Home/zeno/Trust report

Trust and health report

zeno - trust report

Sourced, dated trust signals - maintenance label posture, repository provenance, and security scan status. Not a composite safety grade.

GraphCanon updated today · GitHub synced today

Maintenance

Recency and activity heuristics from public GitHub metadata (maintenance label, momentum); methodology: github_public_v1.

Archived8% signal

last push 1010d ago · last release 2y

Provenance

Repository identity and fork provenance (github_public_v1).

Security scan

Dependency advisory security scan when a lockfile is present. Not a full code audit.

Status
58 low
Last scan
today
Scanner
osv@v1

Findings

GHSA-3936-cmfr-pm3m
black@23.9.1 · poetry.lock
GHSA-fj7x-q9j7-g6q6
black@23.9.1 · poetry.lock
PYSEC-2024-48
black@23.9.1 · poetry.lock
GHSA-248v-346w-9cwc
certifi@2023.7.22 · poetry.lock
PYSEC-2024-230
certifi@2023.7.22 · poetry.lock
PYSEC-2024-38
fastapi@0.103.2 · poetry.lock
GHSA-vqfr-h8mv-ghfj
h11@0.14.0 · poetry.lock
PYSEC-2026-348
h11@0.14.0 · poetry.lock
GHSA-65pc-fj4g-8rjx
idna@3.4 · poetry.lock
GHSA-jjg7-2v4v-x38h
idna@3.4 · poetry.lock
PYSEC-2024-60
idna@3.4 · poetry.lock
PYSEC-2026-215
idna@3.4 · poetry.lock
GHSA-mr82-8j83-vxmv
pydantic@1.10.12 · poetry.lock
PYSEC-2026-1812
pydantic@1.10.12 · poetry.lock
GHSA-6w46-j5rx-g56g
pytest@7.4.2 · poetry.lock
PYSEC-2026-1845
pytest@7.4.2 · poetry.lock
GHSA-9hjg-9r4m-mvj7
requests@2.31.0 · poetry.lock
GHSA-9wx4-h78v-vm56
requests@2.31.0 · poetry.lock
GHSA-gc5v-m9x4-r6x2
requests@2.31.0 · poetry.lock
PYSEC-2026-1872
requests@2.31.0 · poetry.lock
PYSEC-2026-1873
requests@2.31.0 · poetry.lock
GHSA-jw8x-6495-233v
scikit-learn@1.3.0 · poetry.lock
PYSEC-2024-110
scikit-learn@1.3.0 · poetry.lock
PYSEC-2023-102
scipy@1.9.3 · poetry.lock
GHSA-5rjg-fvgr-3xxf
setuptools@68.2.2 · poetry.lock
GHSA-cx63-2mw6-8hw5
setuptools@68.2.2 · poetry.lock
PYSEC-2025-49
setuptools@68.2.2 · poetry.lock
PYSEC-2026-1918
setuptools@68.2.2 · poetry.lock
GHSA-2c2j-9gv5-cj73
starlette@0.27.0 · poetry.lock
GHSA-82w8-qh3p-5jfq
starlette@0.27.0 · poetry.lock
GHSA-86qp-5c8j-p5mr
starlette@0.27.0 · poetry.lock
GHSA-f96h-pmfr-66vw
starlette@0.27.0 · poetry.lock
GHSA-jp82-jpqv-5vv3
starlette@0.27.0 · poetry.lock
GHSA-wqp7-x3pw-xc5r
starlette@0.27.0 · poetry.lock
GHSA-x746-7m8f-x49c
starlette@0.27.0 · poetry.lock
PYSEC-2026-161
starlette@0.27.0 · poetry.lock
PYSEC-2026-1941
starlette@0.27.0 · poetry.lock
PYSEC-2026-1943
starlette@0.27.0 · poetry.lock
PYSEC-2026-248
starlette@0.27.0 · poetry.lock
PYSEC-2026-249
starlette@0.27.0 · poetry.lock
GHSA-g7vv-2v7x-gj9p
tqdm@4.66.1 · poetry.lock
PYSEC-2026-1976
tqdm@4.66.1 · poetry.lock
GHSA-2xpw-w6gg-jr37
urllib3@2.0.4 · poetry.lock
GHSA-34jh-p97f-mpxf
urllib3@2.0.4 · poetry.lock
GHSA-38jv-5279-wg99
urllib3@2.0.4 · poetry.lock
GHSA-g4mx-q9vg-27p4
urllib3@2.0.4 · poetry.lock
GHSA-gm62-xv2j-4w53
urllib3@2.0.4 · poetry.lock
GHSA-pq67-6m6q-mj2v
urllib3@2.0.4 · poetry.lock
GHSA-qccp-gfcp-xxvc
urllib3@2.0.4 · poetry.lock
GHSA-v845-jxx5-vc9f
urllib3@2.0.4 · poetry.lock
PYSEC-2023-192
urllib3@2.0.4 · poetry.lock
PYSEC-2023-212
urllib3@2.0.4 · poetry.lock
PYSEC-2026-141
urllib3@2.0.4 · poetry.lock
PYSEC-2026-1994
urllib3@2.0.4 · poetry.lock
PYSEC-2026-1995
urllib3@2.0.4 · poetry.lock
PYSEC-2026-1996
urllib3@2.0.4 · poetry.lock
PYSEC-2026-1998
urllib3@2.0.4 · poetry.lock
PYSEC-2026-1999
urllib3@2.0.4 · poetry.lock

Method and caveats:these are sourced, dated heuristics from public GitHub data and optional dependency scans. A status like "no criticals found on 2026-07-11" is not a guarantee of safety. Read the full trust methodology · JSON report at /api/graphcanon/tools/zeno-ml-zeno/trust.

Common questions

Is zeno maintained?
zeno is archived on GitHub. GraphCanon treats archived repositories as dormant regardless of past activity.
Is zeno safe to use?
Last scanned today (deps profile). Status: 58 low - 58 low finding(s) in the latest scan. GraphCanon does not claim the project is safe or vulnerability-free; review findings on the trust report. GraphCanon does not certify zeno as safe - review maintenance, provenance, and scan findings on this page before adopting.
Is zeno a fork?
No. zeno is not flagged as a fork in GitHub metadata at the time of the last refresh.
Does zeno have known security vulnerabilities?
Last scanned today (deps profile). Status: 58 low - 58 low finding(s) in the latest scan. GraphCanon does not claim the project is safe or vulnerability-free; review findings on the trust report.
How often is the zeno trust report updated?
Trust signals refresh on GitHub ingest/refresh cycles and optional dependency/MCP scans. This report was computed today (methodology github_public_v1).
What does GraphCanon never claim about zeno?
We never publish a composite safety grade, pen-test endorsement, or "verified secure" label for zeno. Signals are sourced heuristics with explicit limits - see trust methodology.
How does GraphCanon assess trust for zeno?
Signals are sourced from public GitHub metadata and optional dependency/MCP manifest scans, each tagged with methodology version and computed date. GraphCanon does not publish a composite safety grade. Read trust methodology for full scope and limits.