Generated
2026-05-19 06:43:09 UTC
FreeCAD Project Association
FreeCAD Addons Report
169
Total Addons
91.93
Avg Score
7,787
Files Analyzed
209
High Issues
725
Medium Issues
520,277
Downloads (Year)
Showing 0 of 0 addons
All columns Main columns
# Addon Version Label Score High Med Low Updated 1yr 1mo Files Git Ref Tag License Created
1 CurvedShapes Create 3D shapes from 2D curves. ['Christi'] 1.00.14 master 100 0 0 0 7 mo 9,283 2,338 79 14 15 11 master LGPL-2.1 2019-06-11
2 ThreadProfile ThreadProfile object for creating internal/external threads ['TheMarkster'] 1.98 master 100 0 0 0 5 mo 6,879 1,879 69 28 14 4 master LGPL-2.1 2019-07-22
3 FusedFilamentDesign PartDesign addon for FFF/FDM 3D-printing design ['rahix'] 0.26.200 release 100 0 0 0 7 d 7,800 1,713 223 16 5 10 release v0.26.200 LGPL-2.1-or-later 2025-05-11
4 Beltrami Workbench for designing Turbomachine blades. ['Michel Sabourin'] 1.3.3 main 100 0 0 0 26 d 2,174 729 40 0 13 5 main 1.3.3 LGPL-2.1-or-later 2021-05-10
5 dodo A set of commands and objects that help to speed-up the drawing of frames and pipelines. Py3/Qt5 port of flamingo. ['Riccardo Treu (oddtopus)'] 1.0.1 master 100 0 0 0 2 yr 1,903 706 31 20 24 18 master LGPLv3 2019-03-24
6 Behave-Dark-Colors A preference pack including GUI color information to extend the Behave Dark stylesheet ['Chrismettal'] 0.1.1 main 100 0 0 0 2 yr 2,393 703 11 2 5 0 main GPL-3.0-only 2022-01-30
7 Woods Collection of various wood materials. ['David Carter', 'Gregory Holmberg'] 1.1.0 master 100 0 0 0 4 mo 2,862 665 8 2 1 4 master v1.1.0 LGPL-2.1-or-later, CDLA-Sharing-1.0, CC-BY-SA-4.0 2025-06-26
8 Dracula Dracula dark theme for FreeCAD ['Eleanor Clifford'] 0.0.9 master 100 0 0 0 10 mo 2,382 629 38 9 5 0 master MIT 2021-03-07
9 Marz Parametric Guitar design workbench ['Frank Martinez'] 0.1.20 master 100 0 0 0 26 d 2,020 627 122 6 26 67 master v0.1.20 GPL-3.0-or-later, LGPL-2.1-or-later 2020-04-05
10 StandardBeams Workbench to create standard beam profiles of varying shapes. ['Morten Vajhøj'] 1.0.0 Latest 100 0 0 0 4 mo 1,358 492 6 0 1 56 main LGPL-2.1-or-later, CC-BY-SA-4.0 2026-01-14
11 Catppuccin Light / Dark theme and preference pack. ['cnvuls'] 1.0.0 Latest 100 0 0 0 24 d 461 461 0 0 1 0 main MIT 2026-04-04
12 MakerWorkbench A mechatronic components system + optic components system ['David Muñoz'] 1.0.1 master 100 0 0 0 1 yr 1,602 428 50 6 14 60 master LGPL-3 2020-07-24
13 toSketch Tools to help recreate models from STEP files. ['Keith Sloan'] 1.0.1 main 100 0 0 0 4 mo 2,338 368 18 8 4 14 main GPL-2.0-or-later 2021-01-02
14 FeedsAndSpeeds CAM addon to help generate basic feeds and speeds for machining. ['Daniel Wood'] 0.6 master 100 0 0 0 5 mo 1,625 365 46 17 11 4 master LGPL-2.1-or-later 2020-04-10
15 Plot Tools to modify existing plots. ['PhoneDroid', 'looooo', 'Jose Luis Cercós Pita', 'hasecilu'] 2026.04.15 Latest 100 0 0 0 7 d 1,965 339 15 0 11 20 Latest LGPL-2.1-or-later, CC-BY-SA-4.0 2018-09-22
16 SvgWorkbench FreeCAD Svg Workbench ['Frank David Martínez Muñoz'] 1.0.0.dev14 main 100 0 0 0 2 mo 1,685 319 12 1 3 71 main v1.0.0.dev14 LGPL-3.0-or-later, LGPL-2.1-or-later 2025-02-07
17 Supplemental-Materials Materials database that supplements the core materials. ['DavesRocketShop'] 1.0.2 Latest 100 0 0 0 2 mo 401 168 3 1 4 2 Latest v1.0.2 LGPL-3.0-or-later, CC-BY-SA-4.0 2026-03-01
18 Movie Workbench to create and animate the movie camera, create and play videos of animations ['F_Rosa'] 2025.01.04 master 100 0 0 0 10 mo 413 125 15 0 7 6 master LGPL-2.1-or-later 2022-12-12
19 Channels FreeCAD Channels - Connector to Blender ['Frank David Martínez Muñoz'] 0.1.0.dev4 main 100 0 0 0 2 mo 0 0 62 0 4 41 main LGPL-3.0-or-later 2025-04-11
20 FileExplorerExt Integrated file system viewer. ['Frank David Martínez Muñoz'] 1.0.0-dev.7 main 100 0 0 0 3 mo 541 0 5 0 1 17 main v1.0.0.dev7 LGPL-3.0-or-later 2025-12-24
21 FoamCut Foamcut workbench provide functionality to prepare job and generate Gcode for 4 or 5 axis cnc hotwire cutter. ['Andrew Shkolik (https://github.com/Shkolik)', 'Andrew Shkolik'] 0.1.12 main 100 0 0 0 2 mo 680 0 20 4 2 21 main LGPL-2.1-or-later 2024-01-12
22 FreecadDiscordPresence Shows FreeCAD Status on discord. ['Tzur Soffer'] 1.0.3 main 100 0 0 0 8 mo 0 0 12 0 3 4 main Version1.0.3 LGPL-2.1-or-later 2024-12-09
23 ImportNURBS An external workbench for add importer for 3dm> ['Keith Sloan'] 1.1 Beta master 100 0 0 0 28 d 0 0 12 4 6 4 master LGPL-2.1 2020-03-23
24 InstrumentInput Use Bluetooth-connected measurement instruments such as calipers as input devices ['Steffen Vogel (stv0g)'] 0.3.1 main 100 0 0 0 23 d 0 0 0 0 0 9 main v0.3.1 Apache-2.0
25 NikraDAP Multibody Planar Dynamics Workbench based on a DAP solver algorithm developed by P.E. Nikravesh. ['Lukas du Plessis'] 2.0-alpha main 100 0 0 0 3 yr 0 0 2 2 3 11 main GPL-3 2023-02-22
26 Pyramids-and-Polyhedrons Create various polyhedrons in the Part workbench. ['PhoneDroid', 'Eddy Verlinden'] 0.2.2 Latest 100 0 0 0 2 mo 878 0 1 0 7 32 Latest GPL-3.0-or-later, CC-BY-SA-4.0, Unlicense 2025-09-14
27 Ratchet Workbench to quickly create ratchets. ['error on line 1'] 1.0.0 Latest 100 0 0 0 1 mo 0 0 4 0 1 27 main v1.0.0 LGPL-3.0-or-later 2022-08-13
28 Solar Workbench to manage solar analysis and configurations. ['Francisco Rosa'] 2026.03.08 Main 100 0 0 0 2 mo 0 0 21 3 4 11 main LGPL-2.1-or-later 2025-07-13
29 Vars FreeCAD Vars ['Frank David Martínez Muñoz'] 0.0.2.beta5 main 100 0 0 0 2 mo 0 0 16 2 2 42 main LGPL-3.0-or-later 2025-05-19
30 freecad-xr-workbench A Virtual Reality (OpenXR) workbench. View your models with VR goggles. ['Adrian Przekwas'] 1.0.1 main 100 0 0 0 25 d 0 0 30 1 5 17 main LGPL-3.0-or-later 2023-07-29
31 yaml-workbench A FreeCAD addon that loads and manipulates objects via YAML files. ['MambiX Ltd.'] 0.1.4 FreeCAD ≥ v1.0 100 0 0 0 8 mo 0 0 12 2 3 23 master v0.1.4 LGPL-2.1-or-later 2017-11-26
32 DFM Design for manufacturing workbench. Evaluate designs against manufacturing processes and associated rules. ['Ryan Kembrey'] 0.1.9 Latest 99.9 0 0 1 6 d 546 546 28 23 2 57 main LGPL-2.1-or-later 2025-08-03
33 CamScripts CamScripts ToolBit import or script creation and configure *every* step of FreeCAD CAM process. ['spanner888'] V0.0.5 2024/09/25 main 99.9 0 0 1 20 d 317 317 3 4 2 14 main LGPL-2.1-or-later 2024-08-23
34 Assembly2MuJoCo An addon for exporting FreeCAD builtin Assemblies to MuJoCo. ['Anes Benmerzoug'] 0.4.0 main 99.9 0 0 1 13 d 0 0 22 2 6 27 main v0.4.0 LGPL-2.1-or-later 2025-04-19
35 taack-plm-freecad This workbench contains tools to interact with Taack Plm Intranet server app you can find under the https://github.com/Taack/plm ['Adrien GUICHARD'] 2025.11.12 main 99.9 0 0 1 6 mo 0 0 15 1 3 4 main GPL-2.0-or-later 2023-02-09
36 sheetmetal A simple sheet metal tools workbench for FreeCAD. ['Shai Seger'] 0.8.11 master 99.8 0 0 2 8 d 51,464 14,314 308 104 79 32 master LGPL-2.1-or-later 2015-06-12
37 CadbaseLibrary The workbench provides users with an easier way to work with components on the CADBase platform through the FreeCAD interface. Component modifications contain sets of files for various CAD systems. This workbench will work with data from the FreeCAD set, without the need to download documentation and data from other file sets. ['mnnxp'] 3.0.0 master 99.8 0 0 2 8 mo 1,104 274 6 0 2 13 master v3.0.0 LGPL-3.0-or-later 2023-02-10
38 Design-Proof Proof-test your parametric CAD models by systematically varying dimensions and measuring regeneration success rates. ['Unai-Pz-de-A'] 0.1.3 Latest 99.7 0 0 3 26 d 0 0 3 14 0 15 main v0.1.3 LGPL-2.1-or-later 2026-03-30
39 ShapeStrings Advanced tools for creating and manipulating ShapeStrings. ['Robert Massaioli'] 0.2.0 Main 99.6 0 0 4 3 mo 118 118 4 2 1 21 main LGPL-2.1-or-later 2025-12-21
40 Motion-Control Link motion controller to an assembly using OPC UA. ['heissgetraenk', 'PhoneDroid'] 1.1.0 Latest 99.6 0 0 4 1 mo 0 0 0 0 6 13 Latest GPL-3.0-or-later 2025-09-25
41 IDF Importer for IDF files. ['PhoneDroid', 'Milos Koutny'] 1.0.0 Latest 99 0 1 0 2 mo 0 0 0 0 0 12 Latest LGPL-2.1-or-later, CC-BY-SA-4.0 2026-03-07
42 Nodes Visual scripting workbench for FreeCAD ['Ronny Scharf-Wildenhain'] 0.1.36 main 99 0 1 0 2 yr 0 0 112 14 15 110 main LGPL-2.1-or-later 2022-08-10
43 free2ki Export your 3D models to VRML files, with correctly applied rotation and scaling, for use in KiCad as well as Blender. ['30350n'] 1.1.2 Latest 98.9 0 1 1 5 mo 0 0 58 0 5 6 freecad-addons v1.1.2 GPL-3.0-or-later 2022-01-09
44 Detessellate FreeCAD workbench of tools to reverse engineer meshes ['DesignWeaver3D'] 1.1.0 main 98.8 0 1 2 6 d 213 213 71 3 5 22 main LGPL-2.1-or-later 2025-11-22
45 WB_Organizer A workbench organizer widget for FreeCAD. Allows you to group your long list of workbenches into smaller meaningful groups. Allows you to rename some workbenches for better understanding or translation. Allows to show the workbench selector as tabbar. ['Palmstroemen'] 2024.1.29 main 98.6 0 0 14 2 yr 1,423 453 5 4 2 3 main LGPL-2.1-or-later 2024-01-26
46 FreeCAD-Beginner-Assistant Best practices modeling assistant for the Part and Sketcher workbench. ['Elizabeth Harasymiw', 'Aleksander Sadowski', 'Aleksander Sadowski(https://github.com/alekssadowski95/FreeCAD-Beginner-Assistant)'] 1.0 main 98.6 0 1 4 1 yr 111 111 18 6 5 37 main LGPL-2.1-or-later 2023-12-12
47 frame A workbench for beams and frames ['looooo'] 0.1.1 master 98 0 2 0 2 yr 1,331 409 25 9 6 11 master LGPL-2.1-or-later 2015-11-23
48 MOOC Learn FreeCAD ['Jonathan Wiedemann'] 2022.04.21 master 98 0 2 0 4 yr 0 0 5 6 7 18 master GPLv2.1 2019-07-12
49 pyOpToolsWorkbench An optics ray-tracing workbench based on pyOpTools ['Ricardo Amézquita Orozco'] 0.0.4 master 97.9 0 2 1 3 mo 0 0 25 3 6 81 master GPL-3.0-or-later 2017-07-06
50 MnesarcoUtils A collection of tools mainly dedicated to scripting and experiments. ['Frank Martinez'] 0.2.16 main 97.8 0 2 2 2 mo 0 0 19 1 7 65 main GPL-3.0 2021-01-18
51 cadquery_module Build CadQuery models withing FreeCAD. ['Jeremy Wright'] 2.2.0 master 97.7 0 0 23 3 mo 100 100 147 5 44 11 master v2.2.0 Apache-2.0 2014-11-22
52 freecad-wakatime A simple FreeCAD WakaTime extension. ['Pegoku'] 0.6.0 main 97.6 0 2 4 8 mo 0 0 4 2 6 5 main v0.6.0 LGPL-2.1-or-later 2025-01-05
53 Ship Naval ship design (architecture, seakeeping, and ship resistance) ['Jose Luis Cercós Pita'] 2024.11.26 master 97.5 0 2 5 11 mo 460 204 49 6 28 71 master LGPL-2.1-or-later 2018-11-08
