Public scan reportRepository
openai/codex
Scanned on Jun 11, 2026
78
Risk score/ 100
High risk
Summary
Critical quantum vulnerabilities detected across 4 locations in production code. SHA-1 is cryptographically broken and used in analytics modules for hashing operations, posing immediate integrity risks. X25519 elliptic curve cryptography in agent identity management is vulnerable to quantum attacks via Shor's algorithm, threatening future confidentiality.
Critical
3
High
1
Medium
0
Low
0
Top findings
- CriticalSHA-1
codex-rs/analytics/src/accepted_lines.rs:7
SHA-256 or SHA3-256
Raw evidence
use sha1::Digest; - CriticalSHA-1
codex-rs/analytics/src/accepted_lines.rs:86
SHA-256 or SHA3-256
Raw evidence
let mut hasher = sha1::Sha1::new(); - CriticalSHA-1
codex-rs/analytics/src/reducer.rs:131
SHA-256 or SHA3-256
Raw evidence
use sha1::Digest; - HighX25519 / Curve25519
codex-rs/agent-identity/src/lib.rs:13
ML-KEM (CRYSTALS-Kyber)
Raw evidence
use crypto_box::SecretKey as Curve25519SecretKey;
Scan your own repository
Free. Results in ~90 seconds. CBOM + DORA/NIS2 PDF included.