Generated
2026-04-01 06:36:13 UTC
FreeCAD Project Association
FreeCAD Addons Report
170
Total Addons
91.02
Avg Score
6,689
Files Analyzed
256
High Issues
688
Medium Issues
280,009
Downloads (Year)
Showing 0 of 0 addons
# Addon Score High Med Low Files Git Ref Branch Version Tag Updated 1yr 1mo License
1 CurvedShapes Create 3D shapes from 2D curves. ['Christi'] 100 0 0 0 11 master master 1.00.14 5 mo 5,331 1,598 75 14 14 LGPL-2.1
2 FusedFilamentDesign PartDesign addon for FFF/FDM 3D-printing design ['rahix'] 100 0 0 0 10 release release 0.26.100 v0.26.100 25 d 4,925 1,833 212 14 5 LGPL-2.1-or-later
3 ThreadProfile ThreadProfile object for creating internal/external threads ['TheMarkster'] 100 0 0 0 4 master master 1.98 3 mo 3,674 1,032 68 29 14 LGPL-2.1
4 Woods Collection of various wood materials. ['Gregory Holmberg', 'David Carter'] 100 0 0 0 4 master master 1.1.0 v1.1.0 3 mo 1,693 460 7 1 1 LGPL-2.1-or-later, CDLA-Sharing-1.0, CC-BY-SA-4.0
5 toSketch Tools to help recreate models from STEP files. ['Keith Sloan'] 100 0 0 0 14 main main 1.0.1 3 mo 1,656 336 18 8 4 GPL-2.0-or-later
6 Plot Tools to modify existing plots. ['PhoneDroid', 'Jose Luis Cercós Pita', 'hasecilu', 'looooo'] 100 0 0 0 23 Latest Latest 2025.10.29 2 mo 1,168 407 14 0 10 LGPL-2.1-or-later, CC-BY-SA-4.0
7 Beltrami Workbench for designing Turbomachine blades. ['Michel Sabourin'] 100 0 0 0 5 main main 1.3.1 1.3.1 1 mo 1,074 365 39 0 12 LGPL-2.1-or-later
8 FeedsAndSpeeds CAM addon to help generate basic feeds and speeds for machining. ['Daniel Wood'] 100 0 0 0 4 master master 0.6 3 mo 1,003 301 45 17 11 LGPL-2.1-or-later
9 SvgWorkbench FreeCAD Svg Workbench ['Frank David Martínez Muñoz'] 100 0 0 0 71 main main 1.0.0.dev13 today 927 258 12 1 3 LGPL-3.0-or-later
10 Pyramids-and-Polyhedrons Create various polyhedrons in the Part workbench. ['Eddy Verlinden', 'PhoneDroid'] 100 0 0 0 32 Latest Latest 0.2.2 4 d 878 216 1 0 7 GPL-3.0-or-later, CC-BY-SA-4.0, Unlicense
11 MakerWorkbench A mechatronic components system + optic components system ['David Muñoz'] 100 0 0 0 60 master master 1.0.1 1 yr 820 267 49 6 13 LGPL-3
12 FileExplorerExt Integrated file system viewer. ['Frank David Martínez Muñoz'] 100 0 0 0 17 main main 1.0.0-dev.7 v1.0.0.dev7 1 mo 535 212 5 0 1 LGPL-3.0-or-later
13 OpticsWorkbench Geometrical optics for FreeCAD. Performs simple raytracing through your FreeCAD objects. ['Christi'] 100 0 0 0 17 main main 1.3.0 3 d 519 309 152 7 36 LGPL-2.1
14 FoamCut Foamcut workbench provide functionality to prepare job and generate Gcode for 4 or 5 axis cnc hotwire cutter. ['Andrew Shkolik (https://github.com/Shkolik)', 'Andrew Shkolik'] 100 0 0 0 21 main main 0.1.12 1 d 355 199 19 4 2 LGPL-2.1-or-later
15 Movie Workbench to create and animate the movie camera, create and play videos of animations ['F_Rosa'] 100 0 0 0 6 master master 2025.01.04 9 mo 164 106 15 0 6 LGPL-2.1-or-later
16 Channels FreeCAD Channels ['Frank David Martínez Muñoz'] 100 0 0 0 41 main main 0.1.0.dev4 today 0 0 55 0 4 LGPL-3.0-or-later
17 FreecadDiscordPresence Shows FreeCAD Status on discord. ['Tzur Soffer'] 100 0 0 0 4 main main 1.0.3 Version1.0.3 6 mo 0 0 12 0 3 LGPL-2.1-or-later
18 ImportNURBS An external workbench for add importer for 3dm> ['Keith Sloan'] 100 0 0 0 4 master master 1.1 Beta 7 mo 0 0 12 4 6 LGPL-2.1
19 NikraDAP Multibody Planar Dynamics Workbench based on a DAP solver algorithm developed by P.E. Nikravesh. ['Lukas du Plessis'] 100 0 0 0 11 main main 2.0-alpha 3 yr 0 0 2 2 3 GPL-3
20 Ratchet Workbench to quickly create ratchets. ['error on line 1'] 100 0 0 0 27 main main 0.2.1 today 0 0 0 0 0 LGPL-3.0-or-later
21 Solar Workbench to manage solar analysis and configurations. ['Francisco Rosa'] 100 0 0 0 11 main main 2026.03.08 23 d 0 0 18 3 4 LGPL-2.1-or-later
22 StandardBeams Workbench to create standard beam profiles of varying shapes. ['Morten Vajhøj'] 100 0 0 0 56 main main 1.0.0 2 mo 0 0 6 0 1 LGPL-2.1-or-later, CC-BY-SA-4.0
23 Supplemental-Materials Materials database that supplements the core materials. ['DavesRocketShop'] 100 0 0 0 2 Latest Latest 1.0.2 v1.0.2 23 d 0 115 0 0 0 LGPL-3.0-or-later, CC-BY-SA-4.0
24 Vars FreeCAD Vars ['Frank David Martínez Muñoz'] 100 0 0 0 42 main main 0.0.2.beta5 today 0 0 14 2 2 LGPL-3.0-or-later
25 freecad-xr-workbench A Virtual Reality (OpenXR) workbench. View your models with VR goggles. ['Adrian Przekwas'] 100 0 0 0 17 main main 1.0 3 mo 0 0 25 1 5 LGPL-3.0-or-later
26 yaml-workbench A FreeCAD addon that loads and manipulates objects via YAML files. ['MambiX Ltd.'] 100 0 0 0 23 master master 0.1.4 v0.1.4 7 mo 0 0 11 2 3 LGPL-2.1-or-later
27 taack-plm-freecad This workbench contains tools to interact with Taack Plm Intranet server app you can find under the https://github.com/Taack/plm ['Adrien GUICHARD'] 99.9 0 0 1 4 main main 2025.11.12 5 mo 0 0 15 1 3 GPL-2.0-or-later
28 sheetmetal A simple sheet metal tools workbench for FreeCAD. ['Shai Seger'] 99.8 0 0 2 32 master master 0.8.10 6 d 28,291 9,968 294 93 78 LGPL-2.1-or-later
29 CadbaseLibrary The workbench provides users with an easier way to work with components on the CADBase platform through the FreeCAD interface. Component modifications contain sets of files for various CAD systems. This workbench will work with data from the FreeCAD set, without the need to download documentation and data from other file sets. ['mnnxp'] 99.8 0 0 2 13 master master 3.0.0 v3.0.0 7 mo 615 152 6 0 2 LGPL-3.0-or-later
30 Fcmcua Link a motion controller to a FreeCAD assembly using OPC UA ['heissgetraenk'] 99.6 0 0 4 13 main main 1.0.0 2 yr 0 0 15 2 6 GPL-3.0-or-later
31 ShapeStrings Advanced tools for creating and manipulating ShapeStrings. ['Robert Massaioli'] 99.6 0 0 4 21 main main 0.2.0 2 mo 0 0 4 2 1 LGPL-2.1-or-later
32 IDF Importer for IDF files. ['Milos Koutny', 'PhoneDroid'] 99 0 1 0 12 Latest Latest 1.0.0 23 d 0 0 0 0 0 LGPL-2.1-or-later, CC-BY-SA-4.0
33 Nodes Visual scripting workbench for FreeCAD ['Ronny Scharf-Wildenhain'] 99 0 1 0 110 main main 0.1.36 1 yr 0 0 108 14 15 LGPL-2.1-or-later
34 free2ki Export your 3D models to VRML files, with correctly applied rotation and scaling, for use in KiCad as well as Blender. ['30350n'] 98.9 0 1 1 6 freecad-addons freecad-addons 1.1.2 v1.1.2 3 mo 282 105 56 0 5 GPL-3.0-or-later
35 WB_Organizer A workbench organizer widget for FreeCAD. Allows you to group your long list of workbenches into smaller meaningful groups. Allows you to rename some workbenches for better understanding or translation. Allows to show the workbench selector as tabbar. ['Palmstroemen'] 98.6 0 0 14 3 main main 2024.1.29 2 yr 674 190 5 4 2 LGPL-2.1-or-later
36 FreeCAD-Beginner-Assistant Best practices modeling assistant for the Part and Sketcher workbench. ['Aleksander Sadowski', 'Aleksander Sadowski(https://github.com/alekssadowski95/FreeCAD-Beginner-Assistant)', 'Elizabeth Harasymiw'] 98.6 0 1 4 37 main main 1.0 1 yr 160 60 18 6 5 LGPL-2.1-or-later
37 frame A workbench for beams and frames ['looooo'] 98 0 2 0 11 master master 0.1.1 2 yr 646 226 25 9 6 LGPL-2.1-or-later
38 Help A help system for displaying FreeCAD documentation. ['Yorik van Havre'] 98 0 2 0 4 main main 1.0.3 2 yr 0 0 11 9 4 LGPL-2.1-or-later
39 pyOpToolsWorkbench An optics ray-tracing workbench based on pyOpTools ['Ricardo Amézquita Orozco'] 97.9 0 2 1 81 master master 0.0.4 1 mo 0 0 25 3 6 GPL-3.0-or-later
40 Corridor-Road Workbench for designing road workflow. ['Kcod'] 97.7 0 0 23 91 main main 0.2.2 v0.2.2 today 0 0 0 0 0 LGPL-2.1-or-later
41 cadquery_module Build CadQuery models withing FreeCAD. ['Jeremy Wright'] 97.7 0 0 23 11 master master 2.2.0 v2.2.0 2 mo 0 0 145 5 44 Apache-2.0
42 freecad-wakatime A simple FreeCAD WakaTime extension. ['Pegoku'] 97.6 0 2 4 5 main main 0.6.0 v0.6.0 6 mo 0 0 4 2 6 LGPL-2.1-or-later
43 Ship Naval ship design (architecture, seakeeping, and ship resistance) ['Jose Luis Cercós Pita'] 97.5 0 2 5 71 master master 2024.11.26 9 mo 0 120 49 6 28 LGPL-2.1-or-later
44 Quetzal A set of commands and objects that help to speed-up the drawing of frames and pipelines. Dodo successor. ['Edgar Robles', 'triplus', 'looo', 'Edgar J Robles', 'Riccardo Treu (oddtopus)', 'microelly'] 97.3 0 2 7 28 master master 1.8.9 3 d 2,575 1,002 26 10 22 LGPL-3.0-or-later
45 FrameForge FrameForge is dedicated for creating Frames and Beams, and apply operations (miter cuts, trim cuts) on these profiles. ['Vivien Henry'] 97 0 3 0 25 main main 0.2.0 v0.2.0 2 d 3,581 1,180 25 19 8 LGPL-3.0-only
46 ProDarkThemePreferencePack ProDark preference pack including a stylesheet and othe GUI colour information for a complete ProDark experience ['turn211'] 97 1 0 0 0 main main 1.0.0 2 yr 1,364 514 7 0 1 GPL-2.0-or-later
47 AirPlaneDesign A FreeCAD workbench dedicated to Airplane Design. ['FredsFactory'] 97 1 0 0 19 master master 0.4.1 4 mo 1,328 396 104 9 22 LGPL-2.1
48 ExplodedAssembly [] 97 1 0 0 4 master 2 yr 806 272 130 24 26
49 ModernUI [] 97 1 0 0 8 master 5 yr 558 184 77 18 9
50 ArchTextures [] 97 1 0 0 23 master 4 yr 555 143 33 23 15
51 Glass [] 97 1 0 0 2 master 6 yr 261 88 25 9 9
52 IconThemes [] 97 1 0 0 3 master 6 yr 258 78 20 8 5
53 CommandPanel [] 97 1 0 0 10 master 7 yr 0 0 3 1 5
54 CubeMenu [] 97 1 0 0 8 master 6 yr 0 0 6 1 0
55 OSE3dPrinter A FreeCAD workbench for designing 3D printers by Open Source Ecology for Distributive Enterprise. ['G Roques'] 97 1 0 0 95 master main 0.1.0 2 yr 0 0 18 21 4 LGPL-2.1-or-later
56 Pyramids-and-Polyhedrons Create various polyhedrons in the Part workbench. ['Eddy Verlinden', 'PhoneDroid'] 97 1 0 0 32 Stable Latest 0.2.2 v0.2.2 4 d 0 92 1 0 7 GPL-3.0-or-later, CC-BY-SA-4.0, Unlicense
57 RemBench [] 97 1 0 0 2 master 6 yr 0 0 4 1 0
58 Reporting [] 97 1 0 0 18 master 0.6 3 yr 0 0 18 9 6
59 SelectorToolbar [] 97 1 0 0 2 master 7 yr 0 0 8 3 4
60 ShortCuts [] 97 1 0 0 3 master 6 yr 0 0 9 9 4
61 TabBar [] 97 1 0 0 2 master 7 yr 0 0 9 1 3
62 Templater A workbench to gather some drafting related tools ['FBXL5'] 97 1 0 0 8 main main 0.0.2 v.0.0.4-alpha 6 mo 0 0 1 0 0 LGPL-3.0-or-later
63 ToolbarStyle [] 97 1 0 0 3 master 7 yr 0 0 3 0 0
64 ose-piping [] 97 1 0 0 35 master 3 yr 0 0 13 4 6
65 pivy_trackers [] 97 1 0 0 61 master 6 yr 0 0 23 6 7
66 yaml-workbench A FreeCAD addon that loads and manipulates objects via YAML files. ['MambiX Ltd.'] 97 1 0 0 23 master 0.1.4 v0.1.4 7 mo 0 0 11 2 3 LGPL-2.1-or-later
67 MeshRemodel Workbench for remodeling and repairing mesh objects. ['Mark Ganson'] 96.9 0 3 1 10 master master 1.11.0 16 d 2,247 1,100 32 0 8 LGPL-2.1-or-later
68 dxf-library [] 96.9 1 0 1 4 master 2 yr 431 123 73 4 38
69 symbols_library [] 96.9 1 0 1 0 master 1 yr 205 96 37 5 17
70 Cubinets Visualize cabinet assemblies using parametric templates and generate cut lists. ['Vytautas Rimkevicius'] 96.9 1 0 1 28 latest main 0.1.0-demo 4 d 0 0 0 0 0 GPL-3.0-or-later
71 Cubinets Visualize cabinet assemblies using parametric templates and generate cut lists. ['Vytautas Rimkevicius'] 96.9 1 0 1 28 stable main 0.1.0-demo 4 d 0 0 0 0 0 GPL-3.0-or-later
72 bimtester [] 96.9 1 0 1 43 master 4 yr 0 0 2 4 2
73 kerkythea [] 96.9 1 0 1 0 master 6 yr 0 0 5 0 1
74 ConstraintDesign This addon adds a design workbench that is specially designed to be as flexible and stable as possible. ['drwho495'] 96.8 1 0 2 47 main main beta-0.1 3 d 945 249 13 16 2 LGPL-2.1-only
75 Lithophane [] 96.8 1 0 2 37 master 4 yr 0 74 36 14 10
76 lattice2 Tools and arrays of all sorts and kinds, and local coordinate systems ['DeepSOIC'] 96.7 1 0 3 73 master master 1.1 3 mo 4,767 771 78 30 15 LGPL-2.0-or-later
77 addFC Additional tools for FreeCAD. ['Golodnikov Sergey'] 96.7 0 2 13 21 main main 3.5.7 2 d 3,893 1,480 36 0 5 LGPL-2.1-or-later
78 Telemetry Help improve FreeCAD by sending basic metrics to the development team. ['The FreeCAD project association AISBL'] 96.6 0 3 4 9 main main 1.0.5 2 mo 1,092 154 11 7 4 LGPL-2.1-or-later, CC-BY-4.0
79 EM This project is dedicated to building an ElectroMagnetic workbench for FreeCAD, with support for inductance and capacitance solvers. ['Enrico Di Lorenzo'] 96.5 1 0 5 24 master master 2.1.1 2 yr 264 92 65 6 17 LGPLv2.1
80 slic3r-tools [] 96.3 1 0 7 9 master 6 yr 0 0 17 8 4
81 3DfindIT 3DfindIT.com, the engineering search engine for 3D components from CADENAS, provides users with easy access to millions of CAD models from thousands of international manufacturers and a range of intuitive search methods. ['Tobias Sielaff'] 96 1 1 0 6 master master 1.2 5 mo 2,084 648 31 11 10 LGPL-3.0
82 LCInterlocking Create interlocking parts for laser cutting or CNC milling ['execuc'] 96 1 1 0 32 master master 1.5.1 1.5.1 4 mo 1,046 397 183 33 35 LGPL-2.1-or-later
83 Plot Some tools to manipulate the FreeCAD plots ['Jose Luis Cercós Pita'] 96 1 1 0 16 master 2024.11.26 2024.11.26 1 yr 0 0 14 0 10 LGPL-2.1-or-later
84 InventorLoader This plugin enables FreeCAD to import Inventor part files (*.IPT), ACIS files (*.SAT, *.SAB), 3D-Solids from DXF files and Fusion360 (*.f3d) files. ['jmplonka'] 95.7 1 1 3 39 master master 1.5.1 1 yr 1,051 393 157 58 21 LGPL-3.0-or-later
85 fasteners Some common fasteners and fastener tools for FreeCAD. ['Shai Seger'] 95.6 1 1 4 92 master master 0.5.50 1 d 32,991 11,565 373 79 101 GPL-2.0-or-later
86 Road Road is the Transportation and Geomatics Engineering workbench for FreeCAD. ['Hakan Seven'] 95.6 0 3 14 128 main main 2026.03.17 14 d 1,604 355 37 7 9 LGPL-2.1-or-later, CC-BY-SA-4.0
87 btl A FreeCAD Path Addon to manage your tool library. ['Samuel Abels'] 95.5 1 1 5 49 main main 0.9.9 7 mo 376 0 39 17 16 MIT
88 BillOfMaterials A workbench to create Bill of Materials (BoM) independent of the assembly workbench of your choice. ['Paul Ebbers'] 95.4 1 1 6 35 main main 1.1.0.1 4 mo 1,391 345 29 1 4 LGPL-3.0-or-later
89 DynamicData Container object for holding custom properties, alternative to spreadsheet ['TheMarkster'] 94.9 1 2 1 4 master master 2.77 4 mo 1,356 253 49 23 10 LGPL-2.1-or-later
90 Assembly3 Assembly3 workbench an attempt to bring assembly capability to FreeCAD using SolveSpace constraint solver ['RealThunder'] 94.7 1 2 3 18 master master 0.12.3 5 mo 1,286 364 899 333 76 GPL-3.0-only
91 3D_Printing_Tools [] 94.6 1 2 4 5 master 7 yr 1,378 527 53 7 22
92 DesignSPHysics DesignSPHysics is a macro/addon for FreeCAD that provides a Graphical User Interface for fluid and multi-physics solver DualSPHysics ['Iván Martínez Estévez'] 94.4 0 4 16 315 master master 0.8.1 (29-05-2025) 2 mo 307 129 146 31 45 GPL-3.0-or-later
93 OpenTheme An accessible and coordinated set of Light and Dark themes for FreeCAD ['Obelisk79'] 94 2 0 0 0 main main 2025.05.20 2 mo 15,199 7,703 90 53 12 LGPL-2.1-or-later
94 freecad.gears A gear workbench for FreeCAD ['looooo'] 94 2 0 0 31 master master 1.3 1 d 14,757 5,303 328 78 113 GPL-3.0-or-later
95 FreeCAD-themes Additional themes for FreeCAD ['The FreeCAD Team'] 94 2 0 0 0 main main 2025.11.25 2 mo 3,593 1,529 8 3 3 LGPL-2.1-or-later
96 Color-Palette-Theme Choose your colors with the "ColorPalette" Theme and increase the focus on objects and texts(FreeCAD v1.1.0 ≥) ['altangarts'] 94 2 0 0 0 main main 2.1.7 1 mo 2,631 516 10 2 2 LGPL-2.1-or-later
97 PieMenu The PieMenu module is a tool to accelerate and simplify your workflow in usage of FreeCAD. ['Grubuntu'] 94 2 0 0 2 master master 1.12.4 today 2,475 696 25 5 8 LGPL-2.1-or-later
98 Estimate A FreeCAD workbench to estimate material quantity by volume or weight for selected parts ['error on line 1'] 94 2 0 0 6 master main 0.1.5 2 mo 1,202 220 13 1 5 LGPL-3.0-or-later
99 Freecad-Built-in-themes-beta Beta versions of the preference Packs included with the FreeCAD distribution ['MisterMaker'] 94 2 0 0 0 main main 1.2.2 2 yr 845 263 4 1 5 LGPL-2.0-or-later
100 GDT [] 94 2 0 0 8 master 2 yr 0 0 50 12 17
101 SlopedPlanesMacro [] 94 2 0 0 14 master 7 yr 0 0 4 0 4
102 Smooth-Toolsync The Smooth addon provides bidirectional synchronization between FreeCAD's CAM tool libraries and the Smooth tool data exchange system. This addon adds a "Sync with Smooth" button to the CAM workbench toolbar and a preference page to FreeCAD settings for server configuration. Features: - Bidirectional sync: Import and export tools in one operation - Bulk operations: Efficiently sync entire tool libraries - FreeCAD Path integration: Works directly within CAM workflow - Preserves tool metadata and parameters - API key authentication support Requirements: - FreeCAD 0.21 or later with CAM (Path) workbench - Access to a Smooth server instance - Network connectivity for API access - Python requests library (usually included with FreeCAD) ['Brad Collette'] 94 2 0 0 13 master main 0.1.0 3 mo 0 0 0 0 0 MIT
103 CfdOF Computational Fluid Dynamics (CFD) based on OpenFOAM. ['Oliver Oxtoby'] 93.9 0 4 21 71 master master 1.34.12 1 d 5,319 2,255 642 13 122 LGPL-3.0-or-later
104 Silk NURBS Surface modeling tools focused on low degree and seam continuity ['edwardvmills'] 93.9 2 0 1 43 master master 0.2.2 2 mo 2,108 706 85 4 15 GPL-3.0-or-later
105 Assembly2MuJoCo An addon for exporting FreeCAD builtin Assemblies to MuJoCo. ['Anes Benmerzoug'] 93.9 2 0 1 24 main main 0.3.0 v0.3.0 4 mo 0 0 21 4 6 LGPL-2.1-or-later
106 STEMFIE A simple workbench for generating STEMFIE system components. ['Bilbao Makers', 'hasecilu'] 93.9 2 0 1 15 main main 0.3.1 0.3.1 1 yr 0 0 22 4 5 GPL-2.0-or-later
107 SteelColumn [] 93.9 2 0 1 16 master 1 yr 0 0 8 0 4
108 Alternate_OpenSCAD An alternate OpenSCAD importer with some experimental features. ['Keith Sloan'] 93.8 0 4 22 19 master master 1.0.0 2 mo 1,327 379 16 10 7 LGPL-2.1-or-later
109 nurbs [] 93.4 1 2 16 110 master 7 yr 0 0 26 6 12
110 Design456 Direct Modeling Workbench for FreeCAD ['Mariwan Jalal'] 93.1 2 0 9 80 main main 0.00.1 3 mo 739 133 60 4 6 GPL-3.0-or-later
111 workfeature [] 93 2 1 0 35 master 1 yr 0 0 13 6 5
112 BillOfMaterials A workbench to create Bill of Materials (BoM) independent of the assembly workbench of your choice. ['Paul Ebbers'] 92.4 2 1 6 35 Develop main 1.1.0.1 4 mo 0 0 29 1 4 LGPL-3.0-or-later
113 Assembly4.1 This assembly workbench use lets you put FreeCAD Part and Body together inside a standard Assembly container. ['leoheck'] 92 1 5 0 33 main main 0.60.2-0.1 6 mo 2,542 887 19 6 7 LGPL-2.1-only
114 Assembly4 This assembly workbench allows you to assemble various native FreeCAD parts (of type Part or Body) into a standard assembly container using links, and place them relative to the assembly and to each other using LCS connectors. ['Zolko-123'] 91.1 1 5 9 40 main main 0.60.6 v0.60.6 3 mo 5,704 1,483 0 0 0 LGPL-2.1-only
115 Gridfinity This Workbench will generate several variations of parametric Gridfinity bins and baseplates that can be easily customized. ['Stuart'] 91 3 0 0 17 master master 0.12.4 v0.12.4 28 d 4,619 2,211 461 31 43 lgpl-2.1-or-later
116 Cables Electrical cables drawing tools workbench for FreeCAD. ['SargoDevel'] 91 2 3 0 32 master master 0.3.5 15 d 4,000 1,440 67 7 6 LGPL-3.0-or-later
117 QuickMeasure Measures selected features. [] 91 3 0 0 3 main main 2022.10.28 8 mo 1,802 533 9 4 7
118 Dracula Dracula dark theme for FreeCAD ['Eleanor Clifford'] 91 3 0 0 0 master master 0.0.9 8 mo 1,237 491 38 9 5 MIT
119 Behave-Dark-Colors A preference pack including GUI color information to extend the Behave Dark stylesheet ['Chrismettal'] 91 3 0 0 0 main main 0.1.1 2 yr 1,148 435 11 2 5 GPL-3.0-only
120 dodo A set of commands and objects that help to speed-up the drawing of frames and pipelines. Py3/Qt5 port of flamingo. ['Riccardo Treu (oddtopus)'] 91 3 0 0 18 master master 1.0.1 2 yr 789 265 31 20 22 LGPLv3
121 Launcher Search for commands and run them. ['Triplus', 'PhoneDroid'] 91 3 0 0 7 Latest Latest 0.1.0 3 d 0 0 0 0 0 LGPL-2.1-or-later, CC-BY-SA-4.0
122 Marz Parametric Guitar design workbench ['Frank Martinez'] 90.9 3 0 1 66 master master 0.1.18 today 896 478 120 4 26 GPL-3.0-or-later, LGPL-2.1-or-later
123 CADExchanger [] 90.7 3 0 3 3 master 2 yr 497 160 74 6 13
124 SearchBar Adds a search bar widget for tools, document objects, and preferences ['Paul Ebbers'] 90.6 2 3 4 28 main main 1.8.0 6 mo 1,637 637 5 7 9 CCOv1
125 woodworking Woodworking workbench was designed primarily for creating simple cabinets for your home or garage. However, it includes many features that will make everyday carpentry and other CAD projects easier and faster. I hope you will find something you enjoy here. ['Darek L'] 90.4 0 8 16 153 master master 3.0.20260331 3.0 today 10,124 2,902 457 4 40 MIT
126 pyrate [] 90.4 2 3 6 123 master 1 yr 0 0 0 0 0
127 Render A workbench to produce high-quality rendered images from your FreeCAD document, using open-source external rendering engines. Designed as a modern replacement for deprecated internal Raytracing Workbench. ['Yorik Van Havre', 'howetuft'] 90.3 1 5 17 53 master master 2024.12.15 5 mo 3,230 993 216 19 41 LGPL-2.1-or-later
128 EasyProfileFrame Simplifies the creation of frames using profiles, such as aluminum profiles. It also includes support for exporting Bill of Materials (BOM). ['ovo-Tim'] 90 3 1 0 10 main main 0.0.1 12 mo 1,246 412 14 6 4 LGPL-3.0-or-later
129 CamScripts CamScripts ToolBit import or script creation and configure *every* step of FreeCAD CAM process. ['spanner888'] 89.9 3 1 1 15 main main V0.0.5 2024/09/25 2 yr 0 0 3 4 2 LGPL-2.1-or-later
130 POV-Ray-Rendering [] 89.2 3 1 8 8 master 3 yr 0 0 4 6 2
131 MOOC Learn FreeCAD ['Jonathan Wiedemann'] 89 3 2 0 18 master master 2022.04.21 4 yr 0 0 5 6 7 GPLv2.1
132 osh-autodoc-workbench A workbench that support the creation of assembly manuals of open source hardware. ['Pieter Hijma', 'J.C. Mariscal-Melgar'] 89 1 8 0 23 main main 0.2.3 2 mo 0 0 0 0 0 LGPL-3.0-or-later
133 SaveAndRestore A simple addon to save and restore your settings ['Paul Ebbers'] 88.9 2 3 21 11 main main 0.2.2 v0.2.2 4 mo 1,605 735 7 2 1 MIT
134 MnesarcoUtils A collection of tools mainly dedicated to scripting and experiments. ['Frank Martinez'] 88.8 3 2 2 65 main main 0.2.16 today 0 0 19 1 7 GPL-3.0
135 TitleBlock An extension for the TechDraw workbench to fill a TitleBlock with the aid of the Spreadsheet workbench. ['Paul Ebbers'] 88.4 3 2 6 18 main main 0.5.2.2 7 mo 0 0 4 2 0 LGPL-2.1-or-later
136 Launcher Search for commands and run them. ['Triplus', 'PhoneDroid'] 88 4 0 0 2 Stable Latest 0.1.0 v0.1.0 3 d 0 0 0 0 0 LGPL-2.1-or-later, CC-BY-SA-4.0
137 Defeaturing A set of tools to edit a Shape or a STEP model. ['Maui'] 87.9 4 0 1 8 master master 1.3.1 6 d 2,035 877 34 9 7 AGPLv3.0
138 FreeCAD-Ribbon A Ribbon interface for FreeCAD ['Paul Ebbers'] 87.7 2 4 23 45 main main 1.10.10.1 today 1,945 673 97 4 12 GPL-3.0-or-later
139 SearchBar Adds a search bar widget for tools, document objects, and preferences ['Paul Ebbers'] 87.6 3 3 4 28 Develop main 1.8.0 6 mo 0 0 5 7 9 CCOv1
140 SaveAndRestore A simple addon to save and restore your settings ['Paul Ebbers'] 85.9 3 3 21 11 Develop main 0.2.1 11 mo 0 0 7 2 1 MIT
141 fcVM Finite element collapse analysis based on the von Mises plasticity model for use with FreeCAD ['HarryvL'] 85.9 4 2 1 4 main main 2024.9.5 8 mo 0 0 11 3 3
142 FreeGrid A simple tools workbench for generating FreeGrid storage system components. ['hasecilu', 'Alan Langford', 'Michael K Johnson'] 85.5 4 2 5 9 main main 2.2.0 1 yr 402 135 48 2 4 AGPL-3.0-or-later
143 freecad_streamdeck_addon FreeCAD addon to use an Elgato Stream Deck macropad as an input device. ['Giraut'] 85 5 0 0 6 main main 0.1.7 2 yr 0 0 16 6 4 GPL-3.0-or-later
144 drawing_dimensioning [] 84.5 3 6 5 59 v0.19.4 0.19.4 5 mo 0 0 0 0 49
145 FreeCAD-Ribbon A Ribbon interface for FreeCAD ['Paul Ebbers'] 84.2 3 4 28 50 Develop main 1.11.0dev today 0 0 97 4 12 GPL-3.0-or-later
146 AddonManager Tool to install workbenches, macros, themes, etc. ['Jonathan Wiedemann', 'Kurt Kremitzki', 'Chris Hennes', 'Yorik van Havre'] 83.6 2 6 44 99 main main 2026.2.19 6 d 10,630 1,894 9 42 20 LGPL-2.1-or-later
147 AddonManager Development branch of a tool to install workbenches, macros, themes, etc. ['Jonathan Wiedemann', 'Kurt Kremitzki', 'Chris Hennes', 'Yorik van Havre'] 83.6 2 6 44 99 dev dev 2026.2.9dev 6 d 0 0 9 42 20 LGPL-2.1-or-later
148 Part-o-magic Experiment on FreeCAD-wide automation of Part container management ['DeepSOIC'] 83.5 0 16 5 62 master master 1.1.0 1 mo 0 0 15 27 5 LGPL-2.0-or-later
149 A2plus Another assembly workbench for FreeCAD, following and extending Hamish's Assembly 2 workbench hence Assembly2plus. The main goal of A2plus is to create a very simple, easy to use, and not over-featured workbench for FreeCAD assemblies. Using the KISS principle: KEEP IT SIMPLE, STUPID ['kbwbe'] 83 4 1 40 38 master master 0.4.68 1 mo 6,550 2,411 203 49 74 LGPL-2.1-or-later
150 FEM_FrontISTR A FreeCAD addon that enables a parallel nonliner FEM solver FrontISTR. ['FrontISTR-Commons'] 82.9 5 1 11 29 master master 0.2.0 8 mo 221 116 36 0 9 LGPL-2.1-or-later
151 OSAFE This is a workbench for FreeCAD that creates foundation model from CSI ETABS model results. ['Raeyat Roknabadi Ebrahim'] 82.4 3 7 16 83 master master 2022.05.29 2 mo 0 0 46 3 10 LGPL-2.1-or-later
152 FEMbyGEN Parametric Finite Element Analysis(FEM) ['Serdar T. Ince'] 81.9 3 9 1 28 master master 2.5.2 3 mo 742 186 46 4 23 LGPL-2.1-only
153 Rocket A workbench for designing model rockets. ['David Carter'] 81.5 4 6 5 266 master 3.3.0 v3.3.0 2 yr 0 0 74 8 14 LGPLv2.1
154 freecad.optics_design_workbench Physically accurate forward ray tracing for optics simulation and optimization with FreeCAD workbench frontend. ['Philipp Bredol'] 79.8 3 7 42 43 master master 0.7.3 10 d 359 169 11 0 1 LGPL-3.0-or-later
155 GDML An external workbench for creating GDML models for Geant4 and Root ['Keith Sloan'] 79.3 0 19 17 66 Main Main 2.0.1 Beta 2 mo 0 0 70 55 18 LGPL-2.1
156 Cfd [] 77.3 5 4 37 66 master 4 yr 0 0 211 4 42
157 kicadStepUpMod A bidirectional ECAD/MCAD collaboration between KiCAD and FreeCAD. ['Maui'] 76.9 6 4 11 34 master master 11.08.2 4 mo 4,376 1,051 631 37 81 AGPLv3.0
158 WebTools A collection of tools to work with web services ['Yorik van Havre'] 76.4 1 20 6 10 master master 1.0.0 7 mo 0 0 27 10 18 LGPL-2.1-or-later
159 Manipulator A handy way to Move and Align objects in FreeCAD. ['Maui'] 74.6 6 7 4 10 master master 1.6.4 6 d 4,115 1,629 74 24 14 GPLv3.0
160 Reinforcement A workbench that provides tools for Reinforcement Generation and its Detailing. ['Amritpal Singh (amrit3701)'] 73.8 4 12 22 66 master master v0.6 1 mo 736 327 62 60 22 LGPL-2.1-or-later
161 boltsfc Installable FreeCAD package of BOLTS, an Open Library for Technical Specifications. ['Bernd Hahnebach'] 69.9 3 21 1 51 main main 2022.11.5 3 yr 1,604 634 39 3 15 LGPLv2.1
162 Ondsel-Lens Workspace manager for Ondsel Lens workspaces ['Pieter Hijma'] 68.5 6 13 5 66 main main 2025.12.22.01 3 mo 0 0 4 8 14 LGPL-2.0-or-later, Apache-2.0, CC0-1.0, CC-BY-SA-2.0, CC-BY-SA-4...
163 Rocket Workbench for designing model rockets. ['David Carter'] 67.8 5 14 32 311 master master 5.1.1 2 mo 605 213 74 8 14 LGPL-2.1-or-later, MIT
164 BCFPlugin Integrate collaboration in the BIM space through support of the BCF (BIM Collaboration Format). ['Patrick Podest (podestplatz)'] 65.2 8 9 18 52 master master 1.0.0 4 yr 0 0 9 6 8 LGPLv2.1
165 Curves A collection of tools mainly dedicated to NURBS curves and surfaces modeling. ['Christophe Grellier'] 59.9 1 37 1 113 main main 0.6.71 11 d 27,100 9,808 138 31 35 LGPL-2.1-or-later, Apache-2.0
166 BIM This is a workbench for FreeCAD that implements a complete set of Building Information Modeling (BIM) tools and allows a proper BIM workflow similar to professional BIM applications like Revit, ArchiCAD, Tekla, AllPlan or BricsCAD. ['Yorik van Havre'] 47.6 9 25 4 65 master master 2021.12 2 yr 0 0 0 0 0 LGPL-2.1-or-later
167 AnimationFreeCAD The FreeCAD Animation workbench allows users to animate any object easily through visual scripting Nodes thanks to PyFlow. ['Andréas Cottet', 'Quentin Tournier'] 44.2 2 44 58 630 main main 1.0-beta 1 yr 635 182 34 10 10 Apache-2.0
168 workfeature-macro [] 17.9 1 79 1 34 master 1 yr 0 0 28 3 9
169 animation [] 11.1 1 85 9 52 master 6 yr 0 0 34 9 19
170 pcb Printed Circuit Board (PCB) Workbench for FreeCAD ['marmni'] 0 6 101 43 280 master master 6.2023.1 24 d 1,293 783 116 7 26 AGPLv3.0

Addon Details

CurvedShapes master

Create 3D shapes from 2D curves.

100 / 100

Repository

https://github.com/chbergmann/CurvedShapesWorkbench
master · 5 mo · 11 python files

Statistics

5,331
DL(Yr)
1,598
DL(Mo)
75
Stars
14
Issues
Manifest
Branch
master
Version
1.00.14
License
LGPL-2.1
Dependencies 4
  • Internal: BOPTools
  • Internal: Draft
  • Internal: PySide
  • Internal: Sketcher
Python Issues 0
INFO 2
package.xml1
  • Missing author information in package.xml
Layout1
  • Uses exec based layout
Authors/Maintainers 1
Christi

FusedFilamentDesign release

PartDesign addon for FFF/FDM 3D-printing design

100 / 100

Repository

https://github.com/rahix/FusedFilamentDesign.git
release · v0.26.100 · 25 d · 10 python files

Statistics

4,925
DL(Yr)
1,833
DL(Mo)
212
Stars
14
Issues
Manifest
Branch
release
Version
0.26.100
License
LGPL-2.1-or-later
Dependencies 2
  • Internal: PySide
  • Internal: Sketcher
Python Issues 0
INFO 2
package.xml1
  • Missing author information in package.xml
Layout1
  • Uses exec based layout
Authors/Maintainers 1
rahix

ThreadProfile master

ThreadProfile object for creating internal/external threads

100 / 100

Repository

https://github.com/mwganson/ThreadProfile
master · 3 mo · 4 python files

Statistics

3,674
DL(Yr)
1,032
DL(Mo)
68
Stars
29
Issues
Manifest
Branch
master
Version
1.98
License
LGPL-2.1
Dependencies 2
  • Internal: Draft
  • Internal: PySide
Python Issues 0
INFO 2
package.xml1
  • Missing author information in package.xml
Layout1
  • Uses exec based layout
Authors/Maintainers 1
TheMarkster

Woods master

Collection of various wood materials.

100 / 100

Repository

https://github.com/davesrocketshop/Woods
master · v1.1.0 · 3 mo · 4 python files

Statistics

1,693
DL(Yr)
460
DL(Mo)
7
Stars
1
Issues
Manifest
Branch
master
Version
1.1.0
License
LGPL-2.1-or-later, CDLA-Sharing-1.0, CC-BY-SA-4.0
Dependencies 3
  • Warn: Pillow (Not in AddonManager allowed packages)
  • Warn: opencv-python (Not in AddonManager allowed packages)
  • Warn: openpyxl (Not in AddonManager allowed packages)
Python Issues 0
INFO 1
Layout1
  • Uses extension based layout
Authors/Maintainers 2
Gregory Holmberg David Carter

toSketch main

Tools to help recreate models from STEP files.

100 / 100

Repository

https://github.com/KeithSloan/toSketch
main · 3 mo · 14 python files

Statistics

1,656
DL(Yr)
336
DL(Mo)
18
Stars
8
Issues
Manifest
Branch
main
Version
1.0.1
License
GPL-2.0-or-later
Dependencies 9
  • Compat: PySide2
  • Internal: Draft
  • Internal: PySide
  • Internal: Sketcher
  • Warn: Show (Not in AddonManager allowed packages)
  • Warn: geomdl (Not in AddonManager allowed packages)
  • Warn: matplotlib (Not in AddonManager allowed packages)
  • Warn: numpy (Not in AddonManager allowed packages)
  • Warn: scipy (Not in AddonManager allowed packages)
Python Issues 0
INFO 1
Layout1
  • Uses extension based layout
Authors/Maintainers 1
Keith Sloan

Plot Latest

Tools to modify existing plots.

100 / 100

Repository

https://github.com/FreeCAD/Plot
Latest · 2 mo · 23 python files

Statistics

1,168
DL(Yr)
407
DL(Mo)
14
Stars
0
Issues
Manifest
Branch
Latest
Version
2025.10.29
License
LGPL-2.1-or-later, CC-BY-SA-4.0
Dependencies 2
  • Compat: PySide6
  • Warn: matplotlib (Not in AddonManager allowed packages)
Python Issues 0
INFO 1
Layout1
  • Uses extension based layout
Authors/Maintainers 4
PhoneDroid Jose Luis Cercós Pita hasecilu looooo

Beltrami main

Workbench for designing Turbomachine blades.

100 / 100

Repository

https://github.com/Simturb/Beltrami
main · 1.3.1 · 1 mo · 5 python files

Statistics

1,074
DL(Yr)
365
DL(Mo)
39
Stars
0
Issues
Manifest
Branch
main
Version
1.3.1
License
LGPL-2.1-or-later
Dependencies 4
  • Internal: Sketcher
  • Internal: Spreadsheet
  • Warn: numpy (Not in AddonManager allowed packages)
  • Warn: scipy (Not in AddonManager allowed packages)
Python Issues 0
INFO 1
Layout1
  • Uses extension based layout
Authors/Maintainers 1
Michel Sabourin

FeedsAndSpeeds master

CAM addon to help generate basic feeds and speeds for machining.

