Skip to content
QuantumScanPublic scan report

Repository

deepset-ai/haystack

Scanned on Jun 25, 2026

12

Risk score/ 100

Clean

Summary

The repository contains 3 MD5 usages, all located in a GitHub utility script for docstring checksum verification. These findings are cryptographically weak but pose minimal business risk as they are used solely for non-security purposes (detecting documentation changes in CI/CD pipelines).

Critical

3

High

0

Medium

0

Low

0

Top findings

  • CriticalCWE-328MD5

    .github/utils/docstrings_checksum.py:31

    SHA3-256 or SHA-256

    Raw evidence
    return hashlib.md5(str(docstrings).encode("utf-8")).hexdigest()
  • CriticalCWE-328MD5

    .github/utils/docstrings_checksum.py:45

    SHA3-256 or SHA-256

    Raw evidence
    md5 = docstrings_checksum(haystack_files)
  • CriticalCWE-328MD5

    .github/utils/docstrings_checksum.py:46

    SHA3-256 or SHA-256

    Raw evidence
    print(md5)

Scan your own repository

Free. Results in ~90 seconds. CBOM + DORA/NIS2 PDF included.

Start a free scan