physical-intelligence/openpi · Security & risks
Authoritative risk signals for physical-intelligence/openpi — dependency CVEs (deps.dev), OpenSSF Scorecard, and GitHub Code Scanning. Not a substitute for your own security review.
Dependency CVEs (deps.dev)
0
Critical
0 direct
0
High
0 direct
14
Moderate
25
Deps scanned
25 direct
- OSV-2021-1229 · flatbuffers (direct)Heap-buffer-overflow in flatbuffers::JsonPrinter::GenFieldOffsetMODERATE
- OSV-2026-646 · sentencepiece (direct)Heap-buffer-overflow in sentencepiece::unigram::Model::EncodeOptimizedMODERATE
- OSV-2021-1249 · flatbuffers (direct)Heap-buffer-overflow in int flatbuffers::ReadScalar<int>MODERATE
- OSV-2021-1314 · flatbuffers (direct)Use-of-uninitialized-value in LoadBinarySchemaMODERATE
- OSV-2021-1678 · flatbuffers (direct)Heap-buffer-overflow in flatbuffers::EscapeStringMODERATE
- OSV-2021-1695 · flatbuffers (direct)Heap-buffer-overflow in flexbuffers::Verifier::VerifyRefMODERATE
- OSV-2021-281 · flatbuffers (direct)Heap-buffer-overflow in flatbuffers::Table* flatbuffers::GetMutableRoot<flatbuffers::Table>MODERATE
- OSV-2021-308 · flatbuffers (direct)Heap-buffer-overflow in flatbuffers::JsonPrinter::GenFieldOffsetMODERATE
- OSV-2021-333 · flatbuffers (direct)Heap-buffer-overflow in int flatbuffers::ReadScalar<int>MODERATE
- OSV-2021-347 · flatbuffers (direct)Heap-buffer-overflow in flatbuffers::Table* flatbuffers::GetMutableRoot<flatbuffers::Table>MODERATE
OpenSSF Scorecard · 4.7/10
- Dependency-Update-Tool0/10
- Security-Policy0/10
- SAST0/10
- Branch-Protection0/10
- Pinned-Dependencies2/10
- Token-Permissions5/10
- Maintained10/10
- License10/10
GitHub Code Scanning · 0 open / 0 total
Tools: —
Ask AI about physical-intelligence/openpi
Grounded in the actual source code. Pick a starter question or write your own.
What does this repo do, in one paragraph?How would I get started using it?What are the main alternatives?Show me the entry point.
Or write your own questionInformational only. RepoPilot summarises public signals at the time of analysis; they can be incomplete or stale. Not professional, security, or legal advice.