Reporte público de escaneoRepositorio
astral-sh/uv
Escaneado el 23 jun 2026
Puntuación de riesgo/ 100
Riesgo moderado
Resumen
The repository uses MD5 hashing in its extraction module (crates/uv-extract/src/hash.rs), which is cryptographically broken and vulnerable to collision attacks. While MD5 is used for file integrity verification rather than security-critical authentication, this represents a moderate risk as attackers could potentially craft malicious packages with matching MD5 checksums. The impact is contained to package integrity verification workflows, not authentication or encryption.
5
0
0
0
Hallazgos principales
- CríticoMD5
crates/uv-extract/src/hash.rs:21
SHA3-256 or SHA-256
Evidencia
Self::Md5(hasher) => hasher.update(data), - CríticoMD5
crates/uv-extract/src/hash.rs:33
SHA3-256 or SHA-256
Evidencia
HashAlgorithm::Md5 => Self::Md5(md5::Md5::new()), - CríticoMD5
crates/uv-extract/src/hash.rs:45
SHA3-256 or SHA-256
Evidencia
Hasher::Md5(hasher) => Self { - CríticoMD5
crates/uv-extract/src/hash.rs:46
SHA3-256 or SHA-256
Evidencia
algorithm: HashAlgorithm::Md5, - CríticoMD5
crates/uv-extract/src/hash.rs:11
SHA3-256 or SHA-256
Evidencia
Md5(md5::Md5),
Escanea tu propio repositorio
Gratis. Resultados en ~90 segundos. CBOM + PDF DORA/NIS2 incluidos.