100 / 100

Repository

https://github.com/dubstar-04/FeedsAndSpeeds
master · 3 mo · 4 python files

Statistics

1,003
DL(Yr)
301
DL(Mo)
45
Stars
17
Issues
Manifest
Branch
master
Version
0.6
License
LGPL-2.1-or-later
Dependencies 2
  • Internal: PySide
  • Warn: Path (Not in AddonManager allowed packages)
Python Issues 0
INFO 1
Layout1
  • Uses exec based layout
Authors/Maintainers 1
Daniel Wood

SvgWorkbench main

FreeCAD Svg Workbench

100 / 100

Repository

https://github.com/mnesarco/SvgWorkbench
main · today · 71 python files

Statistics

927
DL(Yr)
258
DL(Mo)
12
Stars
1
Issues
Manifest
Branch
main
Version
1.0.0.dev13
License
LGPL-3.0-or-later
Dependencies 12
  • Compat: PySide6
  • Compat: shiboken2
  • Compat: shiboken6
  • Internal: Draft
  • Internal: PySide
  • Internal: TechDraw
  • Internal: pivy
  • Warn: defusedxml (Not in AddonManager allowed packages)
  • Warn: packaging (Not in AddonManager allowed packages)
  • Warn: rich (Not in AddonManager allowed packages)
  • Warn: toml (Not in AddonManager allowed packages)
  • Warn: typer (Not in AddonManager allowed packages)
Python Issues 0
INFO 1
Layout1
  • Uses extension based layout
Authors/Maintainers 1
Frank David Martínez Muñoz

Pyramids-and-Polyhedrons Latest

Create various polyhedrons in the Part workbench.

100 / 100

Repository

https://github.com/Addon-Shelter/Polyhedra
Latest · 4 d · 32 python files

Statistics

878
DL(Yr)
216
DL(Mo)
1
Stars
0
Issues
Manifest
Branch
Latest
Version
0.2.2
License
GPL-3.0-or-later, CC-BY-SA-4.0, Unlicense
Dependencies 1
  • Compat: PySide6
Python Issues 0
INFO 1
Layout1
  • Uses extension based layout
Authors/Maintainers 2
Eddy Verlinden PhoneDroid

MakerWorkbench master

A mechatronic components system + optic components system

100 / 100

Repository

https://github.com/URJCMakerGroup/MakerWorkbench
master · 1 yr · 60 python files

Statistics

820
DL(Yr)
267
DL(Mo)
49
Stars
6
Issues
Manifest
Branch
master
Version
1.0.1
License
LGPL-3
Dependencies 4
  • Internal: Draft
  • Internal: Mesh
  • Internal: PySide
  • Internal: pivy
Python Issues 0
INFO 2
package.xml1
  • Missing author information in package.xml
Layout1
  • Uses exec based layout
Authors/Maintainers 1
David Muñoz

FileExplorerExt main

Integrated file system viewer.

100 / 100

Repository

https://github.com/mnesarco/FileExplorerExt
main · v1.0.0.dev7 · 1 mo · 17 python files

Statistics

535
DL(Yr)
212
DL(Mo)
5
Stars
0
Issues
Manifest
Branch
main
Version
1.0.0-dev.7
License
LGPL-3.0-or-later
Dependencies 2
  • Compat: PySide6
  • Internal: PySide
Python Issues 0
INFO 1
Layout1
  • Uses extension based layout
Authors/Maintainers 1
Frank David Martínez Muñoz

OpticsWorkbench main

Geometrical optics for FreeCAD. Performs simple raytracing through your FreeCAD objects.

100 / 100

Repository

https://github.com/chbergmann/OpticsWorkbench
main · 3 d · 17 python files

Statistics

519
DL(Yr)
309
DL(Mo)
152
Stars
7
Issues
Manifest
Branch
main
Version
1.3.0
License
LGPL-2.1
Dependencies 6
  • Internal: BOPTools
  • Internal: PySide
  • Internal: Sketcher
  • Warn: matplotlib (Not in AddonManager allowed packages)
  • Warn: numpy (Not in AddonManager allowed packages)
  • Warn: scipy (Not in AddonManager allowed packages)
Python Issues 0
INFO 2
package.xml1
  • Missing author information in package.xml
Layout1
  • Uses exec based layout
Authors/Maintainers 1
Christi

FoamCut main

Foamcut workbench provide functionality to prepare job and generate Gcode for 4 or 5 axis cnc hotwire cutter.

100 / 100

Repository

https://github.com/Shkolik/Foamcut
main · 1 d · 21 python files

Statistics

355
DL(Yr)
199
DL(Mo)
19
Stars
4
Issues
Manifest
Branch
main
Version
0.1.12
License
LGPL-2.1-or-later
Dependencies 2
  • Internal: PySide
  • Internal: pivy
Python Issues 0
INFO 1
Layout1
  • Uses exec based layout
Authors/Maintainers 2
Andrew Shkolik (https://github.com/Shkolik) Andrew Shkolik

Movie master

Workbench to create and animate the movie camera, create and play videos of animations

100 / 100

Repository

https://github.com/Francisco-Rosa/FreeCAD-Movie
master · 9 mo · 6 python files

Statistics

164
DL(Yr)
106
DL(Mo)
15
Stars
0
Issues
Manifest
Branch
master
Version
2025.01.04
License
LGPL-2.1-or-later
Dependencies 4
  • Internal: PySide
  • Internal: pivy
  • Mod: Render
  • Warn: opencv-python (Not in AddonManager allowed packages)
Python Issues 0
INFO 1
Layout1
  • Uses exec based layout
Authors/Maintainers 1
F_Rosa

Channels main

FreeCAD Channels

100 / 100

Repository

https://github.com/mnesarco/Channels
main · today · 41 python files

Statistics

0
DL(Yr)
0
DL(Mo)
55
Stars
0
Issues
Manifest
Branch
main
Version
0.1.0.dev4
License
LGPL-3.0-or-later
Dependencies 13
  • Compat: PySide2
  • Compat: PySide6
  • Compat: shiboken2
  • Compat: shiboken6
  • Internal: PySide
  • Internal: pivy
  • Warn: bpy (Not in AddonManager allowed packages)
  • Warn: defusedxml (Not in AddonManager allowed packages)
  • Warn: importers (Not in AddonManager allowed packages)
  • Warn: packaging (Not in AddonManager allowed packages)
  • Warn: rich (Not in AddonManager allowed packages)
  • Warn: toml (Not in AddonManager allowed packages)
  • Warn: typer (Not in AddonManager allowed packages)
Python Issues 0
INFO 1
Layout1
  • Uses extension based layout
Authors/Maintainers 1
Frank David Martínez Muñoz

FreecadDiscordPresence main

Shows FreeCAD Status on discord.

100 / 100

Repository

https://github.com/TzurSoffer/FreecadDiscordPresence
main · Version1.0.3 · 6 mo · 4 python files

Statistics

0
DL(Yr)
0
DL(Mo)
12
Stars
0
Issues
Manifest
Branch
main
Version
1.0.3
License
LGPL-2.1-or-later
Dependencies 3
  • Compat: PySide2
  • Internal: PySide
  • Warn: pypresence (Not in AddonManager allowed packages)
Python Issues 0
INFO 2
package.xml1
  • Missing author information in package.xml
Layout1
  • Uses extension based layout
Authors/Maintainers 1
Tzur Soffer

ImportNURBS master

An external workbench for add importer for 3dm>

100 / 100

Repository

https://github.com/KeithSloan/ImportNURBS
master · 7 mo · 4 python files

Statistics

0
DL(Yr)
0
DL(Mo)
12
Stars
4
Issues
Manifest
Branch
master
Version
1.1 Beta
License
LGPL-2.1
Dependencies 4
  • Internal: Draft
  • Internal: Mesh
  • Warn: rhino3dm (Not in AddonManager allowed packages)
  • Warn: setuptools (Not in AddonManager allowed packages)
Python Issues 0
INFO 2
package.xml1
  • Missing author information in package.xml
Layout1
  • Uses extension based layout
Authors/Maintainers 1
Keith Sloan

NikraDAP main

Multibody Planar Dynamics Workbench based on a DAP solver algorithm developed by P.E. Nikravesh.

100 / 100

Repository

https://github.com/NikraDAP/FreeCAD-NikraDAP
main · 3 yr · 11 python files

Statistics

0
DL(Yr)
0
DL(Mo)
2
Stars
2
Issues
Manifest
Branch
main
Version
2.0-alpha
License
GPL-3
Dependencies 4
  • Internal: PySide
  • Internal: pivy
  • Warn: numpy (Not in AddonManager allowed packages)
  • Warn: scipy (Not in AddonManager allowed packages)
Python Issues 0
INFO 2
package.xml1
  • Missing author information in package.xml
Layout1
  • Uses exec based layout
Authors/Maintainers 1
Lukas du Plessis

Ratchet main

Workbench to quickly create ratchets.

100 / 100

Repository

https://github.com/erroronline1/ratchetWB
main · today · 27 python files

Statistics

0
DL(Yr)
0
DL(Mo)
0
Stars
0
Issues
Manifest
Branch
main
Version
0.2.1
License
LGPL-3.0-or-later
Dependencies 1
  • Compat: PySide6
Python Issues 0
INFO 1
Layout1
  • Uses extension based layout
Authors/Maintainers 1
error on line 1

Solar main

Workbench to manage solar analysis and configurations.

100 / 100

Repository

https://github.com/Francisco-Rosa/Solar
main · 23 d · 11 python files

Statistics

0
DL(Yr)
0
DL(Mo)
18
Stars
3
Issues
Manifest
Branch
main
Version
2026.03.08
License
LGPL-2.1-or-later
Dependencies 5
  • Internal: Draft
  • Internal: PySide
  • Warn: ladybug (Not in AddonManager allowed packages)
  • Warn: ladybug_geometry (Not in AddonManager allowed packages)
  • Warn: ladybug_radiance (Not in AddonManager allowed packages)
Python Issues 0
INFO 1
Layout1
  • Uses extension based layout
Authors/Maintainers 1
Francisco Rosa

StandardBeams main

Workbench to create standard beam profiles of varying shapes.

100 / 100

Repository

https://github.com/MortenVajhoj/StandardBeams
main · 2 mo · 56 python files

Statistics

0
DL(Yr)
0
DL(Mo)
6
Stars
0
Issues
Manifest
Branch
main
Version
1.0.0
License
LGPL-2.1-or-later, CC-BY-SA-4.0
Dependencies 2
  • Compat: PySide6
  • Internal: PySide
Python Issues 0
INFO 1
Layout1
  • Uses extension based layout
Authors/Maintainers 1
Morten Vajhøj

Supplemental-Materials Latest

Materials database that supplements the core materials.

100 / 100

Repository

https://github.com/FreeCAD/Supplemental-Materials
Latest · v1.0.2 · 23 d · 2 python files

Statistics

0
DL(Yr)
115
DL(Mo)
0
Stars
0
Issues
Manifest
Branch
Latest
Version
1.0.2
License
LGPL-3.0-or-later, CC-BY-SA-4.0
Python Issues 0
INFO 1
Layout1
  • Uses extension based layout
Authors/Maintainers 1
DavesRocketShop

Vars main

FreeCAD Vars

100 / 100

Repository

https://github.com/mnesarco/Vars
main · today · 42 python files

Statistics

0
DL(Yr)
0
DL(Mo)
14
Stars
2
Issues
Manifest
Branch
main
Version
0.0.2.beta5
License
LGPL-3.0-or-later
Dependencies 11
  • Compat: PySide6
  • Compat: shiboken2
  • Compat: shiboken6
  • Internal: PySide
  • Internal: pivy
  • Warn: defusedxml (Not in AddonManager allowed packages)
  • Warn: packaging (Not in AddonManager allowed packages)
  • Warn: rich (Not in AddonManager allowed packages)
  • Warn: scour (Not in AddonManager allowed packages)
  • Warn: toml (Not in AddonManager allowed packages)
  • Warn: typer (Not in AddonManager allowed packages)
Python Issues 0
INFO 1
Layout1
  • Uses extension based layout
Authors/Maintainers 1
Frank David Martínez Muñoz

freecad-xr-workbench main

A Virtual Reality (OpenXR) workbench. View your models with VR goggles.

100 / 100

Repository

https://github.com/kwahoo2/freecad-xr-workbench
main · 3 mo · 17 python files

Statistics

0
DL(Yr)
0
DL(Mo)
25
Stars
1
Issues
Manifest
Branch
main
Version
1.0
License
LGPL-3.0-or-later
Dependencies 10
  • Compat: PySide2
  • Compat: PySide6
  • Compat: shiboken2
  • Compat: shiboken6
  • Internal: Draft
  • Internal: PySide
  • Internal: pivy
  • Warn: PyOpenGL (Not in AddonManager allowed packages)
  • Warn: numpy (Not in AddonManager allowed packages)
  • Warn: xr (Not in AddonManager allowed packages)
Python Issues 0
INFO 2
package.xml1
  • Missing author information in package.xml
Layout1
  • Uses extension based layout
Authors/Maintainers 1
Adrian Przekwas

yaml-workbench master

A FreeCAD addon that loads and manipulates objects via YAML files.

100 / 100

Repository

https://github.com/Mambix/FreeCAD-yaml-workbench
master · v0.1.4 · 7 mo · 23 python files

Statistics

0
DL(Yr)
0
DL(Mo)
11
Stars
2
Issues
Manifest
Branch
master
Version
0.1.4
License
LGPL-2.1-or-later
Dependencies 3
  • Internal: Mesh
  • Warn: PyYAML (Not in AddonManager allowed packages)
  • Warn: Requests (Not in AddonManager allowed packages)
Python Issues 0
INFO 2
package.xml1
  • Missing author information in package.xml
Layout1
  • Uses extension based layout
Authors/Maintainers 1
MambiX Ltd.

taack-plm-freecad main

This workbench contains tools to interact with Taack Plm Intranet server app you can find under the https://github.com/Taack/plm

99.9 / 100

Repository

https://github.com/Taack/taack-plm-freecad
main · 5 mo · 4 python files

Statistics

0
DL(Yr)
0
DL(Mo)
15
Stars
1
Issues
Manifest
Branch
main
Version
2025.11.12
License
GPL-2.0-or-later
Dependencies 3
  • Internal: PySide
  • Warn: Requests (Not in AddonManager allowed packages)
  • Warn: protobuf (Not in AddonManager allowed packages)
Python Issues 1
LOW 1
Intranet.py1
  • line 28: Possible hardcoded password: ''
INFO 2
package.xml1
  • Missing author information in package.xml
Layout1
  • Uses exec based layout
Authors/Maintainers 1
Adrien GUICHARD

sheetmetal master

A simple sheet metal tools workbench for FreeCAD.

99.8 / 100

Repository

https://github.com/shaise/FreeCAD_SheetMetal
master · 6 d · 32 python files

Statistics

28,291
DL(Yr)
9,968
DL(Mo)
294
Stars
93
Issues
Manifest
Branch
master
Version
0.8.10
License
LGPL-2.1-or-later
Dependencies 7
  • Internal: BOPTools
  • Internal: Draft
  • Internal: PySide
  • Internal: TechDraw
  • Internal: TestApp
  • Warn: Drawing (Not in AddonManager allowed packages)
  • Warn: networkx (Not in AddonManager allowed packages)
Python Issues 2
LOW 2
ExtrudedCutout.py1
  • line 198: Try, Except, Continue detected.
SheetMetalCmd.py1
  • line 178: Try, Except, Continue detected.
INFO 2
package.xml1
  • Missing author information in package.xml
Layout1
  • Uses exec based layout
Authors/Maintainers 1
Shai Seger

CadbaseLibrary master

The workbench provides users with an easier way to work with components on the CADBase platform through the FreeCAD interface. Component mod...

99.8 / 100

Repository

https://github.com/mnnxp/cadbaselibrary-freecad
master · v3.0.0 · 7 mo · 13 python files

Statistics

615
DL(Yr)
152
DL(Mo)
6
Stars
0
Issues
Manifest
Branch
master
Version
3.0.0
License
LGPL-3.0-or-later
Dependencies 1
  • Internal: PySide
Python Issues 2
LOW 2
CadbaseMacro.py2
  • line 26: Consider possible security implications associated with the subprocess module.
  • line 222: subprocess call - check for execution of untrusted input.
INFO 2
package.xml1
  • Missing author information in package.xml
Layout1
  • Uses exec based layout
Authors/Maintainers 1
mnnxp

Fcmcua main

Link a motion controller to a FreeCAD assembly using OPC UA

99.6 / 100

Repository

https://github.com/heissgetraenk/fcmcua
main · 2 yr · 13 python files

Statistics

0
DL(Yr)
0
DL(Mo)
15
Stars
2
Issues
Manifest
Branch
main
Version
1.0.0
License
GPL-3.0-or-later
Dependencies 3
  • Compat: PySide2
  • Warn: aioconsole (Not in AddonManager allowed packages)
  • Warn: asyncua (Not in AddonManager allowed packages)
Python Issues 4
LOW 4
Demo/Demo_Cnc/DemoServer/opcserver.py4
  • line 144: Starting a process with a shell: Seems safe, but may be changed in the future, consider rewriting without shell
  • line 144: Starting a process with a partial executable path
  • line 187: Starting a process with a shell: Seems safe, but may be changed in the future, consider rewriting without shell
  • line 187: Starting a process with a partial executable path
INFO 2
package.xml1
  • Missing author information in package.xml
Layout1
  • Uses extension based layout
Authors/Maintainers 1
heissgetraenk

ShapeStrings main

Advanced tools for creating and manipulating ShapeStrings.

99.6 / 100

Repository

https://github.com/robertmassaioli/shapestrings
main · 2 mo · 21 python files

Statistics

0
DL(Yr)
0
DL(Mo)
4
Stars
2
Issues
Manifest
Branch
main
Version
0.2.0
License
LGPL-2.1-or-later
Dependencies 1
  • Internal: PySide
Python Issues 4
LOW 4
bump_version.py4
  • line 20: Consider possible security implications associated with the subprocess module.
  • line 104: subprocess call - check for execution of untrusted input.
  • line 105: Starting a process with a partial executable path
  • line 105: subprocess call - check for execution of untrusted input.
INFO 1
Layout1
  • Uses extension based layout
Authors/Maintainers 1
Robert Massaioli

IDF Latest

Importer for IDF files.

99 / 100

Repository

https://github.com/FreeCAD/IDF
Latest · 23 d · 12 python files

Statistics

0
DL(Yr)
0
DL(Mo)
0
Stars
0
Issues
Manifest
Branch
Latest
Version
1.0.0
License
LGPL-2.1-or-later, CC-BY-SA-4.0
Python Issues 1
MEDIUM 1
freecad/IDF/Constants.py1
  • line 20: Probable insecure usage of temp file/directory.
INFO 1
Layout1
  • Uses extension based layout
Authors/Maintainers 2
Milos Koutny PhoneDroid

Nodes main

Visual scripting workbench for FreeCAD

99 / 100

Repository

https://github.com/j8sr0230/Nodes
main · 1 yr · 110 python files

Statistics

0
DL(Yr)
0
DL(Mo)
108
Stars
14
Issues
Manifest
Branch
main
Version
0.1.36
License
LGPL-2.1-or-later
Dependencies 6
  • Internal: Mesh
  • Warn: awkward (Not in AddonManager allowed packages)
  • Warn: blinker (Not in AddonManager allowed packages)
  • Warn: numpy (Not in AddonManager allowed packages)
  • Warn: qtpy (Not in AddonManager allowed packages)
  • Warn: scipy (Not in AddonManager allowed packages)
Python Issues 1
MEDIUM 1
nodes/script/script_py_script.py1
  • line 105: Use of exec detected.
INFO 2
package.xml1
  • Missing author information in package.xml
Layout1
  • Uses exec based layout
Authors/Maintainers 1
Ronny Scharf-Wildenhain

free2ki freecad-addons

Export your 3D models to VRML files, with correctly applied rotation and scaling, for use in KiCad as well as Blender.

98.9 / 100

Repository

https://github.com/30350n/free2ki
freecad-addons · v1.1.2 · 3 mo · 6 python files

Statistics

282
DL(Yr)
105
DL(Mo)
56
Stars
0
Issues
Manifest
Branch
freecad-addons
Version
1.1.2
License
GPL-3.0-or-later
Dependencies 4
  • Compat: PySide6
  • Internal: PySide
  • Warn: Pillow (Not in AddonManager allowed packages)
  • Warn: numpy (Not in AddonManager allowed packages)
Python Issues 2
MEDIUM 1
.github/workflows/build_freecad_package.py1
  • line 23: Using xml.etree.ElementTree.fromstring to parse untrusted XML data is known to be vulnerable to XML attacks. Replace xml.etree.ElementTree.fromstring with its defusedxml equivalent function or make sure defusedxml.defuse_stdlib() is called
LOW 1
.github/workflows/build_freecad_package.py1
  • line 7: Using ElementTree to parse untrusted XML data is known to be vulnerable to XML attacks. Replace ElementTree with the equivalent defusedxml package, or make sure defusedxml.defuse_stdlib() is called.
INFO 2
package.xml1
  • Missing author information in package.xml
Layout1
  • Uses extension based layout
Authors/Maintainers 1
30350n

WB_Organizer main

A workbench organizer widget for FreeCAD. Allows you to group your long list of workbenches into smaller meaningful groups. Allows you to re...

98.6 / 100

Repository

https://github.com/Palmstroemen/WB_Organizer
main · 2 yr · 3 python files

Statistics

674
DL(Yr)
190
DL(Mo)
5
Stars
4
Issues
Manifest
Branch
main
Version
2024.1.29
License
LGPL-2.1-or-later
Dependencies 1
  • Compat: PySide2
Python Issues 14
LOW 14
WBO_Gui.py7
  • line 516: Consider possible security implications associated with the subprocess module.
  • line 523: Starting a process with a partial executable path
  • line 523: subprocess call - check for execution of untrusted input.
  • line 525: Starting a process with a partial executable path
  • line 525: subprocess call - check for execution of untrusted input.
  • line 527: Starting a process with a partial executable path
  • line 527: subprocess call - check for execution of untrusted input.
WBO_Preferences.py7
  • line 23: Consider possible security implications associated with the subprocess module.
  • line 30: Starting a process with a partial executable path
  • line 30: subprocess call - check for execution of untrusted input.
  • line 32: Starting a process with a partial executable path
  • line 32: subprocess call - check for execution of untrusted input.
  • line 34: Starting a process with a partial executable path
  • line 34: subprocess call - check for execution of untrusted input.
INFO 2
package.xml1
  • Missing author information in package.xml
Layout1
  • Uses exec based layout
Authors/Maintainers 1
Palmstroemen

FreeCAD-Beginner-Assistant main

Best practices modeling assistant for the Part and Sketcher workbench.

98.6 / 100

Repository

https://github.com/alekssadowski95/FreeCAD-Beginner-Assistant
main · 1 yr · 37 python files

Statistics

160
DL(Yr)
60
DL(Mo)
18
Stars
6
Issues
Manifest
Branch
main
Version
1.0
License
LGPL-2.1-or-later
Dependencies 9
  • Internal: Sketcher
  • Warn: Pillow (Not in AddonManager allowed packages)
  • Warn: cryptography (Not in AddonManager allowed packages)
  • Warn: defusedxml (Not in AddonManager allowed packages)
  • Warn: endesive (Not in AddonManager allowed packages)
  • Warn: fontTools (Not in AddonManager allowed packages)
  • Warn: pymemtrace (Not in AddonManager allowed packages)
  • Warn: pympler (Not in AddonManager allowed packages)
  • Warn: uharfbuzz (Not in AddonManager allowed packages)
Python Issues 5
MEDIUM 1
fpdf/encryption.py1
  • line 526: Use of insecure cipher mode cryptography.hazmat.primitives.ciphers.modes.ECB.
LOW 4
pdfgen.py4
  • line 4: Consider possible security implications associated with the subprocess module.
  • line 191: subprocess call - check for execution of untrusted input.
  • line 193: Starting a process without a shell.
  • line 195: subprocess call - check for execution of untrusted input.
INFO 1
Layout1
  • Uses exec based layout
Authors/Maintainers 3
Aleksander Sadowski Aleksander Sadowski(https://github.com/alekssadowski95/FreeCAD-Beginner-Assistant) Elizabeth Harasymiw

frame master

A workbench for beams and frames

98 / 100

Repository

https://github.com/looooo/freecad_frame
master · 2 yr · 11 python files

Statistics

646
DL(Yr)
226
DL(Mo)
25
Stars
9
Issues
Manifest
Branch
master
Version
0.1.1
License
LGPL-2.1-or-later
Dependencies 7
  • Internal: PySide
  • Internal: pivy
  • Warn: PyYAML (Not in AddonManager allowed packages)
  • Warn: matplotlib (Not in AddonManager allowed packages)
  • Warn: numpy (Not in AddonManager allowed packages)
  • Warn: scipy (Not in AddonManager allowed packages)
  • Warn: setuptools (Not in AddonManager allowed packages)
Python Issues 2
MEDIUM 2
freecad/frametools/fem2d.py1
  • line 31: Use of unsafe yaml load. Allows instantiation of arbitrary objects. Consider yaml.safe_load().
setup.py1
  • line 7: Use of exec detected.
INFO 2
package.xml1
  • Missing author information in package.xml
Layout1
  • Uses extension based layout
Authors/Maintainers 1
looooo

Help main

A help system for displaying FreeCAD documentation.

98 / 100

Repository

https://github.com/FreeCAD/FreeCAD-Help
main · 2 yr · 4 python files

Statistics

0
DL(Yr)
0
DL(Mo)
11
Stars
9
Issues
Manifest
Branch
main
Version
1.0.3
License
LGPL-2.1-or-later
Dependencies 4
  • Compat: PySide2
  • Internal: PySide
  • Warn: Markdown (Not in AddonManager allowed packages)
  • Warn: pypandoc (Not in AddonManager allowed packages)
Python Issues 2
MEDIUM 2
Help.py2
  • line 249: Audit url open for permitted schemes. Allowing use of file:/ or custom schemes is often unexpected.
  • line 291: Audit url open for permitted schemes. Allowing use of file:/ or custom schemes is often unexpected.
INFO 2
package.xml1
  • Missing author information in package.xml
Layout1
  • Uses exec based layout
Authors/Maintainers 1
Yorik van Havre

pyOpToolsWorkbench master

An optics ray-tracing workbench based on pyOpTools

97.9 / 100

Repository

https://github.com/cihologramas/freecad-pyoptools
master · 1 mo · 81 python files

Statistics

0
DL(Yr)
0
DL(Mo)
25
Stars
3
Issues
Manifest
Branch
master
Version
0.0.4
License
GPL-3.0-or-later
Dependencies 7
  • Compat: PySide2
  • Internal: PySide
  • Internal: pivy
  • Warn: matplotlib (Not in AddonManager allowed packages)
  • Warn: numpy (Not in AddonManager allowed packages)
  • Warn: scipy (Not in AddonManager allowed packages)
  • Warn: setuptools (Not in AddonManager allowed packages)
Python Issues 3
MEDIUM 2
setup.py1
  • line 10: Use of exec detected.
version.py1
  • line 7: Using xml.etree.ElementTree.parse to parse untrusted XML data is known to be vulnerable to XML attacks. Replace xml.etree.ElementTree.parse with its defusedxml equivalent function or make sure defusedxml.defuse_stdlib() is called
LOW 1
version.py1
  • line 2: Using xml.etree.ElementTree to parse untrusted XML data is known to be vulnerable to XML attacks. Replace xml.etree.ElementTree with the equivalent defusedxml package, or make sure defusedxml.defuse_stdlib() is called.
INFO 2
package.xml1
  • Missing author information in package.xml
Layout1
  • Uses extension based layout
Authors/Maintainers 1
Ricardo Amézquita Orozco

Corridor-Road main

Workbench for designing road workflow.

97.7 / 100

Repository

https://github.com/ganadara135/CorridorRoad
main · v0.2.2 · today · 91 python files

Statistics

0
DL(Yr)
0
DL(Mo)
0
Stars
0
Issues
Manifest
Branch
main
Version
0.2.2
License
LGPL-2.1-or-later
Dependencies 4
  • Compat: PySide2
  • Compat: PySide6
  • Internal: Mesh
  • Internal: PySide
Python Issues 23
LOW 23
freecad/Corridor_Road/objects/coord_transform.py1
  • line 71: Try, Except, Continue detected.
freecad/Corridor_Road/objects/obj_cut_fill_calc.py4
  • line 292: Try, Except, Continue detected.
  • line 323: Try, Except, Continue detected.
  • line 349: Try, Except, Continue detected.
  • line 662: Try, Except, Continue detected.
freecad/Corridor_Road/objects/obj_section_set.py6
  • line 50: Try, Except, Continue detected.
  • line 320: Try, Except, Continue detected.
  • line 594: Try, Except, Continue detected.
  • line 2587: Possible hardcoded password: 'daylight=fallback:no_terrain'
  • line 2590: Possible hardcoded password: 'daylight=fallback:sampler_failed'
  • line 2596: Possible hardcoded password: 'daylight=off'
freecad/Corridor_Road/objects/obj_structure_set.py5
  • line 167: Try, Except, Continue detected.
  • line 182: Try, Except, Continue detected.
  • line 191: Try, Except, Continue detected.
  • line 193: Try, Except, Continue detected.
  • line 997: Try, Except, Continue detected.
freecad/Corridor_Road/objects/sketch_alignment_import.py1
  • line 17: Try, Except, Continue detected.
freecad/Corridor_Road/objects/surface_sampling_core.py3
  • line 67: Try, Except, Continue detected.
  • line 79: Try, Except, Continue detected.
  • line 100: Try, Except, Continue detected.
freecad/Corridor_Road/ui/task_alignment_editor.py1
  • line 575: Try, Except, Continue detected.
freecad/Corridor_Road/ui/task_structure_editor.py2
  • line 2231: Try, Except, Continue detected.
  • line 2257: Try, Except, Continue detected.
INFO 1
Layout1
  • Uses extension based layout
Authors/Maintainers 1
Kcod

cadquery_module master

Build CadQuery models withing FreeCAD.

97.7 / 100

Repository

https://github.com/jmwright/cadquery-freecad-module
master · v2.2.0 · 2 mo · 11 python files

Statistics

0
DL(Yr)
0
DL(Mo)
145
Stars
5
Issues
Manifest
Branch
master
Version
2.2.0
License
Apache-2.0
Dependencies 4
  • Compat: PySide6
  • Internal: PySide
  • Warn: build123d (Not in AddonManager allowed packages)
  • Warn: cadquery (Not in AddonManager allowed packages)
Python Issues 23
LOW 21
freecad/CadQuery/Command.py23
  • line 27: Consider possible security implications associated with the subprocess module.
  • line 29: Starting a process with a partial executable path
  • line 29: subprocess call - check for execution of untrusted input.
  • line 30: Starting a process with a partial executable path
  • line 30: subprocess call - check for execution of untrusted input.
  • line 50: Consider possible security implications associated with the subprocess module.
  • line 51: Starting a process with a partial executable path
  • line 51: subprocess call - check for execution of untrusted input.
  • line 52: Starting a process with a partial executable path
  • line 52: subprocess call - check for execution of untrusted input.
  • line 53: Starting a process with a partial executable path
  • line 53: subprocess call - check for execution of untrusted input.
  • line 54: Starting a process with a partial executable path
  • line 54: subprocess call - check for execution of untrusted input.
  • line 55: Starting a process with a partial executable path
  • line 55: subprocess call - check for execution of untrusted input.
  • line 56: Starting a process with a partial executable path
  • line 56: subprocess call - check for execution of untrusted input.
  • line 75: Consider possible security implications associated with the subprocess module.
  • line 77: Starting a process with a partial executable path
  • … 3 more issues
INFO 1
Layout1
  • Uses extension based layout
Authors/Maintainers 1
Jeremy Wright

freecad-wakatime main

A simple FreeCAD WakaTime extension.

97.6 / 100

Repository

https://github.com/Pegoku/freecad-wakatime
main · v0.6.0 · 6 mo · 5 python files

Statistics

0
DL(Yr)
0
DL(Mo)
4
Stars
2
Issues
Manifest
Branch
main
Version
0.6.0
License
LGPL-2.1-or-later
Python Issues 6
MEDIUM 2
freecad/Wakatime/scripts/logWaka.py2
  • line 129: Audit url open for permitted schemes. Allowing use of file:/ or custom schemes is often unexpected.
  • line 138: Chmod setting a permissive mask 0o755 on file (dst).
LOW 4
freecad/Wakatime/scripts/logWaka.py4
  • line 2: Consider possible security implications associated with the subprocess module.
  • line 87: subprocess call - check for execution of untrusted input.
  • line 104: Consider possible security implications associated with the subprocess module.
  • line 147: subprocess call - check for execution of untrusted input.
INFO 1
Layout1
  • Uses extension based layout
Authors/Maintainers 1
Pegoku

Ship master

Naval ship design (architecture, seakeeping, and ship resistance)

97.5 / 100

Repository

https://github.com/FreeCAD/freecad.ship
master · 9 mo · 71 python files

Statistics

0
DL(Yr)
120
DL(Mo)
49
Stars
6
Issues
Manifest
Branch
master
Version
2024.11.26
License
LGPL-2.1-or-later
Dependencies 8
  • Internal: PySide
  • Internal: Spreadsheet
  • Warn: capytaine (Not in AddonManager allowed packages)
  • Warn: matplotlib (Not in AddonManager allowed packages)
  • Warn: numpy (Not in AddonManager allowed packages)
  • Warn: scipy (Not in AddonManager allowed packages)
  • Warn: setuptools (Not in AddonManager allowed packages)
  • Warn: xarray (Not in AddonManager allowed packages)
Python Issues 7
MEDIUM 2
freecad/ship/shipUtils/Serialize.py1
  • line 46: Pickle and modules that wrap it can be unsafe when used to deserialize untrusted data, possible security issue.
setup.py1
  • line 8: Use of exec detected.
LOW 5
freecad/ship/Instance.py1
  • line 330: Try, Except, Continue detected.
freecad/ship/TankInstance.py1
  • line 140: Standard pseudo-random generators are not suitable for security/cryptographic purposes.
freecad/ship/shipHydrostatics/TaskPanel.py1
  • line 384: Try, Except, Continue detected.
freecad/ship/shipHydrostatics/Tools.py1
  • line 146: Standard pseudo-random generators are not suitable for security/cryptographic purposes.
freecad/ship/shipUtils/Serialize.py1
  • line 1: Consider possible security implications associated with pickle module.
INFO 2
package.xml1
  • Missing author information in package.xml
Layout1
  • Uses extension based layout
Authors/Maintainers 1
Jose Luis Cercós Pita

Quetzal master

A set of commands and objects that help to speed-up the drawing of frames and pipelines. Dodo successor.

97.3 / 100

Repository

https://github.com/EdgarJRobles/quetzal
master · 3 d · 28 python files

Statistics

2,575
DL(Yr)
1,002
DL(Mo)
26
Stars
10
Issues
Manifest
Branch
master
Version
1.8.9
License
LGPL-3.0-or-later
Dependencies 8
  • Compat: PySide2
  • Internal: Arch
  • Internal: BOPTools
  • Internal: Draft
  • Internal: PySide
  • Internal: pivy
  • Warn: numpy (Not in AddonManager allowed packages)
  • Warn: typing_extensions (Not in AddonManager allowed packages)
Python Issues 9
MEDIUM 2
translationz/update_crowdin.py2
  • line 173: Audit url open for permitted schemes. Allowing use of file:/ or custom schemes is often unexpected.
  • line 254: Audit url open for permitted schemes. Allowing use of file:/ or custom schemes is often unexpected.
LOW 7
pCmd.py1
  • line 461: Try, Except, Continue detected.
pFeatures.py1
  • line 1031: Try, Except, Continue detected.
translationz/update_crowdin.py5
  • line 75: Consider possible security implications associated with the subprocess module.
  • line 408: subprocess call - check for execution of untrusted input.
  • line 409: subprocess call - check for execution of untrusted input.
  • line 410: subprocess call - check for execution of untrusted input.
  • line 414: subprocess call - check for execution of untrusted input.
INFO 1
Layout1
  • Uses exec based layout
Authors/Maintainers 6
Edgar Robles triplus looo Edgar J Robles Riccardo Treu (oddtopus) microelly

FrameForge main

FrameForge is dedicated for creating Frames and Beams, and apply operations (miter cuts, trim cuts) on these profiles.

97 / 100

Repository

https://github.com/lukh/frameforge
main · v0.2.0 · 2 d · 25 python files

Statistics

3,581
DL(Yr)
1,180
DL(Mo)
25
Stars
19
Issues
Manifest
Branch
main
Version
0.2.0
License
LGPL-3.0-only
Dependencies 5
  • Internal: Assembly
  • Internal: BOPTools
  • Internal: PySide
  • Internal: pivy
  • Warn: setuptools (Not in AddonManager allowed packages)
Python Issues 3
MEDIUM 3
freecad/frameforge/_utils.py2
  • line 43: Use of possibly insecure function - consider using safer ast.literal_eval.
  • line 63: Use of possibly insecure function - consider using safer ast.literal_eval.
setup.py1
  • line 7: Use of exec detected.
INFO 2
package.xml1
  • Missing author information in package.xml
Layout1
  • Uses extension based layout
Authors/Maintainers 1
Vivien Henry

ProDarkThemePreferencePack main

ProDark preference pack including a stylesheet and othe GUI colour information for a complete ProDark experience

97 / 100

Repository

https://github.com/turn211/ProDarkThemePreferencePack
main · 2 yr · 0 python files

Statistics

1,364
DL(Yr)
514
DL(Mo)
7
Stars
0
Issues
Manifest
Branch
main
Version
1.0.0
License
GPL-2.0-or-later
Python Issues 1
HIGH 1
package.xml1
  • line 7: Element maintainer failed to validate attributes
INFO 2
package.xml1
  • Missing author information in package.xml
Layout1
  • No Mod init scripts found
Authors/Maintainers 1
turn211

AirPlaneDesign master

A FreeCAD workbench dedicated to Airplane Design.

97 / 100

Repository

https://github.com/FredsFactory/FreeCAD_AirPlaneDesign
master · 4 mo · 19 python files

Statistics

1,328
DL(Yr)
396
DL(Mo)
104
Stars
9
Issues
Manifest
Branch
master
Version
0.4.1
License
LGPL-2.1
Dependencies 3
  • Internal: Draft
  • Internal: PySide
  • Warn: numpy (Not in AddonManager allowed packages)
Python Issues 1
HIGH 1
package.xml1
  • line 2: Expecting a namespace for element package
INFO 2
package.xml1
  • Missing author information in package.xml
Layout1
  • Uses exec based layout
Authors/Maintainers 1
FredsFactory

ExplodedAssembly

No description

97 / 100

Repository

https://github.com/JMG1/ExplodedAssembly
master · 2 yr · 4 python files

Statistics

806
DL(Yr)
272
DL(Mo)
130
Stars
24
Issues
Dependencies 1
  • Internal: pivy
Python Issues 1
HIGH 1
package.xml1
  • File not found.
INFO 1
Layout1
  • Uses exec based layout
Authors/Maintainers 0

ModernUI

No description

97 / 100

Repository

https://github.com/HakanSeven12/Modern-UI
master · 5 yr · 8 python files

Statistics

558
DL(Yr)
184
DL(Mo)
77
Stars
18
Issues
Dependencies 1
  • Compat: PySide2
Python Issues 1
HIGH 1
package.xml1
  • File not found.
INFO 1
Layout1
  • Uses exec based layout
Authors/Maintainers 0

ArchTextures

No description

97 / 100

Repository

https://github.com/furti/FreeCAD-ArchTextures
master · 4 yr · 23 python files

Statistics

555
DL(Yr)
143
DL(Mo)
33
Stars
23
Issues
Dependencies 3
  • Compat: PySide2
  • Internal: PySide
  • Internal: pivy
Python Issues 1
HIGH 1
package.xml1
  • File not found.
INFO 1
Layout1
  • Uses exec based layout
Authors/Maintainers 0

Glass

No description

97 / 100

Repository

https://github.com/triplus/Glass
master · 6 yr · 2 python files

Statistics

261
DL(Yr)
88
DL(Mo)
25
Stars
9
Issues
Dependencies 1
  • Internal: PySide
Python Issues 1
HIGH 1
package.xml1
  • File not found.
INFO 1
Layout1
  • Uses exec based layout
Authors/Maintainers 0

IconThemes

No description

97 / 100

Repository

https://github.com/triplus/IconThemes
master · 6 yr · 3 python files

Statistics

258
DL(Yr)
78
DL(Mo)
20
Stars
8
Issues
Dependencies 1
  • Internal: PySide
Python Issues 1
HIGH 1
package.xml1
  • File not found.
INFO 1
Layout1
  • Uses exec based layout
Authors/Maintainers 0

CommandPanel

No description

97 / 100

Repository

https://github.com/triplus/CommandPanel
master · 7 yr · 10 python files

Statistics

0
DL(Yr)
0
DL(Mo)
3
Stars
1
Issues
Dependencies 1
  • Internal: PySide
Python Issues 1
HIGH 1
package.xml1
  • File not found.
INFO 1
Layout1
  • Uses exec based layout
Authors/Maintainers 0

CubeMenu

No description

97 / 100

Repository

https://github.com/triplus/CubeMenu
master · 6 yr · 8 python files

Statistics

0
DL(Yr)
0
DL(Mo)
6
Stars
1
Issues
Dependencies 1
  • Internal: PySide
Python Issues 1
HIGH 1
package.xml1
  • File not found.
INFO 1
Layout1
  • Uses exec based layout
Authors/Maintainers 0

OSE3dPrinter main

A FreeCAD workbench for designing 3D printers by Open Source Ecology for Distributive Enterprise.

97 / 100

Repository

https://github.com/gbroques/ose-3d-printer-workbench
master · 2 yr · 95 python files

Statistics

0
DL(Yr)
0
DL(Mo)
18
Stars
21
Issues
Manifest
Branch
main
Version
0.1.0
License
LGPL-2.1-or-later
Dependencies 3
  • Internal: PySide
  • Warn: Sphinx (Not in AddonManager allowed packages)
  • Warn: setuptools (Not in AddonManager allowed packages)
Python Issues 1
HIGH 1
package.xml1
  • Declared branch 'main' does not match git branch 'master'
INFO 2
package.xml1
  • Missing author information in package.xml
Layout1
  • Uses extension based layout
Authors/Maintainers 1
G Roques

Pyramids-and-Polyhedrons Latest

Create various polyhedrons in the Part workbench.