54 Quetzal A set of commands and objects that help to speed-up the drawing of frames and pipelines. Dodo successor. ['looo', 'Riccardo Treu (oddtopus)', 'Edgar J Robles', 'microelly', 'triplus', 'Edgar Robles'] 1.8.9 master 97.3 0 2 7 28 d 4,523 1,121 30 20 24 28 master LGPL-3.0-or-later 2020-05-03
55 FrameForge FrameForge is dedicated for creating Frames and Beams, and apply operations (miter cuts, trim cuts) on these profiles. ['Vivien Henry'] 0.2.1 main 97 0 3 0 1 mo 6,601 1,592 28 30 11 25 main v0.2.1 LGPL-3.0-only 2024-10-07
56 ProDarkThemePreferencePack ProDark preference pack including a stylesheet and othe GUI colour information for a complete ProDark experience ['turn211'] 1.0.0 main 97 1 0 0 2 yr 2,706 751 7 0 1 0 main GPL-2.0-or-later 2022-05-17
57 AirPlaneDesign A FreeCAD workbench dedicated to Airplane Design. ['FredsFactory'] 0.4.1 master 97 1 0 0 6 mo 2,542 701 110 9 22 19 master LGPL-2.1 2018-06-11
58 ExplodedAssembly [] master 97 1 0 0 2 yr 1,851 632 132 24 26 4 master 2016-03-13
59 Plot Tools to modify existing plots. ['PhoneDroid', 'looooo', 'Jose Luis Cercós Pita', 'hasecilu'] 2026.04.15 Stable 97 1 0 0 1 mo 542 485 15 0 11 20 Stable LGPL-2.1-or-later, CC-BY-SA-4.0 2018-09-22
60 ArchTextures [] master 97 1 0 0 4 yr 1,263 459 34 23 15 23 master 2018-09-30
61 Pyramids-and-Polyhedrons Create various polyhedrons in the Part workbench. ['PhoneDroid', 'Eddy Verlinden'] 0.2.2 Stable 97 1 0 0 2 mo 561 220 1 0 7 32 Stable v0.2.2 GPL-3.0-or-later, CC-BY-SA-4.0, Unlicense 2025-09-14
62 CommandPanel [] master 97 1 0 0 7 yr 0 0 3 1 5 10 master 2017-06-30
63 CubeMenu [] master 97 1 0 0 6 yr 0 0 6 1 0 8 master 2020-02-08
64 IconThemes [] master 97 1 0 0 6 yr 431 0 21 8 5 3 master 2016-10-10
65 Plot Tools to modify existing plots. ['PhoneDroid', 'looooo', 'Jose Luis Cercós Pita', 'hasecilu'] 2025.10.29 1.0.X 97 1 0 0 7 mo 0 0 15 0 11 23 2025.10.29 2025.10.29 LGPL-2.1-or-later, CC-BY-SA-4.0 2018-09-22
66 SelectorToolbar [] master 97 1 0 0 7 yr 0 0 8 3 4 2 master 2017-03-18
67 TabBar [] master 97 1 0 0 7 yr 0 0 9 1 3 2 master 2016-01-09
68 Templater A workbench to gather some drafting related tools ['FBXL5'] 0.0.2 main 97 1 0 0 today 0 0 1 0 0 8 main LGPL-3.0-or-later 2025-06-20
69 ToolbarStyle [] master 97 1 0 0 7 yr 0 0 3 0 0 3 master 2018-01-31
70 ose-piping [] master 97 1 0 0 3 yr 0 0 13 6 7 35 master 2018-02-17
71 pivy_trackers [] master 97 1 0 0 6 yr 0 0 23 6 7 61 master 2019-09-19
72 yaml-workbench A FreeCAD addon that loads and manipulates objects via YAML files. ['MambiX Ltd.'] 0.1.4 FreeCAD < v1.0 97 1 0 0 8 mo 0 0 12 2 3 23 v0.1.4 v0.1.4 LGPL-2.1-or-later 2017-11-26
73 Defeaturing A set of tools to edit a Shape or a STEP model. ['Maui'] 1.3.1 master 96.9 1 0 1 2 mo 4,025 1,085 36 9 8 8 master AGPLv3.0 2018-07-02
74 MeshRemodel Workbench for remodeling and repairing mesh objects. ['Mark Ganson'] 1.11.0 master 96.9 0 3 1 2 mo 3,903 882 32 0 8 10 master LGPL-2.1-or-later 2019-08-18
75 symbols_library [] master 96.9 1 0 1 16 d 755 416 37 0 17 0 master 2015-04-21
76 dxf-library [] master 96.9 1 0 1 2 yr 1,012 354 73 4 38 4 master 2013-06-22
77 Cubinets Visualize cabinet assemblies using parametric templates and generate cut lists. ['Vytautas Rimkevicius'] 0.1.0-demo Latest 96.9 1 0 1 2 mo 0 0 1 0 1 28 latest GPL-3.0-or-later 2026-02-20
78 Cubinets Visualize cabinet assemblies using parametric templates and generate cut lists. ['Vytautas Rimkevicius'] 0.1.0-demo Stable 96.9 1 0 1 2 mo 0 0 1 0 1 28 stable GPL-3.0-or-later 2026-02-20
79 addFC Additional tools for FreeCAD. ['Golodnikov Sergey'] 3.6.4 main 96.8 0 2 12 8 d 6,003 1,267 38 0 5 21 main LGPL-2.1-or-later 2024-05-12
80 ConstraintDesign This addon adds a design workbench that is specially designed to be as flexible and stable as possible. ['drwho495'] beta-0.1 main 96.8 1 0 2 2 mo 1,625 325 14 16 2 47 main LGPL-2.1-only 2025-04-13
81 Lithophane [] master 96.8 1 0 2 5 yr 116 116 36 14 10 37 master 2018-06-05
82 lattice2 Tools and arrays of all sorts and kinds, and local coordinate systems ['DeepSOIC'] 1.1 master 96.7 1 0 3 21 d 7,295 1,789 80 34 15 73 master LGPL-2.0-or-later 2015-11-26
83 Telemetry Help improve FreeCAD by sending basic metrics to the development team. ['The FreeCAD project association AISBL'] 1.0.5 main 96.6 0 3 4 today 1,648 298 12 6 5 9 main LGPL-2.1-or-later, CC-BY-4.0 2025-02-16
84 Motion-Control Link motion controller to an assembly using OPC UA. ['heissgetraenk', 'PhoneDroid'] 1.1.0 Stable 96.6 1 0 4 1 mo 0 0 0 0 6 13 Stable v1.1.0 GPL-3.0-or-later 2025-09-25
85 EM This project is dedicated to building an ElectroMagnetic workbench for FreeCAD, with support for inductance and capacitance solvers. ['Enrico Di Lorenzo'] 2.1.1 master 96.5 1 0 5 2 yr 640 255 66 6 17 24 master LGPLv2.1 2016-10-03
86 slic3r-tools [] master 96.3 1 0 7 6 yr 0 0 17 8 4 9 master 2019-05-08
87 LCInterlocking Create interlocking parts for laser cutting or CNC milling ['execuc'] 1.5.1 master 96 1 1 0 6 mo 2,187 667 184 34 36 32 master 1.5.1 LGPL-2.1-or-later 2016-06-20
88 Plot Some tools to manipulate the FreeCAD plots ['Jose Luis Cercós Pita'] 2024.11.26 FreeCAD < 1.0 96 1 1 0 1 yr 0 0 15 0 11 16 2024.11.26 2024.11.26 LGPL-2.1-or-later 2018-09-22
89 InventorLoader This plugin enables FreeCAD to import Inventor part files (*.IPT), ACIS files (*.SAT, *.SAB), 3D-Solids from DXF files and Fusion360 (*.f3d) files. ['jmplonka'] 1.5.1 master 95.7 1 1 3 1 yr 2,241 705 161 58 22 39 master LGPL-3.0-or-later 2017-02-09
90 fasteners Some common fasteners and fastener tools for FreeCAD. ['Shai Seger'] 0.5.51 master 95.6 1 1 4 8 d 72,348 22,705 387 81 103 92 master GPL-2.0-or-later 2015-06-18
91 Road Road is the Transportation and Geomatics Engineering workbench for FreeCAD. ['Hakan Seven'] 2026.04.11 main 95.6 0 3 14 1 mo 2,252 388 39 7 9 128 main LGPL-2.1-or-later, CC-BY-SA-4.0 2025-01-01
92 btl A FreeCAD Path Addon to manage your tool library. ['Samuel Abels'] 0.9.9 main 95.5 1 1 5 9 mo 0 0 41 17 16 49 main MIT 2023-07-15
93 BillOfMaterials A workbench to create Bill of Materials (BoM) independent of the assembly workbench of your choice. ['Paul Ebbers'] 1.1.1 main 95.4 1 1 6 21 d 2,840 1,060 29 6 4 35 main v1.1.1 LGPL-3.0-or-later 2023-11-05
94 DynamicData Container object for holding custom properties, alternative to spreadsheet ['TheMarkster'] 2.78 master 94.9 1 2 1 1 mo 2,306 623 51 24 10 4 master LGPL-2.1-or-later 2018-09-22
95 Assembly3 Assembly3 workbench an attempt to bring assembly capability to FreeCAD using SolveSpace constraint solver ['RealThunder'] 0.12.3 master 94.7 1 2 3 6 mo 2,398 630 903 333 76 18 master GPL-3.0-only 2017-09-10
96 3D_Printing_Tools [] master 94.6 1 2 4 7 yr 3,144 1,056 54 7 22 5 master 2019-01-30
97 DesignSPHysics DesignSPHysics is a macro/addon for FreeCAD that provides a Graphical User Interface for fluid and multi-physics solver DualSPHysics ['Iván Martínez Estévez'] 0.8.1 (29-05-2025) master 94.4 0 4 16 4 mo 682 193 150 33 47 315 master GPL-3.0-or-later 2018-07-31
98 freecad.gears A gear workbench for FreeCAD ['looooo'] 1.3 master 94 2 0 0 2 mo 29,757 8,189 334 79 114 31 master GPL-3.0-or-later 2014-04-08
99 OpenTheme An accessible and coordinated set of Light and Dark themes for FreeCAD ['Obelisk79'] 2025.05.20 main 94 2 0 0 4 mo 27,791 6,520 102 59 13 0 main LGPL-2.1-or-later 2024-01-24
100 FreeCAD-themes Additional themes for FreeCAD ['The FreeCAD Team'] 2025.11.25 main 94 2 0 0 1 mo 7,432 2,094 9 4 3 0 main LGPL-2.1-or-later 2024-06-24
101 Color-Palette-Theme Choose your colors with the "ColorPalette" Theme and increase the focus on objects and texts(FreeCAD v1.1.0 ≥) ['altangarts'] 2.2.2 main 94 2 0 0 5 d 3,899 844 11 1 2 0 main LGPL-2.1-or-later 2024-12-25
102 PieMenu The PieMenu module is a tool to accelerate and simplify your workflow in usage of FreeCAD. ['Grubuntu'] 1.12.4 master 94 2 0 0 2 mo 4,149 763 32 4 8 2 master LGPL-2.1-or-later 2024-01-13
103 OpticsWorkbench Geometrical optics for FreeCAD. Performs simple raytracing through your FreeCAD objects. ['Christi'] 1.3.5 main 94 2 0 0 3 d 1,711 618 158 10 38 16 main LGPL-2.1 2021-07-03
104 Estimate A FreeCAD workbench to estimate material quantity by volume or weight for selected parts ['error on line 1'] 0.1.5 master 94 2 0 0 16 d 1,807 422 13 1 5 6 master LGPL-3.0-or-later 2022-03-04
105 Freecad-Built-in-themes-beta Beta versions of the preference Packs included with the FreeCAD distribution ['MisterMaker'] 1.2.2 main 94 2 0 0 2 yr 1,519 396 4 1 5 0 main LGPL-2.0-or-later 2023-06-11
106 NordicFC Nordic themes and preference pack. ['error on line 1'] 1.0.1 main 94 2 0 0 5 d 159 159 21 2 2 0 main LGPL-2.1-or-later 2025-09-20
107 Machines Collection of Community Maintained Machines ['Sliptonic'] 1.0.0 Latest 94 2 0 0 22 d 0 0 3 1 3 0 Latest CC-BY-SA-4.0 2026-03-13
108 SlopedPlanesMacro [] master 94 2 0 0 7 yr 0 0 4 0 4 14 master 2017-11-14
109 Smooth-Toolsync The Smooth addon provides bidirectional synchronization between FreeCAD's CAM tool libraries and the Smooth tool data exchange system. This addon adds a "Sync with Smooth" button to the CAM workbench toolbar and a preference page to FreeCAD settings for server configuration. Features: - Bidirectional sync: Import and export tools in one operation - Bulk operations: Efficiently sync entire tool libraries - FreeCAD Path integration: Works directly within CAM workflow - Preserves tool metadata and parameters - API key authentication support Requirements: - FreeCAD 0.21 or later with CAM (Path) workbench - Access to a Smooth server instance - Network connectivity for API access - Python requests library (usually included with FreeCAD) ['Brad Collette'] 0.1.0 master 94 2 0 0 4 mo 0 0 3 3 0 13 master MIT 2025-10-27
110 CfdOF Computational Fluid Dynamics (CFD) based on OpenFOAM. ['Oliver Oxtoby'] 1.36.8 master 93.9 0 4 21 today 12,296 4,428 660 17 128 74 master LGPL-3.0-or-later 2016-12-02
111 Silk NURBS Surface modeling tools focused on low degree and seam continuity ['edwardvmills'] 0.2.9 master 93.9 2 0 1 1 d 4,791 1,966 86 4 15 43 master GPL-3.0-or-later 2017-05-20
112 STEMFIE A simple workbench for generating STEMFIE system components. ['Bilbao Makers', 'hasecilu'] 0.3.1 main 93.9 2 0 1 1 yr 0 0 23 5 5 15 main 0.3.1 GPL-2.0-or-later 2021-07-06
113 SteelColumn [] master 93.9 2 0 1 1 yr 0 0 8 0 4 16 master 2020-08-28
