Authentication Required
Package Lookup requires authentication to access package intelligence data.
Package Lookup
-
Total Packages
-
High Risk (PS-SSF 70+)
-
Weaponized
-
KEV-Linked
-
OSV Vulnerabilities
Exploitation Evidence
PS-SSF/OSS Score
Severity Distribution
Ecosystems
|
Package
|
Source
Package ecosystem/registry (npm, PyPI, Maven, etc.)
|
Vulns
Total number of known vulnerabilities
|
Critical
Vulnerabilities with CVSS >= 9.0
|
KEV
CVEs in CISA/VulnCheck Known Exploited Vulnerabilities catalog
|
Bug Bounty
Package has an active bug bounty program
|
GitHub PoC
GitHub exploit repos with high signals (stars/forks indicating weaponization)
|
PS-SSF/OSS
Phoenix Security Score - SSF/OSS (0-100). Higher = more risk. Combines evidence, EPSS, CVSS, OpenSSF Criticality Score (blast radius), popularity, and bug bounty factors.
|
|---|---|---|---|---|---|---|---|
|
Loading packages... |
|||||||
Showing 0-0 of 0 packages
-
Repeat Offender
Risk Level
Loading...
-
-
-
-
-
PS-SSF/OSS Score
Phoenix Security Score - SSF/OSS Risk
PS-SSF/OSS Score Components
PS-SSF/OSS (Phoenix Security Score - SSF/OSS Risk) is a composite score (0-100) measuring open-source package security risk based on exploitation evidence, vulnerability severity, and ecosystem impact. The Blast Radius component incorporates the OpenSSF Criticality Score.
-
PS-SSF/OSS Score
-
Repeat Offender
PS-SSF/OSS Methodology:
The score combines exploitation evidence, likelihood, severity, blast radius, popularity, bug bounty, license risk, and package popularity with supply chain compromise intelligence. Repeat offenders are flagged based on time-decayed recidivism signals from compromise campaigns.
OpenSSF Integration: The Blast Radius component uses the OpenSSF Criticality Score which measures the influence and importance of open source projects based on factors like contributor count, commit frequency, and dependent projects.
OpenSSF Integration: The Blast Radius component uses the OpenSSF Criticality Score which measures the influence and importance of open source projects based on factors like contributor count, commit frequency, and dependent projects.
CISA KEV
GitHub PoC
Ransomware
Zero-Day
Metasploit
Nuclei
ExploitDB
OSV Intelligence OSV
Primary OSV ID
-
Aliases
-
Related Dependencies
Downstream Impact
0
Distribution Advisories
License Intelligence OSS
SPDX License
-
Category
-
Risk Level
-
Policy
-
OSI Approved
Compliance Notes
-
Vulnerabilities
-
Dependents
-
Dependencies
-
OpenSSF Score
Known malware
Supply Chain Risk
0
KEV CVEs
0
GitHub PoC
0
Zero-Day
0
Ransomware
0
Bug Bounty
Compromise Intelligence
No compromise intelligence found for this package.
Campaign
-
Intel Updated
-
Compromised Versions
-
Details
-
Sources
Vulnerabilities
| CVE ID | CVSS | EPSS | Weaponization | Affected Versions | Fixed Version |
|---|---|---|---|---|---|
| No vulnerabilities found. | |||||
Package Metadata
Version Info
Latest:
-
Stable:
-
Total Versions:
-
Last Updated:
-
Popularity
Total Downloads:
-
Recent (30d):
-
Dependents:
-
Dependencies:
-
License
SPDX ID:
-
Category:
-
Risk Score:
-
OSI Approved:
-
Data Source