97 / 100

Repository

https://github.com/Addon-Shelter/Polyhedra
Stable · v0.2.2 · 4 d · 32 python files

Statistics

0
DL(Yr)
92
DL(Mo)
1
Stars
0
Issues
Manifest
Branch
Latest
Version
0.2.2
License
GPL-3.0-or-later, CC-BY-SA-4.0, Unlicense
Dependencies 1
  • Compat: PySide6
Python Issues 1
HIGH 1
package.xml1
  • Declared branch 'Latest' does not match git branch 'Stable'
INFO 1
Layout1
  • Uses extension based layout
Authors/Maintainers 2
Eddy Verlinden PhoneDroid

RemBench

No description

97 / 100

Repository

https://github.com/triplus/RemBench
master · 6 yr · 2 python files

Statistics

0
DL(Yr)
0
DL(Mo)
4
Stars
1
Issues
Dependencies 1
  • Internal: PySide
Python Issues 1
HIGH 1
package.xml1
  • File not found.
INFO 1
Layout1
  • Uses exec based layout
Authors/Maintainers 0

Reporting

No description

97 / 100

Repository

https://github.com/furti/FreeCAD-Reporting
master · 0.6 · 3 yr · 18 python files

Statistics

0
DL(Yr)
0
DL(Mo)
18
Stars
9
Issues
Dependencies 3
  • Compat: PySide2
  • Internal: Spreadsheet
  • Internal: pivy
Python Issues 1
HIGH 1
package.xml1
  • File not found.
INFO 1
Layout1
  • Uses exec based layout
Authors/Maintainers 0

SelectorToolbar

No description

97 / 100

Repository

https://github.com/triplus/SelectorToolbar
master · 7 yr · 2 python files

Statistics

0
DL(Yr)
0
DL(Mo)
8
Stars
3
Issues
Dependencies 1
  • Internal: PySide
Python Issues 1
HIGH 1
package.xml1
  • File not found.
INFO 1
Layout1
  • Uses exec based layout
Authors/Maintainers 0

ShortCuts

No description

97 / 100

Repository

https://github.com/triplus/ShortCuts
master · 6 yr · 3 python files

Statistics

0
DL(Yr)
0
DL(Mo)
9
Stars
9
Issues
Dependencies 1
  • Internal: PySide
Python Issues 1
HIGH 1
package.xml1
  • File not found.
INFO 1
Layout1
  • Uses exec based layout
Authors/Maintainers 0

TabBar

No description

97 / 100

Repository

https://github.com/triplus/TabBar
master · 7 yr · 2 python files

Statistics

0
DL(Yr)
0
DL(Mo)
9
Stars
1
Issues
Dependencies 1
  • Internal: PySide
Python Issues 1
HIGH 1
package.xml1
  • File not found.
INFO 1
Layout1
  • Uses exec based layout
Authors/Maintainers 0

Templater main

A workbench to gather some drafting related tools

97 / 100

Repository

https://github.com/FC-FBXL5/Templater
main · v.0.0.4-alpha · 6 mo · 8 python files

Statistics

0
DL(Yr)
0
DL(Mo)
1
Stars
0
Issues
Manifest
Branch
main
Version
0.0.2
License
LGPL-3.0-or-later
Dependencies 1
  • Internal: PySide
Python Issues 1
HIGH 1
package.xml1
  • line 9: Missing license file 'None'
INFO 2
package.xml1
  • Missing author information in package.xml
Layout1
  • Uses exec based layout
Authors/Maintainers 1
FBXL5

ToolbarStyle

No description

97 / 100

Repository

https://github.com/triplus/ToolbarStyle
master · 7 yr · 3 python files

Statistics

0
DL(Yr)
0
DL(Mo)
3
Stars
0
Issues
Dependencies 1
  • Internal: PySide
Python Issues 1
HIGH 1
package.xml1
  • File not found.
INFO 1
Layout1
  • Uses exec based layout
Authors/Maintainers 0

ose-piping

No description

97 / 100

Repository

https://github.com/rkrenzler/ose-piping-workbench
master · 3 yr · 35 python files

Statistics

0
DL(Yr)
0
DL(Mo)
13
Stars
4
Issues
Dependencies 2
  • Internal: PySide
  • Warn: pCmd (Not in AddonManager allowed packages)
Python Issues 1
HIGH 1
package.xml1
  • File not found.
INFO 1
Layout1
  • Uses exec based layout
Authors/Maintainers 0

pivy_trackers

No description

97 / 100

Repository

https://github.com/joelgraff/pivy_trackers
master · 6 yr · 61 python files

Statistics

0
DL(Yr)
0
DL(Mo)
23
Stars
6
Issues
Dependencies 2
  • Internal: PySide
  • Internal: pivy
Python Issues 1
HIGH 1
package.xml1
  • File not found.
INFO 1
Layout1
  • No Mod init scripts found
Authors/Maintainers 0

yaml-workbench master

A FreeCAD addon that loads and manipulates objects via YAML files.

97 / 100

Repository

https://github.com/Mambix/FreeCAD-yaml-workbench
· v0.1.4 · 7 mo · 23 python files

Statistics

0
DL(Yr)
0
DL(Mo)
11
Stars
2
Issues
Manifest
Branch
master
Version
0.1.4
License
LGPL-2.1-or-later
Dependencies 3
  • Internal: Mesh
  • Warn: PyYAML (Not in AddonManager allowed packages)
  • Warn: Requests (Not in AddonManager allowed packages)
Python Issues 1
HIGH 1
package.xml1
  • Declared branch 'master' does not match git branch ''
INFO 2
package.xml1
  • Missing author information in package.xml
Layout1
  • Uses extension based layout
Authors/Maintainers 1
MambiX Ltd.

MeshRemodel master

Workbench for remodeling and repairing mesh objects.

96.9 / 100

Repository

https://github.com/mwganson/MeshRemodel
master · 16 d · 10 python files

Statistics

2,247
DL(Yr)
1,100
DL(Mo)
32
Stars
0
Issues
Manifest
Branch
master
Version
1.11.0
License
LGPL-2.1-or-later
Dependencies 7
  • Compat: PySide6
  • Compat: shiboken6
  • Internal: Draft
  • Internal: Mesh
  • Internal: PySide
  • Warn: Requests (Not in AddonManager allowed packages)
  • Warn: numpy (Not in AddonManager allowed packages)
Python Issues 4
MEDIUM 3
freecad/Mesh_Remodel/MeshRemodelCmd.py1
  • line 1312: Possible SQL injection vector through string-based query construction.
freecad/Mesh_Remodel/Workbench.py2
  • line 101: Call to requests without timeout
  • line 105: Using xml.etree.ElementTree.fromstring to parse untrusted XML data is known to be vulnerable to XML attacks. Replace xml.etree.ElementTree.fromstring with its defusedxml equivalent function or make sure defusedxml.defuse_stdlib() is called
LOW 1
freecad/Mesh_Remodel/Workbench.py1
  • line 95: Using xml.etree.ElementTree to parse untrusted XML data is known to be vulnerable to XML attacks. Replace xml.etree.ElementTree with the equivalent defusedxml package, or make sure defusedxml.defuse_stdlib() is called.
INFO 1
Layout1
  • Uses extension based layout
Authors/Maintainers 1
Mark Ganson

dxf-library

No description

96.9 / 100

Repository

https://github.com/yorikvanhavre/Draft-dxf-importer
master · 2 yr · 4 python files

Statistics

431
DL(Yr)
123
DL(Mo)
73
Stars
4
Issues
Python Issues 2
HIGH 1
package.xml1
  • File not found.
LOW 1
license.*1
  • File not found.
INFO 1
Layout1
  • No Mod init scripts found
Authors/Maintainers 0

symbols_library

No description

96.9 / 100

Repository

https://github.com/FreeCAD/FreeCAD-symbols
master · 1 yr · 0 python files

Statistics

205
DL(Yr)
96
DL(Mo)
37
Stars
5
Issues
Python Issues 2
HIGH 1
package.xml1
  • File not found.
LOW 1
license.*1
  • File not found.
INFO 1
Layout1
  • No Mod init scripts found
Authors/Maintainers 0

Cubinets main

Visualize cabinet assemblies using parametric templates and generate cut lists.

96.9 / 100

Repository

https://github.com/foreachidea/Cubinets
latest · 4 d · 28 python files

Statistics

0
DL(Yr)
0
DL(Mo)
0
Stars
0
Issues
Manifest
Branch
main
Version
0.1.0-demo
License
GPL-3.0-or-later
Dependencies 2
  • Compat: PySide6
  • Internal: PySide
Python Issues 2
HIGH 1
package.xml1
  • Declared branch 'main' does not match git branch 'latest'
LOW 1
freecad/Cubinets/File.py1
  • line 68: Standard pseudo-random generators are not suitable for security/cryptographic purposes.
INFO 1
Layout1
  • Uses extension based layout
Authors/Maintainers 1
Vytautas Rimkevicius

Cubinets main

Visualize cabinet assemblies using parametric templates and generate cut lists.

96.9 / 100

Repository

https://github.com/foreachidea/Cubinets
stable · 4 d · 28 python files

Statistics

0
DL(Yr)
0
DL(Mo)
0
Stars
0
Issues
Manifest
Branch
main
Version
0.1.0-demo
License
GPL-3.0-or-later
Dependencies 2
  • Compat: PySide6
  • Internal: PySide
Python Issues 2
HIGH 1
package.xml1
  • Declared branch 'main' does not match git branch 'stable'
LOW 1
freecad/Cubinets/File.py1
  • line 68: Standard pseudo-random generators are not suitable for security/cryptographic purposes.
INFO 1
Layout1
  • Uses extension based layout
Authors/Maintainers 1
Vytautas Rimkevicius

bimtester

No description

96.9 / 100

Repository

https://github.com/bimtester/bimtesterfc
master · 4 yr · 43 python files

Statistics

0
DL(Yr)
0
DL(Mo)
2
Stars
4
Issues
Dependencies 7
  • Compat: PySide2
  • Internal: PySide
  • Warn: behave (Not in AddonManager allowed packages)
  • Warn: ifcopenshell (Not in AddonManager allowed packages)
  • Warn: numpy (Not in AddonManager allowed packages)
  • Warn: pystache (Not in AddonManager allowed packages)
  • Warn: utils (Not in AddonManager allowed packages)
Python Issues 2
HIGH 1
package.xml1
  • File not found.
LOW 1
license.*1
  • File not found.
INFO 1
Layout1
  • Uses extension based layout
Authors/Maintainers 0

kerkythea

No description

96.9 / 100

Repository

https://github.com/marmni/FreeCAD-Kerkythea
master · 6 yr · 0 python files

Statistics

0
DL(Yr)
0
DL(Mo)
5
Stars
0
Issues
Python Issues 2
HIGH 1
package.xml1
  • File not found.
LOW 1
license.*1
  • File not found.
INFO 1
Layout1
  • No Mod init scripts found
Authors/Maintainers 0

ConstraintDesign main

This addon adds a design workbench that is specially designed to be as flexible and stable as possible.

96.8 / 100

Repository

https://github.com/drwho495/ConstraintDesign-wb
main · 3 d · 47 python files

Statistics

945
DL(Yr)
249
DL(Mo)
13
Stars
16
Issues
Manifest
Branch
main
Version
beta-0.1
License
LGPL-2.1-only
Dependencies 2
  • Internal: PySide
  • Internal: pivy
Python Issues 3
HIGH 1
Layout1
  • Invalid __init__.py file in root. Change to Init.py
LOW 2
Entities/Extrusion.py1
  • line 659: Try, Except, Continue detected.
Utils/Utils.py1
  • line 254: Standard pseudo-random generators are not suitable for security/cryptographic purposes.
INFO 2
package.xml1
  • Missing author information in package.xml
Layout1
  • Uses exec based layout
Authors/Maintainers 1
drwho495

Lithophane

No description

96.8 / 100

Repository

https://github.com/furti/FreeCAD-Lithophane
master · 4 yr · 37 python files

Statistics

0
DL(Yr)
74
DL(Mo)
36
Stars
14
Issues
Dependencies 7
  • Compat: PySide2
  • Internal: Draft
  • Internal: Mesh
  • Internal: Points
  • Internal: PySide
  • Internal: pivy
  • Warn: bpy (Not in AddonManager allowed packages)
Python Issues 3
HIGH 1
package.xml1
  • File not found.
LOW 2
blender/blender_processor.py2
  • line 4: Consider possible security implications associated with the subprocess module.
  • line 100: subprocess call - check for execution of untrusted input.
INFO 1
Layout1
  • Uses exec based layout
Authors/Maintainers 0

lattice2 master

Tools and arrays of all sorts and kinds, and local coordinate systems

96.7 / 100

Repository

https://github.com/DeepSOIC/Lattice2
master · 3 mo · 73 python files

Statistics

4,767
DL(Yr)
771
DL(Mo)
78
Stars
30
Issues
Manifest
Branch
master
Version
1.1
License
LGPL-2.0-or-later
Dependencies 5
  • Internal: Draft
  • Internal: PySide
  • Internal: Sketcher
  • Internal: pivy
  • Warn: Show (Not in AddonManager allowed packages)
Python Issues 4
HIGH 1
package.xml1
  • line 8: Missing license file 'LICENSE'
LOW 3
lattice2ShapeInfoFeature.py1
  • line 155: Try, Except, Continue detected.
lattice2ValueSeriesGenerator.py1
  • line 204: Standard pseudo-random generators are not suitable for security/cryptographic purposes.
license.*1
  • File not found.
INFO 2
package.xml1
  • Missing author information in package.xml
Layout1
  • Uses exec based layout
Authors/Maintainers 1
DeepSOIC

addFC main

Additional tools for FreeCAD.

96.7 / 100

Repository

https://github.com/GS90/addFC
main · 2 d · 21 python files

Statistics

3,893
DL(Yr)
1,480
DL(Mo)
36
Stars
0
Issues
Manifest
Branch
main
Version
3.5.7
License
LGPL-2.1-or-later
Dependencies 7
  • Internal: Arch
  • Internal: Draft
  • Internal: Mesh
  • Internal: PySide
  • Warn: ezdxf (Not in AddonManager allowed packages)
  • Warn: numpy (Not in AddonManager allowed packages)
  • Warn: stepZ (Not in AddonManager allowed packages)
Python Issues 15
MEDIUM 2
addon/addFC/Preference.py1
  • line 112: Using xml.etree.ElementTree.parse to parse untrusted XML data is known to be vulnerable to XML attacks. Replace xml.etree.ElementTree.parse with its defusedxml equivalent function or make sure defusedxml.defuse_stdlib() is called
addon/addFC/toolkit/Library.py1
  • line 404: Use of extra potential SQL attack vector.
LOW 13
addon/addFC/Other.py9
  • line 26: Consider possible security implications associated with the subprocess module.
  • line 64: Starting a process with a partial executable path
  • line 64: subprocess call - check for execution of untrusted input.
  • line 65: Starting a process with a partial executable path
  • line 65: subprocess call - check for execution of untrusted input.
  • line 66: Starting a process with a partial executable path
  • line 66: subprocess call - check for execution of untrusted input.
  • line 144: Starting a process with a partial executable path
  • line 144: subprocess call - check for execution of untrusted input.
addon/addFC/Preference.py4
  • line 29: Consider possible security implications associated with the subprocess module.
  • line 30: Using xml.etree.ElementTree to parse untrusted XML data is known to be vulnerable to XML attacks. Replace xml.etree.ElementTree with the equivalent defusedxml package, or make sure defusedxml.defuse_stdlib() is called.
  • line 88: Starting a process with a partial executable path
  • line 88: subprocess call - check for execution of untrusted input.
INFO 1
Layout1
  • No Mod init scripts found
Authors/Maintainers 1
Golodnikov Sergey

Telemetry main

Help improve FreeCAD by sending basic metrics to the development team.

96.6 / 100

Repository

https://github.com/FreeCAD/FreeCAD-Telemetry
main · 2 mo · 9 python files

Statistics

1,092
DL(Yr)
154
DL(Mo)
11
Stars
7
Issues
Manifest
Branch
main
Version
1.0.5
License
LGPL-2.1-or-later, CC-BY-4.0
Dependencies 3
  • Internal: PySide
  • Warn: posthog (Not in AddonManager allowed packages)
  • Warn: sentry_sdk (Not in AddonManager allowed packages)
Python Issues 7
MEDIUM 3
Resources/translations/run_translation_cycle.py2
  • line 88: Audit url open for permitted schemes. Allowing use of file:/ or custom schemes is often unexpected.
  • line 138: Audit url open for permitted schemes. Allowing use of file:/ or custom schemes is often unexpected.
TelemetryPreferences.py1
  • line 159: Audit url open for permitted schemes. Allowing use of file:/ or custom schemes is often unexpected.
LOW 4
Resources/translations/run_translation_cycle.py4
  • line 37: Consider possible security implications associated with the subprocess module.
  • line 188: Starting a process with a partial executable path
  • line 188: subprocess call - check for execution of untrusted input.
  • line 351: subprocess call - check for execution of untrusted input.
INFO 2
package.xml1
  • Missing author information in package.xml
Layout1
  • Uses exec based layout
Authors/Maintainers 1
The FreeCAD project association AISBL

EM master

This project is dedicated to building an ElectroMagnetic workbench for FreeCAD, with support for inductance and capacitance solvers.

96.5 / 100

Repository

https://github.com/ediloren/EM-Workbench-for-FreeCAD
master · 2 yr · 24 python files

Statistics

264
DL(Yr)
92
DL(Mo)
65
Stars
6
Issues
Manifest
Branch
master
Version
2.1.1
License
LGPLv2.1
Dependencies 6
  • Internal: Draft
  • Internal: Mesh
  • Internal: PySide
  • Internal: pivy
  • Warn: numpy (Not in AddonManager allowed packages)
  • Warn: scipy (Not in AddonManager allowed packages)
Python Issues 6
HIGH 1
package.xml1
  • line 8: Missing license file 'LICENSE'
LOW 5
launch_fastercap.py2
  • line 25: Consider possible security implications associated with the subprocess module.
  • line 32: subprocess call - check for execution of untrusted input.
launch_fasthenry.py2
  • line 27: Consider possible security implications associated with the subprocess module.
  • line 34: subprocess call - check for execution of untrusted input.
license.*1
  • File not found.
INFO 2
package.xml1
  • Missing author information in package.xml
Layout1
  • Uses exec based layout
Authors/Maintainers 1
Enrico Di Lorenzo

slic3r-tools

No description

96.3 / 100

Repository

https://github.com/limikael/freecad-slic3r-tools
master · 6 yr · 9 python files

Statistics

0
DL(Yr)
0
DL(Mo)
17
Stars
8
Issues
Dependencies 2
  • Internal: Mesh
  • Internal: PySide
Python Issues 8
HIGH 1
package.xml1
  • File not found.
LOW 7
Slcr.py2
  • line 1: Consider possible security implications associated with the subprocess module.
  • line 39: subprocess call - check for execution of untrusted input.
SlcrDoc.py2
  • line 1: Consider possible security implications associated with the subprocess module.
  • line 109: subprocess call - check for execution of untrusted input.
build.py2
  • line 4: Starting a process with a shell: Seems safe, but may be changed in the future, consider rewriting without shell
  • line 4: Starting a process with a partial executable path
license.*1
  • File not found.
INFO 1
Layout1
  • Uses exec based layout
Authors/Maintainers 0

3DfindIT master

3DfindIT.com, the engineering search engine for 3D components from CADENAS, provides users with easy access to millions of CAD models from t...

96 / 100

Repository

https://github.com/cadenasgmbh/3dfindit-freecad-integration
master · 5 mo · 6 python files

Statistics

2,084
DL(Yr)
648
DL(Mo)
31
Stars
11
Issues
Manifest
Branch
master
Version
1.2
License
LGPL-3.0
Dependencies 1
  • Compat: PySide2
Python Issues 2
HIGH 1
package.xml1
  • line 2: Expecting a namespace for element package
MEDIUM 1
freecad/cadenas3dfindit/native_api.py1
  • line 72: Audit url open for permitted schemes. Allowing use of file:/ or custom schemes is often unexpected.
INFO 2
package.xml1
  • Missing author information in package.xml
Layout1
  • Uses extension based layout
Authors/Maintainers 1
Tobias Sielaff

LCInterlocking master

Create interlocking parts for laser cutting or CNC milling

96 / 100

Repository

https://github.com/execuc/LCInterlocking
master · 1.5.1 · 4 mo · 32 python files

Statistics

1,046
DL(Yr)
397
DL(Mo)
183
Stars
33
Issues
Manifest
Branch
master
Version
1.5.1
License
LGPL-2.1-or-later
Dependencies 2
  • Internal: Draft
  • Internal: PySide
Python Issues 2
HIGH 1
package.xml1
  • line 7: Element maintainer failed to validate attributes
MEDIUM 1
panel/propertieslist.py1
  • line 37: Use of possibly insecure function - consider using safer ast.literal_eval.
INFO 1
Layout1
  • Uses exec based layout
Authors/Maintainers 1
execuc

Plot master

Some tools to manipulate the FreeCAD plots

96 / 100

Repository

https://github.com/FreeCAD/Plot
· 2024.11.26 · 1 yr · 16 python files

Statistics

0
DL(Yr)
0
DL(Mo)
14
Stars
0
Issues
Manifest
Branch
master
Version
2024.11.26
License
LGPL-2.1-or-later
Dependencies 4
  • Internal: PySide
  • Warn: PyQt5 (Not in AddonManager allowed packages)
  • Warn: matplotlib (Not in AddonManager allowed packages)
  • Warn: setuptools (Not in AddonManager allowed packages)
Python Issues 2
HIGH 1
package.xml1
  • Declared branch 'master' does not match git branch ''
MEDIUM 1
setup.py1
  • line 8: Use of exec detected.
INFO 2
package.xml1
  • Missing author information in package.xml
Layout1
  • Uses extension based layout
Authors/Maintainers 1
Jose Luis Cercós Pita

InventorLoader master

This plugin enables FreeCAD to import Inventor part files (*.IPT), ACIS files (*.SAT, *.SAB), 3D-Solids from DXF files and Fusion360 (*.f3d)...

95.7 / 100

Repository

https://github.com/jmplonka/InventorLoader
master · 1 yr · 39 python files

Statistics

1,051
DL(Yr)
393
DL(Mo)
157
Stars
58
Issues
Manifest
Branch
master
Version
1.5.1
License
LGPL-3.0-or-later
Dependencies 10
  • Internal: Draft
  • Internal: Mesh
  • Internal: PySide
  • Internal: Sketcher
  • Internal: pivy
  • Warn: ezdxf (Not in AddonManager allowed packages)
  • Warn: olefile (Not in AddonManager allowed packages)
  • Warn: xlrd (Not in AddonManager allowed packages)
  • Warn: xlutils (Not in AddonManager allowed packages)
  • Warn: xlwt (Not in AddonManager allowed packages)
Python Issues 5
HIGH 1
package.xml1
  • line 6: Missing license file 'None'
MEDIUM 1
Acis.py1
  • line 276: Use of possibly insecure function - consider using safer ast.literal_eval.
LOW 3
Acis.py1
  • line 5051: Possible hardcoded password: '('
InitGui.py2
  • line 15: subprocess call - check for execution of untrusted input.
  • line 17: Consider possible security implications associated with the subprocess module.
INFO 2
package.xml1
  • Missing author information in package.xml
Layout1
  • Uses exec based layout
Authors/Maintainers 1
jmplonka

fasteners master

Some common fasteners and fastener tools for FreeCAD.

95.6 / 100

Repository

https://github.com/shaise/FreeCAD_FastenersWB
master · 1 d · 92 python files

Statistics

32,991
DL(Yr)
11,565
DL(Mo)
373
Stars
79
Issues
Manifest
Branch
master
Version
0.5.50
License
GPL-2.0-or-later
Dependencies 5
  • Compat: PySide2
  • Internal: Draft
  • Internal: PySide
  • Warn: pytest (Not in AddonManager allowed packages)
  • Warn: utils (Not in AddonManager allowed packages)
Python Issues 6
HIGH 1
Resources/translations/compile_qm.py1
  • line 34: Starting a process with a shell, possible injection detected, security issue.
MEDIUM 1
screw_maker.py1
  • line 156: Use of possibly insecure function - consider using safer ast.literal_eval.
LOW 4
Resources/translations/create_ts.py4
  • line 35: Starting a process with a shell: Seems safe, but may be changed in the future, consider rewriting without shell
  • line 35: Starting a process with a partial executable path
  • line 48: Starting a process with a shell: Seems safe, but may be changed in the future, consider rewriting without shell
  • line 48: Starting a process with a partial executable path
INFO 2
package.xml1
  • Missing author information in package.xml
Layout1
  • Uses exec based layout
Authors/Maintainers 1
Shai Seger

Road main

Road is the Transportation and Geomatics Engineering workbench for FreeCAD.

95.6 / 100

Repository

https://github.com/HakanSeven12/Road
main · 14 d · 128 python files

Statistics

1,604
DL(Yr)
355
DL(Mo)
37
Stars
7
Issues
Manifest
Branch
main
Version
2026.03.17
License
LGPL-2.1-or-later, CC-BY-SA-4.0
Dependencies 7
  • Internal: Mesh
  • Internal: Points
  • Internal: PySide
  • Internal: pivy
  • Warn: numpy (Not in AddonManager allowed packages)
  • Warn: pyproj (Not in AddonManager allowed packages)
  • Warn: scipy (Not in AddonManager allowed packages)
Python Issues 17
MEDIUM 3
freecad/road/tasks/task_selection.py2
  • line 40: Possible SQL injection vector through string-based query construction.
  • line 102: Possible SQL injection vector through string-based query construction.
modules/landxml/landxml_reader.py1
  • line 166: Using xml.etree.ElementTree.parse to parse untrusted XML data is known to be vulnerable to XML attacks. Replace xml.etree.ElementTree.parse with its defusedxml equivalent function or make sure defusedxml.defuse_stdlib() is called
LOW 14
freecad/road/geometry/alignment/alignment.py2
  • line 371: Try, Except, Continue detected.
  • line 645: Try, Except, Continue detected.
freecad/road/objects/road.py1
  • line 78: Try, Except, Continue detected.
freecad/road/viewproviders/view_terrain.py3
  • line 24: Standard pseudo-random generators are not suitable for security/cryptographic purposes.
  • line 24: Standard pseudo-random generators are not suitable for security/cryptographic purposes.
  • line 24: Standard pseudo-random generators are not suitable for security/cryptographic purposes.
freecad/road/viewproviders/view_volume.py3
  • line 20: Standard pseudo-random generators are not suitable for security/cryptographic purposes.
  • line 20: Standard pseudo-random generators are not suitable for security/cryptographic purposes.
  • line 20: Standard pseudo-random generators are not suitable for security/cryptographic purposes.
modules/landxml/alignment_parser.py1
  • line 9: Using xml.etree.ElementTree to parse untrusted XML data is known to be vulnerable to XML attacks. Replace xml.etree.ElementTree with the equivalent defusedxml package, or make sure defusedxml.defuse_stdlib() is called.
modules/landxml/cgpoint_parser.py1
  • line 9: Using xml.etree.ElementTree to parse untrusted XML data is known to be vulnerable to XML attacks. Replace xml.etree.ElementTree with the equivalent defusedxml package, or make sure defusedxml.defuse_stdlib() is called.
modules/landxml/landxml_reader.py1
  • line 4: Using xml.etree.ElementTree to parse untrusted XML data is known to be vulnerable to XML attacks. Replace xml.etree.ElementTree with the equivalent defusedxml package, or make sure defusedxml.defuse_stdlib() is called.
modules/landxml/profile_parser.py1
  • line 9: Using xml.etree.ElementTree to parse untrusted XML data is known to be vulnerable to XML attacks. Replace xml.etree.ElementTree with the equivalent defusedxml package, or make sure defusedxml.defuse_stdlib() is called.
modules/landxml/surface_parser.py1
  • line 9: Using xml.etree.ElementTree to parse untrusted XML data is known to be vulnerable to XML attacks. Replace xml.etree.ElementTree with the equivalent defusedxml package, or make sure defusedxml.defuse_stdlib() is called.
INFO 2
package.xml1
  • Missing author information in package.xml
Layout1
  • Uses extension based layout
Authors/Maintainers 1
Hakan Seven

btl main

A FreeCAD Path Addon to manage your tool library.

95.5 / 100

Repository

https://github.com/knipknap/better-tool-library
main · 7 mo · 49 python files

Statistics

376
DL(Yr)
0
DL(Mo)
39
Stars
17
Issues
Manifest
Branch
main
Version
0.9.9
License
MIT
Dependencies 7
  • Internal: PySide
  • Warn: Path (Not in AddonManager allowed packages)
  • Warn: PyQt5 (Not in AddonManager allowed packages)
  • Warn: matplotlib (Not in AddonManager allowed packages)
  • Warn: numpy (Not in AddonManager allowed packages)
  • Warn: pip (Not in AddonManager allowed packages)
  • Warn: scipy (Not in AddonManager allowed packages)
Python Issues 7
HIGH 1
package.xml1
  • line 2: Expecting a namespace for element package
MEDIUM 1
btl/util.py1
  • line 21: Using xml.etree.ElementTree.fromstring to parse untrusted XML data is known to be vulnerable to XML attacks. Replace xml.etree.ElementTree.fromstring with its defusedxml equivalent function or make sure defusedxml.defuse_stdlib() is called
LOW 5
btl/params.py1
  • line 154: Standard pseudo-random generators are not suitable for security/cryptographic purposes.
btl/util.py1
  • line 3: Using xml.etree.ElementTree to parse untrusted XML data is known to be vulnerable to XML attacks. Replace xml.etree.ElementTree with the equivalent defusedxml package, or make sure defusedxml.defuse_stdlib() is called.
btl/version.py3
  • line 2: Consider possible security implications associated with the subprocess module.
  • line 8: Starting a process with a partial executable path
  • line 8: subprocess call - check for execution of untrusted input.
INFO 2
package.xml1
  • Missing author information in package.xml
Layout1
  • Uses exec based layout
Authors/Maintainers 1
Samuel Abels

BillOfMaterials main

A workbench to create Bill of Materials (BoM) independent of the assembly workbench of your choice.

95.4 / 100

Repository

https://github.com/APEbbers/BillOfMaterials-WB
main · 4 mo · 35 python files

Statistics

1,391
DL(Yr)
345
DL(Mo)
29
Stars
1
Issues
Manifest
Branch
main
Version
1.1.0.1
License
LGPL-3.0-or-later
Dependencies 3
  • Internal: PySide
  • Warn: matplotlib (Not in AddonManager allowed packages)
  • Warn: openpyxl (Not in AddonManager allowed packages)
Python Issues 8
HIGH 1
Layout1
  • Invalid __init__.py file in root. Change to Init.py
MEDIUM 1
StyleMapping_BOM_WB.py1
  • line 86: Using xml.etree.ElementTree.parse to parse untrusted XML data is known to be vulnerable to XML attacks. Replace xml.etree.ElementTree.parse with its defusedxml equivalent function or make sure defusedxml.defuse_stdlib() is called
LOW 6
Standard_Functions_BOM_WB.py5
  • line 287: Consider possible security implications associated with the subprocess module.
  • line 294: subprocess call - check for execution of untrusted input.
  • line 296: Starting a process without a shell.
  • line 300: Starting a process with a partial executable path
  • line 300: subprocess call - check for execution of untrusted input.
StyleMapping_BOM_WB.py1
  • line 46: Using xml.etree.ElementTree to parse untrusted XML data is known to be vulnerable to XML attacks. Replace xml.etree.ElementTree with the equivalent defusedxml package, or make sure defusedxml.defuse_stdlib() is called.
INFO 2
package.xml1
  • Missing author information in package.xml
Layout1
  • Uses exec based layout
Authors/Maintainers 1
Paul Ebbers

DynamicData master

Container object for holding custom properties, alternative to spreadsheet

94.9 / 100

Repository

https://github.com/mwganson/DynamicData
master · 4 mo · 4 python files

Statistics

1,356
DL(Yr)
253
DL(Mo)
49
Stars
23
Issues
Manifest
Branch
master
Version
2.77
License
LGPL-2.1-or-later
Dependencies 2
  • Internal: PySide
  • Warn: Requests (Not in AddonManager allowed packages)
Python Issues 4
HIGH 1
package.xml1
  • line 2: Expecting a namespace for element package
MEDIUM 2
freecad/Dynamic_Data/init_gui.py2
  • line 113: Call to requests without timeout
  • line 117: Using xml.etree.ElementTree.fromstring to parse untrusted XML data is known to be vulnerable to XML attacks. Replace xml.etree.ElementTree.fromstring with its defusedxml equivalent function or make sure defusedxml.defuse_stdlib() is called
LOW 1
freecad/Dynamic_Data/init_gui.py1
  • line 98: Using xml.etree.ElementTree to parse untrusted XML data is known to be vulnerable to XML attacks. Replace xml.etree.ElementTree with the equivalent defusedxml package, or make sure defusedxml.defuse_stdlib() is called.
INFO 2
package.xml1
  • Missing author information in package.xml
Layout1
  • Uses extension based layout
Authors/Maintainers 1
TheMarkster

Assembly3 master

Assembly3 workbench an attempt to bring assembly capability to FreeCAD using SolveSpace constraint solver

94.7 / 100

Repository

https://github.com/realthunder/FreeCAD_assembly3
master · 5 mo · 18 python files

Statistics

1,286
DL(Yr)
364
DL(Mo)
899
Stars
333
Issues
Manifest
Branch
master
Version
0.12.3
License
GPL-3.0-only
Dependencies 10
  • Compat: PySide2
  • Internal: Draft
  • Internal: PySide
  • Internal: pivy
  • Warn: numpy (Not in AddonManager allowed packages)
  • Warn: py_slvs (Not in AddonManager allowed packages)
  • Warn: scipy (Not in AddonManager allowed packages)
  • Warn: setuptools (Not in AddonManager allowed packages)
  • Warn: slvs (Not in AddonManager allowed packages)
  • Warn: sympy (Not in AddonManager allowed packages)
Python Issues 6
HIGH 1
Layout1
  • Invalid __init__.py file in root.
MEDIUM 2
freecad/asm3/deps/six.py1
  • line 709: Use of exec detected.
setup.py1
  • line 7: Use of exec detected.
LOW 3
freecad/asm3/install_prompt.py3
  • line 5: Consider possible security implications associated with the subprocess module.
  • line 68: subprocess call - check for execution of untrusted input.
  • line 71: subprocess call - check for execution of untrusted input.
INFO 2
package.xml1
  • Missing author information in package.xml
Layout1
  • Uses extension based layout
Authors/Maintainers 1
RealThunder

3D_Printing_Tools

No description

94.6 / 100

Repository

https://github.com/mark1791/3D_Printing_Tools
master · 7 yr · 5 python files

Statistics

1,378
DL(Yr)
527
DL(Mo)
53
Stars
7
Issues
Dependencies 2
  • Internal: Mesh
  • Internal: PySide
Python Issues 7
HIGH 1
package.xml1
  • File not found.
MEDIUM 2
_SMutils.py2
  • line 53: Use of possibly insecure function - consider using safer ast.literal_eval.
  • line 63: Use of possibly insecure function - consider using safer ast.literal_eval.
LOW 4
SM_Graphic_Properties.py3
  • line 42: Standard pseudo-random generators are not suitable for security/cryptographic purposes.
  • line 43: Standard pseudo-random generators are not suitable for security/cryptographic purposes.
  • line 44: Standard pseudo-random generators are not suitable for security/cryptographic purposes.
SM_Mesh_Solid.py1
  • line 43: Standard pseudo-random generators are not suitable for security/cryptographic purposes.
INFO 1
Layout1
  • Uses exec based layout
Authors/Maintainers 0

DesignSPHysics master

DesignSPHysics is a macro/addon for FreeCAD that provides a Graphical User Interface for fluid and multi-physics solver DualSPHysics

94.4 / 100

Repository

https://github.com/DualSPHysics/DesignSPHysics
master · 2 mo · 315 python files

Statistics

307
DL(Yr)
129
DL(Mo)
146
Stars
31
Issues
Manifest
Branch
master
Version
0.8.1 (29-05-2025)
License
GPL-3.0-or-later
Dependencies 6
  • Compat: PySide2
  • Internal: Draft
  • Internal: Fem
  • Internal: Mesh
  • Warn: defusedexpat (Not in AddonManager allowed packages)
  • Warn: ordereddict (Not in AddonManager allowed packages)
Python Issues 20
MEDIUM 4
mod/dataobjects/configuration/executable_paths.py1
  • line 114: Pickle and modules that wrap it can be unsafe when used to deserialize untrusted data, possible security issue.
mod/main.py1
  • line 95: Audit url open for permitted schemes. Allowing use of file:/ or custom schemes is often unexpected.
mod/tools/stdout_tools.py1
  • line 46: Probable insecure usage of temp file/directory.
mod/xml/importer.py1
  • line 144: Using xml.etree.ElementTree.fromstring to parse untrusted XML data is known to be vulnerable to XML attacks. Replace xml.etree.ElementTree.fromstring with its defusedxml equivalent function or make sure defusedxml.defuse_stdlib() is called
LOW 16
mod/dataobjects/configuration/executable_paths.py1
  • line 9: Consider possible security implications associated with pickle module.
mod/dataobjects/motion/focused_piston_wave_gen.py1
  • line 34: Standard pseudo-random generators are not suitable for security/cryptographic purposes.
mod/dataobjects/motion/irregular_flap_wave_gen.py1
  • line 30: Standard pseudo-random generators are not suitable for security/cryptographic purposes.
mod/dataobjects/motion/irregular_piston_wave_gen.py1
  • line 29: Standard pseudo-random generators are not suitable for security/cryptographic purposes.
mod/dataobjects/relaxation_zone/relaxation_zone_irregular.py1
  • line 16: Standard pseudo-random generators are not suitable for security/cryptographic purposes.
mod/tools/file_tools.py2
  • line 16: Consider possible security implications associated with pickle module.
  • line 23: Consider possible security implications associated with UnpicklingError module.
mod/tools/pickle_tool.py1
  • line 2: Consider possible security implications associated with pickle module.
mod/tools/post_processing_tools.py3
  • line 5: Consider possible security implications associated with the subprocess module.
  • line 73: subprocess call - check for execution of untrusted input.
  • line 378: subprocess call - check for execution of untrusted input.
mod/widgets/dock/dock_widgets/gencase_completed_dialog.py2
  • line 5: Consider possible security implications associated with the subprocess module.
  • line 116: subprocess call - check for execution of untrusted input.
mod/xml/importer.py1
  • line 12: Using xml.etree.ElementTree to parse untrusted XML data is known to be vulnerable to XML attacks. Replace xml.etree.ElementTree with the equivalent defusedxml package, or make sure defusedxml.defuse_stdlib() is called.
mod/xml/xmltodict.py2
  • line 9: Using XMLGenerator to parse untrusted XML data is known to be vulnerable to XML attacks. Replace XMLGenerator with the equivalent defusedxml package, or make sure defusedxml.defuse_stdlib() is called.
  • line 10: Using AttributesImpl to parse untrusted XML data is known to be vulnerable to XML attacks. Replace AttributesImpl with the equivalent defusedxml package, or make sure defusedxml.defuse_stdlib() is called.
INFO 2
package.xml1
  • Missing author information in package.xml
Layout1
  • No Mod init scripts found
Authors/Maintainers 1
Iván Martínez Estévez

OpenTheme main

An accessible and coordinated set of Light and Dark themes for FreeCAD

94 / 100

Repository

https://github.com/obelisk79/OpenTheme
main · 2 mo · 0 python files

Statistics

15,199
DL(Yr)
7,703
DL(Mo)
90
Stars
53
Issues
Manifest
Branch
main
Version
2025.05.20
License
LGPL-2.1-or-later
Python Issues 2
HIGH 2
package.xml2
  • line 17: Element preferencepack has extra content: type
  • line 13: Element content has extra content: preferencepack
INFO 2
package.xml1
  • Missing author information in package.xml
Layout1
  • No Mod init scripts found
Authors/Maintainers 1
Obelisk79

freecad.gears master

A gear workbench for FreeCAD

94 / 100

Repository

https://github.com/looooo/freecad.gears
master · 1 d · 31 python files

Statistics

14,757
DL(Yr)
5,303
DL(Mo)
328
Stars
78
Issues
Manifest
Branch
master
Version
1.3
License
GPL-3.0-or-later
Dependencies 5
  • Internal: PySide
  • Warn: numpy (Not in AddonManager allowed packages)
  • Warn: pytest (Not in AddonManager allowed packages)
  • Warn: scipy (Not in AddonManager allowed packages)
  • Warn: sympy (Not in AddonManager allowed packages)
Python Issues 2
HIGH 2
package.xml2
  • line 22: Did not expect element depend there
  • line 15: Element content has extra content: workbench
INFO 2
package.xml1
  • Missing author information in package.xml
Layout1
  • Uses extension based layout
Authors/Maintainers 1
looooo

FreeCAD-themes main

Additional themes for FreeCAD

94 / 100

Repository

https://github.com/FreeCAD/FreeCAD-themes
main · 2 mo · 0 python files

Statistics

3,593
DL(Yr)
1,529
DL(Mo)
8
Stars
3
Issues
Manifest
Branch
main
Version
2025.11.25
License
LGPL-2.1-or-later
Python Issues 2
HIGH 2
package.xml2
  • line 15: Element preferencepack has extra content: type
  • line 13: Element content has extra content: preferencepack
INFO 2
package.xml1
  • Missing author information in package.xml
Layout1
  • No Mod init scripts found
Authors/Maintainers 1
The FreeCAD Team

Color-Palette-Theme main

Choose your colors with the "ColorPalette" Theme and increase the focus on objects and texts(FreeCAD v1.1.0 ≥)

94 / 100

Repository

https://github.com/altangarts/FreeCAD-Themes-ColorPalette
main · 1 mo · 0 python files

Statistics

2,631
DL(Yr)
516
DL(Mo)
10
Stars
2
Issues
Manifest
Branch
main
Version
2.1.7
License
LGPL-2.1-or-later
Python Issues 2
HIGH 2
package.xml2
  • line 17: Element preferencepack has extra content: type
  • line 13: Element content has extra content: preferencepack
INFO 2
package.xml1
  • Missing author information in package.xml
Layout1
  • No Mod init scripts found
Authors/Maintainers 1
altangarts

PieMenu master

The PieMenu module is a tool to accelerate and simplify your workflow in usage of FreeCAD.

94 / 100

Repository

https://github.com/Grubuntu/PieMenu
master · today · 2 python files

Statistics

2,475
DL(Yr)
696
DL(Mo)
25
Stars
5
Issues
Manifest
Branch
master
Version
1.12.4
License
LGPL-2.1-or-later
Dependencies 1
  • Internal: PySide
Python Issues 2
HIGH 2
package.xml2
  • line 7: Element maintainer failed to validate attributes
  • line 8: Missing license file 'LICENSE'
INFO 2
package.xml1
  • Missing author information in package.xml
Layout1
  • Uses exec based layout
Authors/Maintainers 1
Grubuntu

Estimate main

A FreeCAD workbench to estimate material quantity by volume or weight for selected parts

94 / 100

Repository

https://github.com/erroronline1/estimateWB
master · 2 mo · 6 python files

Statistics

1,202
DL(Yr)
220
DL(Mo)
13
Stars
1
Issues
Manifest
Branch
main
Version
0.1.5
License
LGPL-3.0-or-later
Dependencies 1
  • Internal: PySide
Python Issues 2
HIGH 2
package.xml2
  • line 44: Missing license file 'LICENSE'
  • Declared branch 'main' does not match git branch 'master'
INFO 1
Layout1
  • Uses extension based layout
Authors/Maintainers 1
error on line 1

Freecad-Built-in-themes-beta main

Beta versions of the preference Packs included with the FreeCAD distribution

94 / 100

Repository

https://github.com/MisterMakerNL/Freecad-Built-in-themes-beta
main · 2 yr · 0 python files

Statistics

845
DL(Yr)
263
DL(Mo)
4
Stars
1
Issues
Manifest
Branch
main
Version
1.2.2
License
LGPL-2.0-or-later
Python Issues 2
HIGH 2
package.xml2
  • line 2: Expecting a namespace for element package
  • line 7: Missing license file '../../LICENSE'
INFO 2
package.xml1
  • Missing author information in package.xml
Layout1
  • No Mod init scripts found
Authors/Maintainers 1
MisterMaker

GDT

No description

94 / 100

Repository

https://github.com/juanvanyo/FreeCAD-GDT
master · 2 yr · 8 python files

Statistics

0
DL(Yr)
0
DL(Mo)
50
Stars
12
Issues
Dependencies 4
  • Internal: Draft
  • Internal: PySide
  • Internal: pivy
  • Warn: numpy (Not in AddonManager allowed packages)
Python Issues 2
HIGH 2
Gui/Resources/compile_resources_pack.py1
  • line 20: Starting a process with a shell, possible injection detected, security issue.
package.xml1
  • File not found.
INFO 1
Layout1
  • Uses exec based layout
Authors/Maintainers 0

SlopedPlanesMacro

No description

94 / 100

Repository

https://github.com/luzpaz/SlopedPlanesMacro
master · 7 yr · 14 python files

Statistics

0
DL(Yr)
0
DL(Mo)
4
Stars
0
Issues
Dependencies 2
  • Internal: PySide
  • Internal: Sketcher
Python Issues 2
HIGH 2
package.xml1
  • File not found.
Layout1
  • Invalid __init__.py file in root.
INFO 1
Layout1
  • No Mod init scripts found
Authors/Maintainers 0

Smooth-Toolsync main

The Smooth addon provides bidirectional synchronization between FreeCAD's CAM tool libraries and the Smooth tool data exchange system. ...