114 Alternate_OpenSCAD An alternate OpenSCAD importer with some experimental features. ['Keith Sloan'] 1.0.0 master 93.8 0 4 22 3 mo 2,229 549 16 10 7 19 master LGPL-2.1-or-later 2020-02-04
115 nurbs [] master 93.4 1 2 16 7 yr 0 0 26 6 12 110 master 2016-08-01
116 Design456 Direct Modeling Workbench for FreeCAD ['Mariwan Jalal'] 0.00.1 main 93.1 2 0 9 5 d 1,329 390 62 5 6 80 main GPL-3.0-or-later 2021-01-29
117 workfeature [] master 93 2 1 0 1 yr 0 0 13 6 5 35 master 2018-01-29
118 BillOfMaterials A workbench to create Bill of Materials (BoM) independent of the assembly workbench of your choice. ['Paul Ebbers'] 1.1.1 Develop 92.4 2 1 6 21 d 0 0 29 6 4 35 Develop LGPL-3.0-or-later 2023-11-05
119 Assembly4.1 This assembly workbench use lets you put FreeCAD Part and Body together inside a standard Assembly container. ['leoheck'] 0.60.2-0.1 main 92 1 5 0 7 mo 4,805 1,332 22 3 7 33 main LGPL-2.1-only 2025-06-23
120 AddonManager Tool to install workbenches, macros, themes, etc. ['Kurt Kremitzki', 'Chris Hennes', 'Yorik van Havre', 'Jonathan Wiedemann'] 2026.5.14 main 91.8 0 4 42 4 d 13,746 2,065 9 40 22 99 main LGPL-2.1-or-later 2025-04-06
121 AddonManager Development branch of a tool to install workbenches, macros, themes, etc. ['Kurt Kremitzki', 'Chris Hennes', 'Yorik van Havre', 'Jonathan Wiedemann'] 2026.5.14dev development 91.8 0 4 42 4 d 0 0 9 40 22 99 dev LGPL-2.1-or-later 2025-04-06
122 OSAFE This is a workbench for FreeCAD that creates foundation model from CSI ETABS model results. ['Raeyat Roknabadi Ebrahim'] 2022.05.29 master 91.4 0 7 16 3 mo 0 0 46 3 10 83 master LGPL-2.1-or-later 2018-11-08
123 Assembly4 This assembly workbench allows you to assemble various native FreeCAD parts (of type Part or Body) into a standard assembly container using links, and place them relative to the assembly and to each other using LCS connectors. ['Zolko'] 0.61.0 main 91.1 1 5 9 8 d 10,619 3,150 0 0 0 40 main LGPL-2.1-only
124 Gridfinity This Workbench will generate several variations of parametric Gridfinity bins and baseplates that can be easily customized. ['Stuart'] 0.12.4 master 91 3 0 0 3 mo 8,008 1,887 487 34 48 17 master v0.12.4 lgpl-2.1-or-later 2024-03-18
125 Cables Electrical cables drawing tools workbench for FreeCAD. ['SargoDevel'] 0.3.5 master 91 2 3 0 2 mo 6,734 1,516 75 7 7 32 master LGPL-3.0-or-later 2025-01-21
126 QuickMeasure Measures selected features. [] 2022.10.28 main 91 3 0 0 10 mo 3,241 775 10 4 7 3 main 2022-10-04
127 Launcher Search for commands and run them. ['PhoneDroid', 'Triplus'] 0.1.0 Latest 91 3 0 0 2 mo 0 0 0 0 4 7 Latest LGPL-2.1-or-later, CC-BY-SA-4.0 2026-03-28
128 Machines Collection of Community Maintained Machines ['Sliptonic'] 1.0.0 Stable 91 3 0 0 1 mo 0 0 3 1 3 0 Stable v1.0.0 CC-BY-SA-4.0 2026-03-13
129 CADExchanger [] master 90.7 3 0 3 2 yr 1,103 377 75 6 12 3 master 2017-03-25
130 SearchBar Adds a search bar widget for tools, document objects, and preferences ['Paul Ebbers'] 1.8.0 main 90.6 2 3 4 7 mo 3,298 924 6 7 9 28 main CCOv1 2024-11-07
131 woodworking Woodworking workbench was designed primarily for creating simple cabinets for your home or garage. However, it includes many features that will make everyday carpentry and other CAD projects easier and faster. I hope you will find something you enjoy here. ['Darek L'] 3.1.20260416 master 90.4 0 8 16 1 mo 16,112 2,974 489 3 45 154 master MIT 2022-02-25
132 pyrate [] master 90.4 2 3 6 1 yr 0 0 0 0 0 123 master
133 Render (UNMAINTAINED) A workbench to produce high-quality rendered images from your FreeCAD document, using open-source external rendering engines. Designed as a modern replacement for deprecated internal Raytracing Workbench. ['Yorik Van Havre', 'No current maintainer', 'howetuft'] 2024.12.15 master 90.3 1 5 17 2 d 7,042 2,586 219 17 42 53 master LGPL-2.1-or-later 2017-12-17
134 EasyProfileFrame Simplifies the creation of frames using profiles, such as aluminum profiles. It also includes support for exporting Bill of Materials (BOM). ['ovo-Tim'] 0.0.1 main 90 3 1 0 1 yr 2,465 687 20 6 4 10 main LGPL-3.0-or-later 2025-01-19
135 POV-Ray-Rendering [] master 89.2 3 1 8 3 yr 197 197 4 6 2 8 master 2020-11-30
136 osh-autodoc-workbench A workbench that support the creation of assembly manuals of open source hardware. ['Pieter Hijma', 'J.C. Mariscal-Melgar'] 0.2.3 main 89 1 8 0 3 mo 0 0 0 0 0 23 main LGPL-3.0-or-later
137 SaveAndRestore A simple addon to save and restore your settings ['Paul Ebbers'] 0.2.3 main 88.9 2 3 21 1 mo 3,440 997 7 2 1 11 main MIT 2025-04-23
138 TitleBlock An extension for the TechDraw workbench to fill a TitleBlock with the aid of the Spreadsheet workbench. ['Paul Ebbers'] 0.5.2.2 main 88.4 3 2 6 9 mo 0 0 4 2 0 18 main LGPL-2.1-or-later 2023-10-07
139 Launcher Search for commands and run them. ['PhoneDroid', 'Triplus'] 0.1.0 Stable 88 4 0 0 2 mo 0 0 0 0 4 2 Stable v0.1.0 LGPL-2.1-or-later, CC-BY-SA-4.0 2026-03-28
140 FreeCAD-Ribbon A Ribbon interface for FreeCAD ['Paul Ebbers'] 1.10.11 main 87.7 2 4 23 2 d 4,061 1,163 106 9 11 45 main GPL-3.0-or-later 2024-09-28
141 SearchBar Adds a search bar widget for tools, document objects, and preferences ['Paul Ebbers'] 1.8.0 Develop 87.6 3 3 4 8 mo 0 0 6 7 9 28 Develop CCOv1 2024-11-07
142 kicadStepUpMod A bidirectional ECAD/MCAD collaboration between KiCAD and FreeCAD. ['Maui'] 11.08.2 master 85.9 3 4 11 5 mo 6,972 1,483 646 39 83 34 master AGPLv3.0 2017-09-12
143 fcVM Finite element collapse analysis based on the von Mises plasticity model for use with FreeCAD ['HarryvL'] 2024.9.5 main 85.9 4 2 1 10 mo 0 0 11 3 3 4 main 2024-01-17
144 FreeGrid A simple tools workbench for generating FreeGrid storage system components. ['Alan Langford', 'hasecilu', 'Michael K Johnson'] 2.2.0 main 85.5 4 2 5 1 yr 708 143 47 2 4 9 main AGPL-3.0-or-later 2022-07-25
145 Corridor-Road FreeCAD workbench for parametric road corridor design, review, and output preparation. ['Kcod'] 1.0.1 Latest 85.5 1 0 115 today 0 0 3 1 1 453 main LGPL-2.1-or-later 2026-02-23
146 SaveAndRestore A simple addon to save and restore your settings ['Paul Ebbers'] 0.2.3 Develop 85.1 3 3 29 4 d 0 0 7 2 1 11 Develop MIT 2025-04-23
147 freecad_streamdeck_addon FreeCAD addon to use an Elgato Stream Deck macropad as an input device. ['Giraut'] 0.1.7 main 85 5 0 0 2 yr 0 0 18 7 4 6 main GPL-3.0-or-later 2024-02-25
148 FEMbyGEN Parametric Finite Element Analysis(FEM) ['Serdar T. Ince'] 2.5.5 master 84.9 2 9 1 7 d 1,843 660 46 5 24 28 master LGPL-2.1-only 2022-07-27
149 drawing_dimensioning [] < 0.20 84.5 3 6 5 7 mo 0 0 0 0 48 59 v0.19.4 0.19.4 2025-11-03
150 Manipulator A handy way to Move and Align objects in FreeCAD. ['Maui'] 1.6.4 master 83.6 3 7 4 2 mo 7,934 2,123 76 24 14 10 master GPLv3.0 2017-10-02
151 Part-o-magic Experiment on FreeCAD-wide automation of Part container management ['DeepSOIC'] 1.1.0 master 83.5 0 16 5 21 d 0 0 15 27 5 62 master LGPL-2.0-or-later 2016-05-20
152 A2plus Another assembly workbench for FreeCAD, following and extending Hamish's Assembly 2 workbench hence Assembly2plus. The main goal of A2plus is to create a very simple, easy to use, and not over-featured workbench for FreeCAD assemblies. Using the KISS principle: KEEP IT SIMPLE, STUPID ['kbwbe'] 0.4.68 master 83 4 1 40 3 mo 13,169 3,914 205 49 74 38 master LGPL-2.1-or-later 2018-06-28
153 FEM_FrontISTR A FreeCAD addon that enables a parallel nonliner FEM solver FrontISTR. ['FrontISTR-Commons'] 0.2.0 master 82.9 5 1 11 10 mo 473 0 36 0 9 29 master LGPL-2.1-or-later 2021-04-03
154 Reinforcement A workbench that provides tools for Reinforcement Generation and its Detailing. ['Amritpal Singh (amrit3701)'] v0.6 master 82.8 1 12 22 3 mo 1,418 389 63 61 23 66 master LGPL-2.1-or-later 2017-04-09
155 FreeCAD-Ribbon A Ribbon interface for FreeCAD ['Paul Ebbers'] 1.11.0dev Develop 82.5 3 5 35 today 0 0 106 9 11 50 Develop GPL-3.0-or-later 2024-09-28
156 GDML An external workbench for creating GDML models for Geant4 and Root ['Keith Sloan'] 2.0.1 Beta Main 82.1 0 16 19 2 d 0 0 71 52 19 69 Main LGPL-2.1 2019-11-21
157 Rocket A workbench for designing model rockets. ['David Carter'] 3.3.0 Pre-1.0 Compatible 81.5 4 6 5 2 yr 0 0 74 9 15 266 v3.3.0 v3.3.0 LGPLv2.1 2021-02-01
158 freecad.optics_design_workbench Physically accurate forward ray tracing for optics simulation and optimization with FreeCAD workbench frontend. ['Philipp Bredol'] 0.7.3 master 79.8 3 7 42 2 mo 599 0 12 1 2 43 master LGPL-3.0-or-later 2024-07-17
159 Cfd [] master 77.3 5 4 37 4 yr 0 0 212 4 41 66 master 2016-09-29
160 WebTools A collection of tools to work with web services ['Yorik van Havre'] 1.0.0 master 76.4 1 20 6 8 mo 0 0 28 10 18 10 master LGPL-2.1-or-later 2017-04-08
161 boltsfc Installable FreeCAD package of BOLTS, an Open Library for Technical Specifications. ['Bernd Hahnebach'] 2022.11.5 main 69.9 3 21 1 4 yr 3,725 1,312 41 3 15 51 main LGPLv2.1 2017-07-02
162 Ondsel-Lens Workspace manager for Ondsel Lens workspaces ['Pieter Hijma'] 2025.12.22.01 main 68.5 6 13 5 5 mo 0 0 4 8 14 66 main LGPL-2.0-or-later, Apache-2.0, CC0-1.0, CC-BY-SA-2.0, CC-BY-SA-4... 2025-06-22
163 Rocket Workbench for designing model rockets. ['David Carter'] 5.1.1 master 67.8 5 14 32 4 mo 605 209 74 9 15 311 master LGPL-2.1-or-later, MIT 2021-02-01
164 BCFPlugin Integrate collaboration in the BIM space through support of the BCF (BIM Collaboration Format). ['Patrick Podest (podestplatz)'] 1.0.0 master 65.2 8 9 18 4 yr 0 0 9 6 8 52 master LGPLv2.1 2019-05-11
165 Curves A collection of tools mainly dedicated to NURBS curves and surfaces modeling. ['Christophe Grellier'] 0.6.71 main 59.9 1 37 1 today 46,888 12,111 144 33 37 119 main LGPL-2.1-or-later, Apache-2.0 2016-08-06
166 AnimationFreeCAD The FreeCAD Animation workbench allows users to animate any object easily through visual scripting Nodes thanks to PyFlow. ['Quentin Tournier', 'Andréas Cottet'] 1.0-beta main 44.2 2 44 58 1 yr 1,397 458 34 10 10 630 main Apache-2.0 2022-01-29
167 workfeature-macro [] master 17.9 1 79 1 1 yr 0 0 28 3 9 34 master 2015-02-15
168 pcb Printed Circuit Board (PCB) Workbench for FreeCAD ['marmni'] 6.2023.1 master 0 3 101 43 2 mo 2,814 825 118 7 27 280 master AGPLv3.0 2016-01-06
169 AIGenFurniture Parametric furniture cabinet design workbench. Generate cabinets from simple boxes, apply features (fronts, shelves, drawers), and export manufacturing files. ['Bogdan'] 0.1.5 Latest 0 7 156 198 8 d 722 722 3 0 2 871 main LGPL-2.1-or-later 2025-08-27

