Relatório público de scanRepositório
safishamsi/graphify
Escaneado em 17 de jun. de 2026
Risk score/ 100
Risco alto
Resumo
The repository contains 6 critical cryptographic vulnerabilities using broken algorithms (SHA-1, MD5). Most concerning are MD5-based HTTP Digest Authentication implementations that could allow credential theft and session hijacking. While some SHA-1 usage appears non-security-critical (hashing for deduplication), the MD5 authentication mechanism poses immediate risk to application security.
6
0
0
0
Principais findings
- CríticoSHA-1
graphify/_minhash.py:47
SHA-256 or SHA3-256
Evidência
hv = np.uint64(struct.unpack("<I", hashlib.sha1(v).digest()[:4])[0]) - CríticoSHA-1
graphify/transcribe.py:61
SHA-256 or SHA3-256
Evidência
url_hash = hashlib.sha1(url.encode(), usedforsecurity=False).hexdigest()[:12] - CríticoMD5
worked/httpx/raw/auth.py:85
SHA3-256 or SHA-256
Evidência
cnonce = hashlib.md5(str(time.time()).encode()).hexdigest()[:8] - CríticoMD5
worked/httpx/raw/auth.py:89
SHA3-256 or SHA-256
Evidência
ha1 = hashlib.md5(f"{self.username}:{realm}:{self.password}".encode()).hexdigest() - CríticoMD5
worked/httpx/raw/auth.py:90
SHA3-256 or SHA-256
Evidência
ha2 = hashlib.md5(f"{request.method}:{request.url.path}".encode()).hexdigest()
+ 1 finding no relatório completo
Escaneie seu próprio repositório
Grátis. Resultados em ~90 segundos. CBOM + PDF DORA/NIS2 inclusos.