94 / 100

Repository

https://github.com/loobric/smooth-freecad.git
master · 3 mo · 13 python files

Statistics

0
DL(Yr)
0
DL(Mo)
0
Stars
0
Issues
Manifest
Branch
main
Version
0.1.0
License
MIT
Dependencies 5
  • Internal: PySide
  • Warn: Path (Not in AddonManager allowed packages)
  • Warn: Requests (Not in AddonManager allowed packages)
  • Warn: clients (Not in AddonManager allowed packages)
  • Warn: pytest (Not in AddonManager allowed packages)
Python Issues 2
HIGH 2
package.xml2
  • line 39: Element package has extra content: tags
  • Declared branch 'main' does not match git branch 'master'
INFO 2
package.xml1
  • Missing author information in package.xml
Layout1
  • Uses extension based layout
Authors/Maintainers 1
Brad Collette

CfdOF master

Computational Fluid Dynamics (CFD) based on OpenFOAM.

93.9 / 100

Repository

https://github.com/jaheyns/CfdOF
master · 1 d · 71 python files

Statistics

5,319
DL(Yr)
2,255
DL(Mo)
642
Stars
13
Issues
Manifest
Branch
master
Version
1.34.12
License
LGPL-3.0-or-later
Dependencies 8
  • Internal: BOPTools
  • Internal: Fem
  • Internal: PySide
  • Internal: pivy
  • Warn: PyQt5 (Not in AddonManager allowed packages)
  • Warn: certifi (Not in AddonManager allowed packages)
  • Warn: matplotlib (Not in AddonManager allowed packages)
  • Warn: numpy (Not in AddonManager allowed packages)
Python Issues 25
MEDIUM 4
CfdOF/CfdPreferencePage.py1
  • line 549: Audit url open for permitted schemes. Allowing use of file:/ or custom schemes is often unexpected.
CfdOF/CfdTools.py2
  • line 800: Probable insecure usage of temp file/directory.
  • line 1725: Use of exec detected.
CfdOF/Solve/CfdCaseWriterFoam.py1
  • line 168: Probable insecure usage of temp file/directory.
LOW 21
CfdOF/CfdPreferencePage.py1
  • line 41: Using escape to parse untrusted XML data is known to be vulnerable to XML attacks. Replace escape with the equivalent defusedxml package, or make sure defusedxml.defuse_stdlib() is called.
CfdOF/CfdTools.py15
  • line 37: Consider possible security implications associated with the subprocess module.
  • line 570: subprocess call - check for execution of untrusted input.
  • line 1657: Starting a process with a partial executable path
  • line 1657: subprocess call - check for execution of untrusted input.
  • line 1659: Starting a process with a partial executable path
  • line 1659: subprocess call - check for execution of untrusted input.
  • line 1661: Starting a process with a partial executable path
  • line 1661: subprocess call - check for execution of untrusted input.
  • line 1789: Consider possible security implications associated with the subprocess module.
  • line 1794: Starting a process with a partial executable path
  • line 1794: subprocess call - check for execution of untrusted input.
  • line 1798: Starting a process with a partial executable path
  • line 1798: subprocess call - check for execution of untrusted input.
  • line 1866: subprocess call - check for execution of untrusted input.
  • line 1888: subprocess call - check for execution of untrusted input.
CfdOF/Mesh/CfdMeshTools.py3
  • line 545: Standard pseudo-random generators are not suitable for security/cryptographic purposes.
  • line 546: Standard pseudo-random generators are not suitable for security/cryptographic purposes.
  • line 547: Standard pseudo-random generators are not suitable for security/cryptographic purposes.
CfdOF/WindowsRunWrapper.py2
  • line 30: Consider possible security implications associated with the subprocess module.
  • line 69: subprocess call - check for execution of untrusted input.
INFO 1
Layout1
  • Uses exec based layout
Authors/Maintainers 1
Oliver Oxtoby

Silk master

NURBS Surface modeling tools focused on low degree and seam continuity

93.9 / 100

Repository

https://github.com/edwardvmills/Silk
master · 2 mo · 43 python files

Statistics

2,108
DL(Yr)
706
DL(Mo)
85
Stars
4
Issues
Manifest
Branch
master
Version
0.2.2
License
GPL-3.0-or-later
Dependencies 2
  • Internal: PySide
  • Warn: numpy (Not in AddonManager allowed packages)
Python Issues 3
HIGH 2
package.xml2
  • line 2: Expecting a namespace for element package
  • line 8: Missing license file 'LICENSE'
LOW 1
license.*1
  • File not found.
INFO 2
package.xml1
  • Missing author information in package.xml
Layout1
  • Uses exec based layout
Authors/Maintainers 1
edwardvmills

Assembly2MuJoCo main

An addon for exporting FreeCAD builtin Assemblies to MuJoCo.

93.9 / 100

Repository

https://github.com/AnesBenmerzoug/FreeCAD-Assembly2MuJoCo
main · v0.3.0 · 4 mo · 24 python files

Statistics

0
DL(Yr)
0
DL(Mo)
21
Stars
4
Issues
Manifest
Branch
main
Version
0.3.0
License
LGPL-2.1-or-later
Dependencies 3
  • Internal: Mesh
  • Internal: PySide
  • Warn: pytest (Not in AddonManager allowed packages)
Python Issues 3
HIGH 2
package.xml2
  • line 28: Element workbench has extra content: python_min
  • line 19: Element content has extra content: workbench
LOW 1
freecad/assembly2mujoco/core/mujoco.py1
  • line 2: Using xml.etree.ElementTree to parse untrusted XML data is known to be vulnerable to XML attacks. Replace xml.etree.ElementTree with the equivalent defusedxml package, or make sure defusedxml.defuse_stdlib() is called.
INFO 1
Layout1
  • Uses extension based layout
Authors/Maintainers 1
Anes Benmerzoug

STEMFIE main

A simple workbench for generating STEMFIE system components.

93.9 / 100

Repository

https://github.com/bilbaomakers/StemfieWB
main · 0.3.1 · 1 yr · 15 python files

Statistics

0
DL(Yr)
0
DL(Mo)
22
Stars
4
Issues
Manifest
Branch
main
Version
0.3.1
License
GPL-2.0-or-later
Dependencies 2
  • Warn: numpy (Not in AddonManager allowed packages)
  • Warn: pygears (Not in AddonManager allowed packages)
Python Issues 3
HIGH 2
package.xml2
  • line 45: Element workbench has extra content: text
  • line 45: Element content has extra content: workbench
LOW 1
freecad/stemfie/Stemfie.py1
  • line 79: Standard pseudo-random generators are not suitable for security/cryptographic purposes.
INFO 1
Layout1
  • Uses extension based layout
Authors/Maintainers 2
Bilbao Makers hasecilu

SteelColumn

No description

93.9 / 100

Repository

https://github.com/ebrahimraeyat/momen
master · 1 yr · 16 python files

Statistics

0
DL(Yr)
0
DL(Mo)
8
Stars
0
Issues
Dependencies 8
  • Compat: PySide2
  • Internal: Arch
  • Internal: Draft
  • Internal: PySide
  • Warn: GitPython (Not in AddonManager allowed packages)
  • Warn: PyQt5 (Not in AddonManager allowed packages)
  • Warn: ezdxf (Not in AddonManager allowed packages)
  • Warn: sec (Not in AddonManager allowed packages)
Python Issues 3
HIGH 2
package.xml1
  • File not found.
Layout1
  • Invalid __init__.py file in root. Change to Init.py
LOW 1
techdraw.py1
  • line 296: Standard pseudo-random generators are not suitable for security/cryptographic purposes.
INFO 1
Layout1
  • Uses exec based layout
Authors/Maintainers 0

Alternate_OpenSCAD master

An alternate OpenSCAD importer with some experimental features.

93.8 / 100

Repository

https://github.com/KeithSloan/OpenSCAD_Alt_Import
master · 2 mo · 19 python files

Statistics

1,327
DL(Yr)
379
DL(Mo)
16
Stars
10
Issues
Manifest
Branch
master
Version
1.0.0
License
LGPL-2.1-or-later
Dependencies 8
  • Internal: Draft
  • Internal: Mesh
  • Internal: PySide
  • Internal: pivy
  • Warn: ezdxf (Not in AddonManager allowed packages)
  • Warn: numpy (Not in AddonManager allowed packages)
  • Warn: ply (Not in AddonManager allowed packages)
  • Warn: scadParser (Not in AddonManager allowed packages)
Python Issues 26
MEDIUM 4
OpenSCADHull.py3
  • line 206: Probable insecure usage of temp file/directory.
  • line 207: Probable insecure usage of temp file/directory.
  • line 208: Probable insecure usage of temp file/directory.
importAltCSG.py1
  • line 981: Using xml.sax.make_parser to parse untrusted XML data is known to be vulnerable to XML attacks. Replace xml.sax.make_parser with its defusedxml equivalent function or make sure defusedxml.defuse_stdlib() is called
LOW 22
DXFObjects.py2
  • line 134: Consider possible security implications associated with the subprocess module.
  • line 140: subprocess call - check for execution of untrusted input.
OpenSCADCommands.py3
  • line 77: Standard pseudo-random generators are not suitable for security/cryptographic purposes.
  • line 77: Standard pseudo-random generators are not suitable for security/cryptographic purposes.
  • line 77: Standard pseudo-random generators are not suitable for security/cryptographic purposes.
OpenSCADObjects.py2
  • line 349: Consider possible security implications associated with the subprocess module.
  • line 355: subprocess call - check for execution of untrusted input.
OpenSCADUtils.py11
  • line 61: Consider possible security implications associated with the subprocess module.
  • line 72: Consider possible security implications associated with the subprocess module.
  • line 87: Starting a process with a partial executable path
  • line 87: subprocess call - check for execution of untrusted input.
  • line 99: Starting a process with a partial executable path
  • line 99: subprocess call - check for execution of untrusted input.
  • line 127: Consider possible security implications associated with the subprocess module.
  • line 134: subprocess call - check for execution of untrusted input.
  • line 165: Consider possible security implications associated with the subprocess module.
  • line 166: Consider possible security implications associated with the subprocess module.
  • line 170: subprocess call - check for execution of untrusted input.
importAltCSG.py4
  • line 33: Using xml.sax to parse untrusted XML data is known to be vulnerable to XML attacks. Replace xml.sax with the equivalent defusedxml package, or make sure defusedxml.defuse_stdlib() is called.
  • line 521: Standard pseudo-random generators are not suitable for security/cryptographic purposes.
  • line 521: Standard pseudo-random generators are not suitable for security/cryptographic purposes.
  • line 521: Standard pseudo-random generators are not suitable for security/cryptographic purposes.
INFO 1
Layout1
  • Uses extension based layout
Authors/Maintainers 1
Keith Sloan

nurbs

No description

93.4 / 100

Repository

https://github.com/microelly2/freecad-nurbs
master · 7 yr · 110 python files

Statistics

0
DL(Yr)
0
DL(Mo)
26
Stars
6
Issues
Dependencies 8
  • Internal: Draft
  • Internal: Mesh
  • Internal: Points
  • Internal: PySide
  • Internal: pivy
  • Warn: matplotlib (Not in AddonManager allowed packages)
  • Warn: numpy (Not in AddonManager allowed packages)
  • Warn: scipy (Not in AddonManager allowed packages)
Python Issues 19
HIGH 1
package.xml1
  • File not found.
MEDIUM 2
nurbswb/needle_models.py1
  • line 913: Use of possibly insecure function - consider using safer ast.literal_eval.
nurbswb/sole_models.py1
  • line 99: Use of possibly insecure function - consider using safer ast.literal_eval.
LOW 16
examples/example_create_random_nurbs_with_grids.py6
  • line 27: Standard pseudo-random generators are not suitable for security/cryptographic purposes.
  • line 28: Standard pseudo-random generators are not suitable for security/cryptographic purposes.
  • line 31: Standard pseudo-random generators are not suitable for security/cryptographic purposes.
  • line 37: Standard pseudo-random generators are not suitable for security/cryptographic purposes.
  • line 38: Standard pseudo-random generators are not suitable for security/cryptographic purposes.
  • line 42: Standard pseudo-random generators are not suitable for security/cryptographic purposes.
nurbswb/mesh_generator.py9
  • line 110: Standard pseudo-random generators are not suitable for security/cryptographic purposes.
  • line 110: Standard pseudo-random generators are not suitable for security/cryptographic purposes.
  • line 110: Standard pseudo-random generators are not suitable for security/cryptographic purposes.
  • line 137: Standard pseudo-random generators are not suitable for security/cryptographic purposes.
  • line 137: Standard pseudo-random generators are not suitable for security/cryptographic purposes.
  • line 137: Standard pseudo-random generators are not suitable for security/cryptographic purposes.
  • line 153: Standard pseudo-random generators are not suitable for security/cryptographic purposes.
  • line 153: Standard pseudo-random generators are not suitable for security/cryptographic purposes.
  • line 153: Standard pseudo-random generators are not suitable for security/cryptographic purposes.
license.*1
  • File not found.
INFO 1
Layout1
  • Uses exec based layout
Authors/Maintainers 0

Design456 main

Direct Modeling Workbench for FreeCAD

93.1 / 100

Repository

https://github.com/MariwanJ/Design456
main · 3 mo · 80 python files

Statistics

739
DL(Yr)
133
DL(Mo)
60
Stars
4
Issues
Manifest
Branch
main
Version
0.00.1
License
GPL-3.0-or-later
Dependencies 6
  • Internal: BOPTools
  • Internal: Draft
  • Internal: Mesh
  • Internal: PySide
  • Internal: pivy
  • Warn: PyQt5 (Not in AddonManager allowed packages)
Python Issues 11
HIGH 2
package.xml2
  • line 2: Expecting a namespace for element package
  • line 8: Missing license file 'LICENSE'
LOW 9
freecad/Design456/Design456Parts1.py6
  • line 466: Standard pseudo-random generators are not suitable for security/cryptographic purposes.
  • line 467: Standard pseudo-random generators are not suitable for security/cryptographic purposes.
  • line 468: Standard pseudo-random generators are not suitable for security/cryptographic purposes.
  • line 469: Standard pseudo-random generators are not suitable for security/cryptographic purposes.
  • line 470: Standard pseudo-random generators are not suitable for security/cryptographic purposes.
  • line 471: Standard pseudo-random generators are not suitable for security/cryptographic purposes.
freecad/Design456/FACE_D.py3
  • line 168: Standard pseudo-random generators are not suitable for security/cryptographic purposes.
  • line 169: Standard pseudo-random generators are not suitable for security/cryptographic purposes.
  • line 170: Standard pseudo-random generators are not suitable for security/cryptographic purposes.
INFO 2
package.xml1
  • Missing author information in package.xml
Layout1
  • Uses extension based layout
Authors/Maintainers 1
Mariwan Jalal

workfeature

No description

93 / 100

Repository

https://github.com/Rentlau/WorkFeature-WB
master · 1 yr · 35 python files

Statistics

0
DL(Yr)
0
DL(Mo)
13
Stars
6
Issues
Dependencies 3
  • Internal: PySide
  • Warn: numpy (Not in AddonManager allowed packages)
  • Warn: opencv-python (Not in AddonManager allowed packages)
Python Issues 3
HIGH 2
package.xml1
  • File not found.
Layout1
  • Invalid __init__.py file in root. Change to Init.py
MEDIUM 1
WF_centerFacePoint.py1
  • line 192: Use of possibly insecure function - consider using safer ast.literal_eval.
INFO 1
Layout1
  • Uses exec based layout
Authors/Maintainers 0

BillOfMaterials main

A workbench to create Bill of Materials (BoM) independent of the assembly workbench of your choice.

92.4 / 100

Repository

https://github.com/APEbbers/BillOfMaterials-WB
Develop · 4 mo · 35 python files

Statistics

0
DL(Yr)
0
DL(Mo)
29
Stars
1
Issues
Manifest
Branch
main
Version
1.1.0.1
License
LGPL-3.0-or-later
Dependencies 3
  • Internal: PySide
  • Warn: matplotlib (Not in AddonManager allowed packages)
  • Warn: openpyxl (Not in AddonManager allowed packages)
Python Issues 9
HIGH 2
package.xml1
  • Declared branch 'main' does not match git branch 'Develop'
Layout1
  • Invalid __init__.py file in root. Change to Init.py
MEDIUM 1
StyleMapping_BOM_WB.py1
  • line 86: Using xml.etree.ElementTree.parse to parse untrusted XML data is known to be vulnerable to XML attacks. Replace xml.etree.ElementTree.parse with its defusedxml equivalent function or make sure defusedxml.defuse_stdlib() is called
LOW 6
Standard_Functions_BOM_WB.py5
  • line 287: Consider possible security implications associated with the subprocess module.
  • line 294: subprocess call - check for execution of untrusted input.
  • line 296: Starting a process without a shell.
  • line 300: Starting a process with a partial executable path
  • line 300: subprocess call - check for execution of untrusted input.
StyleMapping_BOM_WB.py1
  • line 46: Using xml.etree.ElementTree to parse untrusted XML data is known to be vulnerable to XML attacks. Replace xml.etree.ElementTree with the equivalent defusedxml package, or make sure defusedxml.defuse_stdlib() is called.
INFO 2
package.xml1
  • Missing author information in package.xml
Layout1
  • Uses exec based layout
Authors/Maintainers 1
Paul Ebbers

Assembly4.1 main

This assembly workbench use lets you put FreeCAD Part and Body together inside a standard Assembly container.

92 / 100

Repository

https://github.com/leoheck/FreeCAD_Assembly4.1
main · 6 mo · 33 python files

Statistics

2,542
DL(Yr)
887
DL(Mo)
19
Stars
6
Issues
Manifest
Branch
main
Version
0.60.2-0.1
License
LGPL-2.1-only
Dependencies 5
  • Internal: PySide
  • Internal: pivy
  • Warn: Pillow (Not in AddonManager allowed packages)
  • Warn: numpy (Not in AddonManager allowed packages)
  • Warn: opencv-python (Not in AddonManager allowed packages)
Python Issues 6
HIGH 1
package.xml1
  • line 2: Expecting a namespace for element package
MEDIUM 5
freecad/Asm4p1/asm4_objects.py5
  • line 577: Use of possibly insecure function - consider using safer ast.literal_eval.
  • line 579: Use of possibly insecure function - consider using safer ast.literal_eval.
  • line 584: Use of possibly insecure function - consider using safer ast.literal_eval.
  • line 586: Use of exec detected.
  • line 588: Use of exec detected.
INFO 2
package.xml1
  • Missing author information in package.xml
Layout1
  • Uses extension based layout
Authors/Maintainers 1
leoheck

Assembly4 main

This assembly workbench allows you to assemble various native FreeCAD parts (of type Part or Body) into a standard assembly container using ...

91.1 / 100

Repository

https://codeberg.org/Zolko/Assembly4
main · v0.60.6 · 3 mo · 40 python files

Statistics

5,704
DL(Yr)
1,483
DL(Mo)
0
Stars
0
Issues
Manifest
Branch
main
Version
0.60.6
License
LGPL-2.1-only
Dependencies 5
  • Internal: PySide
  • Internal: pivy
  • Warn: Pillow (Not in AddonManager allowed packages)
  • Warn: numpy (Not in AddonManager allowed packages)
  • Warn: opencv-python (Not in AddonManager allowed packages)
Python Issues 15
HIGH 1
package.xml1
  • line 2: Expecting a namespace for element package
MEDIUM 5
Code/Asm4_objects.py5
  • line 577: Use of possibly insecure function - consider using safer ast.literal_eval.
  • line 579: Use of possibly insecure function - consider using safer ast.literal_eval.
  • line 584: Use of possibly insecure function - consider using safer ast.literal_eval.
  • line 586: Use of exec detected.
  • line 588: Use of exec detected.
LOW 9
Code/checkInterference.py3
  • line 269: Standard pseudo-random generators are not suitable for security/cryptographic purposes.
  • line 270: Standard pseudo-random generators are not suitable for security/cryptographic purposes.
  • line 271: Standard pseudo-random generators are not suitable for security/cryptographic purposes.
Code/checkInterference_OK.py3
  • line 269: Standard pseudo-random generators are not suitable for security/cryptographic purposes.
  • line 270: Standard pseudo-random generators are not suitable for security/cryptographic purposes.
  • line 271: Standard pseudo-random generators are not suitable for security/cryptographic purposes.
Code/checkInterference_zh.py3
  • line 97: Standard pseudo-random generators are not suitable for security/cryptographic purposes.
  • line 98: Standard pseudo-random generators are not suitable for security/cryptographic purposes.
  • line 99: Standard pseudo-random generators are not suitable for security/cryptographic purposes.
INFO 2
package.xml1
  • Missing author information in package.xml
Layout1
  • No Mod init scripts found
Authors/Maintainers 1
Zolko-123

Gridfinity master

This Workbench will generate several variations of parametric Gridfinity bins and baseplates that can be easily customized.

91 / 100

Repository

https://github.com/Stu142/FreeCAD-Gridfinity-Workbench
master · v0.12.4 · 28 d · 17 python files

Statistics

4,619
DL(Yr)
2,211
DL(Mo)
461
Stars
31
Issues
Manifest
Branch
master
Version
0.12.4
License
lgpl-2.1-or-later
Dependencies 1
  • Internal: PySide
Python Issues 3
HIGH 3
package.xml3
  • line 2: Expecting an element maintainer, got nothing
  • line 2: Invalid sequence in interleave
  • line 2: Element package failed to validate content
INFO 2
package.xml1
  • Missing maintainers information in package.xml
Layout1
  • Uses extension based layout
Authors/Maintainers 1
Stuart

Cables master

Electrical cables drawing tools workbench for FreeCAD.

91 / 100

Repository

https://github.com/sargo-devel/Cables
master · 15 d · 32 python files

Statistics

4,000
DL(Yr)
1,440
DL(Mo)
67
Stars
7
Issues
Manifest
Branch
master
Version
0.3.5
License
LGPL-3.0-or-later
Dependencies 7
  • Internal: Arch
  • Internal: Draft
  • Internal: PySide
  • Internal: Sketcher
  • Internal: pivy
  • Warn: Show (Not in AddonManager allowed packages)
  • Warn: setuptools (Not in AddonManager allowed packages)
Python Issues 5
HIGH 2
freecad/cables/resources/translations/updateTranslations.py2
  • line 288: Starting a process with a shell, possible injection detected, security issue.
  • line 351: Starting a process with a shell, possible injection detected, security issue.
MEDIUM 3
freecad/cables/resources/translations/updateTranslations.py2
  • line 170: Audit url open for permitted schemes. Allowing use of file:/ or custom schemes is often unexpected.
  • line 222: Audit url open for permitted schemes. Allowing use of file:/ or custom schemes is often unexpected.
setup.py1
  • line 7: Use of exec detected.
INFO 2
package.xml1
  • Missing author information in package.xml
Layout1
  • Uses extension based layout
Authors/Maintainers 1
SargoDevel

QuickMeasure main

Measures selected features.

91 / 100

Repository

https://github.com/DanMiel/QuickMeasure
main · 8 mo · 3 python files

Statistics

1,802
DL(Yr)
533
DL(Mo)
9
Stars
4
Issues
Manifest
Branch
main
Version
2022.10.28
License
Dependencies 3
  • Internal: Draft
  • Internal: PySide
  • Warn: numpy (Not in AddonManager allowed packages)
Python Issues 3
HIGH 3
package.xml3
  • line 2: Expecting an element maintainer, got nothing
  • line 2: Invalid sequence in interleave
  • line 2: Element package failed to validate content
INFO 3
package.xml2
  • Missing author information in package.xml
  • Missing maintainers information in package.xml
Layout1
  • Uses exec based layout
Authors/Maintainers 0

Dracula master

Dracula dark theme for FreeCAD

91 / 100

Repository

https://github.com/dracula/freecad
master · 8 mo · 0 python files

Statistics

1,237
DL(Yr)
491
DL(Mo)
38
Stars
9
Issues
Manifest
Branch
master
Version
0.0.9
License
MIT
Python Issues 3
HIGH 3
package.xml3
  • line 2: Expecting an element date, got nothing
  • line 2: Invalid sequence in interleave
  • line 2: Element package failed to validate content
INFO 2
package.xml1
  • Missing author information in package.xml
Layout1
  • No Mod init scripts found
Authors/Maintainers 1
Eleanor Clifford

Behave-Dark-Colors main

A preference pack including GUI color information to extend the Behave Dark stylesheet

91 / 100

Repository

https://github.com/Chrismettal/FreeCAD-Behave-Dark-Preference-Pack
main · 2 yr · 0 python files

Statistics

1,148
DL(Yr)
435
DL(Mo)
11
Stars
2
Issues
Manifest
Branch
main
Version
0.1.1
License
GPL-3.0-only
Python Issues 3
HIGH 3
package.xml3
  • line 2: Expecting an element date, got nothing
  • line 2: Invalid sequence in interleave
  • line 2: Element package failed to validate content
INFO 2
package.xml1
  • Missing author information in package.xml
Layout1
  • No Mod init scripts found
Authors/Maintainers 1
Chrismettal

dodo master

A set of commands and objects that help to speed-up the drawing of frames and pipelines. Py3/Qt5 port of flamingo.

91 / 100

Repository

https://github.com/oddtopus/dodo
master · 2 yr · 18 python files

Statistics

789
DL(Yr)
265
DL(Mo)
31
Stars
20
Issues
Manifest
Branch
master
Version
1.0.1
License
LGPLv3
Dependencies 6
  • Internal: Arch
  • Internal: BOPTools
  • Internal: Draft
  • Internal: PySide
  • Internal: pivy
  • Warn: numpy (Not in AddonManager allowed packages)
Python Issues 3
HIGH 3
package.xml3
  • line 2: Expecting an element date, got nothing
  • line 2: Invalid sequence in interleave
  • line 2: Element package failed to validate content
INFO 2
package.xml1
  • Missing author information in package.xml
Layout1
  • Uses exec based layout
Authors/Maintainers 1
Riccardo Treu (oddtopus)

Launcher Latest

Search for commands and run them.

91 / 100

Repository

https://github.com/Addon-Shelter/Runner
Latest · 3 d · 7 python files

Statistics

0
DL(Yr)
0
DL(Mo)
0
Stars
0
Issues
Manifest
Branch
Latest
Version
0.1.0
License
LGPL-2.1-or-later, CC-BY-SA-4.0
Dependencies 1
  • Compat: PySide6
Python Issues 3
HIGH 3
package.xml3
  • line 15: Invalid attribute type for element replace
  • Extra element replace in interleave
  • line 15: Element package failed to validate content
INFO 1
Layout1
  • Uses extension based layout
Authors/Maintainers 2
Triplus PhoneDroid

Marz master

Parametric Guitar design workbench

90.9 / 100

Repository

https://github.com/mnesarco/MarzWorkbench
master · today · 66 python files

Statistics

896
DL(Yr)
478
DL(Mo)
120
Stars
4
Issues
Manifest
Branch
master
Version
0.1.18
License
GPL-3.0-or-later, LGPL-2.1-or-later
Dependencies 9
  • Compat: PySide2
  • Compat: PySide6
  • Internal: BOPTools
  • Internal: PySide
  • Internal: TechDraw
  • Internal: pivy
  • Warn: inkex (Not in AddonManager allowed packages)
  • Warn: numpy (Not in AddonManager allowed packages)
  • Warn: setuptools (Not in AddonManager allowed packages)
Python Issues 4
HIGH 3
package.xml3
  • line 2: Expecting an element date, got nothing
  • line 2: Invalid sequence in interleave
  • line 2: Element package failed to validate content
LOW 1
Resources/inkscape/marz/meta.py1
  • line 40: Using ElementTree to parse untrusted XML data is known to be vulnerable to XML attacks. Replace ElementTree with the equivalent defusedxml package, or make sure defusedxml.defuse_stdlib() is called.
INFO 1
Layout1
  • Uses extension based layout
Authors/Maintainers 1
Frank Martinez

CADExchanger

No description

90.7 / 100

Repository

https://github.com/yorikvanhavre/CADExchanger
master · 2 yr · 3 python files

Statistics

497
DL(Yr)
160
DL(Mo)
74
Stars
6
Issues
Dependencies 1
  • Internal: PySide
Python Issues 6
HIGH 3
CADExchangerIO.py2
  • line 188: subprocess call with shell=True identified, security issue.
  • line 220: subprocess call with shell=True identified, security issue.
package.xml1
  • File not found.
LOW 3
CADExchangerIO.py3
  • line 31: Consider possible security implications associated with the subprocess module.
  • line 74: subprocess call - check for execution of untrusted input.
  • line 99: subprocess call - check for execution of untrusted input.
INFO 1
Layout1
  • Uses exec based layout
Authors/Maintainers 0

SearchBar main

Adds a search bar widget for tools, document objects, and preferences

90.6 / 100

Repository

https://github.com/APEbbers/SearchBar
main · 6 mo · 28 python files

Statistics

1,637
DL(Yr)
637
DL(Mo)
5
Stars
7
Issues
Manifest
Branch
main
Version
1.8.0
License
CCOv1
Dependencies 4
  • Internal: PySide
  • Internal: pivy
  • Warn: GitPython (Not in AddonManager allowed packages)
  • Warn: lxml (Not in AddonManager allowed packages)
Python Issues 9
HIGH 2
package.xml1
  • line 12: Element maintainer failed to validate attributes
Layout1
  • Invalid __init__.py file in root. Change to Init.py
MEDIUM 3
StandardFunctions_SearchBar.py2
  • line 11: Using xml.etree.ElementTree.parse to parse untrusted XML data is known to be vulnerable to XML attacks. Replace xml.etree.ElementTree.parse with its defusedxml equivalent function or make sure defusedxml.defuse_stdlib() is called
  • line 52: Using xml.etree.ElementTree.fromstring to parse untrusted XML data is known to be vulnerable to XML attacks. Replace xml.etree.ElementTree.fromstring with its defusedxml equivalent function or make sure defusedxml.defuse_stdlib() is called
StyleMapping_SearchBar.py1
  • line 83: Using xml.etree.ElementTree.parse to parse untrusted XML data is known to be vulnerable to XML attacks. Replace xml.etree.ElementTree.parse with its defusedxml equivalent function or make sure defusedxml.defuse_stdlib() is called
LOW 4
ResultsToolbar.py1
  • line 117: Try, Except, Continue detected.
StandardFunctions_SearchBar.py2
  • line 4: Using xml.etree.ElementTree to parse untrusted XML data is known to be vulnerable to XML attacks. Replace xml.etree.ElementTree with the equivalent defusedxml package, or make sure defusedxml.defuse_stdlib() is called.
  • line 39: Using xml.etree.ElementTree to parse untrusted XML data is known to be vulnerable to XML attacks. Replace xml.etree.ElementTree with the equivalent defusedxml package, or make sure defusedxml.defuse_stdlib() is called.
StyleMapping_SearchBar.py1
  • line 43: Using xml.etree.ElementTree to parse untrusted XML data is known to be vulnerable to XML attacks. Replace xml.etree.ElementTree with the equivalent defusedxml package, or make sure defusedxml.defuse_stdlib() is called.
INFO 2
package.xml1
  • Missing author information in package.xml
Layout1
  • Uses exec based layout
Authors/Maintainers 1
Paul Ebbers

woodworking master

Woodworking workbench was designed primarily for creating simple cabinets for your home or garage. However, it includes many features that w...

90.4 / 100

Repository

https://github.com/dprojects/Woodworking
master · 3.0 · today · 153 python files

Statistics

10,124
DL(Yr)
2,902
DL(Mo)
457
Stars
4
Issues
Manifest
Branch
master
Version
3.0.20260331
License
MIT
Dependencies 9
  • Internal: BOPTools
  • Internal: Draft
  • Internal: PySide
  • Internal: Sketcher
  • Internal: Spreadsheet
  • Internal: TechDraw
  • Internal: pivy
  • Warn: Path (Not in AddonManager allowed packages)
  • Warn: deep_translator (Not in AddonManager allowed packages)
Python Issues 24
MEDIUM 8
Tools/debugInfo.py2
  • line 239: Audit url open for permitted schemes. Allowing use of file:/ or custom schemes is often unexpected.
  • line 856: Audit url open for permitted schemes. Allowing use of file:/ or custom schemes is often unexpected.
Tools/scanObjects.py1
  • line 1330: Use of possibly insecure function - consider using safer ast.literal_eval.
Tools/setTextures.py1
  • line 517: Audit url open for permitted schemes. Allowing use of file:/ or custom schemes is often unexpected.
Tools/sheet2export.py1
  • line 858: Using xml.etree.ElementTree.fromstring to parse untrusted XML data is known to be vulnerable to XML attacks. Replace xml.etree.ElementTree.fromstring with its defusedxml equivalent function or make sure defusedxml.defuse_stdlib() is called
loadMenu.py2
  • line 217: Audit url open for permitted schemes. Allowing use of file:/ or custom schemes is often unexpected.
  • line 285: Audit url open for permitted schemes. Allowing use of file:/ or custom schemes is often unexpected.
translations/make_AI_translation.py1
  • line 167: Using xml.etree.ElementTree.parse to parse untrusted XML data is known to be vulnerable to XML attacks. Replace xml.etree.ElementTree.parse with its defusedxml equivalent function or make sure defusedxml.defuse_stdlib() is called
LOW 16
Tools/MagicPanels.py4
  • line 2459: Try, Except, Continue detected.
  • line 2580: Try, Except, Continue detected.
  • line 3232: Try, Except, Continue detected.
  • line 4037: Try, Except, Continue detected.
Tools/align2Curve.py1
  • line 138: Try, Except, Continue detected.
Tools/debugInfo.py1
  • line 1013: Try, Except, Continue detected.
Tools/magicView.py2
  • line 350: Try, Except, Continue detected.
  • line 421: Try, Except, Continue detected.
Tools/makeBeautiful.py1
  • line 32: Try, Except, Continue detected.
Tools/selected2Outside.py1
  • line 27: Try, Except, Continue detected.
Tools/sheet2export.py2
  • line 856: Using xml.etree.ElementTree to parse untrusted XML data is known to be vulnerable to XML attacks. Replace xml.etree.ElementTree with the equivalent defusedxml package, or make sure defusedxml.defuse_stdlib() is called.
  • line 867: Try, Except, Continue detected.
Tools/showConstraints.py1
  • line 23: Try, Except, Continue detected.
Tools/showPlacement.py1
  • line 27: Try, Except, Continue detected.
Tools/showVertex.py1
  • line 35: Try, Except, Continue detected.
translations/make_AI_translation.py1
  • line 1: Using xml.etree.ElementTree to parse untrusted XML data is known to be vulnerable to XML attacks. Replace xml.etree.ElementTree with the equivalent defusedxml package, or make sure defusedxml.defuse_stdlib() is called.
INFO 1
Layout1
  • Uses exec based layout
Authors/Maintainers 1
Darek L

pyrate

No description

90.4 / 100

Repository

https://salsa.debian.org/mess42/pyrate
master · 1 yr · 123 python files

Statistics

0
DL(Yr)
0
DL(Mo)
0
Stars
0
Issues
Dependencies 10
  • Internal: Points
  • Internal: PySide
  • Warn: PyYAML (Not in AddonManager allowed packages)
  • Warn: hypothesis (Not in AddonManager allowed packages)
  • Warn: matplotlib (Not in AddonManager allowed packages)
  • Warn: nltk (Not in AddonManager allowed packages)
  • Warn: numpy (Not in AddonManager allowed packages)
  • Warn: scipy (Not in AddonManager allowed packages)
  • Warn: setuptools (Not in AddonManager allowed packages)
  • Warn: sympy (Not in AddonManager allowed packages)
Python Issues 11
HIGH 2
package.xml1
  • File not found.
Layout1
  • Invalid __init__.py file in freecad package root.
MEDIUM 3
demos/demo_loadsave.py1
  • line 269: Use of possibly insecure function - consider using safer ast.literal_eval.
pyrateoptics/core/functionobject.py1
  • line 119: Use of exec detected.
pyrateoptics/core/serializer.py1
  • line 457: Use of unsafe yaml load. Allows instantiation of arbitrary objects. Consider yaml.safe_load().
LOW 6
pyrateoptics/core/log.py2
  • line 114: Standard pseudo-random generators are not suitable for security/cryptographic purposes.
  • line 115: Standard pseudo-random generators are not suitable for security/cryptographic purposes.
pyrateoptics/core/names/nltk_list_generator.py1
  • line 82: Standard pseudo-random generators are not suitable for security/cryptographic purposes.
pyrateoptics/raytracer/localcoordinates.py3
  • line 487: Standard pseudo-random generators are not suitable for security/cryptographic purposes.
  • line 488: Standard pseudo-random generators are not suitable for security/cryptographic purposes.
  • line 489: Standard pseudo-random generators are not suitable for security/cryptographic purposes.
INFO 1
Layout1
  • Uses extension based layout
Authors/Maintainers 0

Render master

A workbench to produce high-quality rendered images from your FreeCAD document, using open-source external rendering engines. Designed as a...

90.3 / 100

Repository

https://github.com/FreeCAD/FreeCAD-render
master · 5 mo · 53 python files

Statistics

3,230
DL(Yr)
993
DL(Mo)
216
Stars
19
Issues
Manifest
Branch
master
Version
2024.12.15
License
LGPL-2.1-or-later
Dependencies 9
  • Internal: Mesh
  • Internal: PySide
  • Internal: pivy
  • Warn: MaterialX (Not in AddonManager allowed packages)
  • Warn: PyQt6 (Not in AddonManager allowed packages)
  • Warn: freecad_addon_analyzer (Not in AddonManager allowed packages)
  • Warn: freecad_addon_analyzer.egg (Not in AddonManager allowed packages)
  • Warn: numpy (Not in AddonManager allowed packages)
  • Warn: qtpy (Not in AddonManager allowed packages)
Python Issues 23
HIGH 1
Render/plugins/materialx/importer/converter/materialx_baker.py1
  • line 497: Use of weak SHA1 hash for security. Consider usedforsecurity=False
MEDIUM 5
Render/renderers/Appleseed.py2
  • line 1439: Using xml.etree.ElementTree.fromstring to parse untrusted XML data is known to be vulnerable to XML attacks. Replace xml.etree.ElementTree.fromstring with its defusedxml equivalent function or make sure defusedxml.defuse_stdlib() is called
  • line 1484: Using xml.dom.minidom.parseString to parse untrusted XML data is known to be vulnerable to XML attacks. Replace xml.dom.minidom.parseString with its defusedxml equivalent function or make sure defusedxml.defuse_stdlib() is called
Render/renderers/Cycles.py1
  • line 1025: Using xml.etree.ElementTree.parse to parse untrusted XML data is known to be vulnerable to XML attacks. Replace xml.etree.ElementTree.parse with its defusedxml equivalent function or make sure defusedxml.defuse_stdlib() is called
Render/virtualenv.py2
  • line 386: Audit url open for permitted schemes. Allowing use of file:/ or custom schemes is often unexpected.
  • line 418: Audit url open for permitted schemes. Allowing use of file:/ or custom schemes is often unexpected.
LOW 17
Render/plugins/materialx/importer/materialx_importer.py2
  • line 25: Consider possible security implications associated with the subprocess module.
  • line 77: subprocess call - check for execution of untrusted input.
Render/prefpage.py2
  • line 32: Consider possible security implications associated with the subprocess module.
  • line 306: subprocess call - check for execution of untrusted input.
Render/rdrexecutor.py2
  • line 34: Consider possible security implications associated with the subprocess module.
  • line 94: subprocess call - check for execution of untrusted input.
Render/renderers/Appleseed.py2
  • line 48: Using xml.etree.ElementTree to parse untrusted XML data is known to be vulnerable to XML attacks. Replace xml.etree.ElementTree with the equivalent defusedxml package, or make sure defusedxml.defuse_stdlib() is called.
  • line 49: Using xml.dom.minidom to parse untrusted XML data is known to be vulnerable to XML attacks. Replace xml.dom.minidom with the equivalent defusedxml package, or make sure defusedxml.defuse_stdlib() is called.
Render/renderers/Cycles.py1
  • line 74: Using xml.etree.ElementTree to parse untrusted XML data is known to be vulnerable to XML attacks. Replace xml.etree.ElementTree with the equivalent defusedxml package, or make sure defusedxml.defuse_stdlib() is called.
Render/virtualenv.py8
  • line 47: Consider possible security implications associated with the subprocess module.
  • line 240: subprocess call - check for execution of untrusted input.
  • line 275: subprocess call - check for execution of untrusted input.
  • line 299: subprocess call - check for execution of untrusted input.
  • line 367: subprocess call - check for execution of untrusted input.
  • line 396: subprocess call - check for execution of untrusted input.
  • line 420: subprocess call - check for execution of untrusted input.
  • line 520: subprocess call - check for execution of untrusted input.
INFO 2
package.xml1
  • Missing author information in package.xml
Layout1
  • Uses exec based layout
Authors/Maintainers 2
Yorik Van Havre howetuft

EasyProfileFrame main

Simplifies the creation of frames using profiles, such as aluminum profiles. It also includes support for exporting Bill of Materials (BOM).

90 / 100

Repository

https://github.com/ovo-Tim/EasyProfileFrame
main · 12 mo · 10 python files

Statistics

1,246
DL(Yr)
412
DL(Mo)
14
Stars
6
Issues
Manifest
Branch
main
Version
0.0.1
License
LGPL-3.0-or-later
Dependencies 3
  • Internal: PySide
  • Internal: Sketcher
  • Warn: setuptools (Not in AddonManager allowed packages)
Python Issues 4
HIGH 3
package.xml3
  • line 2: Expecting an element maintainer, got nothing
  • line 2: Invalid sequence in interleave
  • line 2: Element package failed to validate content
MEDIUM 1
setup.py1
  • line 11: Use of exec detected.
INFO 2
package.xml1
  • Missing maintainers information in package.xml
Layout1
  • Uses extension based layout
Authors/Maintainers 1
ovo-Tim

CamScripts main

CamScripts ToolBit import or script creation and configure *every* step of FreeCAD CAM process.