Addon Details

CurvedShapes master

1.00.14· Create 3D shapes from 2D curves.

100 / 100

Repository

https://github.com/chbergmann/CurvedShapesWorkbench
master · Created: 2019-06-11 · Updated: 7 mo · 11 python files

Statistics

9,283
DL(Yr)
2,338
DL(Mo)
79
Stars
14
Issues
Manifest
Branch
master
Version
1.00.14
License
LGPL-2.1
Dependencies 4
  • Internal: BOPTools
  • Internal: Draft
  • Internal: PySide
  • Internal: Sketcher
Static Analysis 0
INFO 2
package.xml1
  • Missing author information in package.xml
Layout1
  • Uses exec based layout
Authors/Maintainers 1
Christi

ThreadProfile master

1.98· ThreadProfile object for creating internal/external threads

100 / 100

Repository

https://github.com/mwganson/ThreadProfile
master · Created: 2019-07-22 · Updated: 5 mo · 4 python files

Statistics

6,879
DL(Yr)
1,879
DL(Mo)
69
Stars
28
Issues
Manifest
Branch
master
Version
1.98
License
LGPL-2.1
Dependencies 2
  • Internal: Draft
  • Internal: PySide
Static Analysis 0
INFO 2
package.xml1
  • Missing author information in package.xml
Layout1
  • Uses exec based layout
Authors/Maintainers 1
TheMarkster

FusedFilamentDesign release

0.26.200· PartDesign addon for FFF/FDM 3D-printing design

100 / 100

Repository

https://github.com/rahix/FusedFilamentDesign.git
release · v0.26.200 · Created: 2025-05-11 · Updated: 7 d · 10 python files

Statistics

7,800
DL(Yr)
1,713
DL(Mo)
223
Stars
16
Issues
Manifest
Branch
release
Version
0.26.200
License
LGPL-2.1-or-later
Dependencies 2
  • Internal: PySide
  • Internal: Sketcher
Static Analysis 0
INFO 2
package.xml1
  • Missing author information in package.xml
Layout1
  • Uses exec based layout
Authors/Maintainers 1
rahix

Beltrami main

1.3.3· Workbench for designing Turbomachine blades.

100 / 100

Repository

https://github.com/Simturb/Beltrami
main · 1.3.3 · Created: 2021-05-10 · Updated: 26 d · 5 python files

Statistics

2,174
DL(Yr)
729
DL(Mo)
40
Stars
0
Issues
Manifest
Branch
main
Version
1.3.3
License
LGPL-2.1-or-later
Dependencies 4
  • Internal: Sketcher
  • Internal: Spreadsheet
  • Warn: numpy (Not in AddonManager allowed packages)
  • Warn: scipy (Not in AddonManager allowed packages)
Static Analysis 0
INFO 1
Layout1
  • Uses extension based layout
Authors/Maintainers 1
Michel Sabourin

dodo master

1.0.1· A set of commands and objects that help to speed-up the drawing of frames and pipelines. Py3/Qt5 port of flamingo.

100 / 100

Repository

https://github.com/oddtopus/dodo
master · Created: 2019-03-24 · Updated: 2 yr · 18 python files

Statistics

1,903
DL(Yr)
706
DL(Mo)
31
Stars
20
Issues
Manifest
Branch
master
Version
1.0.1
License
LGPLv3
Dependencies 6
  • Internal: Arch
  • Internal: BOPTools
  • Internal: Draft
  • Internal: PySide
  • Internal: pivy
  • Warn: numpy (Not in AddonManager allowed packages)
Static Analysis 0
INFO 2
package.xml1
  • Missing author information in package.xml
Layout1
  • Uses exec based layout
Authors/Maintainers 1
Riccardo Treu (oddtopus)

Behave-Dark-Colors main

0.1.1· A preference pack including GUI color information to extend the Behave Dark stylesheet

100 / 100

Repository

https://github.com/Chrismettal/FreeCAD-Behave-Dark-Preference-Pack
main · Created: 2022-01-30 · Updated: 2 yr · 0 python files

Statistics

2,393
DL(Yr)
703
DL(Mo)
11
Stars
2
Issues
Manifest
Branch
main
Version
0.1.1
License
GPL-3.0-only
Static Analysis 0
INFO 2
package.xml1
  • Missing author information in package.xml
Layout1
  • No Mod init scripts found
Authors/Maintainers 1
Chrismettal

Woods master

1.1.0· Collection of various wood materials.

100 / 100

Repository

https://github.com/davesrocketshop/Woods
master · v1.1.0 · Created: 2025-06-26 · Updated: 4 mo · 4 python files

Statistics

2,862
DL(Yr)
665
DL(Mo)
8
Stars
2
Issues
Manifest
Branch
master
Version
1.1.0
License
LGPL-2.1-or-later, CDLA-Sharing-1.0, CC-BY-SA-4.0
Dependencies 3
  • Warn: Pillow (Not in AddonManager allowed packages)
  • Warn: opencv-python (Not in AddonManager allowed packages)
  • Warn: openpyxl (Not in AddonManager allowed packages)
Static Analysis 0
INFO 1
Layout1
  • Uses extension based layout
Authors/Maintainers 2
David Carter Gregory Holmberg

Dracula master

0.0.9· Dracula dark theme for FreeCAD

100 / 100

Repository

https://github.com/dracula/freecad
master · Created: 2021-03-07 · Updated: 10 mo · 0 python files

Statistics

2,382
DL(Yr)
629
DL(Mo)
38
Stars
9
Issues
Manifest
Branch
master
Version
0.0.9
License
MIT
Static Analysis 0
INFO 2
package.xml1
  • Missing author information in package.xml
Layout1
  • No Mod init scripts found
Authors/Maintainers 1
Eleanor Clifford

Marz master

0.1.20· Parametric Guitar design workbench

100 / 100

Repository

https://github.com/mnesarco/MarzWorkbench
master · v0.1.20 · Created: 2020-04-05 · Updated: 26 d · 67 python files

Statistics

2,020
DL(Yr)
627
DL(Mo)
122
Stars
6
Issues
Manifest
Branch
master
Version
0.1.20
License
GPL-3.0-or-later, LGPL-2.1-or-later
Dependencies 10
  • Compat: PySide2
  • Compat: PySide6
  • Internal: BOPTools
  • Internal: PySide
  • Internal: TechDraw
  • Internal: pivy
  • Warn: defusedxml (Not in AddonManager allowed packages)
  • Warn: inkex (Not in AddonManager allowed packages)
  • Warn: numpy (Not in AddonManager allowed packages)
  • Warn: setuptools (Not in AddonManager allowed packages)
Static Analysis 0
INFO 1
Layout1
  • Uses extension based layout
Authors/Maintainers 1
Frank Martinez

StandardBeams main

1.0.0· Workbench to create standard beam profiles of varying shapes.

100 / 100

Repository

https://github.com/MortenVajhoj/StandardBeams
main · Created: 2026-01-14 · Updated: 4 mo · 56 python files

Statistics

1,358
DL(Yr)
492
DL(Mo)
6
Stars
0
Issues
Manifest
Branch
main
Version
1.0.0
License
LGPL-2.1-or-later, CC-BY-SA-4.0
Dependencies 2
  • Compat: PySide6
  • Internal: PySide
Static Analysis 0
INFO 1
Layout1
  • Uses extension based layout
Authors/Maintainers 1
Morten Vajhøj

Catppuccin main

1.0.0· Light / Dark theme and preference pack.

