Reporte público de escaneoRepositorio
unslothai/unsloth
Escaneado el 18 jun 2026
Puntuación de riesgo/ 100
Riesgo alto
Resumen
The repository contains critical quantum-vulnerable cryptographic implementations in production key exchange infrastructure. RSA-2048 keys are actively used in the backend inference layer for secure communications, making this system vulnerable to future quantum attacks and non-compliant with emerging post-quantum standards. Immediate migration to NIST-approved post-quantum key encapsulation mechanisms is required.
2
2
0
1
Hallazgos principales
- CríticoRSA key ≤ 2048 bits
studio/backend/core/inference/key_exchange.py:36
Evidencia
"""Generate an RSA-2048 key pair. Called once at server startup.""" - CríticoRSA key ≤ 2048 bits
studio/backend/core/inference/key_exchange.py:48
Evidencia
key_size = 2048, - AltoDSA
scripts/scan_packages.py:153
ML-DSA (CRYSTALS-Dilithium)
Evidencia
r"-----BEGIN\s+(?:RSA\s+)?(?:PUBLIC|PRIVATE|ENCRYPTED|EC|DSA|OPENSSH)\s+KEY-----" - AltoRSA
studio/backend/core/inference/key_exchange.py:25
ML-KEM (CRYSTALS-Kyber) for key encapsulation
Evidencia
_private_key: rsa.RSAPrivateKey | None = None - BajoSHA-256 used as password KDF
studio/backend/auth/hashing.py:16
Argon2id or bcrypt
Evidencia
Hash a password using PBKDF2-HMAC-SHA256.
Escanea tu propio repositorio
Gratis. Resultados en ~90 segundos. CBOM + PDF DORA/NIS2 incluidos.