89.9 / 100

Repository

https://github.com/spanner888/CamScripts
main · 2 yr · 15 python files

Statistics

0
DL(Yr)
0
DL(Mo)
3
Stars
4
Issues
Manifest
Branch
main
Version
V0.0.5 2024/09/25
License
LGPL-2.1-or-later
Dependencies 6
  • Internal: Draft
  • Internal: PySide
  • Warn: Materials (Not in AddonManager allowed packages)
  • Warn: Path (Not in AddonManager allowed packages)
  • Warn: numpy (Not in AddonManager allowed packages)
  • Warn: setuptools (Not in AddonManager allowed packages)
Python Issues 5
HIGH 3
package.xml3
  • line 2: Expecting an element date, got nothing
  • line 2: Invalid sequence in interleave
  • line 2: Element package failed to validate content
MEDIUM 1
setup.py1
  • line 7: Use of exec detected.
LOW 1
freecad/cam_scripts/utils.py1
  • line 10: Consider possible security implications associated with the subprocess module.
INFO 1
Layout1
  • Uses extension based layout
Authors/Maintainers 1
spanner888

POV-Ray-Rendering

No description

89.2 / 100

Repository

https://github.com/TheRaytracers/freecad-povray-render
master · 3 yr · 8 python files

Statistics

0
DL(Yr)
0
DL(Mo)
4
Stars
6
Issues
Dependencies 2
  • Internal: PySide
  • Internal: pivy
Python Issues 12
HIGH 3
Dialog.py1
  • line 1609: Use of weak MD5 hash for security. Consider usedforsecurity=False
package.xml1
  • File not found.
Layout1
  • Invalid __init__.py file in root. Change to Init.py
MEDIUM 1
Dialog.py1
  • line 667: Using xml.etree.ElementTree.parse to parse untrusted XML data is known to be vulnerable to XML attacks. Replace xml.etree.ElementTree.parse with its defusedxml equivalent function or make sure defusedxml.defuse_stdlib() is called
LOW 8
Dialog.py5
  • line 27: Consider possible security implications associated with the subprocess module.
  • line 28: Using xml.etree.ElementTree to parse untrusted XML data is known to be vulnerable to XML attacks. Replace xml.etree.ElementTree with the equivalent defusedxml package, or make sure defusedxml.defuse_stdlib() is called.
  • line 1434: subprocess call - check for execution of untrusted input.
  • line 1445: subprocess call - check for execution of untrusted input.
  • line 1737: subprocess call - check for execution of untrusted input.
Exporter.py3
  • line 31: Consider possible security implications associated with the subprocess module.
  • line 1931: subprocess call - check for execution of untrusted input.
  • line 1934: subprocess call - check for execution of untrusted input.
INFO 1
Layout1
  • Uses exec based layout
Authors/Maintainers 0

MOOC master

Learn FreeCAD

89 / 100

Repository

https://github.com/j-wiedemann/mooc-workbench
master · 4 yr · 18 python files

Statistics

0
DL(Yr)
0
DL(Mo)
5
Stars
6
Issues
Manifest
Branch
master
Version
2022.04.21
License
GPLv2.1
Dependencies 2
  • Compat: PySide2
  • Internal: PySide
Python Issues 5
HIGH 3
package.xml3
  • line 2: Expecting an element date, got nothing
  • line 2: Invalid sequence in interleave
  • line 2: Element package failed to validate content
MEDIUM 2
MoocInformations.py1
  • line 37: Audit url open for permitted schemes. Allowing use of file:/ or custom schemes is often unexpected.
MoocPlayer.py1
  • line 251: Use of possibly insecure function - consider using safer ast.literal_eval.
INFO 2
package.xml1
  • Missing author information in package.xml
Layout1
  • Uses exec based layout
Authors/Maintainers 1
Jonathan Wiedemann

osh-autodoc-workbench main

A workbench that support the creation of assembly manuals of open source hardware.

89 / 100

Repository

https://codeberg.org/osh-autodoc/osh-autodoc-workbench
main · 2 mo · 23 python files

Statistics

0
DL(Yr)
0
DL(Mo)
0
Stars
0
Issues
Manifest
Branch
main
Version
0.2.3
License
LGPL-3.0-or-later
Dependencies 6
  • Compat: PySide6
  • Internal: Draft
  • Internal: PySide
  • Internal: TechDraw
  • Internal: pivy
  • Warn: setuptools (Not in AddonManager allowed packages)
Python Issues 9
HIGH 1
package.xml1
  • line 19: Missing license file 'None'
MEDIUM 8
freecad/OSHAutoDocWorkbench/layer_state_manager.py6
  • line 663: Use of possibly insecure function - consider using safer ast.literal_eval.
  • line 665: Use of possibly insecure function - consider using safer ast.literal_eval.
  • line 667: Use of possibly insecure function - consider using safer ast.literal_eval.
  • line 669: Use of possibly insecure function - consider using safer ast.literal_eval.
  • line 673: Use of possibly insecure function - consider using safer ast.literal_eval.
  • line 675: Use of possibly insecure function - consider using safer ast.literal_eval.
freecad/OSHAutoDocWorkbench/util/util.py1
  • line 50: Use of possibly insecure function - consider using safer ast.literal_eval.
setup.py1
  • line 13: Use of exec detected.
INFO 1
Layout1
  • Uses extension based layout
Authors/Maintainers 2
Pieter Hijma J.C. Mariscal-Melgar

SaveAndRestore main

A simple addon to save and restore your settings

88.9 / 100

Repository

https://github.com/APEbbers/SaveAndRestore
main · v0.2.2 · 4 mo · 11 python files

Statistics

1,605
DL(Yr)
735
DL(Mo)
7
Stars
2
Issues
Manifest
Branch
main
Version
0.2.2
License
MIT
Dependencies 3
  • Internal: PySide
  • Warn: GitPython (Not in AddonManager allowed packages)
  • Warn: matplotlib (Not in AddonManager allowed packages)
Python Issues 26
HIGH 2
Standard_Functions_SaveAndRestore.py1
  • line 962: subprocess call with shell=True identified, security issue.
package.xml1
  • line 12: Element maintainer failed to validate attributes
MEDIUM 3
Standard_Functions_SaveAndRestore.py2
  • line 496: Using xml.etree.ElementTree.parse to parse untrusted XML data is known to be vulnerable to XML attacks. Replace xml.etree.ElementTree.parse with its defusedxml equivalent function or make sure defusedxml.defuse_stdlib() is called
  • line 533: Using xml.etree.ElementTree.fromstring to parse untrusted XML data is known to be vulnerable to XML attacks. Replace xml.etree.ElementTree.fromstring with its defusedxml equivalent function or make sure defusedxml.defuse_stdlib() is called
StyleMapping_SaveAndRestore.py1
  • line 101: Using xml.etree.ElementTree.parse to parse untrusted XML data is known to be vulnerable to XML attacks. Replace xml.etree.ElementTree.parse with its defusedxml equivalent function or make sure defusedxml.defuse_stdlib() is called
LOW 21
LoadDialog_SaveAndRestore.py9
  • line 40: Consider possible security implications associated with the subprocess module.
  • line 268: subprocess call - check for execution of untrusted input.
  • line 281: Starting a process with a partial executable path
  • line 281: subprocess call - check for execution of untrusted input.
  • line 330: Starting a process with a partial executable path
  • line 330: subprocess call - check for execution of untrusted input.
  • line 429: subprocess call - check for execution of untrusted input.
  • line 435: Starting a process with a partial executable path
  • line 435: subprocess call - check for execution of untrusted input.
Standard_Functions_SaveAndRestore.py11
  • line 317: Consider possible security implications associated with the subprocess module.
  • line 324: subprocess call - check for execution of untrusted input.
  • line 326: Starting a process without a shell.
  • line 330: Starting a process with a partial executable path
  • line 330: subprocess call - check for execution of untrusted input.
  • line 489: Using xml.etree.ElementTree to parse untrusted XML data is known to be vulnerable to XML attacks. Replace xml.etree.ElementTree with the equivalent defusedxml package, or make sure defusedxml.defuse_stdlib() is called.
  • line 523: Using xml.etree.ElementTree to parse untrusted XML data is known to be vulnerable to XML attacks. Replace xml.etree.ElementTree with the equivalent defusedxml package, or make sure defusedxml.defuse_stdlib() is called.
  • line 945: Try, Except, Continue detected.
  • line 958: Consider possible security implications associated with the subprocess module.
  • line 966: Consider possible security implications associated with the subprocess module.
  • line 974: subprocess call - check for execution of untrusted input.
StyleMapping_SaveAndRestore.py1
  • line 61: Using xml.etree.ElementTree to parse untrusted XML data is known to be vulnerable to XML attacks. Replace xml.etree.ElementTree with the equivalent defusedxml package, or make sure defusedxml.defuse_stdlib() is called.
INFO 2
package.xml1
  • Missing author information in package.xml
Layout1
  • Uses exec based layout
Authors/Maintainers 1
Paul Ebbers

MnesarcoUtils main

A collection of tools mainly dedicated to scripting and experiments.

88.8 / 100

Repository

https://github.com/mnesarco/FreeCAD_Utils
main · today · 65 python files

Statistics

0
DL(Yr)
0
DL(Mo)
19
Stars
1
Issues
Manifest
Branch
main
Version
0.2.16
License
GPL-3.0
Dependencies 4
  • Internal: Draft
  • Internal: PySide
  • Internal: pivy
  • Warn: pyserial (Not in AddonManager allowed packages)
Python Issues 7
HIGH 3
package.xml3
  • line 2: Expecting an element date, got nothing
  • line 2: Invalid sequence in interleave
  • line 2: Element package failed to validate content
MEDIUM 2
freecad/mnesarco/scripts/script.py1
  • line 109: Use of exec detected.
freecad/mnesarco/svg/parser.py1
  • line 76: Using xml.sax.make_parser to parse untrusted XML data is known to be vulnerable to XML attacks. Replace xml.sax.make_parser with its defusedxml equivalent function or make sure defusedxml.defuse_stdlib() is called
LOW 2
freecad/mnesarco/svg/parser.py2
  • line 22: Using ContentHandler to parse untrusted XML data is known to be vulnerable to XML attacks. Replace ContentHandler with the equivalent defusedxml package, or make sure defusedxml.defuse_stdlib() is called.
  • line 23: Using xml.sax to parse untrusted XML data is known to be vulnerable to XML attacks. Replace xml.sax with the equivalent defusedxml package, or make sure defusedxml.defuse_stdlib() is called.
INFO 1
Layout1
  • Uses extension based layout
Authors/Maintainers 1
Frank Martinez

TitleBlock main

An extension for the TechDraw workbench to fill a TitleBlock with the aid of the Spreadsheet workbench.

88.4 / 100

Repository

https://github.com/APEbbers/TitleBlock-WB
main · 7 mo · 18 python files

Statistics

0
DL(Yr)
0
DL(Mo)
4
Stars
2
Issues
Manifest
Branch
main
Version
0.5.2.2
License
LGPL-2.1-or-later
Dependencies 4
  • Internal: PySide
  • Warn: matplotlib (Not in AddonManager allowed packages)
  • Warn: openpyxl (Not in AddonManager allowed packages)
  • Warn: pycurl (Not in AddonManager allowed packages)
Python Issues 11
HIGH 3
utils/updateTranslations.py3
  • line 137: Starting a process with a shell, possible injection detected, security issue.
  • line 179: Starting a process with a shell, possible injection detected, security issue.
  • line 200: Starting a process with a shell, possible injection detected, security issue.
MEDIUM 2
utils/updateTranslations.py2
  • line 194: Using xml.sax.parseString to parse untrusted XML data is known to be vulnerable to XML attacks. Replace xml.sax.parseString with its defusedxml equivalent function or make sure defusedxml.defuse_stdlib() is called
  • line 218: Using xml.sax.parseString to parse untrusted XML data is known to be vulnerable to XML attacks. Replace xml.sax.parseString with its defusedxml equivalent function or make sure defusedxml.defuse_stdlib() is called
LOW 6
Standard_Functions_TB.py5
  • line 316: Consider possible security implications associated with the subprocess module.
  • line 323: subprocess call - check for execution of untrusted input.
  • line 325: Starting a process without a shell.
  • line 329: Starting a process with a partial executable path
  • line 329: subprocess call - check for execution of untrusted input.
utils/updateTranslations.py1
  • line 55: Using xml.sax to parse untrusted XML data is known to be vulnerable to XML attacks. Replace xml.sax with the equivalent defusedxml package, or make sure defusedxml.defuse_stdlib() is called.
INFO 2
package.xml1
  • Missing author information in package.xml
Layout1
  • Uses exec based layout
Authors/Maintainers 1
Paul Ebbers

Launcher Latest

Search for commands and run them.

88 / 100

Repository

https://github.com/Addon-Shelter/Runner
Stable · v0.1.0 · 3 d · 2 python files

Statistics

0
DL(Yr)
0
DL(Mo)
0
Stars
0
Issues
Manifest
Branch
Latest
Version
0.1.0
License
LGPL-2.1-or-later, CC-BY-SA-4.0
Dependencies 1
  • Compat: PySide6
Python Issues 4
HIGH 4
package.xml4
  • line 15: Invalid attribute type for element replace
  • Extra element replace in interleave
  • line 15: Element package failed to validate content
  • Declared branch 'Latest' does not match git branch 'Stable'
INFO 1
Layout1
  • Uses extension based layout
Authors/Maintainers 2
Triplus PhoneDroid

Defeaturing master

A set of tools to edit a Shape or a STEP model.

87.9 / 100

Repository

https://github.com/easyw/Defeaturing_WB
master · 6 d · 8 python files

Statistics

2,035
DL(Yr)
877
DL(Mo)
34
Stars
9
Issues
Manifest
Branch
master
Version
1.3.1
License
AGPLv3.0
Dependencies 2
  • Internal: Draft
  • Internal: PySide
Python Issues 5
HIGH 4
package.xml4
  • line 2: Expecting an element date, got nothing
  • line 2: Invalid sequence in interleave
  • line 2: Element package failed to validate content
  • line 7: Missing license file 'LICENSE'
LOW 1
license.*1
  • File not found.
INFO 2
package.xml1
  • Missing author information in package.xml
Layout1
  • Uses exec based layout
Authors/Maintainers 1
Maui

FreeCAD-Ribbon main

A Ribbon interface for FreeCAD

87.7 / 100

Repository

https://github.com/APEbbers/FreeCAD-Ribbon
main · today · 45 python files

Statistics

1,945
DL(Yr)
673
DL(Mo)
97
Stars
4
Issues
Manifest
Branch
main
Version
1.10.10.1
License
GPL-3.0-or-later
Dependencies 6
  • Internal: PySide
  • Warn: GitPython (Not in AddonManager allowed packages)
  • Warn: Requests (Not in AddonManager allowed packages)
  • Warn: matplotlib (Not in AddonManager allowed packages)
  • Warn: numpy (Not in AddonManager allowed packages)
  • Warn: setuptools_scm (Not in AddonManager allowed packages)
Python Issues 29
HIGH 2
package.xml1
  • line 12: Element maintainer failed to validate attributes
Layout1
  • Invalid __init__.py file in root. Change to Init.py
MEDIUM 4
Standard_Functions_Ribbon.py3
  • line 497: Using xml.etree.ElementTree.parse to parse untrusted XML data is known to be vulnerable to XML attacks. Replace xml.etree.ElementTree.parse with its defusedxml equivalent function or make sure defusedxml.defuse_stdlib() is called
  • line 539: Audit url open for permitted schemes. Allowing use of file:/ or custom schemes is often unexpected.
  • line 541: Using xml.etree.ElementTree.fromstring to parse untrusted XML data is known to be vulnerable to XML attacks. Replace xml.etree.ElementTree.fromstring with its defusedxml equivalent function or make sure defusedxml.defuse_stdlib() is called
StyleMapping_Ribbon.py1
  • line 122: Using xml.etree.ElementTree.parse to parse untrusted XML data is known to be vulnerable to XML attacks. Replace xml.etree.ElementTree.parse with its defusedxml equivalent function or make sure defusedxml.defuse_stdlib() is called
LOW 23
FCBinding.py1
  • line 3503: Try, Except, Continue detected.
LoadDesign_Ribbon.py4
  • line 3246: Try, Except, Continue detected.
  • line 4665: Try, Except, Continue detected.
  • line 4710: Try, Except, Continue detected.
  • line 4758: Try, Except, Continue detected.
Standard_Functions_Ribbon.py17
  • line 23: Using Element to parse untrusted XML data is known to be vulnerable to XML attacks. Replace Element with the equivalent defusedxml package, or make sure defusedxml.defuse_stdlib() is called.
  • line 255: Consider possible security implications associated with the subprocess module.
  • line 263: Starting a process with a partial executable path
  • line 263: subprocess call - check for execution of untrusted input.
  • line 265: Starting a process without a shell.
  • line 269: Starting a process with a partial executable path
  • line 269: subprocess call - check for execution of untrusted input.
  • line 271: Starting a process with a partial executable path
  • line 271: subprocess call - check for execution of untrusted input.
  • line 318: Consider possible security implications associated with the subprocess module.
  • line 325: subprocess call - check for execution of untrusted input.
  • line 327: Starting a process without a shell.
  • line 331: Starting a process with a partial executable path
  • line 331: subprocess call - check for execution of untrusted input.
  • line 490: Using xml.etree.ElementTree to parse untrusted XML data is known to be vulnerable to XML attacks. Replace xml.etree.ElementTree with the equivalent defusedxml package, or make sure defusedxml.defuse_stdlib() is called.
  • line 525: Using xml.etree.ElementTree to parse untrusted XML data is known to be vulnerable to XML attacks. Replace xml.etree.ElementTree with the equivalent defusedxml package, or make sure defusedxml.defuse_stdlib() is called.
  • line 955: Try, Except, Continue detected.
StyleMapping_Ribbon.py1
  • line 76: Using xml.etree.ElementTree to parse untrusted XML data is known to be vulnerable to XML attacks. Replace xml.etree.ElementTree with the equivalent defusedxml package, or make sure defusedxml.defuse_stdlib() is called.
INFO 2
package.xml1
  • Missing author information in package.xml
Layout1
  • Uses exec based layout
Authors/Maintainers 1
Paul Ebbers

SearchBar main

Adds a search bar widget for tools, document objects, and preferences

87.6 / 100

Repository

https://github.com/APEbbers/SearchBar
Develop · 6 mo · 28 python files

Statistics

0
DL(Yr)
0
DL(Mo)
5
Stars
7
Issues
Manifest
Branch
main
Version
1.8.0
License
CCOv1
Dependencies 4
  • Internal: PySide
  • Internal: pivy
  • Warn: GitPython (Not in AddonManager allowed packages)
  • Warn: lxml (Not in AddonManager allowed packages)
Python Issues 10
HIGH 3
package.xml2
  • line 12: Element maintainer failed to validate attributes
  • Declared branch 'main' does not match git branch 'Develop'
Layout1
  • Invalid __init__.py file in root. Change to Init.py
MEDIUM 3
StandardFunctions_SearchBar.py2
  • line 11: Using xml.etree.ElementTree.parse to parse untrusted XML data is known to be vulnerable to XML attacks. Replace xml.etree.ElementTree.parse with its defusedxml equivalent function or make sure defusedxml.defuse_stdlib() is called
  • line 52: Using xml.etree.ElementTree.fromstring to parse untrusted XML data is known to be vulnerable to XML attacks. Replace xml.etree.ElementTree.fromstring with its defusedxml equivalent function or make sure defusedxml.defuse_stdlib() is called
StyleMapping_SearchBar.py1
  • line 83: Using xml.etree.ElementTree.parse to parse untrusted XML data is known to be vulnerable to XML attacks. Replace xml.etree.ElementTree.parse with its defusedxml equivalent function or make sure defusedxml.defuse_stdlib() is called
LOW 4
ResultsToolbar.py1
  • line 117: Try, Except, Continue detected.
StandardFunctions_SearchBar.py2
  • line 4: Using xml.etree.ElementTree to parse untrusted XML data is known to be vulnerable to XML attacks. Replace xml.etree.ElementTree with the equivalent defusedxml package, or make sure defusedxml.defuse_stdlib() is called.
  • line 39: Using xml.etree.ElementTree to parse untrusted XML data is known to be vulnerable to XML attacks. Replace xml.etree.ElementTree with the equivalent defusedxml package, or make sure defusedxml.defuse_stdlib() is called.
StyleMapping_SearchBar.py1
  • line 43: Using xml.etree.ElementTree to parse untrusted XML data is known to be vulnerable to XML attacks. Replace xml.etree.ElementTree with the equivalent defusedxml package, or make sure defusedxml.defuse_stdlib() is called.
INFO 2
package.xml1
  • Missing author information in package.xml
Layout1
  • Uses exec based layout
Authors/Maintainers 1
Paul Ebbers

SaveAndRestore main

A simple addon to save and restore your settings

85.9 / 100

Repository

https://github.com/APEbbers/SaveAndRestore
Develop · 11 mo · 11 python files

Statistics

0
DL(Yr)
0
DL(Mo)
7
Stars
2
Issues
Manifest
Branch
main
Version
0.2.1
License
MIT
Dependencies 3
  • Internal: PySide
  • Warn: GitPython (Not in AddonManager allowed packages)
  • Warn: matplotlib (Not in AddonManager allowed packages)
Python Issues 27
HIGH 3
Standard_Functions_SaveAndRestore.py1
  • line 962: subprocess call with shell=True identified, security issue.
package.xml2
  • line 12: Element maintainer failed to validate attributes
  • Declared branch 'main' does not match git branch 'Develop'
MEDIUM 3
Standard_Functions_SaveAndRestore.py2
  • line 496: Using xml.etree.ElementTree.parse to parse untrusted XML data is known to be vulnerable to XML attacks. Replace xml.etree.ElementTree.parse with its defusedxml equivalent function or make sure defusedxml.defuse_stdlib() is called
  • line 533: Using xml.etree.ElementTree.fromstring to parse untrusted XML data is known to be vulnerable to XML attacks. Replace xml.etree.ElementTree.fromstring with its defusedxml equivalent function or make sure defusedxml.defuse_stdlib() is called
StyleMapping_SaveAndRestore.py1
  • line 101: Using xml.etree.ElementTree.parse to parse untrusted XML data is known to be vulnerable to XML attacks. Replace xml.etree.ElementTree.parse with its defusedxml equivalent function or make sure defusedxml.defuse_stdlib() is called
LOW 21
LoadDialog_SaveAndRestore.py9
  • line 40: Consider possible security implications associated with the subprocess module.
  • line 268: subprocess call - check for execution of untrusted input.
  • line 281: Starting a process with a partial executable path
  • line 281: subprocess call - check for execution of untrusted input.
  • line 330: Starting a process with a partial executable path
  • line 330: subprocess call - check for execution of untrusted input.
  • line 429: subprocess call - check for execution of untrusted input.
  • line 435: Starting a process with a partial executable path
  • line 435: subprocess call - check for execution of untrusted input.
Standard_Functions_SaveAndRestore.py11
  • line 317: Consider possible security implications associated with the subprocess module.
  • line 324: subprocess call - check for execution of untrusted input.
  • line 326: Starting a process without a shell.
  • line 330: Starting a process with a partial executable path
  • line 330: subprocess call - check for execution of untrusted input.
  • line 489: Using xml.etree.ElementTree to parse untrusted XML data is known to be vulnerable to XML attacks. Replace xml.etree.ElementTree with the equivalent defusedxml package, or make sure defusedxml.defuse_stdlib() is called.
  • line 523: Using xml.etree.ElementTree to parse untrusted XML data is known to be vulnerable to XML attacks. Replace xml.etree.ElementTree with the equivalent defusedxml package, or make sure defusedxml.defuse_stdlib() is called.
  • line 945: Try, Except, Continue detected.
  • line 958: Consider possible security implications associated with the subprocess module.
  • line 966: Consider possible security implications associated with the subprocess module.
  • line 974: subprocess call - check for execution of untrusted input.
StyleMapping_SaveAndRestore.py1
  • line 61: Using xml.etree.ElementTree to parse untrusted XML data is known to be vulnerable to XML attacks. Replace xml.etree.ElementTree with the equivalent defusedxml package, or make sure defusedxml.defuse_stdlib() is called.
INFO 2
package.xml1
  • Missing author information in package.xml
Layout1
  • Uses exec based layout
Authors/Maintainers 1
Paul Ebbers

fcVM main

Finite element collapse analysis based on the von Mises plasticity model for use with FreeCAD

85.9 / 100

Repository

https://github.com/HarryvL/fcVM-workbench
main · 8 mo · 4 python files

Statistics

0
DL(Yr)
0
DL(Mo)
11
Stars
3
Issues
Manifest
Branch
main
Version
2024.9.5
License
Dependencies 9
  • Internal: PySide
  • Warn: cholespy (Not in AddonManager allowed packages)
  • Warn: femtools (Not in AddonManager allowed packages)
  • Warn: matplotlib (Not in AddonManager allowed packages)
  • Warn: numba (Not in AddonManager allowed packages)
  • Warn: numpy (Not in AddonManager allowed packages)
  • Warn: pyvista (Not in AddonManager allowed packages)
  • Warn: scipy (Not in AddonManager allowed packages)
  • Warn: sksparse_minimal (Not in AddonManager allowed packages)
Python Issues 7
HIGH 4
package.xml4
  • line 2: Expecting an element maintainer, got nothing
  • line 2: Expecting an element license, got nothing
  • line 2: Invalid sequence in interleave
  • line 2: Element package failed to validate content
MEDIUM 2
InitGui.py2
  • line 233: Use of exec detected.
  • line 280: Use of exec detected.
LOW 1
license.*1
  • File not found.
INFO 2
package.xml1
  • Missing author information in package.xml
Layout1
  • Uses exec based layout
Authors/Maintainers 1
HarryvL

FreeGrid main

A simple tools workbench for generating FreeGrid storage system components.

85.5 / 100

Repository

https://github.com/instancezero/in3dca-freegrid.git
main · 1 yr · 9 python files

Statistics

402
DL(Yr)
135
DL(Mo)
48
Stars
2
Issues
Manifest
Branch
main
Version
2.2.0
License
AGPL-3.0-or-later
Dependencies 3
  • Internal: PySide
  • Internal: Sketcher
  • Warn: setuptools (Not in AddonManager allowed packages)
Python Issues 11
HIGH 4
package.xml4
  • line 12: Element maintainer failed to validate attributes
  • line 14: Element maintainer failed to validate attributes
  • Extra element maintainer in interleave
  • line 14: Element package failed to validate content
MEDIUM 2
freecad/freegrid/resources/translations/update_crowdin.py2
  • line 173: Audit url open for permitted schemes. Allowing use of file:/ or custom schemes is often unexpected.
  • line 254: Audit url open for permitted schemes. Allowing use of file:/ or custom schemes is often unexpected.
LOW 5
freecad/freegrid/commands.py1
  • line 141: Standard pseudo-random generators are not suitable for security/cryptographic purposes.
freecad/freegrid/resources/translations/update_crowdin.py4
  • line 75: Consider possible security implications associated with the subprocess module.
  • line 408: subprocess call - check for execution of untrusted input.
  • line 409: subprocess call - check for execution of untrusted input.
  • line 413: subprocess call - check for execution of untrusted input.
INFO 1
Layout1
  • Uses extension based layout
Authors/Maintainers 3
hasecilu Alan Langford Michael K Johnson

freecad_streamdeck_addon main

FreeCAD addon to use an Elgato Stream Deck macropad as an input device.

85 / 100

Repository

https://github.com/Giraut/freecad_streamdeck_addon
main · 2 yr · 6 python files

Statistics

0
DL(Yr)
0
DL(Mo)
16
Stars
6
Issues
Manifest
Branch
main
Version
0.1.7
License
GPL-3.0-or-later
Dependencies 3
  • Internal: PySide
  • Warn: Pillow (Not in AddonManager allowed packages)
  • Warn: StreamDeck (Not in AddonManager allowed packages)
Python Issues 5
HIGH 5
streamdeck_addon.py2
  • line 102: Starting a process with a shell, possible injection detected, security issue.
  • line 493: Starting a process with a shell, possible injection detected, security issue.
package.xml3
  • line 2: Expecting an element maintainer, got nothing
  • line 2: Invalid sequence in interleave
  • line 2: Element package failed to validate content
INFO 2
package.xml1
  • Missing maintainers information in package.xml
Layout1
  • Uses exec based layout
Authors/Maintainers 1
Giraut

drawing_dimensioning

No description

84.5 / 100

Repository

https://github.com/Addon-Shelter/Drawing-Dimensioning
v0.19.4 · 0.19.4 · 5 mo · 59 python files

Statistics

0
DL(Yr)
0
DL(Mo)
0
Stars
0
Issues
Dependencies 4
  • Internal: PySide
  • Warn: dxfwrite (Not in AddonManager allowed packages)
  • Warn: matplotlib (Not in AddonManager allowed packages)
  • Warn: numpy (Not in AddonManager allowed packages)
Python Issues 14
HIGH 3
Gui/Resources/compile_resources_pack.py1
  • line 20: Starting a process with a shell, possible injection detected, security issue.
drawingDimensioning/unfold/export_to_dxf.py1
  • line 36: subprocess call with shell=True identified, security issue.
package.xml1
  • File not found.
MEDIUM 6
drawingDimensioning/proxies.py2
  • line 36: Pickle and modules that wrap it can be unsafe when used to deserialize untrusted data, possible security issue.
  • line 37: Pickle and modules that wrap it can be unsafe when used to deserialize untrusted data, possible security issue.
test/test_linear_dimension.py4
  • line 11: Using xml.dom.minidom.parseString to parse untrusted XML data is known to be vulnerable to XML attacks. Replace xml.dom.minidom.parseString with its defusedxml equivalent function or make sure defusedxml.defuse_stdlib() is called
  • line 22: Using xml.etree.ElementTree.fromstring to parse untrusted XML data is known to be vulnerable to XML attacks. Replace xml.etree.ElementTree.fromstring with its defusedxml equivalent function or make sure defusedxml.defuse_stdlib() is called
  • line 28: Using xml.etree.ElementTree.fromstring to parse untrusted XML data is known to be vulnerable to XML attacks. Replace xml.etree.ElementTree.fromstring with its defusedxml equivalent function or make sure defusedxml.defuse_stdlib() is called
  • line 34: Using xml.etree.ElementTree.fromstring to parse untrusted XML data is known to be vulnerable to XML attacks. Replace xml.etree.ElementTree.fromstring with its defusedxml equivalent function or make sure defusedxml.defuse_stdlib() is called
LOW 5
drawingDimensioning/proxies.py1
  • line 1: Consider possible security implications associated with pickle module.
drawingDimensioning/selectionOverlay/__init__.py1
  • line 10: Consider possible security implications associated with pickle module.
drawingDimensioning/unfold/export_to_dxf.py1
  • line 4: Consider possible security implications associated with the subprocess module.
test/test_linear_dimension.py2
  • line 8: Using xml.etree.ElementTree to parse untrusted XML data is known to be vulnerable to XML attacks. Replace xml.etree.ElementTree with the equivalent defusedxml package, or make sure defusedxml.defuse_stdlib() is called.
  • line 10: Using xml.dom.minidom to parse untrusted XML data is known to be vulnerable to XML attacks. Replace xml.dom.minidom with the equivalent defusedxml package, or make sure defusedxml.defuse_stdlib() is called.
INFO 1
Layout1
  • Uses exec based layout
Authors/Maintainers 0

FreeCAD-Ribbon main

A Ribbon interface for FreeCAD

84.2 / 100

Repository

https://github.com/APEbbers/FreeCAD-Ribbon
Develop · today · 50 python files

Statistics

0
DL(Yr)
0
DL(Mo)
97
Stars
4
Issues
Manifest
Branch
main
Version
1.11.0dev
License
GPL-3.0-or-later
Dependencies 6
  • Internal: PySide
  • Warn: GitPython (Not in AddonManager allowed packages)
  • Warn: Requests (Not in AddonManager allowed packages)
  • Warn: matplotlib (Not in AddonManager allowed packages)
  • Warn: numpy (Not in AddonManager allowed packages)
  • Warn: setuptools_scm (Not in AddonManager allowed packages)
Python Issues 35
HIGH 3
package.xml2
  • line 12: Element maintainer failed to validate attributes
  • Declared branch 'main' does not match git branch 'Develop'
Layout1
  • Invalid __init__.py file in root. Change to Init.py
MEDIUM 4
Standard_Functions_Ribbon.py3
  • line 497: Using xml.etree.ElementTree.parse to parse untrusted XML data is known to be vulnerable to XML attacks. Replace xml.etree.ElementTree.parse with its defusedxml equivalent function or make sure defusedxml.defuse_stdlib() is called
  • line 539: Audit url open for permitted schemes. Allowing use of file:/ or custom schemes is often unexpected.
  • line 541: Using xml.etree.ElementTree.fromstring to parse untrusted XML data is known to be vulnerable to XML attacks. Replace xml.etree.ElementTree.fromstring with its defusedxml equivalent function or make sure defusedxml.defuse_stdlib() is called
StyleMapping_Ribbon.py1
  • line 128: Using xml.etree.ElementTree.parse to parse untrusted XML data is known to be vulnerable to XML attacks. Replace xml.etree.ElementTree.parse with its defusedxml equivalent function or make sure defusedxml.defuse_stdlib() is called
LOW 28
CacheFunctions.py3
  • line 550: Try, Except, Continue detected.
  • line 595: Try, Except, Continue detected.
  • line 643: Try, Except, Continue detected.
FCBinding.py1
  • line 4064: Try, Except, Continue detected.
LoadAddCommands.py1
  • line 630: Try, Except, Continue detected.
LoadDesign_Ribbon.py5
  • line 2925: Try, Except, Continue detected.
  • line 4358: Try, Except, Continue detected.
  • line 4403: Try, Except, Continue detected.
  • line 4451: Try, Except, Continue detected.
  • line 4921: Try, Except, Continue detected.
Standard_Functions_Ribbon.py17
  • line 23: Using Element to parse untrusted XML data is known to be vulnerable to XML attacks. Replace Element with the equivalent defusedxml package, or make sure defusedxml.defuse_stdlib() is called.
  • line 255: Consider possible security implications associated with the subprocess module.
  • line 263: Starting a process with a partial executable path
  • line 263: subprocess call - check for execution of untrusted input.
  • line 265: Starting a process without a shell.
  • line 269: Starting a process with a partial executable path
  • line 269: subprocess call - check for execution of untrusted input.
  • line 271: Starting a process with a partial executable path
  • line 271: subprocess call - check for execution of untrusted input.
  • line 318: Consider possible security implications associated with the subprocess module.
  • line 325: subprocess call - check for execution of untrusted input.
  • line 327: Starting a process without a shell.
  • line 331: Starting a process with a partial executable path
  • line 331: subprocess call - check for execution of untrusted input.
  • line 490: Using xml.etree.ElementTree to parse untrusted XML data is known to be vulnerable to XML attacks. Replace xml.etree.ElementTree with the equivalent defusedxml package, or make sure defusedxml.defuse_stdlib() is called.
  • line 525: Using xml.etree.ElementTree to parse untrusted XML data is known to be vulnerable to XML attacks. Replace xml.etree.ElementTree with the equivalent defusedxml package, or make sure defusedxml.defuse_stdlib() is called.
  • line 965: Try, Except, Continue detected.
StyleMapping_Ribbon.py1
  • line 82: Using xml.etree.ElementTree to parse untrusted XML data is known to be vulnerable to XML attacks. Replace xml.etree.ElementTree with the equivalent defusedxml package, or make sure defusedxml.defuse_stdlib() is called.
INFO 2
package.xml1
  • Missing author information in package.xml
Layout1
  • Uses exec based layout
Authors/Maintainers 1
Paul Ebbers

AddonManager main

Tool to install workbenches, macros, themes, etc.

83.6 / 100

Repository

https://github.com/FreeCAD/AddonManager
main · 6 d · 99 python files

Statistics

10,630
DL(Yr)
1,894
DL(Mo)
9
Stars
42
Issues
Manifest
Branch
main
Version
2026.2.19
License
LGPL-2.1-or-later
Dependencies 10
  • Compat: PySide2
  • Compat: PySide6
  • Internal: PySide
  • Warn: Markdown (Not in AddonManager allowed packages)
  • Warn: Requests (Not in AddonManager allowed packages)
  • Warn: defusedxml (Not in AddonManager allowed packages)
  • Warn: freecad_addon_analyzer (Not in AddonManager allowed packages)
  • Warn: freecad_addon_analyzer.egg (Not in AddonManager allowed packages)
  • Warn: importlib_metadata (Not in AddonManager allowed packages)
  • Warn: pyfakefs (Not in AddonManager allowed packages)
Python Issues 52
HIGH 2
addonmanager_workers_startup.py2
  • line 520: Use of weak SHA1 hash for security. Consider usedforsecurity=False
  • line 521: Use of weak SHA1 hash for security. Consider usedforsecurity=False
MEDIUM 6
Resources/translations/run_translation_cycle.py2
  • line 88: Audit url open for permitted schemes. Allowing use of file:/ or custom schemes is often unexpected.
  • line 138: Audit url open for permitted schemes. Allowing use of file:/ or custom schemes is often unexpected.
addonmanager_icon_utilities.py1
  • line 64: Using xml.etree.ElementTree.fromstring to parse untrusted XML data is known to be vulnerable to XML attacks. Replace xml.etree.ElementTree.fromstring with its defusedxml equivalent function or make sure defusedxml.defuse_stdlib() is called
addonmanager_metadata.py1
  • line 264: Using xml.etree.ElementTree.fromstring to parse untrusted XML data is known to be vulnerable to XML attacks. Replace xml.etree.ElementTree.fromstring with its defusedxml equivalent function or make sure defusedxml.defuse_stdlib() is called
addonmanager_uninstaller.py1
  • line 151: Use of exec detected.
addonmanager_utilities.py1
  • line 444: Audit url open for permitted schemes. Allowing use of file:/ or custom schemes is often unexpected.
LOW 41
Addon.py1
  • line 32: Using xml.etree.ElementTree to parse untrusted XML data is known to be vulnerable to XML attacks. Replace xml.etree.ElementTree with the equivalent defusedxml package, or make sure defusedxml.defuse_stdlib() is called.
AddonCatalog.py1
  • line 28: Using xml.etree.ElementTree to parse untrusted XML data is known to be vulnerable to XML attacks. Replace xml.etree.ElementTree with the equivalent defusedxml package, or make sure defusedxml.defuse_stdlib() is called.
AddonCatalogCacheCreator.py24
  • line 38: Consider possible security implications associated with the subprocess module.
  • line 40: Using xml.etree.ElementTree to parse untrusted XML data is known to be vulnerable to XML attacks. Replace xml.etree.ElementTree with the equivalent defusedxml package, or make sure defusedxml.defuse_stdlib() is called.
  • line 388: subprocess call - check for execution of untrusted input.
  • line 404: subprocess call - check for execution of untrusted input.
  • line 409: subprocess call - check for execution of untrusted input.
  • line 415: subprocess call - check for execution of untrusted input.
  • line 446: Starting a process with a partial executable path
  • line 446: subprocess call - check for execution of untrusted input.
  • line 447: Starting a process with a partial executable path
  • line 447: subprocess call - check for execution of untrusted input.
  • line 448: Starting a process with a partial executable path
  • line 448: subprocess call - check for execution of untrusted input.
  • line 452: Starting a process with a partial executable path
  • line 452: subprocess call - check for execution of untrusted input.
  • line 457: Starting a process with a partial executable path
  • line 457: subprocess call - check for execution of untrusted input.
  • line 467: Starting a process with a partial executable path
  • line 467: subprocess call - check for execution of untrusted input.
  • line 481: Starting a process with a partial executable path
  • line 481: subprocess call - check for execution of untrusted input.
  • … 4 more issues
AddonManagerTest/app/test_dependency_installer.py1
  • line 24: Consider possible security implications associated with the subprocess module.
AddonManagerTest/app/test_python_deps.py1
  • line 23: Consider possible security implications associated with the subprocess module.
AddonManagerTest/app/test_utilities.py1
  • line 26: Consider possible security implications associated with the subprocess module.
Resources/translations/run_translation_cycle.py4
  • line 32: Consider possible security implications associated with the subprocess module.
  • line 188: Starting a process with a partial executable path
  • line 188: subprocess call - check for execution of untrusted input.
  • line 351: subprocess call - check for execution of untrusted input.
addonmanager_dependency_installer.py1
  • line 25: Consider possible security implications associated with the subprocess module.
addonmanager_git.py4
  • line 29: Consider possible security implications associated with the subprocess module.
  • line 438: Starting a process with a partial executable path
  • line 438: subprocess call - check for execution of untrusted input.
  • line 446: subprocess call - check for execution of untrusted input.
addonmanager_icon_utilities.py1
  • line 33: Using xml.etree.ElementTree to parse untrusted XML data is known to be vulnerable to XML attacks. Replace xml.etree.ElementTree with the equivalent defusedxml package, or make sure defusedxml.defuse_stdlib() is called.
addonmanager_metadata.py1
  • line 38: Using xml.etree.ElementTree to parse untrusted XML data is known to be vulnerable to XML attacks. Replace xml.etree.ElementTree with the equivalent defusedxml package, or make sure defusedxml.defuse_stdlib() is called.
addonmanager_python_deps.py1
  • line 30: Consider possible security implications associated with the subprocess module.
addonmanager_utilities.py2
  • line 33: Consider possible security implications associated with the subprocess module.
  • line 456: subprocess call - check for execution of untrusted input.
addonmanager_workers_startup.py1
  • line 29: Using xml.etree.ElementTree to parse untrusted XML data is known to be vulnerable to XML attacks. Replace xml.etree.ElementTree with the equivalent defusedxml package, or make sure defusedxml.defuse_stdlib() is called.
INFO 1
Layout1
  • Uses exec based layout
Authors/Maintainers 4
Jonathan Wiedemann Kurt Kremitzki Chris Hennes Yorik van Havre

AddonManager dev

Development branch of a tool to install workbenches, macros, themes, etc.