100 / 100

Repository

https://github.com/cnvuls/CatppuccinTheme
main · Created: 2026-04-04 · Updated: 24 d · 0 python files

Statistics

461
DL(Yr)
461
DL(Mo)
0
Stars
0
Issues
Manifest
Branch
main
Version
1.0.0
License
MIT
Static Analysis 0
INFO 1
Layout1
  • No Mod init scripts found
Authors/Maintainers 1
cnvuls

MakerWorkbench master

1.0.1· A mechatronic components system + optic components system

100 / 100

Repository

https://github.com/URJCMakerGroup/MakerWorkbench
master · Created: 2020-07-24 · Updated: 1 yr · 60 python files

Statistics

1,602
DL(Yr)
428
DL(Mo)
50
Stars
6
Issues
Manifest
Branch
master
Version
1.0.1
License
LGPL-3
Dependencies 4
  • Internal: Draft
  • Internal: Mesh
  • Internal: PySide
  • Internal: pivy
Static Analysis 0
INFO 2
package.xml1
  • Missing author information in package.xml
Layout1
  • Uses exec based layout
Authors/Maintainers 1
David Muñoz

toSketch main

1.0.1· Tools to help recreate models from STEP files.

100 / 100

Repository

https://github.com/KeithSloan/toSketch
main · Created: 2021-01-02 · Updated: 4 mo · 14 python files

Statistics

2,338
DL(Yr)
368
DL(Mo)
18
Stars
8
Issues
Manifest
Branch
main
Version
1.0.1
License
GPL-2.0-or-later
Dependencies 9
  • Compat: PySide2
  • Internal: Draft
  • Internal: PySide
  • Internal: Sketcher
  • Warn: Show (Not in AddonManager allowed packages)
  • Warn: geomdl (Not in AddonManager allowed packages)
  • Warn: matplotlib (Not in AddonManager allowed packages)
  • Warn: numpy (Not in AddonManager allowed packages)
  • Warn: scipy (Not in AddonManager allowed packages)
Static Analysis 0
INFO 1
Layout1
  • Uses extension based layout
Authors/Maintainers 1
Keith Sloan

FeedsAndSpeeds master

0.6· CAM addon to help generate basic feeds and speeds for machining.

100 / 100

Repository

https://github.com/dubstar-04/FeedsAndSpeeds
master · Created: 2020-04-10 · Updated: 5 mo · 4 python files

Statistics

1,625
DL(Yr)
365
DL(Mo)
46
Stars
17
Issues
Manifest
Branch
master
Version
0.6
License
LGPL-2.1-or-later
Dependencies 2
  • Internal: PySide
  • Warn: Path (Not in AddonManager allowed packages)
Static Analysis 0
INFO 1
Layout1
  • Uses exec based layout
Authors/Maintainers 1
Daniel Wood

Plot Latest

2026.04.15· Tools to modify existing plots.

100 / 100

Repository

https://github.com/FreeCAD/Plot
Latest · Created: 2018-09-22 · Updated: 7 d · 20 python files

Statistics

1,965
DL(Yr)
339
DL(Mo)
15
Stars
0
Issues
Manifest
Branch
Latest
Version
2026.04.15
License
LGPL-2.1-or-later, CC-BY-SA-4.0
Dependencies 2
  • Compat: PySide6
  • Warn: matplotlib (Not in AddonManager allowed packages)
Static Analysis 0
INFO 1
Layout1
  • Uses extension based layout
Authors/Maintainers 4
PhoneDroid looooo Jose Luis Cercós Pita hasecilu

SvgWorkbench main

1.0.0.dev14· FreeCAD Svg Workbench

100 / 100

Repository

https://github.com/mnesarco/SvgWorkbench
main · v1.0.0.dev14 · Created: 2025-02-07 · Updated: 2 mo · 71 python files

Statistics

1,685
DL(Yr)
319
DL(Mo)
12
Stars
1
Issues
Manifest
Branch
main
Version
1.0.0.dev14
License
LGPL-3.0-or-later, LGPL-2.1-or-later
Dependencies 12
  • Compat: PySide6
  • Compat: shiboken2
  • Compat: shiboken6
  • Internal: Draft
  • Internal: PySide
  • Internal: TechDraw
  • Internal: pivy
  • Warn: defusedxml (Not in AddonManager allowed packages)
  • Warn: packaging (Not in AddonManager allowed packages)
  • Warn: rich (Not in AddonManager allowed packages)
  • Warn: toml (Not in AddonManager allowed packages)
  • Warn: typer (Not in AddonManager allowed packages)
Static Analysis 0
INFO 1
Layout1
  • Uses extension based layout
Authors/Maintainers 1
Frank David Martínez Muñoz

Supplemental-Materials Latest

1.0.2· Materials database that supplements the core materials.

100 / 100

Repository

https://github.com/FreeCAD/Supplemental-Materials
Latest · v1.0.2 · Created: 2026-03-01 · Updated: 2 mo · 2 python files

Statistics

401
DL(Yr)
168
DL(Mo)
3
Stars
1
Issues
Manifest
Branch
Latest
Version
1.0.2
License
LGPL-3.0-or-later, CC-BY-SA-4.0
Static Analysis 0
INFO 1
Layout1
  • Uses extension based layout
Authors/Maintainers 1
DavesRocketShop

Movie master

2025.01.04· Workbench to create and animate the movie camera, create and play videos of animations

100 / 100

Repository

https://github.com/Francisco-Rosa/FreeCAD-Movie
master · Created: 2022-12-12 · Updated: 10 mo · 6 python files

Statistics

413
DL(Yr)
125
DL(Mo)
15
Stars
0
Issues
Manifest
Branch
master
Version
2025.01.04
License
LGPL-2.1-or-later
Dependencies 4
  • Internal: PySide
  • Internal: pivy
  • Mod: Render
  • Warn: opencv-python (Not in AddonManager allowed packages)
Static Analysis 0
INFO 1
Layout1
  • Uses exec based layout
Authors/Maintainers 1
F_Rosa

Channels main

0.1.0.dev4· FreeCAD Channels - Connector to Blender

100 / 100

Repository

https://github.com/mnesarco/Channels
main · Created: 2025-04-11 · Updated: 2 mo · 41 python files

Statistics

0
DL(Yr)
0
DL(Mo)
62
Stars
0
Issues
Manifest
Branch
main
Version
0.1.0.dev4
License
LGPL-3.0-or-later
Dependencies 13
  • Compat: PySide2
  • Compat: PySide6
  • Compat: shiboken2
  • Compat: shiboken6
  • Internal: PySide
  • Internal: pivy
  • Warn: bpy (Not in AddonManager allowed packages)
  • Warn: defusedxml (Not in AddonManager allowed packages)
  • Warn: importers (Not in AddonManager allowed packages)
  • Warn: packaging (Not in AddonManager allowed packages)
  • Warn: rich (Not in AddonManager allowed packages)
  • Warn: toml (Not in AddonManager allowed packages)
  • Warn: typer (Not in AddonManager allowed packages)
Static Analysis 0
INFO 1
Layout1
  • Uses extension based layout
Authors/Maintainers 1
Frank David Martínez Muñoz

FileExplorerExt main

1.0.0-dev.7· Integrated file system viewer.

100 / 100

Repository

https://github.com/mnesarco/FileExplorerExt
main · v1.0.0.dev7 · Created: 2025-12-24 · Updated: 3 mo · 17 python files

Statistics

541
DL(Yr)
0
DL(Mo)
5
Stars
0
Issues
Manifest
Branch
main
Version
1.0.0-dev.7
License
LGPL-3.0-or-later
Dependencies 2
  • Compat: PySide6
  • Internal: PySide
Static Analysis 0
INFO 1
Layout1
  • Uses extension based layout
Authors/Maintainers 1
Frank David Martínez Muñoz

FoamCut main

0.1.12· Foamcut workbench provide functionality to prepare job and generate Gcode for 4 or 5 axis cnc hotwire cutter.

100 / 100

Repository

https://github.com/Shkolik/Foamcut
main · Created: 2024-01-12 · Updated: 2 mo · 21 python files

Statistics

680
DL(Yr)
0
DL(Mo)
20
Stars
4
Issues
Manifest
Branch
main
Version
0.1.12
License
LGPL-2.1-or-later
Dependencies 2
  • Internal: PySide
  • Internal: pivy
Static Analysis 0
INFO 1
Layout1
  • Uses exec based layout
Authors/Maintainers 2
Andrew Shkolik (https://github.com/Shkolik) Andrew Shkolik

FreecadDiscordPresence main

1.0.3· Shows FreeCAD Status on discord.

100 / 100

Repository

https://github.com/TzurSoffer/FreecadDiscordPresence
main · Version1.0.3 · Created: 2024-12-09 · Updated: 8 mo · 4 python files

Statistics

0
DL(Yr)
0
DL(Mo)
12
Stars
0
Issues
Manifest
Branch
main
Version
1.0.3
License
LGPL-2.1-or-later
Dependencies 3
  • Compat: PySide2
  • Internal: PySide
  • Warn: pypresence (Not in AddonManager allowed packages)
Static Analysis 0
INFO 2
package.xml1
  • Missing author information in package.xml
Layout1
  • Uses extension based layout
Authors/Maintainers 1
Tzur Soffer

ImportNURBS master

1.1 Beta· An external workbench for add importer for 3dm>

100 / 100

Repository

https://github.com/KeithSloan/ImportNURBS
master · Created: 2020-03-23 · Updated: 28 d · 4 python files

Statistics

0
DL(Yr)
0
DL(Mo)
12
Stars
4
Issues
Manifest
Branch
master
Version
1.1 Beta
License
LGPL-2.1
Dependencies 4
  • Internal: Draft
  • Internal: Mesh
  • Warn: rhino3dm (Not in AddonManager allowed packages)
  • Warn: setuptools (Not in AddonManager allowed packages)
Static Analysis 0
INFO 2
package.xml1
  • Missing author information in package.xml
Layout1
  • Uses extension based layout
Authors/Maintainers 1
Keith Sloan

InstrumentInput main

0.3.1· Use Bluetooth-connected measurement instruments such as calipers as input devices

100 / 100

Repository

https://codeberg.org/stv0g/freecad-instrumentinput
main · v0.3.1 · Updated: 23 d · 9 python files

Statistics

0
DL(Yr)
0
DL(Mo)
0
Stars
0
Issues
Manifest
Branch
main
Version
0.3.1
License
Apache-2.0
Dependencies 2
  • Compat: PySide6
  • Warn: sylvac (Not in AddonManager allowed packages)
Static Analysis 0
INFO 1
Layout1
  • Uses extension based layout
Authors/Maintainers 1
Steffen Vogel (stv0g)

NikraDAP main

2.0-alpha· Multibody Planar Dynamics Workbench based on a DAP solver algorithm developed by P.E. Nikravesh.

100 / 100

Repository

https://github.com/NikraDAP/FreeCAD-NikraDAP
main · Created: 2023-02-22 · Updated: 3 yr · 11 python files

Statistics

0
DL(Yr)
0
DL(Mo)
2
Stars
2
Issues
Manifest
Branch
main
Version
2.0-alpha
License
GPL-3
Dependencies 4
  • Internal: PySide
  • Internal: pivy
  • Warn: numpy (Not in AddonManager allowed packages)
  • Warn: scipy (Not in AddonManager allowed packages)
Static Analysis 0
INFO 2
package.xml1
  • Missing author information in package.xml
Layout1
  • Uses exec based layout
Authors/Maintainers 1
Lukas du Plessis

Pyramids-and-Polyhedrons Latest

0.2.2· Create various polyhedrons in the Part workbench.

100 / 100

Repository

https://github.com/Addon-Shelter/Polyhedra
Latest · Created: 2025-09-14 · Updated: 2 mo · 32 python files

Statistics

878
DL(Yr)
0
DL(Mo)
1
Stars
0
Issues
Manifest
Branch
Latest
Version
0.2.2
License
GPL-3.0-or-later, CC-BY-SA-4.0, Unlicense
Dependencies 1
  • Compat: PySide6
Static Analysis 0
INFO 1
Layout1
  • Uses extension based layout
Authors/Maintainers 2
PhoneDroid Eddy Verlinden

Ratchet main

1.0.0· Workbench to quickly create ratchets.

