Relatório público de scanRepositório
unslothai/unsloth
Escaneado em 18 de jun. de 2026
Risk score/ 100
Risco alto
Resumo
The repository contains critical quantum-vulnerable cryptographic implementations in production key exchange infrastructure. RSA-2048 keys are actively used in the backend inference layer for secure communications, making this system vulnerable to future quantum attacks and non-compliant with emerging post-quantum standards. Immediate migration to NIST-approved post-quantum key encapsulation mechanisms is required.
2
2
0
1
Principais findings
- CríticoRSA key ≤ 2048 bits
studio/backend/core/inference/key_exchange.py:36
Evidência
"""Generate an RSA-2048 key pair. Called once at server startup.""" - CríticoRSA key ≤ 2048 bits
studio/backend/core/inference/key_exchange.py:48
Evidência
key_size = 2048, - AltoDSA
scripts/scan_packages.py:153
ML-DSA (CRYSTALS-Dilithium)
Evidência
r"-----BEGIN\s+(?:RSA\s+)?(?:PUBLIC|PRIVATE|ENCRYPTED|EC|DSA|OPENSSH)\s+KEY-----" - AltoRSA
studio/backend/core/inference/key_exchange.py:25
ML-KEM (CRYSTALS-Kyber) for key encapsulation
Evidência
_private_key: rsa.RSAPrivateKey | None = None - BaixoSHA-256 used as password KDF
studio/backend/auth/hashing.py:16
Argon2id or bcrypt
Evidência
Hash a password using PBKDF2-HMAC-SHA256.
Escaneie seu próprio repositório
Grátis. Resultados em ~90 segundos. CBOM + PDF DORA/NIS2 inclusos.