83.6 / 100

Repository

https://github.com/FreeCAD/AddonManager
dev · 6 d · 99 python files

Statistics

0
DL(Yr)
0
DL(Mo)
9
Stars
42
Issues
Manifest
Branch
dev
Version
2026.2.9dev
License
LGPL-2.1-or-later
Dependencies 10
  • Compat: PySide2
  • Compat: PySide6
  • Internal: PySide
  • Warn: Markdown (Not in AddonManager allowed packages)
  • Warn: Requests (Not in AddonManager allowed packages)
  • Warn: defusedxml (Not in AddonManager allowed packages)
  • Warn: freecad_addon_analyzer (Not in AddonManager allowed packages)
  • Warn: freecad_addon_analyzer.egg (Not in AddonManager allowed packages)
  • Warn: importlib_metadata (Not in AddonManager allowed packages)
  • Warn: pyfakefs (Not in AddonManager allowed packages)
Python Issues 52
HIGH 2
addonmanager_workers_startup.py2
  • line 521: Use of weak SHA1 hash for security. Consider usedforsecurity=False
  • line 522: Use of weak SHA1 hash for security. Consider usedforsecurity=False
MEDIUM 6
Resources/translations/run_translation_cycle.py2
  • line 89: Audit url open for permitted schemes. Allowing use of file:/ or custom schemes is often unexpected.
  • line 139: Audit url open for permitted schemes. Allowing use of file:/ or custom schemes is often unexpected.
addonmanager_icon_utilities.py1
  • line 65: Using xml.etree.ElementTree.fromstring to parse untrusted XML data is known to be vulnerable to XML attacks. Replace xml.etree.ElementTree.fromstring with its defusedxml equivalent function or make sure defusedxml.defuse_stdlib() is called
addonmanager_metadata.py1
  • line 264: Using xml.etree.ElementTree.fromstring to parse untrusted XML data is known to be vulnerable to XML attacks. Replace xml.etree.ElementTree.fromstring with its defusedxml equivalent function or make sure defusedxml.defuse_stdlib() is called
addonmanager_uninstaller.py1
  • line 152: Use of exec detected.
addonmanager_utilities.py1
  • line 443: Audit url open for permitted schemes. Allowing use of file:/ or custom schemes is often unexpected.
LOW 41
Addon.py1
  • line 32: Using xml.etree.ElementTree to parse untrusted XML data is known to be vulnerable to XML attacks. Replace xml.etree.ElementTree with the equivalent defusedxml package, or make sure defusedxml.defuse_stdlib() is called.
AddonCatalog.py1
  • line 28: Using xml.etree.ElementTree to parse untrusted XML data is known to be vulnerable to XML attacks. Replace xml.etree.ElementTree with the equivalent defusedxml package, or make sure defusedxml.defuse_stdlib() is called.
AddonCatalogCacheCreator.py24
  • line 40: Consider possible security implications associated with the subprocess module.
  • line 42: Using xml.etree.ElementTree to parse untrusted XML data is known to be vulnerable to XML attacks. Replace xml.etree.ElementTree with the equivalent defusedxml package, or make sure defusedxml.defuse_stdlib() is called.
  • line 449: subprocess call - check for execution of untrusted input.
  • line 465: subprocess call - check for execution of untrusted input.
  • line 470: subprocess call - check for execution of untrusted input.
  • line 476: subprocess call - check for execution of untrusted input.
  • line 507: Starting a process with a partial executable path
  • line 507: subprocess call - check for execution of untrusted input.
  • line 508: Starting a process with a partial executable path
  • line 508: subprocess call - check for execution of untrusted input.
  • line 509: Starting a process with a partial executable path
  • line 509: subprocess call - check for execution of untrusted input.
  • line 513: Starting a process with a partial executable path
  • line 513: subprocess call - check for execution of untrusted input.
  • line 518: Starting a process with a partial executable path
  • line 518: subprocess call - check for execution of untrusted input.
  • line 528: Starting a process with a partial executable path
  • line 528: subprocess call - check for execution of untrusted input.
  • line 542: Starting a process with a partial executable path
  • line 542: subprocess call - check for execution of untrusted input.
  • … 4 more issues
AddonManagerTest/app/test_dependency_installer.py1
  • line 24: Consider possible security implications associated with the subprocess module.
AddonManagerTest/app/test_python_deps.py1
  • line 23: Consider possible security implications associated with the subprocess module.
AddonManagerTest/app/test_utilities.py1
  • line 26: Consider possible security implications associated with the subprocess module.
Resources/translations/run_translation_cycle.py4
  • line 33: Consider possible security implications associated with the subprocess module.
  • line 189: Starting a process with a partial executable path
  • line 189: subprocess call - check for execution of untrusted input.
  • line 352: subprocess call - check for execution of untrusted input.
addonmanager_dependency_installer.py1
  • line 25: Consider possible security implications associated with the subprocess module.
addonmanager_git.py4
  • line 29: Consider possible security implications associated with the subprocess module.
  • line 438: Starting a process with a partial executable path
  • line 438: subprocess call - check for execution of untrusted input.
  • line 446: subprocess call - check for execution of untrusted input.
addonmanager_icon_utilities.py1
  • line 34: Using xml.etree.ElementTree to parse untrusted XML data is known to be vulnerable to XML attacks. Replace xml.etree.ElementTree with the equivalent defusedxml package, or make sure defusedxml.defuse_stdlib() is called.
addonmanager_metadata.py1
  • line 38: Using xml.etree.ElementTree to parse untrusted XML data is known to be vulnerable to XML attacks. Replace xml.etree.ElementTree with the equivalent defusedxml package, or make sure defusedxml.defuse_stdlib() is called.
addonmanager_python_deps.py1
  • line 30: Consider possible security implications associated with the subprocess module.
addonmanager_utilities.py2
  • line 33: Consider possible security implications associated with the subprocess module.
  • line 455: subprocess call - check for execution of untrusted input.
addonmanager_workers_startup.py1
  • line 30: Using xml.etree.ElementTree to parse untrusted XML data is known to be vulnerable to XML attacks. Replace xml.etree.ElementTree with the equivalent defusedxml package, or make sure defusedxml.defuse_stdlib() is called.
INFO 1
Layout1
  • Uses exec based layout
Authors/Maintainers 4
Jonathan Wiedemann Kurt Kremitzki Chris Hennes Yorik van Havre

Part-o-magic master

Experiment on FreeCAD-wide automation of Part container management

83.5 / 100

Repository

https://github.com/DeepSOIC/Part-o-magic
master · 1 mo · 62 python files

Statistics

0
DL(Yr)
0
DL(Mo)
15
Stars
27
Issues
Manifest
Branch
master
Version
1.1.0
License
LGPL-2.0-or-later
Dependencies 4
  • Internal: BOPTools
  • Internal: PySide
  • Internal: pivy
  • Warn: Show (Not in AddonManager allowed packages)
Python Issues 21
MEDIUM 16
PartOMagic/Base/FilePlant/FCObject.py1
  • line 99: Using xml.etree.ElementTree.fromstring to parse untrusted XML data is known to be vulnerable to XML attacks. Replace xml.etree.ElementTree.fromstring with its defusedxml equivalent function or make sure defusedxml.defuse_stdlib() is called
PartOMagic/Base/FilePlant/FCProject.py9
  • line 73: Using xml.etree.ElementTree.fromstring to parse untrusted XML data is known to be vulnerable to XML attacks. Replace xml.etree.ElementTree.fromstring with its defusedxml equivalent function or make sure defusedxml.defuse_stdlib() is called
  • line 78: Using xml.etree.ElementTree.fromstring to parse untrusted XML data is known to be vulnerable to XML attacks. Replace xml.etree.ElementTree.fromstring with its defusedxml equivalent function or make sure defusedxml.defuse_stdlib() is called
  • line 97: Using xml.etree.ElementTree.parse to parse untrusted XML data is known to be vulnerable to XML attacks. Replace xml.etree.ElementTree.parse with its defusedxml equivalent function or make sure defusedxml.defuse_stdlib() is called
  • line 99: Using xml.etree.ElementTree.parse to parse untrusted XML data is known to be vulnerable to XML attacks. Replace xml.etree.ElementTree.parse with its defusedxml equivalent function or make sure defusedxml.defuse_stdlib() is called
  • line 128: Using xml.etree.ElementTree.fromstring to parse untrusted XML data is known to be vulnerable to XML attacks. Replace xml.etree.ElementTree.fromstring with its defusedxml equivalent function or make sure defusedxml.defuse_stdlib() is called
  • line 133: Using xml.etree.ElementTree.parse to parse untrusted XML data is known to be vulnerable to XML attacks. Replace xml.etree.ElementTree.parse with its defusedxml equivalent function or make sure defusedxml.defuse_stdlib() is called
  • line 141: Using xml.etree.ElementTree.fromstring to parse untrusted XML data is known to be vulnerable to XML attacks. Replace xml.etree.ElementTree.fromstring with its defusedxml equivalent function or make sure defusedxml.defuse_stdlib() is called
  • line 144: Using xml.etree.ElementTree.parse to parse untrusted XML data is known to be vulnerable to XML attacks. Replace xml.etree.ElementTree.parse with its defusedxml equivalent function or make sure defusedxml.defuse_stdlib() is called
  • line 153: Using xml.etree.ElementTree.fromstring to parse untrusted XML data is known to be vulnerable to XML attacks. Replace xml.etree.ElementTree.fromstring with its defusedxml equivalent function or make sure defusedxml.defuse_stdlib() is called
PartOMagic/Base/FilePlant/FCProperty.py4
  • line 19: Using xml.etree.ElementTree.fromstring to parse untrusted XML data is known to be vulnerable to XML attacks. Replace xml.etree.ElementTree.fromstring with its defusedxml equivalent function or make sure defusedxml.defuse_stdlib() is called
  • line 171: Using xml.etree.ElementTree.fromstring to parse untrusted XML data is known to be vulnerable to XML attacks. Replace xml.etree.ElementTree.fromstring with its defusedxml equivalent function or make sure defusedxml.defuse_stdlib() is called
  • line 220: Using xml.etree.ElementTree.fromstring to parse untrusted XML data is known to be vulnerable to XML attacks. Replace xml.etree.ElementTree.fromstring with its defusedxml equivalent function or make sure defusedxml.defuse_stdlib() is called
  • line 269: Using xml.etree.ElementTree.fromstring to parse untrusted XML data is known to be vulnerable to XML attacks. Replace xml.etree.ElementTree.fromstring with its defusedxml equivalent function or make sure defusedxml.defuse_stdlib() is called
PartOMagic/Base/FilePlant/PropertyExpressionEngine.py2
  • line 81: Using xml.etree.ElementTree.fromstring to parse untrusted XML data is known to be vulnerable to XML attacks. Replace xml.etree.ElementTree.fromstring with its defusedxml equivalent function or make sure defusedxml.defuse_stdlib() is called
  • line 113: Using xml.etree.ElementTree.fromstring to parse untrusted XML data is known to be vulnerable to XML attacks. Replace xml.etree.ElementTree.fromstring with its defusedxml equivalent function or make sure defusedxml.defuse_stdlib() is called
LOW 5
PartOMagic/Base/FilePlant/FCObject.py1
  • line 2: Using ElementTree to parse untrusted XML data is known to be vulnerable to XML attacks. Replace ElementTree with the equivalent defusedxml package, or make sure defusedxml.defuse_stdlib() is called.
PartOMagic/Base/FilePlant/FCProject.py1
  • line 2: Using ElementTree to parse untrusted XML data is known to be vulnerable to XML attacks. Replace ElementTree with the equivalent defusedxml package, or make sure defusedxml.defuse_stdlib() is called.
PartOMagic/Base/FilePlant/FCProperty.py1
  • line 1: Using ElementTree to parse untrusted XML data is known to be vulnerable to XML attacks. Replace ElementTree with the equivalent defusedxml package, or make sure defusedxml.defuse_stdlib() is called.
PartOMagic/Base/FilePlant/PropertyExpressionEngine.py1
  • line 1: Using ElementTree to parse untrusted XML data is known to be vulnerable to XML attacks. Replace ElementTree with the equivalent defusedxml package, or make sure defusedxml.defuse_stdlib() is called.
PartOMagic/Gui/Tools/SelectionTools.py1
  • line 119: Try, Except, Continue detected.
INFO 2
package.xml1
  • Missing author information in package.xml
Layout1
  • Uses exec based layout
Authors/Maintainers 1
DeepSOIC

A2plus master

Another assembly workbench for FreeCAD, following and extending Hamish's Assembly 2 workbench hence Assembly2plus. The main goal of A2plus i...

83 / 100

Repository

https://github.com/kbwbe/A2plus
master · 1 mo · 38 python files

Statistics

6,550
DL(Yr)
2,411
DL(Mo)
203
Stars
49
Issues
Manifest
Branch
master
Version
0.4.68
License
LGPL-2.1-or-later
Dependencies 6
  • Compat: PySide2
  • Compat: PySide6
  • Internal: PySide
  • Internal: Spreadsheet
  • Internal: pivy
  • Warn: numpy (Not in AddonManager allowed packages)
Python Issues 45
HIGH 4
CD_ConstraintViewer.py1
  • line 258: subprocess call with shell=True identified, security issue.
GuiA2p/Resources/compile_resources_pack.py1
  • line 20: Starting a process with a shell, possible injection detected, security issue.
compileA2pResources.py1
  • line 57: Starting a process with a shell, possible injection detected, security issue.
Layout1
  • Invalid __init__.py file in root. Change to Init.py
MEDIUM 1
a2p_fcdocumentreader.py1
  • line 228: Using xml.etree.ElementTree.fromstring to parse untrusted XML data is known to be vulnerable to XML attacks. Replace xml.etree.ElementTree.fromstring with its defusedxml equivalent function or make sure defusedxml.defuse_stdlib() is called
LOW 40
CD_ConstraintViewer.py2
  • line 27: Consider possible security implications associated with the subprocess module.
  • line 298: Try, Except, Continue detected.
a2p_dependencies.py12
  • line 431: Standard pseudo-random generators are not suitable for security/cryptographic purposes.
  • line 432: Standard pseudo-random generators are not suitable for security/cryptographic purposes.
  • line 433: Standard pseudo-random generators are not suitable for security/cryptographic purposes.
  • line 665: Standard pseudo-random generators are not suitable for security/cryptographic purposes.
  • line 666: Standard pseudo-random generators are not suitable for security/cryptographic purposes.
  • line 667: Standard pseudo-random generators are not suitable for security/cryptographic purposes.
  • line 807: Standard pseudo-random generators are not suitable for security/cryptographic purposes.
  • line 808: Standard pseudo-random generators are not suitable for security/cryptographic purposes.
  • line 809: Standard pseudo-random generators are not suitable for security/cryptographic purposes.
  • line 847: Standard pseudo-random generators are not suitable for security/cryptographic purposes.
  • line 848: Standard pseudo-random generators are not suitable for security/cryptographic purposes.
  • line 849: Standard pseudo-random generators are not suitable for security/cryptographic purposes.
a2p_fcdocumentreader.py2
  • line 28: Using xml.etree.cElementTree to parse untrusted XML data is known to be vulnerable to XML attacks. Replace xml.etree.cElementTree with the equivalent defusedxml package, or make sure defusedxml.defuse_stdlib() is called.
  • line 30: Using xml.etree.ElementTree to parse untrusted XML data is known to be vulnerable to XML attacks. Replace xml.etree.ElementTree with the equivalent defusedxml package, or make sure defusedxml.defuse_stdlib() is called.
a2p_simpleXMLreader.py1
  • line 36: Using xml.sax.saxutils to parse untrusted XML data is known to be vulnerable to XML attacks. Replace xml.sax.saxutils with the equivalent defusedxml package, or make sure defusedxml.defuse_stdlib() is called.
compileA2pResources.py4
  • line 66: Starting a process with a shell: Seems safe, but may be changed in the future, consider rewriting without shell
  • line 66: Starting a process with a partial executable path
  • line 70: Starting a process with a shell: Seems safe, but may be changed in the future, consider rewriting without shell
  • line 70: Starting a process with a partial executable path
translations/update_ts.py19
  • line 29: Consider possible security implications associated with the subprocess module.
  • line 40: Starting a process with a shell: Seems safe, but may be changed in the future, consider rewriting without shell
  • line 40: Starting a process with a partial executable path
  • line 43: Starting a process with a shell: Seems safe, but may be changed in the future, consider rewriting without shell
  • line 43: Starting a process with a partial executable path
  • line 50: Starting a process with a shell: Seems safe, but may be changed in the future, consider rewriting without shell
  • line 50: Starting a process with a partial executable path
  • line 53: Starting a process with a shell: Seems safe, but may be changed in the future, consider rewriting without shell
  • line 53: Starting a process with a partial executable path
  • line 59: Starting a process with a shell: Seems safe, but may be changed in the future, consider rewriting without shell
  • line 59: Starting a process with a partial executable path
  • line 61: Starting a process with a shell: Seems safe, but may be changed in the future, consider rewriting without shell
  • line 61: Starting a process with a partial executable path
  • line 73: Starting a process with a shell: Seems safe, but may be changed in the future, consider rewriting without shell
  • line 73: Starting a process with a partial executable path
  • line 84: Starting a process with a shell: Seems safe, but may be changed in the future, consider rewriting without shell
  • line 84: Starting a process with a partial executable path
  • line 91: Starting a process with a shell: Seems safe, but may be changed in the future, consider rewriting without shell
  • line 91: Starting a process with a partial executable path
INFO 2
package.xml1
  • Missing author information in package.xml
Layout1
  • Uses exec based layout
Authors/Maintainers 1
kbwbe

FEM_FrontISTR master

A FreeCAD addon that enables a parallel nonliner FEM solver FrontISTR.

82.9 / 100

Repository

https://github.com/FrontISTR/FEM_FrontISTR
master · 8 mo · 29 python files

Statistics

221
DL(Yr)
116
DL(Mo)
36
Stars
0
Issues
Manifest
Branch
master
Version
0.2.0
License
LGPL-2.1-or-later
Dependencies 8
  • Internal: Draft
  • Internal: Fem
  • Internal: Mesh
  • Internal: PySide
  • Internal: Sketcher
  • Warn: femtools (Not in AddonManager allowed packages)
  • Warn: numpy (Not in AddonManager allowed packages)
  • Warn: six (Not in AddonManager allowed packages)
Python Issues 17
HIGH 5
fistrtools.py4
  • line 456: subprocess call with shell=True identified, security issue.
  • line 609: subprocess call with shell=True identified, security issue.
  • line 735: subprocess call with shell=True identified, security issue.
  • line 788: subprocess call with shell=True identified, security issue.
task_solver_fistrtools.py1
  • line 369: subprocess call with shell=True identified, security issue.
MEDIUM 1
fistrtools.py1
  • line 645: Audit url open for permitted schemes. Allowing use of file:/ or custom schemes is often unexpected.
LOW 11
femsolver_FrontISTR/tasks.py2
  • line 35: Consider possible security implications associated with the subprocess module.
  • line 88: subprocess call - check for execution of untrusted input.
fistrtools.py8
  • line 35: Consider possible security implications associated with the subprocess module.
  • line 430: Consider possible security implications associated with the subprocess module.
  • line 513: Starting a process with a partial executable path
  • line 513: subprocess call with shell=True seems safe, but may be changed in the future, consider rewriting without shell
  • line 531: Starting a process with a partial executable path
  • line 531: subprocess call with shell=True seems safe, but may be changed in the future, consider rewriting without shell
  • line 547: Starting a process with a partial executable path
  • line 547: subprocess call with shell=True seems safe, but may be changed in the future, consider rewriting without shell
task_solver_fistrtools.py1
  • line 343: Consider possible security implications associated with the subprocess module.
INFO 2
package.xml1
  • Missing author information in package.xml
Layout1
  • Uses exec based layout
Authors/Maintainers 1
FrontISTR-Commons

OSAFE master

This is a workbench for FreeCAD that creates foundation model from CSI ETABS model results.

82.4 / 100

Repository

https://github.com/ebrahimraeyat/OSAFE
master · 2 mo · 83 python files

Statistics

0
DL(Yr)
0
DL(Mo)
46
Stars
3
Issues
Manifest
Branch
master
Version
2022.05.29
License
LGPL-2.1-or-later
Dependencies 14
  • Internal: Arch
  • Internal: BOPTools
  • Internal: Draft
  • Internal: PySide
  • Internal: Sketcher
  • Internal: pivy
  • Warn: GitPython (Not in AddonManager allowed packages)
  • Warn: docx (Not in AddonManager allowed packages)
  • Warn: ezdxf (Not in AddonManager allowed packages)
  • Warn: matplotlib (Not in AddonManager allowed packages)
  • Warn: numpy (Not in AddonManager allowed packages)
  • Warn: pandas (Not in AddonManager allowed packages)
  • Warn: pytest (Not in AddonManager allowed packages)
  • Warn: wmi (Not in AddonManager allowed packages)
Python Issues 26
HIGH 3
package.xml3
  • line 1: Expecting an element date, got nothing
  • line 1: Invalid sequence in interleave
  • line 1: Element package failed to validate content
MEDIUM 7
check_legal.py1
  • line 109: Audit url open for permitted schemes. Allowing use of file:/ or custom schemes is often unexpected.
osafe_funcs/osafe_funcs.py4
  • line 474: Use of possibly insecure function - consider using safer ast.literal_eval.
  • line 482: Use of possibly insecure function - consider using safer ast.literal_eval.
  • line 486: Use of possibly insecure function - consider using safer ast.literal_eval.
  • line 489: Use of possibly insecure function - consider using safer ast.literal_eval.
osafe_objects/punch.py2
  • line 672: Use of possibly insecure function - consider using safer ast.literal_eval.
  • line 673: Use of possibly insecure function - consider using safer ast.literal_eval.
LOW 16
check_legal.py3
  • line 4: Consider possible security implications associated with the subprocess module.
  • line 31: Starting a process with a partial executable path
  • line 31: subprocess call - check for execution of untrusted input.
old_punch/foundraw/safe.py1
  • line 100: Try, Except, Continue detected.
old_punch/safe.py1
  • line 126: Try, Except, Continue detected.
osafe_funcs/osafe_funcs.py1
  • line 1836: Try, Except, Continue detected.
osafe_import_export/export.py4
  • line 118: Starting a process without a shell.
  • line 131: Starting a process without a shell.
  • line 154: Standard pseudo-random generators are not suitable for security/cryptographic purposes.
  • line 216: Starting a process without a shell.
osafe_import_export/report.py4
  • line 13: Consider possible security implications associated with the subprocess module.
  • line 16: Starting a process with a partial executable path
  • line 16: subprocess call - check for execution of untrusted input.
  • line 343: Starting a process without a shell.
osafe_import_export/safe_read_write_f2k.py1
  • line 103: Try, Except, Continue detected.
test/osafe_import_export/test_safe_read_write_f2k.py1
  • line 76: Try, Except, Continue detected.
INFO 2
package.xml1
  • Missing author information in package.xml
Layout1
  • Uses exec based layout
Authors/Maintainers 1
Raeyat Roknabadi Ebrahim

FEMbyGEN master

Parametric Finite Element Analysis(FEM)

81.9 / 100

Repository

https://github.com/Serince/FEMbyGEN
master · 3 mo · 28 python files

Statistics

742
DL(Yr)
186
DL(Mo)
46
Stars
4
Issues
Manifest
Branch
master
Version
2.5.2
License
LGPL-2.1-only
Dependencies 11
  • Compat: PySide2
  • Compat: PySide6
  • Internal: Fem
  • Internal: Mesh
  • Internal: PySide
  • Warn: femtools (Not in AddonManager allowed packages)
  • Warn: freecad_addon_analyzer (Not in AddonManager allowed packages)
  • Warn: freecad_addon_analyzer.egg (Not in AddonManager allowed packages)
  • Warn: matplotlib (Not in AddonManager allowed packages)
  • Warn: numpy (Not in AddonManager allowed packages)
  • Warn: scipy (Not in AddonManager allowed packages)
Python Issues 13
HIGH 3
package.xml3
  • line 2: Expecting an element date, got nothing
  • line 2: Invalid sequence in interleave
  • line 2: Element package failed to validate content
MEDIUM 9
fembygen/design/pydoe2/build_regression_matrix.py2
  • line 88: Use of possibly insecure function - consider using safer ast.literal_eval.
  • line 93: Use of possibly insecure function - consider using safer ast.literal_eval.
fembygen/topology/beso_lib.py6
  • line 696: Use of possibly insecure function - consider using safer ast.literal_eval.
  • line 866: Use of possibly insecure function - consider using safer ast.literal_eval.
  • line 974: Use of possibly insecure function - consider using safer ast.literal_eval.
  • line 1030: Use of possibly insecure function - consider using safer ast.literal_eval.
  • line 1067: Use of possibly insecure function - consider using safer ast.literal_eval.
  • line 1115: Use of possibly insecure function - consider using safer ast.literal_eval.
fembygen/topology/beso_main.py1
  • line 431: Function call with shell=True parameter identified, possible security issue.
LOW 1
fembygen/topology/beso_main.py1
  • line 9: Consider possible security implications associated with the subprocess module.
INFO 2
package.xml1
  • Missing author information in package.xml
Layout1
  • Uses exec based layout
Authors/Maintainers 1
Serdar T. Ince

Rocket master

A workbench for designing model rockets.

81.5 / 100

Repository

https://github.com/davesrocketshop/Rocket
· v3.3.0 · 2 yr · 266 python files

Statistics

0
DL(Yr)
0
DL(Mo)
74
Stars
8
Issues
Manifest
Branch
master
Version
3.3.0
License
LGPLv2.1
Dependencies 8
  • Compat: PySide2
  • Internal: Fem
  • Internal: PySide
  • Internal: Sketcher
  • Internal: pivy
  • Warn: matplotlib (Not in AddonManager allowed packages)
  • Warn: numpy (Not in AddonManager allowed packages)
  • Warn: pycurl (Not in AddonManager allowed packages)
Python Issues 15
HIGH 4
util/updateTranslations.py3
  • line 141: Starting a process with a shell, possible injection detected, security issue.
  • line 181: Starting a process with a shell, possible injection detected, security issue.
  • line 201: Starting a process with a shell, possible injection detected, security issue.
package.xml1
  • Declared branch 'master' does not match git branch ''
MEDIUM 6
Rocket/Importer/OpenRocket/OpenRocket.py1
  • line 157: Using xml.sax.make_parser to parse untrusted XML data is known to be vulnerable to XML attacks. Replace xml.sax.make_parser with its defusedxml equivalent function or make sure defusedxml.defuse_stdlib() is called
Rocket/Importer/RASAero/RASAero.py1
  • line 182: Using xml.sax.make_parser to parse untrusted XML data is known to be vulnerable to XML attacks. Replace xml.sax.make_parser with its defusedxml equivalent function or make sure defusedxml.defuse_stdlib() is called
Rocket/Parts/Material.py1
  • line 161: Possible SQL injection vector through string-based query construction.
Rocket/Parts/PartDatabase.py1
  • line 142: Using xml.sax.make_parser to parse untrusted XML data is known to be vulnerable to XML attacks. Replace xml.sax.make_parser with its defusedxml equivalent function or make sure defusedxml.defuse_stdlib() is called
util/updateTranslations.py2
  • line 194: Using xml.sax.parseString to parse untrusted XML data is known to be vulnerable to XML attacks. Replace xml.sax.parseString with its defusedxml equivalent function or make sure defusedxml.defuse_stdlib() is called
  • line 215: Using xml.sax.parseString to parse untrusted XML data is known to be vulnerable to XML attacks. Replace xml.sax.parseString with its defusedxml equivalent function or make sure defusedxml.defuse_stdlib() is called
LOW 5
Rocket/Importer/OpenRocket/OpenRocket.py1
  • line 33: Using xml.sax to parse untrusted XML data is known to be vulnerable to XML attacks. Replace xml.sax with the equivalent defusedxml package, or make sure defusedxml.defuse_stdlib() is called.
Rocket/Importer/RASAero/RASAero.py1
  • line 33: Using xml.sax to parse untrusted XML data is known to be vulnerable to XML attacks. Replace xml.sax with the equivalent defusedxml package, or make sure defusedxml.defuse_stdlib() is called.
Rocket/Parts/PartDatabase.py1
  • line 31: Using xml.sax to parse untrusted XML data is known to be vulnerable to XML attacks. Replace xml.sax with the equivalent defusedxml package, or make sure defusedxml.defuse_stdlib() is called.
Rocket/Parts/PartDatabaseOrcImporter.py1
  • line 29: Using xml.sax to parse untrusted XML data is known to be vulnerable to XML attacks. Replace xml.sax with the equivalent defusedxml package, or make sure defusedxml.defuse_stdlib() is called.
util/updateTranslations.py1
  • line 54: Using xml.sax to parse untrusted XML data is known to be vulnerable to XML attacks. Replace xml.sax with the equivalent defusedxml package, or make sure defusedxml.defuse_stdlib() is called.
INFO 2
package.xml1
  • Missing author information in package.xml
Layout1
  • Uses exec based layout
Authors/Maintainers 1
David Carter

freecad.optics_design_workbench master

Physically accurate forward ray tracing for optics simulation and optimization with FreeCAD workbench frontend.

79.8 / 100

Repository

https://github.com/zaphB/freecad.optics_design_workbench
master · 10 d · 43 python files

Statistics

359
DL(Yr)
169
DL(Mo)
11
Stars
0
Issues
Manifest
Branch
master
Version
0.7.3
License
LGPL-3.0-or-later
Dependencies 13
  • Compat: PySide2
  • Compat: PySide6
  • Internal: PySide
  • Warn: atomicwrites (Not in AddonManager allowed packages)
  • Warn: cloudpickle (Not in AddonManager allowed packages)
  • Warn: ipython (Not in AddonManager allowed packages)
  • Warn: matplotlib (Not in AddonManager allowed packages)
  • Warn: numpy (Not in AddonManager allowed packages)
  • Warn: pandas (Not in AddonManager allowed packages)
  • Warn: pytest (Not in AddonManager allowed packages)
  • Warn: scipy (Not in AddonManager allowed packages)
  • Warn: seaborn (Not in AddonManager allowed packages)
  • Warn: sympy (Not in AddonManager allowed packages)
Python Issues 52
HIGH 3
test/0-python/z-notebooks.py1
  • line 32: subprocess call with shell=True identified, security issue.
test/1-freecad/run-simulations.py1
  • line 246: subprocess call with shell=True identified, security issue.
package.xml1
  • line 13: Missing license file 'LICENSE'
MEDIUM 7
freecad/optics_design_workbench/freecad_elements/point_source.py2
  • line 185: Use of possibly insecure function - consider using safer ast.literal_eval.
  • line 195: Use of possibly insecure function - consider using safer ast.literal_eval.
freecad/optics_design_workbench/jupyter_utils/freecad_document.py3
  • line 314: Use of possibly insecure function - consider using safer ast.literal_eval.
  • line 562: Use of possibly insecure function - consider using safer ast.literal_eval.
  • line 563: Use of possibly insecure function - consider using safer ast.literal_eval.
freecad/optics_design_workbench/jupyter_utils/parameter_sweeper.py2
  • line 57: Pickle and modules that wrap it can be unsafe when used to deserialize untrusted data, possible security issue.
  • line 72: Probable insecure usage of temp file/directory.
LOW 42
dev/update-packagexml.py3
  • line 3: Consider possible security implications associated with the subprocess module.
  • line 11: subprocess call - check for execution of untrusted input.
  • line 21: subprocess call - check for execution of untrusted input.
freecad/optics_design_workbench/detect_pyside.py3
  • line 8: Consider possible security implications associated with the subprocess module.
  • line 16: Starting a process with a partial executable path
  • line 16: subprocess call - check for execution of untrusted input.
freecad/optics_design_workbench/distributions/random_number_generator.py1
  • line 548: Standard pseudo-random generators are not suitable for security/cryptographic purposes.
freecad/optics_design_workbench/freecad_elements/ray.py2
  • line 358: Standard pseudo-random generators are not suitable for security/cryptographic purposes.
  • line 358: Standard pseudo-random generators are not suitable for security/cryptographic purposes.
freecad/optics_design_workbench/freecad_elements/surface_source.py1
  • line 444: Standard pseudo-random generators are not suitable for security/cryptographic purposes.
freecad/optics_design_workbench/io.py2
  • line 13: Consider possible security implications associated with pickle module.
  • line 145: Standard pseudo-random generators are not suitable for security/cryptographic purposes.
freecad/optics_design_workbench/jupyter_utils/freecad_document.py10
  • line 13: Consider possible security implications associated with the subprocess module.
  • line 85: Starting a process with a partial executable path
  • line 85: subprocess call - check for execution of untrusted input.
  • line 97: subprocess call - check for execution of untrusted input.
  • line 213: Standard pseudo-random generators are not suitable for security/cryptographic purposes.
  • line 237: Standard pseudo-random generators are not suitable for security/cryptographic purposes.
  • line 646: Standard pseudo-random generators are not suitable for security/cryptographic purposes.
  • line 725: subprocess call - check for execution of untrusted input.
  • line 898: Standard pseudo-random generators are not suitable for security/cryptographic purposes.
  • line 1106: subprocess call - check for execution of untrusted input.
freecad/optics_design_workbench/jupyter_utils/parameter_sweeper.py4
  • line 25: Consider possible security implications associated with pickle module.
  • line 72: Standard pseudo-random generators are not suitable for security/cryptographic purposes.
  • line 77: Standard pseudo-random generators are not suitable for security/cryptographic purposes.
  • line 548: Standard pseudo-random generators are not suitable for security/cryptographic purposes.
freecad/optics_design_workbench/simulation/processes/simulation_loop.py3
  • line 36: Consider possible security implications associated with the subprocess module.
  • line 623: Starting a process with a partial executable path
  • line 623: subprocess call - check for execution of untrusted input.
freecad/optics_design_workbench/simulation/processes/worker_process.py3
  • line 12: Consider possible security implications associated with the subprocess module.
  • line 45: Standard pseudo-random generators are not suitable for security/cryptographic purposes.
  • line 59: subprocess call - check for execution of untrusted input.
freecad/optics_design_workbench/simulation/results_store.py6
  • line 15: Consider possible security implications associated with pickle module.
  • line 256: Standard pseudo-random generators are not suitable for security/cryptographic purposes.
  • line 257: Standard pseudo-random generators are not suitable for security/cryptographic purposes.
  • line 438: Standard pseudo-random generators are not suitable for security/cryptographic purposes.
  • line 448: Standard pseudo-random generators are not suitable for security/cryptographic purposes.
  • line 456: Standard pseudo-random generators are not suitable for security/cryptographic purposes.
test/0-python/z-notebooks.py1
  • line 9: Consider possible security implications associated with the subprocess module.
test/1-freecad/run-simulations.py3
  • line 14: Consider possible security implications associated with the subprocess module.
  • line 17: Consider possible security implications associated with pickle module.
  • line 42: subprocess call - check for execution of untrusted input.
INFO 2
package.xml1
  • Missing author information in package.xml
Layout1
  • Uses extension based layout
Authors/Maintainers 1
Philipp Bredol

GDML Main

An external workbench for creating GDML models for Geant4 and Root

79.3 / 100

Repository

https://github.com/KeithSloan/GDML
Main · 2 mo · 66 python files

Statistics

0
DL(Yr)
0
DL(Mo)
70
Stars
55
Issues
Manifest
Branch
Main
Version
2.0.1 Beta
License
LGPL-2.1
Dependencies 11
  • Compat: PySide2
  • Internal: Draft
  • Internal: Mesh
  • Internal: PySide
  • Internal: Sketcher
  • Internal: Spreadsheet
  • Warn: PyQt5 (Not in AddonManager allowed packages)
  • Warn: gmsh (Not in AddonManager allowed packages)
  • Warn: importers (Not in AddonManager allowed packages)
  • Warn: lxml (Not in AddonManager allowed packages)
  • Warn: numpy (Not in AddonManager allowed packages)
Python Issues 36
MEDIUM 19
Utils.save/buildDirStruct.py1
  • line 17: Using xml.etree.ElementTree.parse to parse untrusted XML data is known to be vulnerable to XML attacks. Replace xml.etree.ElementTree.parse with its defusedxml equivalent function or make sure defusedxml.defuse_stdlib() is called
Utils/buildDirStruct.py1
  • line 17: Using xml.etree.ElementTree.parse to parse untrusted XML data is known to be vulnerable to XML attacks. Replace xml.etree.ElementTree.parse with its defusedxml equivalent function or make sure defusedxml.defuse_stdlib() is called
freecad/gdml/GDMLShared.py12
  • line 111: Use of possibly insecure function - consider using safer ast.literal_eval.
  • line 199: Use of possibly insecure function - consider using safer ast.literal_eval.
  • line 248: Use of possibly insecure function - consider using safer ast.literal_eval.
  • line 312: Use of possibly insecure function - consider using safer ast.literal_eval.
  • line 882: Use of possibly insecure function - consider using safer ast.literal_eval.
  • line 1189: Use of possibly insecure function - consider using safer ast.literal_eval.
  • line 1192: Use of possibly insecure function - consider using safer ast.literal_eval.
  • line 1195: Use of possibly insecure function - consider using safer ast.literal_eval.
  • line 1311: Use of possibly insecure function - consider using safer ast.literal_eval.
  • line 1312: Use of possibly insecure function - consider using safer ast.literal_eval.
  • line 1317: Use of possibly insecure function - consider using safer ast.literal_eval.
  • line 1322: Use of possibly insecure function - consider using safer ast.literal_eval.
freecad/gdml/GmshUtils.py3
  • line 85: Probable insecure usage of temp file/directory.
  • line 653: Probable insecure usage of temp file/directory.
  • line 1209: Probable insecure usage of temp file/directory.
freecad/gdml/importGDML.py2
  • line 3089: Probable insecure usage of temp file/directory.
  • line 3138: Using xml.etree.ElementTree.parse to parse untrusted XML data is known to be vulnerable to XML attacks. Replace xml.etree.ElementTree.parse with its defusedxml equivalent function or make sure defusedxml.defuse_stdlib() is called
LOW 17
CommandLine/convertObj.py1
  • line 279: Using xml.etree.ElementTree to parse untrusted XML data is known to be vulnerable to XML attacks. Replace xml.etree.ElementTree with the equivalent defusedxml package, or make sure defusedxml.defuse_stdlib() is called.
Macros/calcCenterOfMass.py3
  • line 125: Standard pseudo-random generators are not suitable for security/cryptographic purposes.
  • line 126: Standard pseudo-random generators are not suitable for security/cryptographic purposes.
  • line 127: Standard pseudo-random generators are not suitable for security/cryptographic purposes.
Utils.save/buildDirStruct.py1
  • line 15: Using xml.etree.ElementTree to parse untrusted XML data is known to be vulnerable to XML attacks. Replace xml.etree.ElementTree with the equivalent defusedxml package, or make sure defusedxml.defuse_stdlib() is called.
Utils.save/convertObj.py1
  • line 237: Using xml.etree.ElementTree to parse untrusted XML data is known to be vulnerable to XML attacks. Replace xml.etree.ElementTree with the equivalent defusedxml package, or make sure defusedxml.defuse_stdlib() is called.
Utils/buildDirStruct.py1
  • line 15: Using xml.etree.ElementTree to parse untrusted XML data is known to be vulnerable to XML attacks. Replace xml.etree.ElementTree with the equivalent defusedxml package, or make sure defusedxml.defuse_stdlib() is called.
Utils/calcCenterOfMass.py3
  • line 125: Standard pseudo-random generators are not suitable for security/cryptographic purposes.
  • line 126: Standard pseudo-random generators are not suitable for security/cryptographic purposes.
  • line 127: Standard pseudo-random generators are not suitable for security/cryptographic purposes.
freecad/gdml/GDMLObjects.py3
  • line 4719: Standard pseudo-random generators are not suitable for security/cryptographic purposes.
  • line 4719: Standard pseudo-random generators are not suitable for security/cryptographic purposes.
  • line 4719: Standard pseudo-random generators are not suitable for security/cryptographic purposes.
freecad/gdml/exportGDML.py2
  • line 60: Using xml.etree.ElementTree to parse untrusted XML data is known to be vulnerable to XML attacks. Replace xml.etree.ElementTree with the equivalent defusedxml package, or make sure defusedxml.defuse_stdlib() is called.
  • line 6019: Standard pseudo-random generators are not suitable for security/cryptographic purposes.
freecad/gdml/importGDML.py1
  • line 3130: Using xml.etree.ElementTree to parse untrusted XML data is known to be vulnerable to XML attacks. Replace xml.etree.ElementTree with the equivalent defusedxml package, or make sure defusedxml.defuse_stdlib() is called.
freecad/gdml/preProcessLoops.py1
  • line 13: Using xml.etree.ElementTree to parse untrusted XML data is known to be vulnerable to XML attacks. Replace xml.etree.ElementTree with the equivalent defusedxml package, or make sure defusedxml.defuse_stdlib() is called.
INFO 2
package.xml1
  • Missing author information in package.xml
Layout1
  • Uses extension based layout
Authors/Maintainers 1
Keith Sloan

Cfd

No description

77.3 / 100

Repository

https://github.com/qingfengxia/Cfd
master · 4 yr · 66 python files

Statistics

0
DL(Yr)
0
DL(Mo)
211
Stars
4
Issues
Dependencies 13
  • Compat: PySide2
  • Internal: Fem
  • Internal: Plot
  • Internal: PySide
  • Internal: pivy
  • Warn: FemTools (Not in AddonManager allowed packages)
  • Warn: PyFoam (Not in AddonManager allowed packages)
  • Warn: PyQt4 (Not in AddonManager allowed packages)
  • Warn: dolfin (Not in AddonManager allowed packages)
  • Warn: femtools (Not in AddonManager allowed packages)
  • Warn: matplotlib (Not in AddonManager allowed packages)
  • Warn: numpy (Not in AddonManager allowed packages)
  • Warn: six (Not in AddonManager allowed packages)
Python Issues 46
HIGH 5
FoamCaseBuilder/config.py1
  • line 23: subprocess call with shell=True identified, security issue.
FoamCaseBuilder/test/TestRunFoamApplication.py1
  • line 43: subprocess call with shell=True identified, security issue.
FoamCaseBuilder/utility.py1
  • line 454: subprocess call with shell=True identified, security issue.
importGmshMesh.py1
  • line 116: subprocess call with shell=True identified, security issue.
package.xml1
  • File not found.
MEDIUM 4
CfdExample.py1
  • line 80: Probable insecure usage of temp file/directory.
CfdTools.py2
  • line 75: Probable insecure usage of temp file/directory.
  • line 76: Probable insecure usage of temp file/directory.
FoamCaseBuilder/test/TestBuilder.py1
  • line 42: Probable insecure usage of temp file/directory.
LOW 37
CaeMesherGmsh.py2
  • line 29: Consider possible security implications associated with the subprocess module.
  • line 685: subprocess call - check for execution of untrusted input.
CfdFoamTools.py5
  • line 39: Consider possible security implications associated with the subprocess module.
  • line 45: Consider possible security implications associated with the subprocess module.
  • line 211: Consider possible security implications associated with the subprocess module.
  • line 302: Starting a process with a partial executable path
  • line 302: subprocess call - check for execution of untrusted input.
CfdRunnableFenics.py7
  • line 53: Consider possible security implications associated with the subprocess module.
  • line 58: Starting a process with a partial executable path
  • line 58: subprocess call - check for execution of untrusted input.
  • line 60: Starting a process with a partial executable path
  • line 60: subprocess call - check for execution of untrusted input.
  • line 62: Starting a process with a partial executable path
  • line 62: subprocess call - check for execution of untrusted input.
FoamCaseBuilder/BasicBuilder.py7
  • line 470: Consider possible security implications associated with the subprocess module.
  • line 474: Starting a process with a partial executable path
  • line 474: subprocess call - check for execution of untrusted input.
  • line 476: Starting a process with a partial executable path
  • line 476: subprocess call - check for execution of untrusted input.
  • line 478: Starting a process with a partial executable path
  • line 478: subprocess call - check for execution of untrusted input.
FoamCaseBuilder/config.py3
  • line 7: Consider possible security implications associated with the subprocess module.
  • line 75: subprocess call - check for execution of untrusted input.
  • line 131: subprocess call - check for execution of untrusted input.
FoamCaseBuilder/test/TestRunFoamApplication.py7
  • line 26: Consider possible security implications associated with the subprocess module.
  • line 88: subprocess call - check for execution of untrusted input.
  • line 129: Starting a process with a partial executable path
  • line 129: subprocess call - check for execution of untrusted input.
  • line 163: subprocess call - check for execution of untrusted input.
  • line 180: Starting a process with a partial executable path
  • line 180: subprocess call - check for execution of untrusted input.
FoamCaseBuilder/utility.py3
  • line 40: Consider possible security implications associated with the subprocess module.
  • line 58: subprocess call - check for execution of untrusted input.
  • line 64: subprocess call - check for execution of untrusted input.
cfdguiobjects/_TaskPanelCfdSolverControl.py1
  • line 36: Consider possible security implications associated with the subprocess module.
importGmshMesh.py1
  • line 34: Consider possible security implications associated with the subprocess module.
license.*1
  • File not found.
INFO 1
Layout1
  • Uses exec based layout
Authors/Maintainers 0

kicadStepUpMod master

A bidirectional ECAD/MCAD collaboration between KiCAD and FreeCAD.