100 / 100

Repository

https://github.com/erroronline1/ratchetWB
main · v1.0.0 · Created: 2022-08-13 · Updated: 1 mo · 27 python files

Statistics

0
DL(Yr)
0
DL(Mo)
4
Stars
0
Issues
Manifest
Branch
main
Version
1.0.0
License
LGPL-3.0-or-later
Dependencies 1
  • Compat: PySide6
Static Analysis 0
INFO 1
Layout1
  • Uses extension based layout
Authors/Maintainers 1
error on line 1

Solar main

2026.03.08· Workbench to manage solar analysis and configurations.

100 / 100

Repository

https://github.com/Francisco-Rosa/Solar
main · Created: 2025-07-13 · Updated: 2 mo · 11 python files

Statistics

0
DL(Yr)
0
DL(Mo)
21
Stars
3
Issues
Manifest
Branch
main
Version
2026.03.08
License
LGPL-2.1-or-later
Dependencies 5
  • Internal: Draft
  • Internal: PySide
  • Warn: ladybug (Not in AddonManager allowed packages)
  • Warn: ladybug_geometry (Not in AddonManager allowed packages)
  • Warn: ladybug_radiance (Not in AddonManager allowed packages)
Static Analysis 0
INFO 1
Layout1
  • Uses extension based layout
Authors/Maintainers 1
Francisco Rosa

Vars main

0.0.2.beta5· FreeCAD Vars

100 / 100

Repository

https://github.com/mnesarco/Vars
main · Created: 2025-05-19 · Updated: 2 mo · 42 python files

Statistics

0
DL(Yr)
0
DL(Mo)
16
Stars
2
Issues
Manifest
Branch
main
Version
0.0.2.beta5
License
LGPL-3.0-or-later
Dependencies 11
  • Compat: PySide6
  • Compat: shiboken2
  • Compat: shiboken6
  • Internal: PySide
  • Internal: pivy
  • Warn: defusedxml (Not in AddonManager allowed packages)
  • Warn: packaging (Not in AddonManager allowed packages)
  • Warn: rich (Not in AddonManager allowed packages)
  • Warn: scour (Not in AddonManager allowed packages)
  • Warn: toml (Not in AddonManager allowed packages)
  • Warn: typer (Not in AddonManager allowed packages)
Static Analysis 0
INFO 1
Layout1
  • Uses extension based layout
Authors/Maintainers 1
Frank David Martínez Muñoz

freecad-xr-workbench main

1.0.1· A Virtual Reality (OpenXR) workbench. View your models with VR goggles.

100 / 100

Repository

https://github.com/kwahoo2/freecad-xr-workbench
main · Created: 2023-07-29 · Updated: 25 d · 17 python files

Statistics

0
DL(Yr)
0
DL(Mo)
30
Stars
1
Issues
Manifest
Branch
main
Version
1.0.1
License
LGPL-3.0-or-later
Dependencies 10
  • Compat: PySide2
  • Compat: PySide6
  • Compat: shiboken2
  • Compat: shiboken6
  • Internal: Draft
  • Internal: PySide
  • Internal: pivy
  • Warn: PyOpenGL (Not in AddonManager allowed packages)
  • Warn: numpy (Not in AddonManager allowed packages)
  • Warn: xr (Not in AddonManager allowed packages)
Static Analysis 0
INFO 2
package.xml1
  • Missing author information in package.xml
Layout1
  • Uses extension based layout
Authors/Maintainers 1
Adrian Przekwas

yaml-workbench master

0.1.4· A FreeCAD addon that loads and manipulates objects via YAML files.

100 / 100

Repository

https://github.com/Mambix/FreeCAD-yaml-workbench
master · v0.1.4 · Created: 2017-11-26 · Updated: 8 mo · 23 python files

Statistics

0
DL(Yr)
0
DL(Mo)
12
Stars
2
Issues
Manifest
Branch
master
Version
0.1.4
License
LGPL-2.1-or-later
Dependencies 3
  • Internal: Mesh
  • Warn: PyYAML (Not in AddonManager allowed packages)
  • Warn: Requests (Not in AddonManager allowed packages)
Static Analysis 0
INFO 2
package.xml1
  • Missing author information in package.xml
Layout1
  • Uses extension based layout
Authors/Maintainers 1
MambiX Ltd.

DFM main

0.1.9· Design for manufacturing workbench. Evaluate designs against manufacturing processes and associated rules.

99.9 / 100

Repository

https://github.com/ryankembrey/FreeCAD-DFM-Workbench
main · Created: 2025-08-03 · Updated: 6 d · 57 python files

Statistics

546
DL(Yr)
546
DL(Mo)
28
Stars
23
Issues
Manifest
Branch
main
Version
0.1.9
License
LGPL-2.1-or-later
Dependencies 4
  • Compat: PySide6
  • Internal: pivy
  • Warn: OCC (Not in AddonManager allowed packages)
  • Warn: PyYAML (Not in AddonManager allowed packages)
Static Analysis 1
LOW 1
freecad/DFM/gui/results/bridge.py1
  • line 228: Try, Except, Continue detected.
INFO 1
Layout1
  • Uses extension based layout
Authors/Maintainers 1
Ryan Kembrey

CamScripts main

V0.0.5 2024/09/25· CamScripts ToolBit import or script creation and configure *every* step of FreeCAD CAM process.

99.9 / 100

Repository

https://github.com/spanner888/CamScripts
main · Created: 2024-08-23 · Updated: 20 d · 14 python files

Statistics

317
DL(Yr)
317
DL(Mo)
3
Stars
4
Issues
Manifest
Branch
main
Version
V0.0.5 2024/09/25
License
LGPL-2.1-or-later
Dependencies 5
  • Internal: Draft
  • Internal: PySide
  • Warn: Materials (Not in AddonManager allowed packages)
  • Warn: Path (Not in AddonManager allowed packages)
  • Warn: numpy (Not in AddonManager allowed packages)
Static Analysis 1
LOW 1
freecad/cam_scripts/utils.py1
  • line 10: Consider possible security implications associated with the subprocess module.
INFO 1
Layout1
  • Uses extension based layout
Authors/Maintainers 1
spanner888

Assembly2MuJoCo main

0.4.0· An addon for exporting FreeCAD builtin Assemblies to MuJoCo.

99.9 / 100

Repository

https://github.com/AnesBenmerzoug/FreeCAD-Assembly2MuJoCo
main · v0.4.0 · Created: 2025-04-19 · Updated: 13 d · 27 python files

Statistics

0
DL(Yr)
0
DL(Mo)
22
Stars
2
Issues
Manifest
Branch
main
Version
0.4.0
License
LGPL-2.1-or-later
Dependencies 3
  • Internal: Mesh
  • Internal: PySide
  • Warn: pytest (Not in AddonManager allowed packages)
Static Analysis 1
LOW 1
freecad/assembly2mujoco/core/mujoco.py1
  • line 2: Using xml.etree.ElementTree to parse untrusted XML data is known to be vulnerable to XML attacks. Replace xml.etree.ElementTree with the equivalent defusedxml package, or make sure defusedxml.defuse_stdlib() is called.
INFO 1
Layout1
  • Uses extension based layout
Authors/Maintainers 1
Anes Benmerzoug

taack-plm-freecad main

2025.11.12· This workbench contains tools to interact with Taack Plm Intranet server app you can find under the https://github.com/Taack/plm

99.9 / 100

Repository

https://github.com/Taack/taack-plm-freecad
main · Created: 2023-02-09 · Updated: 6 mo · 4 python files

Statistics

0
DL(Yr)
0
DL(Mo)
15
Stars
1
Issues
Manifest
Branch
main
Version
2025.11.12
License
GPL-2.0-or-later
Dependencies 3
  • Internal: PySide
  • Warn: Requests (Not in AddonManager allowed packages)
  • Warn: protobuf (Not in AddonManager allowed packages)
Static Analysis 1
LOW 1
Intranet.py1
  • line 28: Possible hardcoded password: ''
INFO 2
package.xml1
  • Missing author information in package.xml
Layout1
  • Uses exec based layout
Authors/Maintainers 1
Adrien GUICHARD

sheetmetal master

0.8.11· A simple sheet metal tools workbench for FreeCAD.

99.8 / 100

Repository

https://github.com/shaise/FreeCAD_SheetMetal
master · Created: 2015-06-12 · Updated: 8 d · 32 python files

Statistics

51,464
DL(Yr)
14,314
DL(Mo)
308
Stars
104
Issues
Manifest
Branch
master
Version
0.8.11
License
LGPL-2.1-or-later
Dependencies 7
  • Internal: BOPTools
  • Internal: Draft
  • Internal: PySide
  • Internal: TechDraw
  • Internal: TestApp
  • Warn: Drawing (Not in AddonManager allowed packages)
  • Warn: networkx (Not in AddonManager allowed packages)
Static Analysis 2
LOW 2
ExtrudedCutout.py1
  • line 198: Try, Except, Continue detected.
SheetMetalCmd.py1
  • line 178: Try, Except, Continue detected.
INFO 2
package.xml1
  • Missing author information in package.xml
Layout1
  • Uses exec based layout
Authors/Maintainers 1
Shai Seger

CadbaseLibrary master

3.0.0· The workbench provides users with an easier way to work with components on the CADBase platform through the FreeCAD interface. Component mod...

99.8 / 100

Repository

https://github.com/mnnxp/cadbaselibrary-freecad
master · v3.0.0 · Created: 2023-02-10 · Updated: 8 mo · 13 python files

Statistics

1,104
DL(Yr)
274
DL(Mo)
6
Stars
0
Issues
Manifest
Branch
master
Version
3.0.0
License
LGPL-3.0-or-later
Dependencies 1
  • Internal: PySide
Static Analysis 2
LOW 2
CadbaseMacro.py2
  • line 26: Consider possible security implications associated with the subprocess module.
  • line 222: subprocess call - check for execution of untrusted input.
INFO 2
package.xml1
  • Missing author information in package.xml
Layout1
  • Uses exec based layout
Authors/Maintainers 1
mnnxp

Design-Proof main

0.1.3· Proof-test your parametric CAD models by systematically varying dimensions and measuring regeneration success rates.

99.7 / 100

Repository

https://github.com/Unai-Pz-de-A/FreeCAD-DesignProof
main · v0.1.3 · Created: 2026-03-30 · Updated: 26 d · 15 python files

Statistics

0
DL(Yr)
0
DL(Mo)
3
Stars
14
Issues
Manifest
Branch
main
Version
0.1.3
License
LGPL-2.1-or-later
Dependencies 1
  • Compat: PySide6
Static Analysis 3
LOW 3
freecad/DesignProof/core/parameter_detector.py1
  • line 149: Try, Except, Continue detected.
freecad/DesignProof/core/variation_engine.py1
  • line 124: Standard pseudo-random generators are not suitable for security/cryptographic purposes.
freecad/DesignProof/ui/analysis_dialog.py1
  • line 293: Starting a process without a shell.
INFO 1
Layout1
  • Uses extension based layout
Authors/Maintainers 1
Unai-Pz-de-A

ShapeStrings main

0.2.0· Advanced tools for creating and manipulating ShapeStrings.

99.6 / 100

Repository

https://github.com/robertmassaioli/shapestrings
main · Created: 2025-12-21 · Updated: 3 mo · 21 python files

Statistics

118
DL(Yr)
118
DL(Mo)
4
Stars
2
Issues
Manifest
Branch
main
Version
0.2.0
License
LGPL-2.1-or-later
Dependencies 1
  • Internal: PySide
Static Analysis 4
LOW 4
bump_version.py4
  • line 20: Consider possible security implications associated with the subprocess module.
  • line 104: subprocess call - check for execution of untrusted input.
  • line 105: Starting a process with a partial executable path
  • line 105: subprocess call - check for execution of untrusted input.
INFO 1
Layout1
  • Uses extension based layout
Authors/Maintainers 1
Robert Massaioli

Motion-Control Latest

1.1.0· Link motion controller to an assembly using OPC UA.

