 · requirements.txt
PYSEC-2026-1872
requests@2.25.0 · requirements.txt
PYSEC-2026-1873
requests@2.25.0 · requirements.txt

Method and caveats:these are sourced, dated heuristics from public GitHub data and optional dependency scans. A status like "no criticals found on 2026-07-11" is not a guarantee of safety. Read the full trust methodology · JSON report at /api/graphcanon/tools/yo-wassup-good-gym/trust.

Common questions

Is Good-GYM maintained?
GraphCanon rates Good-GYM "Active" (82% maintenance signal from public GitHub metadata, computed today). Last push was 9 days ago. 1 GitHub releases in the last 90 days. This is a recency heuristic, not a guarantee the project will stay maintained.
Is Good-GYM safe to use?
Last scanned today (deps profile). Status: 79 low - 79 low finding(s) in the latest scan. GraphCanon does not claim the project is safe or vulnerability-free; review findings on the trust report. GraphCanon does not certify Good-GYM as safe - review maintenance, provenance, and scan findings on this page before adopting.
Is Good-GYM a fork?
No. Good-GYM is not flagged as a fork in GitHub metadata at the time of the last refresh.
Does Good-GYM have known security vulnerabilities?
Last scanned today (deps profile). Status: 79 low - 79 low finding(s) in the latest scan. GraphCanon does not claim the project is safe or vulnerability-free; review findings on the trust report.
How often is the Good-GYM trust report updated?
Trust signals refresh on GitHub ingest/refresh cycles and optional dependency/MCP scans. This report was computed today (methodology github_public_v1).
What does GraphCanon never claim about Good-GYM?
We never publish a composite safety grade, pen-test endorsement, or "verified secure" label for Good-GYM. Signals are sourced heuristics with explicit limits - see trust methodology.
How does GraphCanon assess trust for Good-GYM?
Signals are sourced from public GitHub metadata and optional dependency/MCP manifest scans, each tagged with methodology version and computed date. GraphCanon does not publish a composite safety grade. Read trust methodology for full scope and limits.