Trust and health report
zeno - trust report
Sourced, dated trust signals - maintenance label posture, repository provenance, and security scan status. Not a composite safety grade.
GraphCanon updated today · GitHub synced today
Maintenance
Recency and activity heuristics from public GitHub metadata (maintenance label, momentum); methodology: github_public_v1.
last push 1010d ago · last release 2y
Provenance
Repository identity and fork provenance (github_public_v1).
- GitHub repo id: 455182238
- Not a fork
- Verified publisher: organization account
- Computed today
Security scan
Dependency advisory security scan when a lockfile is present. Not a full code audit.
- Status
- 58 low
- Last scan
- today
- Scanner
- osv@v1
Findings
GHSA-3936-cmfr-pm3m
black@23.9.1 · poetry.lock
GHSA-fj7x-q9j7-g6q6
black@23.9.1 · poetry.lock
PYSEC-2024-48
black@23.9.1 · poetry.lock
GHSA-248v-346w-9cwc
certifi@2023.7.22 · poetry.lock
PYSEC-2024-230
certifi@2023.7.22 · poetry.lock
PYSEC-2024-38
fastapi@0.103.2 · poetry.lock
GHSA-vqfr-h8mv-ghfj
h11@0.14.0 · poetry.lock
PYSEC-2026-348
h11@0.14.0 · poetry.lock
GHSA-65pc-fj4g-8rjx
idna@3.4 · poetry.lock
GHSA-jjg7-2v4v-x38h
idna@3.4 · poetry.lock
PYSEC-2024-60
idna@3.4 · poetry.lock
PYSEC-2026-215
idna@3.4 · poetry.lock
GHSA-mr82-8j83-vxmv
pydantic@1.10.12 · poetry.lock
PYSEC-2026-1812
pydantic@1.10.12 · poetry.lock
GHSA-6w46-j5rx-g56g
pytest@7.4.2 · poetry.lock
PYSEC-2026-1845
pytest@7.4.2 · poetry.lock
GHSA-9hjg-9r4m-mvj7
requests@2.31.0 · poetry.lock
GHSA-9wx4-h78v-vm56
requests@2.31.0 · poetry.lock
GHSA-gc5v-m9x4-r6x2
requests@2.31.0 · poetry.lock
PYSEC-2026-1872
requests@2.31.0 · poetry.lock
PYSEC-2026-1873
requests@2.31.0 · poetry.lock
GHSA-jw8x-6495-233v
scikit-learn@1.3.0 · poetry.lock
PYSEC-2024-110
scikit-learn@1.3.0 · poetry.lock
PYSEC-2023-102
scipy@1.9.3 · poetry.lock
GHSA-5rjg-fvgr-3xxf
setuptools@68.2.2 · poetry.lock
GHSA-cx63-2mw6-8hw5
setuptools@68.2.2 · poetry.lock
PYSEC-2025-49
setuptools@68.2.2 · poetry.lock
PYSEC-2026-1918
setuptools@68.2.2 · poetry.lock
GHSA-2c2j-9gv5-cj73
starlette@0.27.0 · poetry.lock
GHSA-82w8-qh3p-5jfq
starlette@0.27.0 · poetry.lock
GHSA-86qp-5c8j-p5mr
starlette@0.27.0 · poetry.lock
GHSA-f96h-pmfr-66vw
starlette@0.27.0 · poetry.lock
GHSA-jp82-jpqv-5vv3
starlette@0.27.0 · poetry.lock
GHSA-wqp7-x3pw-xc5r
starlette@0.27.0 · poetry.lock
GHSA-x746-7m8f-x49c
starlette@0.27.0 · poetry.lock
PYSEC-2026-161
starlette@0.27.0 · poetry.lock
PYSEC-2026-1941
starlette@0.27.0 · poetry.lock
PYSEC-2026-1943
starlette@0.27.0 · poetry.lock
PYSEC-2026-248
starlette@0.27.0 · poetry.lock
PYSEC-2026-249
starlette@0.27.0 · poetry.lock
GHSA-g7vv-2v7x-gj9p
tqdm@4.66.1 · poetry.lock
PYSEC-2026-1976
tqdm@4.66.1 · poetry.lock
GHSA-2xpw-w6gg-jr37
urllib3@2.0.4 · poetry.lock
GHSA-34jh-p97f-mpxf
urllib3@2.0.4 · poetry.lock
GHSA-38jv-5279-wg99
urllib3@2.0.4 · poetry.lock
GHSA-g4mx-q9vg-27p4
urllib3@2.0.4 · poetry.lock
GHSA-gm62-xv2j-4w53
urllib3@2.0.4 · poetry.lock
GHSA-pq67-6m6q-mj2v
urllib3@2.0.4 · poetry.lock
GHSA-qccp-gfcp-xxvc
urllib3@2.0.4 · poetry.lock
GHSA-v845-jxx5-vc9f
urllib3@2.0.4 · poetry.lock
PYSEC-2023-192
urllib3@2.0.4 · poetry.lock
PYSEC-2023-212
urllib3@2.0.4 · poetry.lock
PYSEC-2026-141
urllib3@2.0.4 · poetry.lock
PYSEC-2026-1994
urllib3@2.0.4 · poetry.lock
PYSEC-2026-1995
urllib3@2.0.4 · poetry.lock
PYSEC-2026-1996
urllib3@2.0.4 · poetry.lock
PYSEC-2026-1998
urllib3@2.0.4 · poetry.lock
PYSEC-2026-1999
urllib3@2.0.4 · poetry.lock
Method and caveats:these are sourced, dated heuristics from public GitHub data and optional dependency scans. A status like "no criticals found on 2026-07-11" is not a guarantee of safety. Read the full trust methodology · JSON report at /api/graphcanon/tools/zeno-ml-zeno/trust.
Common questions
- Is zeno maintained?
- zeno is archived on GitHub. GraphCanon treats archived repositories as dormant regardless of past activity.
- Is zeno safe to use?
- Last scanned today (deps profile). Status: 58 low - 58 low finding(s) in the latest scan. GraphCanon does not claim the project is safe or vulnerability-free; review findings on the trust report. GraphCanon does not certify zeno as safe - review maintenance, provenance, and scan findings on this page before adopting.
- Is zeno a fork?
- No. zeno is not flagged as a fork in GitHub metadata at the time of the last refresh.
- Does zeno have known security vulnerabilities?
- Last scanned today (deps profile). Status: 58 low - 58 low finding(s) in the latest scan. GraphCanon does not claim the project is safe or vulnerability-free; review findings on the trust report.
- How often is the zeno trust report updated?
- Trust signals refresh on GitHub ingest/refresh cycles and optional dependency/MCP scans. This report was computed today (methodology github_public_v1).
- What does GraphCanon never claim about zeno?
- We never publish a composite safety grade, pen-test endorsement, or "verified secure" label for zeno. Signals are sourced heuristics with explicit limits - see trust methodology.
- How does GraphCanon assess trust for zeno?
- Signals are sourced from public GitHub metadata and optional dependency/MCP manifest scans, each tagged with methodology version and computed date. GraphCanon does not publish a composite safety grade. Read trust methodology for full scope and limits.