99.6 / 100

Repository

https://github.com/Addon-Shelter/Motion-Control
Latest · Created: 2025-09-25 · Updated: 1 mo · 13 python files

Statistics

0
DL(Yr)
0
DL(Mo)
0
Stars
0
Issues
Manifest
Branch
Latest
Version
1.1.0
License
GPL-3.0-or-later
Dependencies 3
  • Compat: PySide6
  • Warn: aioconsole (Not in AddonManager allowed packages)
  • Warn: asyncua (Not in AddonManager allowed packages)
Static Analysis 4
LOW 4
Demo/Demo_Cnc/DemoServer/opcserver.py4
  • line 147: Starting a process with a shell: Seems safe, but may be changed in the future, consider rewriting without shell
  • line 147: Starting a process with a partial executable path
  • line 190: Starting a process with a shell: Seems safe, but may be changed in the future, consider rewriting without shell
  • line 190: Starting a process with a partial executable path
INFO 1
Layout1
  • Uses extension based layout
Authors/Maintainers 2
heissgetraenk PhoneDroid

IDF Latest

1.0.0· Importer for IDF files.

99 / 100

Repository

https://github.com/FreeCAD/IDF
Latest · Created: 2026-03-07 · Updated: 2 mo · 12 python files

Statistics

0
DL(Yr)
0
DL(Mo)
0
Stars
0
Issues
Manifest
Branch
Latest
Version
1.0.0
License
LGPL-2.1-or-later, CC-BY-SA-4.0
Static Analysis 1
MEDIUM 1
freecad/IDF/Constants.py1
  • line 20: Probable insecure usage of temp file/directory.
INFO 1
Layout1
  • Uses extension based layout
Authors/Maintainers 2
PhoneDroid Milos Koutny

Nodes main

0.1.36· Visual scripting workbench for FreeCAD

99 / 100

Repository

https://github.com/j8sr0230/Nodes
main · Created: 2022-08-10 · Updated: 2 yr · 110 python files

Statistics

0
DL(Yr)
0
DL(Mo)
112
Stars
14
Issues
Manifest
Branch
main
Version
0.1.36
License
LGPL-2.1-or-later
Dependencies 6
  • Internal: Mesh
  • Warn: awkward (Not in AddonManager allowed packages)
  • Warn: blinker (Not in AddonManager allowed packages)
  • Warn: numpy (Not in AddonManager allowed packages)
  • Warn: qtpy (Not in AddonManager allowed packages)
  • Warn: scipy (Not in AddonManager allowed packages)
Static Analysis 1
MEDIUM 1
nodes/script/script_py_script.py1
  • line 105: Use of exec detected.
INFO 2
package.xml1
  • Missing author information in package.xml
Layout1
  • Uses exec based layout
Authors/Maintainers 1
Ronny Scharf-Wildenhain

free2ki freecad-addons

1.1.2· Export your 3D models to VRML files, with correctly applied rotation and scaling, for use in KiCad as well as Blender.

98.9 / 100

Repository

https://github.com/30350n/free2ki
freecad-addons · v1.1.2 · Created: 2022-01-09 · Updated: 5 mo · 6 python files

Statistics

0
DL(Yr)
0
DL(Mo)
58
Stars
0
Issues
Manifest
Branch
freecad-addons
Version
1.1.2
License
GPL-3.0-or-later
Dependencies 4
  • Compat: PySide6
  • Internal: PySide
  • Warn: Pillow (Not in AddonManager allowed packages)
  • Warn: numpy (Not in AddonManager allowed packages)
Static Analysis 2
MEDIUM 1
.github/workflows/build_freecad_package.py1
  • line 23: Using xml.etree.ElementTree.fromstring to parse untrusted XML data is known to be vulnerable to XML attacks. Replace xml.etree.ElementTree.fromstring with its defusedxml equivalent function or make sure defusedxml.defuse_stdlib() is called
LOW 1
.github/workflows/build_freecad_package.py1
  • line 7: Using ElementTree to parse untrusted XML data is known to be vulnerable to XML attacks. Replace ElementTree with the equivalent defusedxml package, or make sure defusedxml.defuse_stdlib() is called.
INFO 2
package.xml1
  • Missing author information in package.xml
Layout1
  • Uses extension based layout
Authors/Maintainers 1
30350n

Detessellate main

1.1.0· FreeCAD workbench of tools to reverse engineer meshes

98.8 / 100

Repository

https://github.com/DesignWeaver3D/Detessellate
main · Created: 2025-11-22 · Updated: 6 d · 22 python files

Statistics

213
DL(Yr)
213
DL(Mo)
71
Stars
3
Issues
Manifest
Branch
main
Version
1.1.0
License
LGPL-2.1-or-later
Dependencies 6
  • Internal: Draft
  • Internal: Mesh
  • Internal: PySide
  • Internal: Sketcher
  • Internal: pivy
  • Warn: numpy (Not in AddonManager allowed packages)
Static Analysis 3
MEDIUM 1
freecad/Detessellate/PointPlaneSketch.py1
  • line 980: Possible SQL injection vector through string-based query construction.
LOW 2
freecad/Detessellate/CoplanarSketch.py1
  • line 353: Standard pseudo-random generators are not suitable for security/cryptographic purposes.
freecad/Detessellate/SketcherWireDoctor_Main.py1
  • line 234: Try, Except, Continue detected.
INFO 2
package.xml1
  • Missing author information in package.xml
Layout1
  • Uses extension based layout
Authors/Maintainers 1
DesignWeaver3D

WB_Organizer main

2024.1.29· A workbench organizer widget for FreeCAD. Allows you to group your long list of workbenches into smaller meaningful groups. Allows you to re...

98.6 / 100

Repository

https://github.com/Palmstroemen/WB_Organizer
main · Created: 2024-01-26 · Updated: 2 yr · 3 python files

Statistics

1,423
DL(Yr)
453
DL(Mo)
5
Stars
4
Issues
Manifest
Branch
main
Version
2024.1.29
License
LGPL-2.1-or-later
Dependencies 1
  • Compat: PySide2
Static Analysis 14
LOW 14
WBO_Gui.py7
  • line 516: Consider possible security implications associated with the subprocess module.
  • line 523: Starting a process with a partial executable path
  • line 523: subprocess call - check for execution of untrusted input.
  • line 525: Starting a process with a partial executable path
  • line 525: subprocess call - check for execution of untrusted input.
  • line 527: Starting a process with a partial executable path
  • line 527: subprocess call - check for execution of untrusted input.
WBO_Preferences.py7
  • line 23: Consider possible security implications associated with the subprocess module.
  • line 30: Starting a process with a partial executable path
  • line 30: subprocess call - check for execution of untrusted input.
  • line 32: Starting a process with a partial executable path
  • line 32: subprocess call - check for execution of untrusted input.
  • line 34: Starting a process with a partial executable path
  • line 34: subprocess call - check for execution of untrusted input.
INFO 2
package.xml1
  • Missing author information in package.xml
Layout1
  • Uses exec based layout
Authors/Maintainers 1
Palmstroemen

FreeCAD-Beginner-Assistant main

1.0· Best practices modeling assistant for the Part and Sketcher workbench.

98.6 / 100

Repository

https://github.com/alekssadowski95/FreeCAD-Beginner-Assistant
main · Created: 2023-12-12 · Updated: 1 yr · 37 python files

Statistics

111
DL(Yr)
111
DL(Mo)
18
Stars
6
Issues
Manifest
Branch
main
Version
1.0
License
LGPL-2.1-or-later
Dependencies 9
  • Internal: Sketcher
  • Warn: Pillow (Not in AddonManager allowed packages)
  • Warn: cryptography (Not in AddonManager allowed packages)
  • Warn: defusedxml (Not in AddonManager allowed packages)
  • Warn: endesive (Not in AddonManager allowed packages)
  • Warn: fontTools (Not in AddonManager allowed packages)
  • Warn: pymemtrace (Not in AddonManager allowed packages)
  • Warn: pympler (Not in AddonManager allowed packages)
  • Warn: uharfbuzz (Not in AddonManager allowed packages)
Static Analysis 5
MEDIUM 1
fpdf/encryption.py1
  • line 526: Use of insecure cipher mode cryptography.hazmat.primitives.ciphers.modes.ECB.
LOW 4
pdfgen.py4
  • line 4: Consider possible security implications associated with the subprocess module.
  • line 191: subprocess call - check for execution of untrusted input.
  • line 193: Starting a process without a shell.
  • line 195: subprocess call - check for execution of untrusted input.
INFO 1
Layout1
  • Uses exec based layout
Authors/Maintainers 3
Elizabeth Harasymiw Aleksander Sadowski Aleksander Sadowski(https://github.com/alekssadowski95/FreeCAD-Beginner-Assistant)

frame master

0.1.1· A workbench for beams and frames

98 / 100

Repository

https://github.com/looooo/freecad_frame
master · Created: 2015-11-23 · Updated: 2 yr · 11 python files

Statistics

1,331
DL(Yr)
409
DL(Mo)
25
Stars
9
Issues
Manifest
Branch
master
Version
0.1.1
License
LGPL-2.1-or-later
Dependencies 7
  • Internal: PySide
  • Internal: pivy
  • Warn: PyYAML (Not in AddonManager allowed packages)
  • Warn: matplotlib (Not in AddonManager allowed packages)
  • Warn: numpy (Not in AddonManager allowed packages)
  • Warn: scipy (Not in AddonManager allowed packages)
  • Warn: setuptools (Not in AddonManager allowed packages)
Static Analysis 2
MEDIUM 2
freecad/frametools/fem2d.py1
  • line 31: Use of unsafe yaml load. Allows instantiation of arbitrary objects. Consider yaml.safe_load().
setup.py1
  • line 7: Use of exec detected.
INFO 2
package.xml1
  • Missing author information in package.xml
Layout1
  • Uses extension based layout
Authors/Maintainers 1
looooo

MOOC master

2022.04.21· Learn FreeCAD

98 / 100

Repository

https://github.com/j-wiedemann/mooc-workbench
master · Created: 2019-07-12 · Updated: 4 yr · 18 python files

Statistics

0
DL(Yr)
0
DL(Mo)
5
Stars
6
Issues
Manifest
Branch
master
Version
2022.04.21
License
GPLv2.1
Dependencies 2
  • Compat: PySide2
  • Internal: PySide
Static Analysis 2
MEDIUM 2
MoocInformations.py1
  • line 37: Audit url open for permitted schemes. Allowing use of file:/ or custom schemes is often unexpected.
MoocPlayer.py1
  • line 251: Use of possibly insecure function - consider using safer ast.literal_eval.
INFO 2
package.xml1
  • Missing author information in package.xml
Layout1
  • Uses exec based layout
Authors/Maintainers 1
Jonathan Wiedemann

pyOpToolsWorkbench master

0.0.4· An optics ray-tracing workbench based on pyOpTools

97.9 / 100

Repository

https://github.com/cihologramas/freecad-pyoptools
master · Created: 2017-07-06 · Updated: 3 mo · 81 python files

Statistics

0
DL(Yr)
0
DL(Mo)
25
Stars
3
Issues
Manifest
Branch
master
Version
0.0.4
License
GPL-3.0-or-later
Dependencies 7
  • Compat: PySide2
  • Internal: PySide
  • Internal: pivy
  • Warn: matplotlib (Not in AddonManager allowed packages)
  • Warn: numpy (Not in AddonManager allowed packages)
  • Warn: scipy (Not in AddonManager allowed packages)
  • Warn: setuptools (Not in AddonManager allowed packages)
Static Analysis 3
MEDIUM 2
setup.py1
  • line 10: Use of exec detected.
version.py1
  • line 7: Using xml.etree.ElementTree.parse to parse untrusted XML data is known to be vulnerable to XML attacks. Replace xml.etree.ElementTree.parse with its defusedxml equivalent function or make sure defusedxml.defuse_stdlib() is called
LOW 1
version.py1
  • line 2: Using xml.etree.ElementTree to parse untrusted XML data is known to be vulnerable to XML attacks. Replace xml.etree.ElementTree with the equivalent defusedxml package, or make sure defusedxml.defuse_stdlib() is called.
INFO 2
package.xml1
  • Missing author information in package.xml
Layout1
  • Uses extension based layout
Authors/Maintainers 1
Ricardo Amézquita Orozco

MnesarcoUtils main

0.2.16· A collection of tools mainly dedicated to scripting and experiments.