76.9 / 100

Repository

https://github.com/easyw/kicadStepUpMod
master · 4 mo · 34 python files

Statistics

4,376
DL(Yr)
1,051
DL(Mo)
631
Stars
37
Issues
Manifest
Branch
master
Version
11.08.2
License
AGPLv3.0
Dependencies 17
  • Internal: BOPTools
  • Internal: Draft
  • Internal: Mesh
  • Internal: PySide
  • Internal: Sketcher
  • Internal: TechDraw
  • Internal: pivy
  • Warn: Aligner (Not in AddonManager allowed packages)
  • Warn: Caliper (Not in AddonManager allowed packages)
  • Warn: Mover (Not in AddonManager allowed packages)
  • Warn: Path (Not in AddonManager allowed packages)
  • Warn: Requests (Not in AddonManager allowed packages)
  • Warn: ezdxf (Not in AddonManager allowed packages)
  • Warn: freecad_addon_analyzer (Not in AddonManager allowed packages)
  • Warn: freecad_addon_analyzer.egg (Not in AddonManager allowed packages)
  • Warn: numpy (Not in AddonManager allowed packages)
  • Warn: stepZ (Not in AddonManager allowed packages)
Python Issues 21
HIGH 6
kicadStepUpCMD.py2
  • line 4668: Starting a process with a shell, possible injection detected, security issue.
  • line 4671: subprocess call with shell=True identified, security issue.
package.xml4
  • line 2: Expecting an element date, got nothing
  • line 2: Invalid sequence in interleave
  • line 2: Element package failed to validate content
  • line 7: Missing license file 'LICENSE'
MEDIUM 4
InitGui.py1
  • line 433: Possible SQL injection vector through string-based query construction.
commits_num.py3
  • line 11: Call to requests without timeout
  • line 22: Audit url open for permitted schemes. Allowing use of file:/ or custom schemes is often unexpected.
  • line 52: Call to requests without timeout
LOW 11
fps.py2
  • line 195: Standard pseudo-random generators are not suitable for security/cryptographic purposes.
  • line 216: Standard pseudo-random generators are not suitable for security/cryptographic purposes.
kicadStepUpCMD.py5
  • line 4655: Consider possible security implications associated with the subprocess module.
  • line 4662: Starting a process with a partial executable path
  • line 4662: subprocess call - check for execution of untrusted input.
  • line 4664: Starting a process with a partial executable path
  • line 4664: subprocess call - check for execution of untrusted input.
kicad_parser.py1
  • line 1294: Try, Except, Continue detected.
tracks.py2
  • line 206: Standard pseudo-random generators are not suitable for security/cryptographic purposes.
  • line 236: Standard pseudo-random generators are not suitable for security/cryptographic purposes.
license.*1
  • File not found.
INFO 2
package.xml1
  • Missing author information in package.xml
Layout1
  • Uses exec based layout
Authors/Maintainers 1
Maui

WebTools master

A collection of tools to work with web services

76.4 / 100

Repository

https://github.com/yorikvanhavre/WebTools
master · 7 mo · 10 python files

Statistics

0
DL(Yr)
0
DL(Mo)
27
Stars
10
Issues
Manifest
Branch
master
Version
1.0.0
License
LGPL-2.1-or-later
Dependencies 7
  • Internal: Draft
  • Internal: Mesh
  • Internal: PySide
  • Warn: GitPython (Not in AddonManager allowed packages)
  • Warn: Requests (Not in AddonManager allowed packages)
  • Warn: ifcopenshell (Not in AddonManager allowed packages)
  • Warn: importers (Not in AddonManager allowed packages)
Python Issues 27
HIGH 1
package.xml1
  • line 10: Missing license file 'LICENSE'
MEDIUM 20
BIMServer.py11
  • line 141: Call to requests without timeout
  • line 178: Call to requests without timeout
  • line 191: Call to requests without timeout
  • line 220: Call to requests without timeout
  • line 246: Call to requests without timeout
  • line 263: Call to requests without timeout
  • line 271: Call to requests without timeout
  • line 282: Use of insecure and deprecated function (mktemp).
  • line 305: Call to requests without timeout
  • line 324: Use of insecure and deprecated function (mktemp).
  • line 338: Call to requests without timeout
Sketchfab.py3
  • line 258: Call to requests without timeout
  • line 301: Call to requests without timeout
  • line 343: Call to requests without timeout
Speckle.py6
  • line 31: Call to requests without timeout
  • line 42: Call to requests without timeout
  • line 53: Call to requests without timeout
  • line 63: Call to requests without timeout
  • line 116: Call to requests without timeout
  • line 133: Using xml.sax.make_parser to parse untrusted XML data is known to be vulnerable to XML attacks. Replace xml.sax.make_parser with its defusedxml equivalent function or make sure defusedxml.defuse_stdlib() is called
LOW 6
Sketchfab.py1
  • line 46: Possible hardcoded password: 'https://sketchfab.com/settings/password'
Speckle.py1
  • line 23: Using xml.sax to parse untrusted XML data is known to be vulnerable to XML attacks. Replace xml.sax with the equivalent defusedxml package, or make sure defusedxml.defuse_stdlib() is called.
tools/metadata.py3
  • line 22: Consider possible security implications associated with the subprocess module.
  • line 29: Consider possible security implications associated with the subprocess module.
  • line 30: subprocess call - check for execution of untrusted input.
license.*1
  • File not found.
INFO 2
package.xml1
  • Missing author information in package.xml
Layout1
  • Uses exec based layout
Authors/Maintainers 1
Yorik van Havre

Manipulator master

A handy way to Move and Align objects in FreeCAD.

74.6 / 100

Repository

https://github.com/easyw/Manipulator
master · 6 d · 10 python files

Statistics

4,115
DL(Yr)
1,629
DL(Mo)
74
Stars
24
Issues
Manifest
Branch
master
Version
1.6.4
License
GPLv3.0
Dependencies 9
  • Internal: Arch
  • Internal: Draft
  • Internal: PySide
  • Internal: Sketcher
  • Internal: pivy
  • Warn: Drawing (Not in AddonManager allowed packages)
  • Warn: Requests (Not in AddonManager allowed packages)
  • Warn: Show (Not in AddonManager allowed packages)
  • Warn: numpy (Not in AddonManager allowed packages)
Python Issues 17
HIGH 6
ManipulatorCMD.py2
  • line 182: Starting a process with a shell, possible injection detected, security issue.
  • line 185: subprocess call with shell=True identified, security issue.
package.xml4
  • line 2: Expecting an element date, got nothing
  • line 2: Invalid sequence in interleave
  • line 2: Element package failed to validate content
  • line 7: Missing license file 'LICENSE'
MEDIUM 7
Aligner.py1
  • line 1706: Possible SQL injection vector through string-based query construction.
InitGui.py1
  • line 144: Possible SQL injection vector through string-based query construction.
commits_num_.py3
  • line 11: Call to requests without timeout
  • line 22: Audit url open for permitted schemes. Allowing use of file:/ or custom schemes is often unexpected.
  • line 52: Call to requests without timeout
oDraft.py2
  • line 3402: Use of possibly insecure function - consider using safer ast.literal_eval.
  • line 3643: Use of possibly insecure function - consider using safer ast.literal_eval.
LOW 4
ManipulatorCMD.py3
  • line 175: Consider possible security implications associated with the subprocess module.
  • line 178: Starting a process with a partial executable path
  • line 178: subprocess call - check for execution of untrusted input.
license.*1
  • File not found.
INFO 2
package.xml1
  • Missing author information in package.xml
Layout1
  • Uses exec based layout
Authors/Maintainers 1
Maui

Reinforcement master

A workbench that provides tools for Reinforcement Generation and its Detailing.

73.8 / 100

Repository

https://github.com/amrit3701/FreeCAD-Reinforcement
master · 1 mo · 66 python files

Statistics

736
DL(Yr)
327
DL(Mo)
62
Stars
60
Issues
Manifest
Branch
master
Version
v0.6
License
LGPL-2.1-or-later
Dependencies 5
  • Compat: PySide6
  • Internal: Arch
  • Internal: Draft
  • Internal: PySide
  • Warn: Pillow (Not in AddonManager allowed packages)
Python Issues 38
HIGH 4
package.xml4
  • line 2: Expecting an element date, got nothing
  • line 2: Invalid sequence in interleave
  • line 2: Element package failed to validate content
  • line 7: Missing license file 'None'
MEDIUM 12
BarBendingSchedule/BBSfunc.py1
  • line 337: Using xml.dom.minidom.parseString to parse untrusted XML data is known to be vulnerable to XML attacks. Replace xml.dom.minidom.parseString with its defusedxml equivalent function or make sure defusedxml.defuse_stdlib() is called
BillOfMaterial/BillOfMaterialContent.py3
  • line 308: Using xml.etree.ElementTree.fromstring to parse untrusted XML data is known to be vulnerable to XML attacks. Replace xml.etree.ElementTree.fromstring with its defusedxml equivalent function or make sure defusedxml.defuse_stdlib() is called
  • line 355: Using xml.etree.ElementTree.fromstring to parse untrusted XML data is known to be vulnerable to XML attacks. Replace xml.etree.ElementTree.fromstring with its defusedxml equivalent function or make sure defusedxml.defuse_stdlib() is called
  • line 449: Using xml.etree.ElementTree.fromstring to parse untrusted XML data is known to be vulnerable to XML attacks. Replace xml.etree.ElementTree.fromstring with its defusedxml equivalent function or make sure defusedxml.defuse_stdlib() is called
BillOfMaterial/BillOfMaterial_SVG.py3
  • line 998: Using xml.dom.minidom.parseString to parse untrusted XML data is known to be vulnerable to XML attacks. Replace xml.dom.minidom.parseString with its defusedxml equivalent function or make sure defusedxml.defuse_stdlib() is called
  • line 1052: Using xml.dom.minidom.parseString to parse untrusted XML data is known to be vulnerable to XML attacks. Replace xml.dom.minidom.parseString with its defusedxml equivalent function or make sure defusedxml.defuse_stdlib() is called
  • line 1063: Using xml.dom.minidom.parseString to parse untrusted XML data is known to be vulnerable to XML attacks. Replace xml.dom.minidom.parseString with its defusedxml equivalent function or make sure defusedxml.defuse_stdlib() is called
RebarShapeCutList/RebarShapeCutListfunc.py2
  • line 806: Using xml.etree.ElementTree.fromstring to parse untrusted XML data is known to be vulnerable to XML attacks. Replace xml.etree.ElementTree.fromstring with its defusedxml equivalent function or make sure defusedxml.defuse_stdlib() is called
  • line 1282: Using xml.dom.minidom.parseString to parse untrusted XML data is known to be vulnerable to XML attacks. Replace xml.dom.minidom.parseString with its defusedxml equivalent function or make sure defusedxml.defuse_stdlib() is called
ReinforcementDrawing/ReinforcementDrawingfunc.py3
  • line 802: Using xml.etree.ElementTree.fromstring to parse untrusted XML data is known to be vulnerable to XML attacks. Replace xml.etree.ElementTree.fromstring with its defusedxml equivalent function or make sure defusedxml.defuse_stdlib() is called
  • line 818: Using xml.etree.ElementTree.fromstring to parse untrusted XML data is known to be vulnerable to XML attacks. Replace xml.etree.ElementTree.fromstring with its defusedxml equivalent function or make sure defusedxml.defuse_stdlib() is called
  • line 845: Using xml.etree.ElementTree.fromstring to parse untrusted XML data is known to be vulnerable to XML attacks. Replace xml.etree.ElementTree.fromstring with its defusedxml equivalent function or make sure defusedxml.defuse_stdlib() is called
LOW 22
BarBendingSchedule/BBSfunc.py2
  • line 36: Using minidom to parse untrusted XML data is known to be vulnerable to XML attacks. Replace minidom with the equivalent defusedxml package, or make sure defusedxml.defuse_stdlib() is called.
  • line 37: Using ElementTree to parse untrusted XML data is known to be vulnerable to XML attacks. Replace ElementTree with the equivalent defusedxml package, or make sure defusedxml.defuse_stdlib() is called.
BillOfMaterial/BillOfMaterialContent.py1
  • line 30: Using ElementTree to parse untrusted XML data is known to be vulnerable to XML attacks. Replace ElementTree with the equivalent defusedxml package, or make sure defusedxml.defuse_stdlib() is called.
BillOfMaterial/BillOfMaterial_SVG.py2
  • line 35: Using minidom to parse untrusted XML data is known to be vulnerable to XML attacks. Replace minidom with the equivalent defusedxml package, or make sure defusedxml.defuse_stdlib() is called.
  • line 36: Using ElementTree to parse untrusted XML data is known to be vulnerable to XML attacks. Replace ElementTree with the equivalent defusedxml package, or make sure defusedxml.defuse_stdlib() is called.
RebarShapeCutList/RebarShapeCutListfunc.py2
  • line 31: Using minidom to parse untrusted XML data is known to be vulnerable to XML attacks. Replace minidom with the equivalent defusedxml package, or make sure defusedxml.defuse_stdlib() is called.
  • line 32: Using ElementTree to parse untrusted XML data is known to be vulnerable to XML attacks. Replace ElementTree with the equivalent defusedxml package, or make sure defusedxml.defuse_stdlib() is called.
ReinforcementDrawing/ReinforcementDimensioning.py1
  • line 29: Using ElementTree to parse untrusted XML data is known to be vulnerable to XML attacks. Replace ElementTree with the equivalent defusedxml package, or make sure defusedxml.defuse_stdlib() is called.
ReinforcementDrawing/ReinforcementDimensioningfunc.py10
  • line 30: Using ElementTree to parse untrusted XML data is known to be vulnerable to XML attacks. Replace ElementTree with the equivalent defusedxml package, or make sure defusedxml.defuse_stdlib() is called.
  • line 652: Standard pseudo-random generators are not suitable for security/cryptographic purposes.
  • line 680: Standard pseudo-random generators are not suitable for security/cryptographic purposes.
  • line 1026: Standard pseudo-random generators are not suitable for security/cryptographic purposes.
  • line 1054: Standard pseudo-random generators are not suitable for security/cryptographic purposes.
  • line 1441: Standard pseudo-random generators are not suitable for security/cryptographic purposes.
  • line 1469: Standard pseudo-random generators are not suitable for security/cryptographic purposes.
  • line 1860: Standard pseudo-random generators are not suitable for security/cryptographic purposes.
  • line 1888: Standard pseudo-random generators are not suitable for security/cryptographic purposes.
  • line 2284: Standard pseudo-random generators are not suitable for security/cryptographic purposes.
ReinforcementDrawing/ReinforcementDrawingView.py1
  • line 29: Using ElementTree to parse untrusted XML data is known to be vulnerable to XML attacks. Replace ElementTree with the equivalent defusedxml package, or make sure defusedxml.defuse_stdlib() is called.
ReinforcementDrawing/ReinforcementDrawingfunc.py1
  • line 30: Using ElementTree to parse untrusted XML data is known to be vulnerable to XML attacks. Replace ElementTree with the equivalent defusedxml package, or make sure defusedxml.defuse_stdlib() is called.
SVGfunc.py1
  • line 31: Using ElementTree to parse untrusted XML data is known to be vulnerable to XML attacks. Replace ElementTree with the equivalent defusedxml package, or make sure defusedxml.defuse_stdlib() is called.
license.*1
  • File not found.
INFO 2
package.xml1
  • Missing author information in package.xml
Layout1
  • Uses exec based layout
Authors/Maintainers 1
Amritpal Singh (amrit3701)

boltsfc main

Installable FreeCAD package of BOLTS, an Open Library for Technical Specifications.

69.9 / 100

Repository

https://github.com/boltsparts/boltsfc
main · 3 yr · 51 python files

Statistics

1,604
DL(Yr)
634
DL(Mo)
39
Stars
3
Issues
Manifest
Branch
main
Version
2022.11.5
License
LGPLv2.1
Dependencies 3
  • Internal: Arch
  • Internal: PySide
  • Warn: PyYAML (Not in AddonManager allowed packages)
Python Issues 25
HIGH 3
package.xml3
  • line 2: Expecting an element content, got nothing
  • line 2: Invalid sequence in interleave
  • line 2: Element package failed to validate content
MEDIUM 21
BOLTS/bolttools/test_blt.py1
  • line 26: Use of unsafe yaml load. Allows instantiation of arbitrary objects. Consider yaml.safe_load().
BOLTS/bolttools/test_common.py19
  • line 111: Use of unsafe yaml load. Allows instantiation of arbitrary objects. Consider yaml.safe_load().
  • line 119: Use of unsafe yaml load. Allows instantiation of arbitrary objects. Consider yaml.safe_load().
  • line 128: Use of unsafe yaml load. Allows instantiation of arbitrary objects. Consider yaml.safe_load().
  • line 179: Use of unsafe yaml load. Allows instantiation of arbitrary objects. Consider yaml.safe_load().
  • line 189: Use of unsafe yaml load. Allows instantiation of arbitrary objects. Consider yaml.safe_load().
  • line 200: Use of unsafe yaml load. Allows instantiation of arbitrary objects. Consider yaml.safe_load().
  • line 204: Use of unsafe yaml load. Allows instantiation of arbitrary objects. Consider yaml.safe_load().
  • line 213: Use of unsafe yaml load. Allows instantiation of arbitrary objects. Consider yaml.safe_load().
  • line 278: Use of unsafe yaml load. Allows instantiation of arbitrary objects. Consider yaml.safe_load().
  • line 297: Use of unsafe yaml load. Allows instantiation of arbitrary objects. Consider yaml.safe_load().
  • line 309: Use of unsafe yaml load. Allows instantiation of arbitrary objects. Consider yaml.safe_load().
  • line 321: Use of unsafe yaml load. Allows instantiation of arbitrary objects. Consider yaml.safe_load().
  • line 334: Use of unsafe yaml load. Allows instantiation of arbitrary objects. Consider yaml.safe_load().
  • line 348: Use of unsafe yaml load. Allows instantiation of arbitrary objects. Consider yaml.safe_load().
  • line 355: Use of unsafe yaml load. Allows instantiation of arbitrary objects. Consider yaml.safe_load().
  • line 361: Use of unsafe yaml load. Allows instantiation of arbitrary objects. Consider yaml.safe_load().
  • line 366: Use of unsafe yaml load. Allows instantiation of arbitrary objects. Consider yaml.safe_load().
  • line 377: Use of unsafe yaml load. Allows instantiation of arbitrary objects. Consider yaml.safe_load().
  • line 384: Use of unsafe yaml load. Allows instantiation of arbitrary objects. Consider yaml.safe_load().
BOLTS/bolttools/yaml_in_yaml.py1
  • line 63: Use of unsafe yaml load. Allows instantiation of arbitrary objects. Consider yaml.safe_load().
LOW 1
license.*1
  • File not found.
INFO 2
package.xml1
  • Missing author information in package.xml
Layout1
  • No Mod init scripts found
Authors/Maintainers 1
Bernd Hahnebach

Ondsel-Lens main

Workspace manager for Ondsel Lens workspaces

68.5 / 100

Repository

https://github.com/FreeCAD/Ondsel-Lens-Addon
main · 3 mo · 66 python files

Statistics

0
DL(Yr)
0
DL(Mo)
4
Stars
8
Issues
Manifest
Branch
main
Version
2025.12.22.01
License
LGPL-2.0-or-later, Apache-2.0, CC0-1.0, CC-BY-SA-2.0, CC-BY-SA-4.0
Dependencies 5
  • Internal: PySide
  • Warn: PyJWT (Not in AddonManager allowed packages)
  • Warn: Requests (Not in AddonManager allowed packages)
  • Warn: config (Not in AddonManager allowed packages)
  • Warn: tzlocal (Not in AddonManager allowed packages)
Python Issues 24
HIGH 6
register_lens_handler.py1
  • line 112: Starting a process with a shell, possible injection detected, security issue.
package.xml5
  • line 15: Missing license file 'None'
  • line 16: Missing license file 'None'
  • line 17: Missing license file 'None'
  • line 18: Missing license file 'None'
  • line 19: Missing license file 'None'
MEDIUM 13
APIClient.py7
  • line 240: Call to requests without timeout
  • line 264: Call to requests without timeout
  • line 284: Call to requests without timeout
  • line 308: Call to requests without timeout
  • line 335: Call to requests without timeout
  • line 354: Call to requests without timeout
  • line 369: Call to requests without timeout
Utils.py1
  • line 260: Call to requests without timeout
VersionModel.py1
  • line 142: Using xml.etree.ElementTree.fromstring to parse untrusted XML data is known to be vulnerable to XML attacks. Replace xml.etree.ElementTree.fromstring with its defusedxml equivalent function or make sure defusedxml.defuse_stdlib() is called
Workspace.py1
  • line 508: Call to requests without timeout
check_links.py1
  • line 16: Using xml.etree.ElementTree.fromstring to parse untrusted XML data is known to be vulnerable to XML attacks. Replace xml.etree.ElementTree.fromstring with its defusedxml equivalent function or make sure defusedxml.defuse_stdlib() is called
delegates/curation_display_delegate.py1
  • line 193: Call to requests without timeout
integrations/reloadablefile/reloadable.py1
  • line 201: Call to requests without timeout
LOW 5
VersionModel.py1
  • line 9: Using xml.etree.ElementTree to parse untrusted XML data is known to be vulnerable to XML attacks. Replace xml.etree.ElementTree with the equivalent defusedxml package, or make sure defusedxml.defuse_stdlib() is called.
WorkspaceView.py2
  • line 754: Possible hardcoded password: ''
  • line 2834: Standard pseudo-random generators are not suitable for security/cryptographic purposes.
check_links.py1
  • line 6: Using xml.etree.ElementTree to parse untrusted XML data is known to be vulnerable to XML attacks. Replace xml.etree.ElementTree with the equivalent defusedxml package, or make sure defusedxml.defuse_stdlib() is called.
components/login_dialog.py1
  • line 44: Possible hardcoded password: ''
INFO 2
package.xml1
  • Missing author information in package.xml
Layout1
  • Uses exec based layout
Authors/Maintainers 1
Pieter Hijma

Rocket master

Workbench for designing model rockets.

67.8 / 100

Repository

https://github.com/davesrocketshop/Rocket
master · 2 mo · 311 python files

Statistics

605
DL(Yr)
213
DL(Mo)
74
Stars
8
Issues
Manifest
Branch
master
Version
5.1.1
License
LGPL-2.1-or-later, MIT
Dependencies 10
  • Internal: Fem
  • Internal: PySide
  • Internal: Sketcher
  • Internal: pivy
  • Warn: Materials (Not in AddonManager allowed packages)
  • Warn: Shapely (Not in AddonManager allowed packages)
  • Warn: docx (Not in AddonManager allowed packages)
  • Warn: matplotlib (Not in AddonManager allowed packages)
  • Warn: numpy (Not in AddonManager allowed packages)
  • Warn: pycurl (Not in AddonManager allowed packages)
Python Issues 51
HIGH 5
util/updateTranslations.py3
  • line 141: Starting a process with a shell, possible injection detected, security issue.
  • line 181: Starting a process with a shell, possible injection detected, security issue.
  • line 201: Starting a process with a shell, possible injection detected, security issue.
util/updatets.py1
  • line 193: Starting a process with a shell, possible injection detected, security issue.
package.xml1
  • line 83: Missing license file 'LICENSE-CODE'
MEDIUM 14
Rocket/Importer/OpenRocket/OpenRocket.py1
  • line 167: Using xml.sax.make_parser to parse untrusted XML data is known to be vulnerable to XML attacks. Replace xml.sax.make_parser with its defusedxml equivalent function or make sure defusedxml.defuse_stdlib() is called
Rocket/Importer/RASAero/RASAero.py1
  • line 185: Using xml.sax.make_parser to parse untrusted XML data is known to be vulnerable to XML attacks. Replace xml.sax.make_parser with its defusedxml equivalent function or make sure defusedxml.defuse_stdlib() is called
Rocket/Importer/Rocksim/Rocksim.py1
  • line 198: Using xml.sax.make_parser to parse untrusted XML data is known to be vulnerable to XML attacks. Replace xml.sax.make_parser with its defusedxml equivalent function or make sure defusedxml.defuse_stdlib() is called
Rocket/Parts/BodyTube.py3
  • line 109: Possible SQL injection vector through string-based query construction.
  • line 115: Possible SQL injection vector through string-based query construction.
  • line 142: Possible SQL injection vector through string-based query construction.
Rocket/Parts/Material.py1
  • line 171: Possible SQL injection vector through string-based query construction.
Rocket/Parts/NoseCone.py1
  • line 134: Possible SQL injection vector through string-based query construction.
Rocket/Parts/PartDatabase.py1
  • line 177: Using xml.sax.make_parser to parse untrusted XML data is known to be vulnerable to XML attacks. Replace xml.sax.make_parser with its defusedxml equivalent function or make sure defusedxml.defuse_stdlib() is called
Rocket/Parts/Transition.py1
  • line 158: Possible SQL injection vector through string-based query construction.
util/updateTranslations.py2
  • line 194: Using xml.sax.parseString to parse untrusted XML data is known to be vulnerable to XML attacks. Replace xml.sax.parseString with its defusedxml equivalent function or make sure defusedxml.defuse_stdlib() is called
  • line 215: Using xml.sax.parseString to parse untrusted XML data is known to be vulnerable to XML attacks. Replace xml.sax.parseString with its defusedxml equivalent function or make sure defusedxml.defuse_stdlib() is called
util/updatecrowdin.py2
  • line 142: Audit url open for permitted schemes. Allowing use of file:/ or custom schemes is often unexpected.
  • line 188: Audit url open for permitted schemes. Allowing use of file:/ or custom schemes is often unexpected.
LOW 30
Rocket/Importer/OpenRocket/OpenRocket.py1
  • line 36: Using xml.sax to parse untrusted XML data is known to be vulnerable to XML attacks. Replace xml.sax with the equivalent defusedxml package, or make sure defusedxml.defuse_stdlib() is called.
Rocket/Importer/RASAero/RASAero.py1
  • line 36: Using xml.sax to parse untrusted XML data is known to be vulnerable to XML attacks. Replace xml.sax with the equivalent defusedxml package, or make sure defusedxml.defuse_stdlib() is called.
Rocket/Importer/Rocksim/Rocksim.py1
  • line 32: Using xml.sax to parse untrusted XML data is known to be vulnerable to XML attacks. Replace xml.sax with the equivalent defusedxml package, or make sure defusedxml.defuse_stdlib() is called.
Rocket/Parts/PartDatabase.py1
  • line 34: Using xml.sax to parse untrusted XML data is known to be vulnerable to XML attacks. Replace xml.sax with the equivalent defusedxml package, or make sure defusedxml.defuse_stdlib() is called.
Rocket/Parts/PartDatabaseOrcImporter.py1
  • line 34: Using xml.sax to parse untrusted XML data is known to be vulnerable to XML attacks. Replace xml.sax with the equivalent defusedxml package, or make sure defusedxml.defuse_stdlib() is called.
util/updateTranslations.py1
  • line 54: Using xml.sax to parse untrusted XML data is known to be vulnerable to XML attacks. Replace xml.sax with the equivalent defusedxml package, or make sure defusedxml.defuse_stdlib() is called.
util/updatecrowdin.py3
  • line 74: Consider possible security implications associated with the subprocess module.
  • line 350: Starting a process with a partial executable path
  • line 350: subprocess call - check for execution of untrusted input.
util/updatets.py23
  • line 51: Consider possible security implications associated with the subprocess module.
  • line 86: Starting a process with a partial executable path
  • line 86: subprocess call - check for execution of untrusted input.
  • line 98: Starting a process with a shell: Seems safe, but may be changed in the future, consider rewriting without shell
  • line 98: Starting a process with a partial executable path
  • line 103: Starting a process with a shell: Seems safe, but may be changed in the future, consider rewriting without shell
  • line 103: Starting a process with a partial executable path
  • line 113: Starting a process with a shell: Seems safe, but may be changed in the future, consider rewriting without shell
  • line 113: Starting a process with a partial executable path
  • line 115: Starting a process with a shell: Seems safe, but may be changed in the future, consider rewriting without shell
  • line 115: Starting a process with a partial executable path
  • line 119: Starting a process with a shell: Seems safe, but may be changed in the future, consider rewriting without shell
  • line 119: Starting a process with a partial executable path
  • line 121: Starting a process with a shell: Seems safe, but may be changed in the future, consider rewriting without shell
  • line 121: Starting a process with a partial executable path
  • line 125: Starting a process with a shell: Seems safe, but may be changed in the future, consider rewriting without shell
  • line 125: Starting a process with a partial executable path
  • line 129: Starting a process with a shell: Seems safe, but may be changed in the future, consider rewriting without shell
  • line 129: Starting a process with a partial executable path
  • line 139: Starting a process with a shell: Seems safe, but may be changed in the future, consider rewriting without shell
  • … 3 more issues
INFO 1
Layout1
  • Uses exec based layout
Authors/Maintainers 1
David Carter

BCFPlugin master

Integrate collaboration in the BIM space through support of the BCF (BIM Collaboration Format).

65.2 / 100

Repository

https://github.com/podestplatz/BCF-Plugin-FreeCAD
master · 4 yr · 52 python files

Statistics

0
DL(Yr)
0
DL(Mo)
9
Stars
6
Issues
Manifest
Branch
master
Version
1.0.0
License
LGPLv2.1
Dependencies 7
  • Compat: PySide2
  • Internal: Draft
  • Internal: pivy
  • Warn: pyperclip (Not in AddonManager allowed packages)
  • Warn: python_dateutil (Not in AddonManager allowed packages)
  • Warn: pytz (Not in AddonManager allowed packages)
  • Warn: xmlschema (Not in AddonManager allowed packages)
Python Issues 35
HIGH 8
bcfplugin/tests/interface_tests.py2
  • line 56: Starting a process with a shell, possible injection detected, security issue.
  • line 58: Starting a process with a shell, possible injection detected, security issue.
bcfplugin/tests/search_tests.py2
  • line 51: Starting a process with a shell, possible injection detected, security issue.
  • line 53: Starting a process with a shell, possible injection detected, security issue.
bcfplugin/tests/viewController_tests.py2
  • line 37: Starting a process with a shell, possible injection detected, security issue.
  • line 42: Starting a process with a shell, possible injection detected, security issue.
bcfplugin/tests/writer_tests.py2
  • line 53: Starting a process with a shell, possible injection detected, security issue.
  • line 58: Starting a process with a shell, possible injection detected, security issue.
MEDIUM 9
bcfplugin/rdwr/writer.py4
  • line 529: Using xml.dom.minidom.parseString to parse untrusted XML data is known to be vulnerable to XML attacks. Replace xml.dom.minidom.parseString with its defusedxml equivalent function or make sure defusedxml.defuse_stdlib() is called
  • line 755: Using xml.etree.ElementTree.parse to parse untrusted XML data is known to be vulnerable to XML attacks. Replace xml.etree.ElementTree.parse with its defusedxml equivalent function or make sure defusedxml.defuse_stdlib() is called
  • line 822: Using xml.etree.ElementTree.parse to parse untrusted XML data is known to be vulnerable to XML attacks. Replace xml.etree.ElementTree.parse with its defusedxml equivalent function or make sure defusedxml.defuse_stdlib() is called
  • line 897: Using xml.etree.ElementTree.parse to parse untrusted XML data is known to be vulnerable to XML attacks. Replace xml.etree.ElementTree.parse with its defusedxml equivalent function or make sure defusedxml.defuse_stdlib() is called
bcfplugin/tests/writer_tests.py4
  • line 571: Using xml.etree.ElementTree.parse to parse untrusted XML data is known to be vulnerable to XML attacks. Replace xml.etree.ElementTree.parse with its defusedxml equivalent function or make sure defusedxml.defuse_stdlib() is called
  • line 597: Using xml.etree.ElementTree.parse to parse untrusted XML data is known to be vulnerable to XML attacks. Replace xml.etree.ElementTree.parse with its defusedxml equivalent function or make sure defusedxml.defuse_stdlib() is called
  • line 623: Using xml.etree.ElementTree.parse to parse untrusted XML data is known to be vulnerable to XML attacks. Replace xml.etree.ElementTree.parse with its defusedxml equivalent function or make sure defusedxml.defuse_stdlib() is called
  • line 651: Using xml.etree.ElementTree.parse to parse untrusted XML data is known to be vulnerable to XML attacks. Replace xml.etree.ElementTree.parse with its defusedxml equivalent function or make sure defusedxml.defuse_stdlib() is called
bcfplugin/util.py1
  • line 338: Audit url open for permitted schemes. Allowing use of file:/ or custom schemes is often unexpected.
LOW 18
bcfplugin/frontend/viewController.py1
  • line 72: Standard pseudo-random generators are not suitable for security/cryptographic purposes.
bcfplugin/gui/plugin_view.py1
  • line 39: Consider possible security implications associated with the subprocess module.
bcfplugin/gui/views/topicmetricsdialog.py6
  • line 35: Consider possible security implications associated with the subprocess module.
  • line 127: Starting a process with a partial executable path
  • line 127: subprocess call - check for execution of untrusted input.
  • line 129: Starting a process without a shell.
  • line 131: Starting a process with a partial executable path
  • line 131: subprocess call - check for execution of untrusted input.
bcfplugin/rdwr/markup.py1
  • line 29: Using xml.etree.ElementTree to parse untrusted XML data is known to be vulnerable to XML attacks. Replace xml.etree.ElementTree with the equivalent defusedxml package, or make sure defusedxml.defuse_stdlib() is called.
bcfplugin/rdwr/project.py1
  • line 32: Using xml.etree.ElementTree to parse untrusted XML data is known to be vulnerable to XML attacks. Replace xml.etree.ElementTree with the equivalent defusedxml package, or make sure defusedxml.defuse_stdlib() is called.
bcfplugin/rdwr/threedvector.py1
  • line 29: Using xml.etree.ElementTree to parse untrusted XML data is known to be vulnerable to XML attacks. Replace xml.etree.ElementTree with the equivalent defusedxml package, or make sure defusedxml.defuse_stdlib() is called.
bcfplugin/rdwr/topic.py1
  • line 29: Using xml.etree.ElementTree to parse untrusted XML data is known to be vulnerable to XML attacks. Replace xml.etree.ElementTree with the equivalent defusedxml package, or make sure defusedxml.defuse_stdlib() is called.
bcfplugin/rdwr/writer.py2
  • line 44: Using xml.etree.ElementTree to parse untrusted XML data is known to be vulnerable to XML attacks. Replace xml.etree.ElementTree with the equivalent defusedxml package, or make sure defusedxml.defuse_stdlib() is called.
  • line 45: Using xml.dom.minidom to parse untrusted XML data is known to be vulnerable to XML attacks. Replace xml.dom.minidom with the equivalent defusedxml package, or make sure defusedxml.defuse_stdlib() is called.
bcfplugin/tests/interface_tests.py1
  • line 28: Using xml.etree.ElementTree to parse untrusted XML data is known to be vulnerable to XML attacks. Replace xml.etree.ElementTree with the equivalent defusedxml package, or make sure defusedxml.defuse_stdlib() is called.
bcfplugin/tests/search_tests.py1
  • line 27: Using xml.etree.ElementTree to parse untrusted XML data is known to be vulnerable to XML attacks. Replace xml.etree.ElementTree with the equivalent defusedxml package, or make sure defusedxml.defuse_stdlib() is called.
bcfplugin/tests/writer_tests.py1
  • line 27: Using xml.etree.ElementTree to parse untrusted XML data is known to be vulnerable to XML attacks. Replace xml.etree.ElementTree with the equivalent defusedxml package, or make sure defusedxml.defuse_stdlib() is called.
license.*1
  • File not found.
INFO 2
package.xml1
  • Missing author information in package.xml
Layout1
  • No Mod init scripts found
Authors/Maintainers 1
Patrick Podest (podestplatz)

Curves main

A collection of tools mainly dedicated to NURBS curves and surfaces modeling.

59.9 / 100

Repository

https://github.com/tomate44/CurvesWB
main · 11 d · 113 python files

Statistics

27,100
DL(Yr)
9,808
DL(Mo)
138
Stars
31
Issues
Manifest
Branch
main
Version
0.6.71
License
LGPL-2.1-or-later, Apache-2.0
Dependencies 9
  • Compat: PySide2
  • Internal: BOPTools
  • Internal: PySide
  • Internal: Sketcher
  • Internal: pivy
  • Warn: numpy (Not in AddonManager allowed packages)
  • Warn: scipy (Not in AddonManager allowed packages)
  • Warn: setuptools (Not in AddonManager allowed packages)
  • Warn: splipy (Not in AddonManager allowed packages)
Python Issues 39
HIGH 1
package.xml1
  • line 2: Expecting a namespace for element package
MEDIUM 37
freecad/Curves/Discretize.py1
  • line 57: Use of possibly insecure function - consider using safer ast.literal_eval.
freecad/Curves/FC_interaction_example.py1
  • line 242: Use of possibly insecure function - consider using safer ast.literal_eval.
freecad/Curves/ParametricBlendCurve.py1
  • line 661: Use of possibly insecure function - consider using safer ast.literal_eval.
freecad/Curves/ParametricComb.py4
  • line 225: Use of possibly insecure function - consider using safer ast.literal_eval.
  • line 231: Use of possibly insecure function - consider using safer ast.literal_eval.
  • line 260: Use of possibly insecure function - consider using safer ast.literal_eval.
  • line 266: Use of possibly insecure function - consider using safer ast.literal_eval.
freecad/Curves/ProfileSketch.py2
  • line 39: Use of possibly insecure function - consider using safer ast.literal_eval.
  • line 42: Use of possibly insecure function - consider using safer ast.literal_eval.
freecad/Curves/Sketch_On_Surface.py2
  • line 308: Use of possibly insecure function - consider using safer ast.literal_eval.
  • line 525: Use of possibly insecure function - consider using safer ast.literal_eval.
freecad/Curves/TrimFace.py2
  • line 53: Use of possibly insecure function - consider using safer ast.literal_eval.
  • line 65: Use of possibly insecure function - consider using safer ast.literal_eval.
freecad/Curves/_utils.py2
  • line 68: Use of possibly insecure function - consider using safer ast.literal_eval.
  • line 84: Use of possibly insecure function - consider using safer ast.literal_eval.
freecad/Curves/blendSurface.py2
  • line 200: Use of possibly insecure function - consider using safer ast.literal_eval.
  • line 210: Use of possibly insecure function - consider using safer ast.literal_eval.
freecad/Curves/gordon_profile_FP.py3
  • line 68: Use of possibly insecure function - consider using safer ast.literal_eval.
  • line 74: Use of possibly insecure function - consider using safer ast.literal_eval.
  • line 78: Use of possibly insecure function - consider using safer ast.literal_eval.
freecad/Curves/manipulators.py6
  • line 112: Use of possibly insecure function - consider using safer ast.literal_eval.
  • line 115: Use of possibly insecure function - consider using safer ast.literal_eval.
  • line 118: Use of possibly insecure function - consider using safer ast.literal_eval.
  • line 267: Use of possibly insecure function - consider using safer ast.literal_eval.
  • line 270: Use of possibly insecure function - consider using safer ast.literal_eval.
  • line 273: Use of possibly insecure function - consider using safer ast.literal_eval.
freecad/Curves/pasteSVG.py1
  • line 33: Using xml.sax.parseString to parse untrusted XML data is known to be vulnerable to XML attacks. Replace xml.sax.parseString with its defusedxml equivalent function or make sure defusedxml.defuse_stdlib() is called
freecad/Curves/pipeshellFP.py1
  • line 82: Use of possibly insecure function - consider using safer ast.literal_eval.
freecad/Curves/pipeshellProfileFP.py2
  • line 44: Use of possibly insecure function - consider using safer ast.literal_eval.
  • line 59: Use of possibly insecure function - consider using safer ast.literal_eval.
freecad/Curves/profile_editor.py3
  • line 68: Use of possibly insecure function - consider using safer ast.literal_eval.
  • line 71: Use of possibly insecure function - consider using safer ast.literal_eval.
  • line 74: Use of possibly insecure function - consider using safer ast.literal_eval.
freecad/Curves/splitCurves_2.py3
  • line 289: Use of possibly insecure function - consider using safer ast.literal_eval.
  • line 292: Use of possibly insecure function - consider using safer ast.literal_eval.
  • line 295: Use of possibly insecure function - consider using safer ast.literal_eval.
setup.py1
  • line 12: Use of exec detected.
LOW 1
freecad/Curves/pasteSVG.py1
  • line 11: Using xml.sax to parse untrusted XML data is known to be vulnerable to XML attacks. Replace xml.sax with the equivalent defusedxml package, or make sure defusedxml.defuse_stdlib() is called.
INFO 2
package.xml1
  • Missing author information in package.xml
Layout1
  • Uses extension based layout
Authors/Maintainers 1
Christophe Grellier

BIM master

This is a workbench for FreeCAD that implements a complete set of Building Information Modeling (BIM) tools and allows a proper BIM workflow...

