Skip to content
QuantumScanPublic scan report

Repository

google/boringssl

Scanned on May 19, 2026

15

Risk score/ 100

Clean

Summary

Google's BoringSSL repository contains RC4 implementation in a 'decrepit' directory, intentionally isolated for legacy compatibility. The context indicates this is a maintained legacy cryptographic primitive with clear deprecation signaling, posing minimal active risk as it appears separated from production cryptographic operations.

Critical

1

High

0

Medium

0

Low

0

Top findings

  • CriticalRC4 / ARCFOUR

    decrepit/rc4/rc4_decrepit.cc:18

Scan your own repository

Free. Results in ~90 seconds. CBOM + DORA/NIS2 PDF included.

Start a free scan