networkx/networkx
Public repo scorecard generated from a pinned commit using deterministic Skylos scoring. The grade comes from static analysis only, while Skylos agent runs as an optional second pass for deeper context.
Finding summary
Top findings
Possible SQL injection: tainted string used in sqlalchemy.text().
examples/graph/plot_napoleon_russian_campaign.py:132
Untrusted deserialization via pickle.load
networkx/algorithms/flow/tests/test_maxflow_large_graph.py:56
Untrusted deserialization via pickle.load
networkx/algorithms/flow/tests/test_mincost.py:469
Untrusted deserialization via pickle.load
networkx/algorithms/flow/tests/test_networksimplex.py:180
Untrusted deserialization via pickle.loads
networkx/classes/tests/test_coreviews.py:16
Untrusted deserialization via pickle.loads
networkx/classes/tests/test_coreviews.py:19
Untrusted deserialization via pickle.loads
networkx/classes/tests/test_coreviews.py:73
Untrusted deserialization via pickle.loads
networkx/classes/tests/test_coreviews.py:153
Untrusted deserialization via pickle.loads
networkx/classes/tests/test_coreviews.py:211
Untrusted deserialization via pickle.loads
networkx/classes/tests/test_graph.py:610
Untrusted deserialization via pickle.loads
networkx/classes/tests/test_graph.py:612
Untrusted deserialization via pickle.loads
networkx/classes/tests/test_graphviews.py:18
Analysis pipeline
Static analysis produced the public Judge grade on this page.
Judge can publish static-only pages. Agent analysis is an optional second pass.