47.6 / 100

Repository

https://github.com/yorikvanhavre/BIM_Workbench
master · 2 yr · 65 python files

Statistics

0
DL(Yr)
0
DL(Mo)
0
Stars
0
Issues
Manifest
Branch
master
Version
2021.12
License
LGPL-2.1-or-later
Dependencies 18
  • Compat: PySide2
  • Internal: Arch
  • Internal: Draft
  • Internal: Mesh
  • Internal: PySide
  • Internal: TechDraw
  • Internal: pivy
  • Warn: CFrame (Not in AddonManager allowed packages)
  • Warn: Drawing (Not in AddonManager allowed packages)
  • Warn: GitPython (Not in AddonManager allowed packages)
  • Warn: Image (Not in AddonManager allowed packages)
  • Warn: Requests (Not in AddonManager allowed packages)
  • Warn: Sketchfab (Not in AddonManager allowed packages)
  • Warn: ifcopenshell (Not in AddonManager allowed packages)
  • Warn: packaging (Not in AddonManager allowed packages)
  • Warn: pycurl (Not in AddonManager allowed packages)
  • Warn: report (Not in AddonManager allowed packages)
  • Warn: six (Not in AddonManager allowed packages)
Python Issues 38
HIGH 9
BimIfcImport.py1
  • line 123: Use of weak MD5 hash for security. Consider usedforsecurity=False
BimLibrary.py1
  • line 1046: Use of weak MD5 hash for security. Consider usedforsecurity=False
utils/updateTranslations.py3
  • line 136: Starting a process with a shell, possible injection detected, security issue.
  • line 178: Starting a process with a shell, possible injection detected, security issue.
  • line 199: Starting a process with a shell, possible injection detected, security issue.
package.xml4
  • line 2: Expecting an element date, got nothing
  • line 2: Invalid sequence in interleave
  • line 2: Element package failed to validate content
  • line 7: Missing license file 'LICENSE'
MEDIUM 25
BimLayers.py6
  • line 605: Use of possibly insecure function - consider using safer ast.literal_eval.
  • line 606: Use of possibly insecure function - consider using safer ast.literal_eval.
  • line 608: Use of possibly insecure function - consider using safer ast.literal_eval.
  • line 609: Use of possibly insecure function - consider using safer ast.literal_eval.
  • line 613: Use of possibly insecure function - consider using safer ast.literal_eval.
  • line 614: Use of possibly insecure function - consider using safer ast.literal_eval.
BimLibrary.py4
  • line 663: Audit url open for permitted schemes. Allowing use of file:/ or custom schemes is often unexpected.
  • line 803: Audit url open for permitted schemes. Allowing use of file:/ or custom schemes is often unexpected.
  • line 842: Call to requests without timeout
  • line 1025: Audit url open for permitted schemes. Allowing use of file:/ or custom schemes is often unexpected.
BimProjectManager.py4
  • line 619: Use of possibly insecure function - consider using safer ast.literal_eval.
  • line 621: Use of possibly insecure function - consider using safer ast.literal_eval.
  • line 623: Use of possibly insecure function - consider using safer ast.literal_eval.
  • line 625: Use of possibly insecure function - consider using safer ast.literal_eval.
BimSetup.py2
  • line 691: Audit url open for permitted schemes. Allowing use of file:/ or custom schemes is often unexpected.
  • line 725: Audit url open for permitted schemes. Allowing use of file:/ or custom schemes is often unexpected.
BimTutorial.py4
  • line 114: Audit url open for permitted schemes. Allowing use of file:/ or custom schemes is often unexpected.
  • line 185: Audit url open for permitted schemes. Allowing use of file:/ or custom schemes is often unexpected.
  • line 289: Use of possibly insecure function - consider using safer ast.literal_eval.
  • line 302: Use of possibly insecure function - consider using safer ast.literal_eval.
BimWrappedTools.py1
  • line 273: Use of possibly insecure function - consider using safer ast.literal_eval.
utils/convertPsets.py1
  • line 87: Using xml.sax.make_parser to parse untrusted XML data is known to be vulnerable to XML attacks. Replace xml.sax.make_parser with its defusedxml equivalent function or make sure defusedxml.defuse_stdlib() is called
utils/getIfcElements.py1
  • line 88: Using xml.sax.make_parser to parse untrusted XML data is known to be vulnerable to XML attacks. Replace xml.sax.make_parser with its defusedxml equivalent function or make sure defusedxml.defuse_stdlib() is called
utils/updateTranslations.py2
  • line 193: Using xml.sax.parseString to parse untrusted XML data is known to be vulnerable to XML attacks. Replace xml.sax.parseString with its defusedxml equivalent function or make sure defusedxml.defuse_stdlib() is called
  • line 217: Using xml.sax.parseString to parse untrusted XML data is known to be vulnerable to XML attacks. Replace xml.sax.parseString with its defusedxml equivalent function or make sure defusedxml.defuse_stdlib() is called
LOW 4
utils/convertPsets.py1
  • line 26: Using xml.sax to parse untrusted XML data is known to be vulnerable to XML attacks. Replace xml.sax with the equivalent defusedxml package, or make sure defusedxml.defuse_stdlib() is called.
utils/getIfcElements.py1
  • line 4: Using xml.sax to parse untrusted XML data is known to be vulnerable to XML attacks. Replace xml.sax with the equivalent defusedxml package, or make sure defusedxml.defuse_stdlib() is called.
utils/updateTranslations.py1
  • line 54: Using xml.sax to parse untrusted XML data is known to be vulnerable to XML attacks. Replace xml.sax with the equivalent defusedxml package, or make sure defusedxml.defuse_stdlib() is called.
license.*1
  • File not found.
INFO 2
package.xml1
  • Missing author information in package.xml
Layout1
  • Uses exec based layout
Authors/Maintainers 1
Yorik van Havre

AnimationFreeCAD main

The FreeCAD Animation workbench allows users to animate any object easily through visual scripting Nodes thanks to PyFlow.

44.2 / 100

Repository

https://github.com/QuentinTournier40/AnimationFreeCAD
main · 1 yr · 630 python files

Statistics

635
DL(Yr)
182
DL(Mo)
34
Stars
10
Issues
Manifest
Branch
main
Version
1.0-beta
License
Apache-2.0
Dependencies 21
  • Compat: PySide2
  • Compat: shiboken2
  • Internal: Draft
  • Internal: PySide
  • Warn: ConfigParser (Not in AddonManager allowed packages)
  • Warn: Image (Not in AddonManager allowed packages)
  • Warn: Pillow (Not in AddonManager allowed packages)
  • Warn: PyQt4 (Not in AddonManager allowed packages)
  • Warn: PyQt5 (Not in AddonManager allowed packages)
  • Warn: Pygments (Not in AddonManager allowed packages)
  • Warn: Sphinx (Not in AddonManager allowed packages)
  • Warn: aenum (Not in AddonManager allowed packages)
  • Warn: lxml (Not in AddonManager allowed packages)
  • Warn: nose (Not in AddonManager allowed packages)
  • Warn: numpy (Not in AddonManager allowed packages)
  • Warn: opencv-python (Not in AddonManager allowed packages)
  • Warn: recommonmark (Not in AddonManager allowed packages)
  • Warn: setuptools (Not in AddonManager allowed packages)
  • Warn: shiboken (Not in AddonManager allowed packages)
  • Warn: sip (Not in AddonManager allowed packages)
  • Warn: six (Not in AddonManager allowed packages)
Python Issues 104
HIGH 2
PyFlow/Packages/PyFlowBase/UI/UIPythonNode.py1
  • line 220: subprocess call with shell=True identified, security issue.
package.xml1
  • line 2: Expecting a namespace for element package
MEDIUM 44
PyFlow/Core/PyCodeCompiler.py2
  • line 42: Use of exec detected.
  • line 64: Use of exec detected.
PyFlow/Packages/AnimationFreeCAD/Class/Rotation.py1
  • line 45: Use of exec detected.
PyFlow/Packages/AnimationFreeCAD/Class/TranslationAvecCourbe.py1
  • line 56: Use of exec detected.
PyFlow/Packages/AnimationFreeCAD/Class/TranslationTest.py1
  • line 56: Use of exec detected.
PyFlow/Packages/AnimationFreeCAD/Class/translationFormuleMathematiques.py5
  • line 26: Use of possibly insecure function - consider using safer ast.literal_eval.
  • line 27: Use of possibly insecure function - consider using safer ast.literal_eval.
  • line 28: Use of possibly insecure function - consider using safer ast.literal_eval.
  • line 48: Use of exec detected.
  • line 56: Use of exec detected.
requirements/Qt.py-master/examples/loadUi/baseinstance2.py3
  • line 35: Using xml.etree.ElementTree.parse to parse untrusted XML data is known to be vulnerable to XML attacks. Replace xml.etree.ElementTree.parse with its defusedxml equivalent function or make sure defusedxml.defuse_stdlib() is called
  • line 45: Use of exec detected.
  • line 50: Use of possibly insecure function - consider using safer ast.literal_eval.
requirements/Qt.py-master/membership.py3
  • line 158: Use of exec detected.
  • line 167: Use of exec detected.
  • line 176: Use of exec detected.
requirements/blinker-master/tests/test_utilities.py1
  • line 23: Pickle and modules that wrap it can be unsafe when used to deserialize untrusted data, possible security issue.
requirements/docutils-0.18/docutils/utils/math/math2html.py1
  • line 3173: Use of possibly insecure function - consider using safer ast.literal_eval.
requirements/docutils-0.18/docutils/writers/docutils_xml.py1
  • line 84: Using xml.sax.make_parser to parse untrusted XML data is known to be vulnerable to XML attacks. Replace xml.sax.make_parser with its defusedxml equivalent function or make sure defusedxml.defuse_stdlib() is called
requirements/docutils-0.18/docutils/writers/odf_odt/__init__.py6
  • line 758: Using xml.dom.minidom.parseString to parse untrusted XML data is known to be vulnerable to XML attacks. Replace xml.dom.minidom.parseString with its defusedxml equivalent function or make sure defusedxml.defuse_stdlib() is called
  • line 985: Using xml.etree.ElementTree.fromstring to parse untrusted XML data is known to be vulnerable to XML attacks. Replace xml.etree.ElementTree.fromstring with its defusedxml equivalent function or make sure defusedxml.defuse_stdlib() is called
  • line 986: Using xml.etree.ElementTree.fromstring to parse untrusted XML data is known to be vulnerable to XML attacks. Replace xml.etree.ElementTree.fromstring with its defusedxml equivalent function or make sure defusedxml.defuse_stdlib() is called
  • line 991: Using xml.etree.ElementTree.fromstring to parse untrusted XML data is known to be vulnerable to XML attacks. Replace xml.etree.ElementTree.fromstring with its defusedxml equivalent function or make sure defusedxml.defuse_stdlib() is called
  • line 2688: Using xml.etree.ElementTree.fromstring to parse untrusted XML data is known to be vulnerable to XML attacks. Replace xml.etree.ElementTree.fromstring with its defusedxml equivalent function or make sure defusedxml.defuse_stdlib() is called
  • line 2910: Using xml.etree.ElementTree.fromstring to parse untrusted XML data is known to be vulnerable to XML attacks. Replace xml.etree.ElementTree.fromstring with its defusedxml equivalent function or make sure defusedxml.defuse_stdlib() is called
requirements/docutils-0.18/test/functional/tests/footnotes_html5.py1
  • line 2: Use of exec detected.
requirements/docutils-0.18/test/functional/tests/standalone_rst_docutils_xml.py1
  • line 2: Use of exec detected.
requirements/docutils-0.18/test/functional/tests/standalone_rst_html4css1.py1
  • line 2: Use of exec detected.
requirements/docutils-0.18/test/functional/tests/standalone_rst_html5.py1
  • line 2: Use of exec detected.
requirements/docutils-0.18/test/functional/tests/standalone_rst_latex.py1
  • line 2: Use of exec detected.
requirements/docutils-0.18/test/functional/tests/standalone_rst_manpage.py1
  • line 2: Use of exec detected.
requirements/docutils-0.18/test/functional/tests/standalone_rst_pseudoxml.py1
  • line 2: Use of exec detected.
requirements/docutils-0.18/test/functional/tests/standalone_rst_s5_html_1.py1
  • line 2: Use of exec detected.
requirements/docutils-0.18/test/functional/tests/standalone_rst_s5_html_2.py1
  • line 3: Use of exec detected.
requirements/docutils-0.18/test/functional/tests/standalone_rst_xetex.py1
  • line 2: Use of exec detected.
requirements/docutils-0.18/test/test_functional.py2
  • line 114: Use of exec detected.
  • line 116: Use of exec detected.
requirements/docutils-0.18/test/test_pickle.py1
  • line 23: Pickle and modules that wrap it can be unsafe when used to deserialize untrusted data, possible security issue.
requirements/docutils-0.18/test/test_publisher.py1
  • line 160: Pickle and modules that wrap it can be unsafe when used to deserialize untrusted data, possible security issue.
requirements/docutils-0.18/test/test_writers/test_odt.py1
  • line 107: Using xml.etree.ElementTree.fromstring to parse untrusted XML data is known to be vulnerable to XML attacks. Replace xml.etree.ElementTree.fromstring with its defusedxml equivalent function or make sure defusedxml.defuse_stdlib() is called
requirements/docutils-0.18/tools/dev/create_unimap.py1
  • line 66: Using xml.dom.minidom.parse to parse untrusted XML data is known to be vulnerable to XML attacks. Replace xml.dom.minidom.parse with its defusedxml equivalent function or make sure defusedxml.defuse_stdlib() is called
requirements/docutils-0.18/tools/dev/profile_docutils.py1
  • line 38: Use of exec detected.
requirements/nine-1.1.0/nine-1.1.0/nine/__init__.py1
  • line 52: Use of exec detected.
requirements/nine-1.1.0/nine/__init__.py1
  • line 52: Use of exec detected.
LOW 58
PyFlow/App.py3
  • line 21: Consider possible security implications associated with the subprocess module.
  • line 71: Standard pseudo-random generators are not suitable for security/cryptographic purposes.
  • line 205: Try, Except, Continue detected.
PyFlow/Core/GraphBase.py1
  • line 235: Try, Except, Continue detected.
PyFlow/Packages/AnimationFreeCAD/Class/Exportation.py1
  • line 4: Consider possible security implications associated with FALSE module.
PyFlow/Packages/PyFlowBase/FunctionLibraries/DefaultLib.py4
  • line 55: Starting a process with a shell: Seems safe, but may be changed in the future, consider rewriting without shell
  • line 55: Starting a process with a partial executable path
  • line 57: Starting a process with a shell: Seems safe, but may be changed in the future, consider rewriting without shell
  • line 57: Starting a process with a partial executable path
PyFlow/Packages/PyFlowBase/FunctionLibraries/RandomLib.py1
  • line 36: Standard pseudo-random generators are not suitable for security/cryptographic purposes.
PyFlow/Packages/PyFlowBase/Tools/LoggerTool.py2
  • line 30: Consider possible security implications associated with the subprocess module.
  • line 256: subprocess call - check for execution of untrusted input.
PyFlow/Packages/PyFlowBase/UI/UIPythonNode.py1
  • line 17: Consider possible security implications associated with the subprocess module.
PyFlow/UI/CompileUiQt.py2
  • line 18: Consider possible security implications associated with the subprocess module.
  • line 41: subprocess call - check for execution of untrusted input.
PyFlow/UI/EncodeResources.py2
  • line 18: Consider possible security implications associated with the subprocess module.
  • line 54: subprocess call - check for execution of untrusted input.
PyFlow/Wizards/PkgGen.py1
  • line 152: Standard pseudo-random generators are not suitable for security/cryptographic purposes.
requirements/Qt.py-master/Qt.py1
  • line 942: Using ElementTree to parse untrusted XML data is known to be vulnerable to XML attacks. Replace ElementTree with the equivalent defusedxml package, or make sure defusedxml.defuse_stdlib() is called.
requirements/Qt.py-master/examples/loadUi/baseinstance2.py1
  • line 32: Using xml.etree.ElementTree to parse untrusted XML data is known to be vulnerable to XML attacks. Replace xml.etree.ElementTree with the equivalent defusedxml package, or make sure defusedxml.defuse_stdlib() is called.
requirements/Qt.py-master/run_tests.py5
  • line 4: Consider possible security implications associated with the subprocess module.
  • line 43: subprocess call - check for execution of untrusted input.
  • line 47: subprocess call - check for execution of untrusted input.
  • line 50: subprocess call - check for execution of untrusted input.
  • line 53: subprocess call - check for execution of untrusted input.
requirements/Qt.py-master/tests.py9
  • line 9: Consider possible security implications associated with the subprocess module.
  • line 441: Using ElementTree to parse untrusted XML data is known to be vulnerable to XML attacks. Replace ElementTree with the equivalent defusedxml package, or make sure defusedxml.defuse_stdlib() is called.
  • line 560: subprocess call - check for execution of untrusted input.
  • line 568: subprocess call - check for execution of untrusted input.
  • line 576: subprocess call - check for execution of untrusted input.
  • line 594: subprocess call - check for execution of untrusted input.
  • line 637: subprocess call - check for execution of untrusted input.
  • line 647: subprocess call - check for execution of untrusted input.
  • line 836: subprocess call - check for execution of untrusted input.
requirements/blinker-master/tests/test_utilities.py1
  • line 1: Consider possible security implications associated with pickle module.
requirements/docutils-0.18/docutils/nodes.py2
  • line 93: Using xml.dom.minidom to parse untrusted XML data is known to be vulnerable to XML attacks. Replace xml.dom.minidom with the equivalent defusedxml package, or make sure defusedxml.defuse_stdlib() is called.
  • line 1350: Using xml.dom.minidom to parse untrusted XML data is known to be vulnerable to XML attacks. Replace xml.dom.minidom with the equivalent defusedxml package, or make sure defusedxml.defuse_stdlib() is called.
requirements/docutils-0.18/docutils/utils/math/tex2mathml_extern.py8
  • line 19: Consider possible security implications associated with the subprocess module.
  • line 33: Starting a process with a partial executable path
  • line 33: subprocess call - check for execution of untrusted input.
  • line 49: Starting a process with a partial executable path
  • line 49: subprocess call - check for execution of untrusted input.
  • line 79: Starting a process with a partial executable path
  • line 79: subprocess call - check for execution of untrusted input.
  • line 121: subprocess call - check for execution of untrusted input.
requirements/docutils-0.18/docutils/utils/smartquotes.py1
  • line 568: Possible hardcoded password: ' '
requirements/docutils-0.18/docutils/writers/docutils_xml.py1
  • line 14: Using xml.sax.saxutils to parse untrusted XML data is known to be vulnerable to XML attacks. Replace xml.sax.saxutils with the equivalent defusedxml package, or make sure defusedxml.defuse_stdlib() is called.
requirements/docutils-0.18/docutils/writers/odf_odt/__init__.py4
  • line 19: Using ElementTree to parse untrusted XML data is known to be vulnerable to XML attacks. Replace ElementTree with the equivalent defusedxml package, or make sure defusedxml.defuse_stdlib() is called.
  • line 20: Using minidom to parse untrusted XML data is known to be vulnerable to XML attacks. Replace minidom with the equivalent defusedxml package, or make sure defusedxml.defuse_stdlib() is called.
  • line 1104: Starting a process with a shell: Seems safe, but may be changed in the future, consider rewriting without shell
  • line 1104: Starting a process with a partial executable path
requirements/docutils-0.18/docutils/writers/pep_html/__init__.py1
  • line 83: Standard pseudo-random generators are not suitable for security/cryptographic purposes.
requirements/docutils-0.18/test/test_pickle.py1
  • line 12: Consider possible security implications associated with pickle module.
requirements/docutils-0.18/test/test_publisher.py1
  • line 11: Consider possible security implications associated with pickle module.
requirements/docutils-0.18/test/test_writers/test_odt.py1
  • line 36: Using xml.etree.ElementTree to parse untrusted XML data is known to be vulnerable to XML attacks. Replace xml.etree.ElementTree with the equivalent defusedxml package, or make sure defusedxml.defuse_stdlib() is called.
requirements/docutils-0.18/tools/dev/create_unimap.py1
  • line 13: Using minidom to parse untrusted XML data is known to be vulnerable to XML attacks. Replace minidom with the equivalent defusedxml package, or make sure defusedxml.defuse_stdlib() is called.
requirements/docutils-0.18/tools/test/test_buildhtml.py2
  • line 27: Consider possible security implications associated with the subprocess module.
  • line 39: subprocess call - check for execution of untrusted input.
INFO 1
Layout1
  • Uses exec based layout
Authors/Maintainers 2
Andréas Cottet Quentin Tournier

workfeature-macro

No description

17.9 / 100

Repository

https://github.com/Rentlau/WorkFeature
master · 1 yr · 34 python files

Statistics

0
DL(Yr)
0
DL(Mo)
28
Stars
3
Issues
Dependencies 6
  • Compat: PySide2
  • Internal: Draft
  • Internal: Mesh
  • Internal: PySide
  • Internal: pivy
  • Warn: numpy (Not in AddonManager allowed packages)
Python Issues 81
HIGH 1
package.xml1
  • File not found.
MEDIUM 34
WorkFeature/ParCurve/WF_ObjParCurve.py66
  • line 610: Use of possibly insecure function - consider using safer ast.literal_eval.
  • line 615: Use of possibly insecure function - consider using safer ast.literal_eval.
  • line 620: Use of possibly insecure function - consider using safer ast.literal_eval.
  • line 625: Use of possibly insecure function - consider using safer ast.literal_eval.
  • line 750: Use of possibly insecure function - consider using safer ast.literal_eval.
  • line 751: Use of possibly insecure function - consider using safer ast.literal_eval.
  • line 779: Use of possibly insecure function - consider using safer ast.literal_eval.
  • line 780: Use of possibly insecure function - consider using safer ast.literal_eval.
  • line 781: Use of possibly insecure function - consider using safer ast.literal_eval.
  • line 789: Use of possibly insecure function - consider using safer ast.literal_eval.
  • line 790: Use of possibly insecure function - consider using safer ast.literal_eval.
  • line 791: Use of possibly insecure function - consider using safer ast.literal_eval.
  • line 801: Use of possibly insecure function - consider using safer ast.literal_eval.
  • line 802: Use of possibly insecure function - consider using safer ast.literal_eval.
  • line 803: Use of possibly insecure function - consider using safer ast.literal_eval.
  • line 855: Use of exec detected.
  • line 894: Use of possibly insecure function - consider using safer ast.literal_eval.
  • line 895: Use of possibly insecure function - consider using safer ast.literal_eval.
  • line 896: Use of possibly insecure function - consider using safer ast.literal_eval.
  • line 942: Use of exec detected.
  • … 46 more issues
WorkFeature/ParCurve/WF_ObjParCurveEdit.py1
  • line 266: Use of possibly insecure function - consider using safer ast.literal_eval.
WorkFeature/WF.py12
  • line 1001: Use of possibly insecure function - consider using safer ast.literal_eval.
  • line 3804: Possible SQL injection vector through string-based query construction.
  • line 4199: Possible SQL injection vector through string-based query construction.
  • line 5727: Possible SQL injection vector through string-based query construction.
  • line 5805: Possible SQL injection vector through string-based query construction.
  • line 5806: Possible SQL injection vector through string-based query construction.
  • line 5807: Possible SQL injection vector through string-based query construction.
  • line 5808: Possible SQL injection vector through string-based query construction.
  • line 12983: Possible SQL injection vector through string-based query construction.
  • line 13084: Possible SQL injection vector through string-based query construction.
  • line 13421: Possible SQL injection vector through string-based query construction.
  • line 13478: Possible SQL injection vector through string-based query construction.
LOW 1
license.*1
  • File not found.
INFO 1
Layout1
  • No Mod init scripts found
Authors/Maintainers 0

animation

No description

11.1 / 100

Repository

https://github.com/microelly2/Animation
master · 6 yr · 52 python files

Statistics

0
DL(Yr)
0
DL(Mo)
34
Stars
9
Issues
Dependencies 9
  • Internal: Draft
  • Internal: Points
  • Internal: PySide
  • Internal: pivy
  • Warn: Drawing (Not in AddonManager allowed packages)
  • Warn: matplotlib (Not in AddonManager allowed packages)
  • Warn: numpy (Not in AddonManager allowed packages)
  • Warn: scipy (Not in AddonManager allowed packages)
  • Warn: tools (Not in AddonManager allowed packages)
Python Issues 95
HIGH 1
package.xml1
  • File not found.
MEDIUM 85
Animation.py2
  • line 72: Use of possibly insecure function - consider using safer ast.literal_eval.
  • line 1307: Probable insecure usage of temp file/directory.
Collision.py1
  • line 35: Use of possibly insecure function - consider using safer ast.literal_eval.
Combiner.py4
  • line 83: Use of possibly insecure function - consider using safer ast.literal_eval.
  • line 84: Use of possibly insecure function - consider using safer ast.literal_eval.
  • line 85: Use of possibly insecure function - consider using safer ast.literal_eval.
  • line 86: Use of possibly insecure function - consider using safer ast.literal_eval.
Diagram.py10
  • line 182: Use of possibly insecure function - consider using safer ast.literal_eval.
  • line 196: Use of possibly insecure function - consider using safer ast.literal_eval.
  • line 197: Use of possibly insecure function - consider using safer ast.literal_eval.
  • line 198: Use of possibly insecure function - consider using safer ast.literal_eval.
  • line 199: Use of possibly insecure function - consider using safer ast.literal_eval.
  • line 200: Use of possibly insecure function - consider using safer ast.literal_eval.
  • line 201: Use of possibly insecure function - consider using safer ast.literal_eval.
  • line 202: Use of possibly insecure function - consider using safer ast.literal_eval.
  • line 203: Use of possibly insecure function - consider using safer ast.literal_eval.
  • line 204: Use of possibly insecure function - consider using safer ast.literal_eval.
Miki.py10
  • line 41: Use of possibly insecure function - consider using safer ast.literal_eval.
  • line 160: Use of possibly insecure function - consider using safer ast.literal_eval.
  • line 176: Use of exec detected.
  • line 187: Use of possibly insecure function - consider using safer ast.literal_eval.
  • line 205: Use of possibly insecure function - consider using safer ast.literal_eval.
  • line 209: Use of exec detected.
  • line 224: Use of exec detected.
  • line 238: Use of possibly insecure function - consider using safer ast.literal_eval.
  • line 243: Use of exec detected.
  • line 260: Use of exec detected.
Placer.py4
  • line 127: Use of possibly insecure function - consider using safer ast.literal_eval.
  • line 128: Use of possibly insecure function - consider using safer ast.literal_eval.
  • line 129: Use of possibly insecure function - consider using safer ast.literal_eval.
  • line 130: Use of possibly insecure function - consider using safer ast.literal_eval.
Speeder.py7
  • line 71: Use of possibly insecure function - consider using safer ast.literal_eval.
  • line 83: Use of possibly insecure function - consider using safer ast.literal_eval.
  • line 95: Use of possibly insecure function - consider using safer ast.literal_eval.
  • line 97: Use of possibly insecure function - consider using safer ast.literal_eval.
  • line 112: Use of possibly insecure function - consider using safer ast.literal_eval.
  • line 114: Use of possibly insecure function - consider using safer ast.literal_eval.
  • line 116: Use of possibly insecure function - consider using safer ast.literal_eval.
Tracker.py1
  • line 28: Probable insecure usage of temp file/directory.
Trackreader.py1
  • line 41: Use of possibly insecure function - consider using safer ast.literal_eval.
VertexTracker.py1
  • line 32: Probable insecure usage of temp file/directory.
animplacement.py5
  • line 34: Use of possibly insecure function - consider using safer ast.literal_eval.
  • line 153: Use of possibly insecure function - consider using safer ast.literal_eval.
  • line 154: Use of possibly insecure function - consider using safer ast.literal_eval.
  • line 155: Use of possibly insecure function - consider using safer ast.literal_eval.
  • line 156: Use of possibly insecure function - consider using safer ast.literal_eval.
flowNode.py2
  • line 615: Use of possibly insecure function - consider using safer ast.literal_eval.
  • line 618: Use of possibly insecure function - consider using safer ast.literal_eval.
mathplotlibNode.py19
  • line 65: Use of exec detected.
  • line 101: Use of possibly insecure function - consider using safer ast.literal_eval.
  • line 105: Use of exec detected.
  • line 106: Use of exec detected.
  • line 109: Use of possibly insecure function - consider using safer ast.literal_eval.
  • line 111: Use of possibly insecure function - consider using safer ast.literal_eval.
  • line 112: Use of possibly insecure function - consider using safer ast.literal_eval.
  • line 242: Use of possibly insecure function - consider using safer ast.literal_eval.
  • line 243: Use of possibly insecure function - consider using safer ast.literal_eval.
  • line 245: Use of exec detected.
  • line 248: Use of exec detected.
  • line 250: Use of exec detected.
  • line 254: Use of exec detected.
  • line 260: Use of exec detected.
  • line 272: Use of possibly insecure function - consider using safer ast.literal_eval.
  • line 286: Use of exec detected.
  • line 308: Use of possibly insecure function - consider using safer ast.literal_eval.
  • line 329: Use of exec detected.
  • line 330: Use of exec detected.
numpyNode.py7
  • line 39: Use of exec detected.
  • line 46: Use of exec detected.
  • line 55: Use of possibly insecure function - consider using safer ast.literal_eval.
  • line 56: Use of exec detected.
  • line 58: Use of exec detected.
  • line 62: Use of possibly insecure function - consider using safer ast.literal_eval.
  • line 63: Use of exec detected.
say.py2
  • line 37: Probable insecure usage of temp file/directory.
  • line 70: Use of possibly insecure function - consider using safer ast.literal_eval.
testcases/test_trackreader.py2
  • line 29: Probable insecure usage of temp file/directory.
  • line 45: Probable insecure usage of temp file/directory.
transform.py7
  • line 149: Use of exec detected.
  • line 162: Use of exec detected.
  • line 166: Use of exec detected.
  • line 171: Use of exec detected.
  • line 247: Use of exec detected.
  • line 251: Use of exec detected.
  • line 256: Use of exec detected.
LOW 9
flowNode.py9
  • line 179: Standard pseudo-random generators are not suitable for security/cryptographic purposes.
  • line 179: Standard pseudo-random generators are not suitable for security/cryptographic purposes.
  • line 179: Standard pseudo-random generators are not suitable for security/cryptographic purposes.
  • line 259: Standard pseudo-random generators are not suitable for security/cryptographic purposes.
  • line 259: Standard pseudo-random generators are not suitable for security/cryptographic purposes.
  • line 259: Standard pseudo-random generators are not suitable for security/cryptographic purposes.
  • line 352: Standard pseudo-random generators are not suitable for security/cryptographic purposes.
  • line 352: Standard pseudo-random generators are not suitable for security/cryptographic purposes.
  • line 352: Standard pseudo-random generators are not suitable for security/cryptographic purposes.
INFO 1
Layout1
  • Uses exec based layout
Authors/Maintainers 0

pcb master

Printed Circuit Board (PCB) Workbench for FreeCAD

0 / 100

Repository

https://github.com/marmni/FreeCAD-PCB
master · 24 d · 280 python files

Statistics

1,293
DL(Yr)
783
DL(Mo)
116
Stars
7
Issues
Manifest
Branch
master
Version
6.2023.1
License
AGPLv3.0
Dependencies 19
  • Internal: Draft
  • Internal: Mesh
  • Internal: PySide
  • Internal: Sketcher
  • Internal: pivy
  • Warn: ConfigParser (Not in AddonManager allowed packages)
  • Warn: PyQt4 (Not in AddonManager allowed packages)
  • Warn: Sybase (Not in AddonManager allowed packages)
  • Warn: cdecimal (Not in AddonManager allowed packages)
  • Warn: cx_Oracle (Not in AddonManager allowed packages)
  • Warn: dataBase (Not in AddonManager allowed packages)
  • Warn: mx (Not in AddonManager allowed packages)
  • Warn: pgdb (Not in AddonManager allowed packages)
  • Warn: protobuf (Not in AddonManager allowed packages)
  • Warn: pysqlcipher3 (Not in AddonManager allowed packages)
  • Warn: pysqlite (Not in AddonManager allowed packages)
  • Warn: pytest (Not in AddonManager allowed packages)
  • Warn: pytest_xdist (Not in AddonManager allowed packages)
  • Warn: setuptools (Not in AddonManager allowed packages)
Python Issues 150
HIGH 6
sqlalchemy/util/langhelpers.py1
  • line 31: Use of weak MD5 hash for security. Consider usedforsecurity=False
package.xml4
  • line 2: Expecting an element date, got nothing
  • line 2: Invalid sequence in interleave
  • line 2: Element package failed to validate content
  • line 7: Missing license file 'LICENSE'
Layout1
  • Invalid __init__.py file in root. Change to Init.py
MEDIUM 86
PCBbrd.py1
  • line 79: Using xml.dom.minidom.parse to parse untrusted XML data is known to be vulnerable to XML attacks. Replace xml.dom.minidom.parse with its defusedxml equivalent function or make sure defusedxml.defuse_stdlib() is called
PCBdataBase.py8
  • line 345: Use of possibly insecure function - consider using safer ast.literal_eval.
  • line 346: Use of possibly insecure function - consider using safer ast.literal_eval.
  • line 347: Use of possibly insecure function - consider using safer ast.literal_eval.
  • line 369: Use of possibly insecure function - consider using safer ast.literal_eval.
  • line 833: Use of possibly insecure function - consider using safer ast.literal_eval.
  • line 839: Use of possibly insecure function - consider using safer ast.literal_eval.
  • line 856: Use of possibly insecure function - consider using safer ast.literal_eval.
  • line 864: Use of possibly insecure function - consider using safer ast.literal_eval.
PCBfunctions.py1
  • line 835: Use of possibly insecure function - consider using safer ast.literal_eval.
PCBpartManaging.py8
  • line 144: Use of possibly insecure function - consider using safer ast.literal_eval.
  • line 149: Use of possibly insecure function - consider using safer ast.literal_eval.
  • line 591: Use of possibly insecure function - consider using safer ast.literal_eval.
  • line 652: Use of possibly insecure function - consider using safer ast.literal_eval.
  • line 820: Use of possibly insecure function - consider using safer ast.literal_eval.
  • line 821: Use of possibly insecure function - consider using safer ast.literal_eval.
  • line 892: Use of possibly insecure function - consider using safer ast.literal_eval.
  • line 893: Use of possibly insecure function - consider using safer ast.literal_eval.
command/PCBassembly.py1
  • line 454: Use of possibly insecure function - consider using safer ast.literal_eval.
command/PCBassignModel.py3
  • line 448: Use of possibly insecure function - consider using safer ast.literal_eval.
  • line 455: Use of possibly insecure function - consider using safer ast.literal_eval.
  • line 918: Use of possibly insecure function - consider using safer ast.literal_eval.
command/PCBexport.py2
  • line 146: Use of possibly insecure function - consider using safer ast.literal_eval.
  • line 1241: Using xml.dom.minidom.parse to parse untrusted XML data is known to be vulnerable to XML attacks. Replace xml.dom.minidom.parse with its defusedxml equivalent function or make sure defusedxml.defuse_stdlib() is called
command/PCBexportBOM.py1
  • line 364: Use of possibly insecure function - consider using safer ast.literal_eval.
command/PCBexportDrillingMap.py36
  • line 146: Use of possibly insecure function - consider using safer ast.literal_eval.
  • line 280: Use of possibly insecure function - consider using safer ast.literal_eval.
  • line 281: Use of possibly insecure function - consider using safer ast.literal_eval.
  • line 294: Use of possibly insecure function - consider using safer ast.literal_eval.
  • line 295: Use of possibly insecure function - consider using safer ast.literal_eval.
  • line 303: Use of possibly insecure function - consider using safer ast.literal_eval.
  • line 304: Use of possibly insecure function - consider using safer ast.literal_eval.
  • line 305: Use of possibly insecure function - consider using safer ast.literal_eval.
  • line 319: Use of possibly insecure function - consider using safer ast.literal_eval.
  • line 320: Use of possibly insecure function - consider using safer ast.literal_eval.
  • line 321: Use of possibly insecure function - consider using safer ast.literal_eval.
  • line 473: Use of possibly insecure function - consider using safer ast.literal_eval.
  • line 481: Use of possibly insecure function - consider using safer ast.literal_eval.
  • line 491: Use of possibly insecure function - consider using safer ast.literal_eval.
  • line 503: Use of possibly insecure function - consider using safer ast.literal_eval.
  • line 508: Use of possibly insecure function - consider using safer ast.literal_eval.
  • line 515: Use of possibly insecure function - consider using safer ast.literal_eval.
  • line 535: Use of possibly insecure function - consider using safer ast.literal_eval.
  • line 536: Use of possibly insecure function - consider using safer ast.literal_eval.
  • line 544: Use of possibly insecure function - consider using safer ast.literal_eval.
  • … 16 more issues
command/PCBexportHoles.py1
  • line 376: Use of possibly insecure function - consider using safer ast.literal_eval.
command/PCBglue.py1
  • line 126: Use of possibly insecure function - consider using safer ast.literal_eval.
command/PCBsections.py3
  • line 141: Use of possibly insecure function - consider using safer ast.literal_eval.
  • line 739: Using xml.dom.minidom.parse to parse untrusted XML data is known to be vulnerable to XML attacks. Replace xml.dom.minidom.parse with its defusedxml equivalent function or make sure defusedxml.defuse_stdlib() is called
  • line 749: Using xml.dom.minidom.parse to parse untrusted XML data is known to be vulnerable to XML attacks. Replace xml.dom.minidom.parse with its defusedxml equivalent function or make sure defusedxml.defuse_stdlib() is called
formats/dialogMAIN_FORM.py1
  • line 306: Use of possibly insecure function - consider using safer ast.literal_eval.
formats/eagle.py2
  • line 59: Using xml.dom.minidom.parse to parse untrusted XML data is known to be vulnerable to XML attacks. Replace xml.dom.minidom.parse with its defusedxml equivalent function or make sure defusedxml.defuse_stdlib() is called
  • line 140: Using xml.dom.minidom.parse to parse untrusted XML data is known to be vulnerable to XML attacks. Replace xml.dom.minidom.parse with its defusedxml equivalent function or make sure defusedxml.defuse_stdlib() is called
sqlalchemy/dialects/firebird/base.py1
  • line 614: Possible SQL injection vector through string-based query construction.
sqlalchemy/dialects/mssql/base.py1
  • line 2405: Possible SQL injection vector through string-based query construction.
sqlalchemy/dialects/mysql/base.py1
  • line 1683: Possible SQL injection vector through string-based query construction.
sqlalchemy/dialects/oracle/base.py1
  • line 1246: Possible SQL injection vector through string-based query construction.
sqlalchemy/dialects/postgresql/base.py7
  • line 1975: Possible SQL injection vector through string-based query construction.
  • line 2883: Possible SQL injection vector through string-based query construction.
  • line 2964: Possible SQL injection vector through string-based query construction.
  • line 3000: Possible SQL injection vector through string-based query construction.
  • line 3238: Possible SQL injection vector through string-based query construction.
  • line 3416: Possible SQL injection vector through string-based query construction.
  • line 3454: Possible SQL injection vector through string-based query construction.
sqlalchemy/dialects/sqlite/base.py6
  • line 1091: Possible SQL injection vector through string-based query construction.
  • line 1638: Possible SQL injection vector through string-based query construction.
  • line 1677: Possible SQL injection vector through string-based query construction.
  • line 1689: Possible SQL injection vector through string-based query construction.
  • line 2150: Possible SQL injection vector through string-based query construction.
  • line 2159: Possible SQL injection vector through string-based query construction.
sqlalchemy/ext/declarative/clsregistry.py1
  • line 326: Use of possibly insecure function - consider using safer ast.literal_eval.
sqlalchemy/orm/instrumentation.py1
  • line 565: Use of exec detected.
sqlalchemy/orm/persistence.py1
  • line 833: Possible SQL injection vector through string-based query construction.
sqlalchemy/sql/selectable.py1
  • line 3253: Possible SQL injection vector through string-based query construction.
sqlalchemy/testing/plugin/pytestplugin.py1
  • line 321: Use of exec detected.
sqlalchemy/testing/suite/test_reflection.py2
  • line 150: Possible SQL injection vector through string-based query construction.
  • line 431: Possible SQL injection vector through string-based query construction.
sqlalchemy/testing/suite/test_sequence.py1
  • line 85: Possible SQL injection vector through string-based query construction.
sqlalchemy/util/_preloaded.py1
  • line 144: Use of possibly insecure function - consider using safer ast.literal_eval.
sqlalchemy/util/compat.py3
  • line 244: Use of exec detected.
  • line 246: Use of exec detected.
  • line 293: Use of exec detected.
sqlalchemy/util/langhelpers.py3
  • line 162: Use of exec detected.
  • line 207: Use of exec detected.
  • line 1455: Use of exec detected.
LOW 43
PCBbrd.py1
  • line 35: Using minidom to parse untrusted XML data is known to be vulnerable to XML attacks. Replace minidom with the equivalent defusedxml package, or make sure defusedxml.defuse_stdlib() is called.
PCBfunctions.py2
  • line 327: Standard pseudo-random generators are not suitable for security/cryptographic purposes.
  • line 330: Standard pseudo-random generators are not suitable for security/cryptographic purposes.
PCBobjects.py3
  • line 868: Standard pseudo-random generators are not suitable for security/cryptographic purposes.
  • line 868: Standard pseudo-random generators are not suitable for security/cryptographic purposes.
  • line 868: Standard pseudo-random generators are not suitable for security/cryptographic purposes.
PCBtoolBar.py2
  • line 250: Starting a process without a shell.
  • line 832: Try, Except, Continue detected.
command/PCBassembly.py1
  • line 299: Standard pseudo-random generators are not suitable for security/cryptographic purposes.
command/PCBexplode.py2
  • line 518: Try, Except, Continue detected.
  • line 533: Try, Except, Continue detected.
command/PCBexport.py1
  • line 34: Using minidom to parse untrusted XML data is known to be vulnerable to XML attacks. Replace minidom with the equivalent defusedxml package, or make sure defusedxml.defuse_stdlib() is called.
command/PCBexportDrillingMap.py1
  • line 164: Standard pseudo-random generators are not suitable for security/cryptographic purposes.
command/PCBexportKerkythea.py3
  • line 169: Standard pseudo-random generators are not suitable for security/cryptographic purposes.
  • line 172: Standard pseudo-random generators are not suitable for security/cryptographic purposes.
  • line 346: Try, Except, Continue detected.
command/PCBexportPovRay.py1
  • line 72: Try, Except, Continue detected.
command/PCBsections.py1
  • line 37: Using minidom to parse untrusted XML data is known to be vulnerable to XML attacks. Replace minidom with the equivalent defusedxml package, or make sure defusedxml.defuse_stdlib() is called.
formats/eagle.py1
  • line 30: Using minidom to parse untrusted XML data is known to be vulnerable to XML attacks. Replace minidom with the equivalent defusedxml package, or make sure defusedxml.defuse_stdlib() is called.
formats/fidocadj.py3
  • line 611: Try, Except, Continue detected.
  • line 863: Try, Except, Continue detected.
  • line 1078: Try, Except, Continue detected.
formats/kicad_v3.py1
  • line 855: Try, Except, Continue detected.
formats/librepcb.py1
  • line 600: Try, Except, Continue detected.
formats/razen.py1
  • line 78: Try, Except, Continue detected.
sqlalchemy/dialects/mssql/base.py3
  • line 2261: Possible hardcoded password: '['
  • line 2264: Possible hardcoded password: ']'
  • line 2266: Possible hardcoded password: '.'
sqlalchemy/dialects/mysql/mysqldb.py1
  • line 184: Possible hardcoded password: 'passwd'
sqlalchemy/dialects/mysql/oursql.py1
  • line 204: Possible hardcoded password: 'passwd'
sqlalchemy/dialects/oracle/cx_oracle.py1
  • line 1176: Standard pseudo-random generators are not suitable for security/cryptographic purposes.
sqlalchemy/dialects/oracle/provision.py1
  • line 101: Possible hardcoded password: 'xe'
sqlalchemy/dialects/sybase/pysybase.py1
  • line 74: Possible hardcoded password: 'passwd'
sqlalchemy/engine/default.py1
  • line 578: Standard pseudo-random generators are not suitable for security/cryptographic purposes.
sqlalchemy/orm/path_registry.py2
  • line 27: Possible hardcoded password: '*'
  • line 28: Possible hardcoded password: '_sa_default'
sqlalchemy/testing/util.py3
  • line 54: Consider possible security implications associated with cPickle module.
  • line 60: Consider possible security implications associated with pickle module.
  • line 87: Standard pseudo-random generators are not suitable for security/cryptographic purposes.
sqlalchemy/util/compat.py3
  • line 108: Consider possible security implications associated with pickle module.
  • line 218: Consider possible security implications associated with cPickle module.
  • line 220: Consider possible security implications associated with pickle module.
license.*1
  • File not found.
INFO 2
package.xml1
  • Missing author information in package.xml
Layout1
  • Uses exec based layout
Authors/Maintainers 1
marmni