97.8 / 100

Repository

https://github.com/mnesarco/FreeCAD_Utils
main · Created: 2021-01-18 · Updated: 2 mo · 65 python files

Statistics

0
DL(Yr)
0
DL(Mo)
19
Stars
1
Issues
Manifest
Branch
main
Version
0.2.16
License
GPL-3.0
Dependencies 4
  • Internal: Draft
  • Internal: PySide
  • Internal: pivy
  • Warn: pyserial (Not in AddonManager allowed packages)
Static Analysis 4
MEDIUM 2
freecad/mnesarco/scripts/script.py1
  • line 109: Use of exec detected.
freecad/mnesarco/svg/parser.py1
  • line 76: Using xml.sax.make_parser to parse untrusted XML data is known to be vulnerable to XML attacks. Replace xml.sax.make_parser with its defusedxml equivalent function or make sure defusedxml.defuse_stdlib() is called
LOW 2
freecad/mnesarco/svg/parser.py2
  • line 22: Using ContentHandler to parse untrusted XML data is known to be vulnerable to XML attacks. Replace ContentHandler with the equivalent defusedxml package, or make sure defusedxml.defuse_stdlib() is called.
  • line 23: Using xml.sax to parse untrusted XML data is known to be vulnerable to XML attacks. Replace xml.sax with the equivalent defusedxml package, or make sure defusedxml.defuse_stdlib() is called.
INFO 1
Layout1
  • Uses extension based layout
Authors/Maintainers 1
Frank Martinez

cadquery_module master

2.2.0· Build CadQuery models withing FreeCAD.

97.7 / 100

Repository

https://github.com/CadQuery/cadquery-freecad-workbench
master · v2.2.0 · Created: 2014-11-22 · Updated: 3 mo · 11 python files

Statistics

100
DL(Yr)
100
DL(Mo)
147
Stars
5
Issues
Manifest
Branch
master
Version
2.2.0
License
Apache-2.0
Dependencies 4
  • Compat: PySide6
  • Internal: PySide
  • Warn: build123d (Not in AddonManager allowed packages)
  • Warn: cadquery (Not in AddonManager allowed packages)
Static Analysis 23
LOW 21
freecad/CadQuery/Command.py23
  • line 27: Consider possible security implications associated with the subprocess module.
  • line 29: Starting a process with a partial executable path
  • line 29: subprocess call - check for execution of untrusted input.
  • line 30: Starting a process with a partial executable path
  • line 30: subprocess call - check for execution of untrusted input.
  • line 50: Consider possible security implications associated with the subprocess module.
  • line 51: Starting a process with a partial executable path
  • line 51: subprocess call - check for execution of untrusted input.
  • line 52: Starting a process with a partial executable path
  • line 52: subprocess call - check for execution of untrusted input.
  • line 53: Starting a process with a partial executable path
  • line 53: subprocess call - check for execution of untrusted input.
  • line 54: Starting a process with a partial executable path
  • line 54: subprocess call - check for execution of untrusted input.
  • line 55: Starting a process with a partial executable path
  • line 55: subprocess call - check for execution of untrusted input.
  • line 56: Starting a process with a partial executable path
  • line 56: subprocess call - check for execution of untrusted input.
  • line 75: Consider possible security implications associated with the subprocess module.
  • line 77: Starting a process with a partial executable path
  • … 3 more issues
INFO 1
Layout1
  • Uses extension based layout
Authors/Maintainers 1
Jeremy Wright

freecad-wakatime main

0.6.0· A simple FreeCAD WakaTime extension.

97.6 / 100

Repository

https://github.com/Pegoku/freecad-wakatime
main · v0.6.0 · Created: 2025-01-05 · Updated: 8 mo · 5 python files

Statistics

0
DL(Yr)
0
DL(Mo)
4
Stars
2
Issues
Manifest
Branch
main
Version
0.6.0
License
LGPL-2.1-or-later
Static Analysis 6
MEDIUM 2
freecad/Wakatime/scripts/logWaka.py2
  • line 129: Audit url open for permitted schemes. Allowing use of file:/ or custom schemes is often unexpected.
  • line 138: Chmod setting a permissive mask 0o755 on file (dst).
LOW 4
freecad/Wakatime/scripts/logWaka.py4
  • line 2: Consider possible security implications associated with the subprocess module.
  • line 87: subprocess call - check for execution of untrusted input.
  • line 104: Consider possible security implications associated with the subprocess module.
  • line 147: subprocess call - check for execution of untrusted input.
INFO 1
Layout1
  • Uses extension based layout
Authors/Maintainers 1
Pegoku

Ship master

2024.11.26· Naval ship design (architecture, seakeeping, and ship resistance)

97.5 / 100

Repository

https://github.com/FreeCAD/freecad.ship
master · Created: 2018-11-08 · Updated: 11 mo · 71 python files

Statistics

460
DL(Yr)
204
DL(Mo)
49
Stars
6
Issues
Manifest
Branch
master
Version
2024.11.26
License
LGPL-2.1-or-later
Dependencies 8
  • Internal: PySide
  • Internal: Spreadsheet
  • Warn: capytaine (Not in AddonManager allowed packages)
  • Warn: matplotlib (Not in AddonManager allowed packages)
  • Warn: numpy (Not in AddonManager allowed packages)
  • Warn: scipy (Not in AddonManager allowed packages)
  • Warn: setuptools (Not in AddonManager allowed packages)
  • Warn: xarray (Not in AddonManager allowed packages)
Static Analysis 7
MEDIUM 2
freecad/ship/shipUtils/Serialize.py1
  • line 46: Pickle and modules that wrap it can be unsafe when used to deserialize untrusted data, possible security issue.
setup.py1
  • line 8: Use of exec detected.
LOW 5
freecad/ship/Instance.py1
  • line 330: Try, Except, Continue detected.
freecad/ship/TankInstance.py1
  • line 140: Standard pseudo-random generators are not suitable for security/cryptographic purposes.
freecad/ship/shipHydrostatics/TaskPanel.py1
  • line 384: Try, Except, Continue detected.
freecad/ship/shipHydrostatics/Tools.py1
  • line 146: Standard pseudo-random generators are not suitable for security/cryptographic purposes.
freecad/ship/shipUtils/Serialize.py1
  • line 1: Consider possible security implications associated with pickle module.
INFO 2
package.xml1
  • Missing author information in package.xml
Layout1
  • Uses extension based layout
Authors/Maintainers 1
Jose Luis Cercós Pita

Quetzal master

1.8.9· A set of commands and objects that help to speed-up the drawing of frames and pipelines. Dodo successor.

97.3 / 100

Repository

https://github.com/EdgarJRobles/quetzal
master · Created: 2020-05-03 · Updated: 28 d · 28 python files

Statistics

4,523
DL(Yr)
1,121
DL(Mo)
30
Stars
20
Issues
Manifest
Branch
master
Version
1.8.9
License
LGPL-3.0-or-later
Dependencies 8
  • Compat: PySide2
  • Internal: Arch
  • Internal: BOPTools
  • Internal: Draft
  • Internal: PySide
  • Internal: pivy
  • Warn: numpy (Not in AddonManager allowed packages)
  • Warn: typing_extensions (Not in AddonManager allowed packages)
Static Analysis 9
MEDIUM 2
translationz/update_crowdin.py2
  • line 173: Audit url open for permitted schemes. Allowing use of file:/ or custom schemes is often unexpected.
  • line 254: Audit url open for permitted schemes. Allowing use of file:/ or custom schemes is often unexpected.
LOW 7
pCmd.py1
  • line 461: Try, Except, Continue detected.
pFeatures.py1
  • line 1031: Try, Except, Continue detected.
translationz/update_crowdin.py5
  • line 75: Consider possible security implications associated with the subprocess module.
  • line 408: subprocess call - check for execution of untrusted input.
  • line 409: subprocess call - check for execution of untrusted input.
  • line 410: subprocess call - check for execution of untrusted input.
  • line 414: subprocess call - check for execution of untrusted input.
INFO 1
Layout1
  • Uses exec based layout
Authors/Maintainers 6
looo Riccardo Treu (oddtopus) Edgar J Robles microelly triplus Edgar Robles

FrameForge main

0.2.1· FrameForge is dedicated for creating Frames and Beams, and apply operations (miter cuts, trim cuts) on these profiles.

97 / 100

Repository

https://github.com/lukh/frameforge
main · v0.2.1 · Created: 2024-10-07 · Updated: 1 mo · 25 python files

Statistics

6,601
DL(Yr)
1,592
DL(Mo)
28
Stars
30
Issues
Manifest
Branch
main
Version
0.2.1
License
LGPL-3.0-only
Dependencies 5
  • Internal: Assembly
  • Internal: BOPTools
  • Internal: PySide
  • Internal: pivy
  • Warn: setuptools (Not in AddonManager allowed packages)
Static Analysis 3
MEDIUM 3
freecad/frameforge/_utils.py2
  • line 43: Use of possibly insecure function - consider using safer ast.literal_eval.
  • line 63: Use of possibly insecure function - consider using safer ast.literal_eval.
setup.py1
  • line 7: Use of exec detected.
INFO 2
package.xml1
  • Missing author information in package.xml
Layout1
  • Uses extension based layout
Authors/Maintainers 1
Vivien Henry

ProDarkThemePreferencePack main

1.0.0· ProDark preference pack including a stylesheet and othe GUI colour information for a complete ProDark experience

97 / 100

Repository

https://github.com/turn211/ProDarkThemePreferencePack
main · Created: 2022-05-17 · Updated: 2 yr · 0 python files

Statistics

2,706
DL(Yr)
751
DL(Mo)
7
Stars
0
Issues
Manifest
Branch
main
Version
1.0.0
License
GPL-2.0-or-later
Static Analysis 1
HIGH 1
package.xml1
  • line 7: Element maintainer failed to validate attributes
INFO 2
package.xml1
  • Missing author information in package.xml
Layout1
  • No Mod init scripts found
Authors/Maintainers 1
turn211

AirPlaneDesign master

0.4.1· A FreeCAD workbench dedicated to Airplane Design.

97 / 100

Repository

https://github.com/FredsFactory/FreeCAD_AirPlaneDesign
master · Created: 2018-06-11 · Updated: 6 mo · 19 python files

Statistics

2,542
DL(Yr)
701
DL(Mo)
110
Stars
9
Issues
Manifest
Branch
master
Version
0.4.1
License
LGPL-2.1
Dependencies 3
  • Internal: Draft
  • Internal: PySide
  • Warn: numpy (Not in AddonManager allowed packages)
Static Analysis 1
HIGH 1
package.xml1
  • line 2: Expecting a namespace for element package
INFO 2
package.xml1
  • Missing author information in package.xml
Layout1
  • Uses exec based layout
Authors/Maintainers 1
FredsFactory

ExplodedAssembly

No description

97 / 100

Repository

https://github.com/JMG1/ExplodedAssembly
master · Created: 2016-03-13 · Updated: 2 yr · 4 python files

Statistics

1,851
DL(Yr)
632
DL(Mo)
132
Stars
24
Issues
Dependencies 1
  • Internal: pivy
Static Analysis 1
HIGH 1
package.xml1
  • File not found.
INFO 1
Layout1
  • Uses exec based layout
Authors/Maintainers 0

Plot Latest

2026.04.15· Tools to modify existing plots.

97 / 100

Repository

https://github.com/FreeCAD/Plot
Stable · Created: 2018-09-22 · Updated: 1 mo · 20 python files

Statistics

542
DL(Yr)
485
DL(Mo)
15
Stars
0
Issues
Manifest
Branch
Latest
Version
2026.04.15
License
LGPL-2.1-or-later, CC-BY-SA-4.0
Dependencies 2
  • Compat: PySide6
  • Warn: matplotlib (Not in AddonManager allowed packages)
Static Analysis 1
HIGH 1
package.xml1
  • Declared branch 'Latest' does not match git branch 'Stable'
INFO 1
Layout1
  • Uses extension based layout
Authors/Maintainers 4
PhoneDroid looooo Jose Luis Cercós Pita hasecilu

ArchTextures

No description

97 / 100

Repository

https://github.com/furti/FreeCAD-ArchTextures
master · Created: 2018-09-30 · Updated: 4 yr · 23 python files

Statistics

1,263
DL(Yr)
459
DL(Mo)
34
Stars
23
Issues
Dependencies 3
  • Compat: PySide2
  • Internal: PySide
  • Internal: pivy
Static Analysis 1
HIGH 1
package.xml1
  • File not found.
INFO 1
Layout1
  • Uses exec based layout
Authors/Maintainers 0

Pyramids-and-Polyhedrons Latest

0.2.2· Create various polyhedrons in the Part workbench.

97 / 100

Repository

https://github.com/Addon-Shelter/Polyhedra
Stable · v0.2.2 · Created: 2025-09-14 · Updated: 2 mo · 32 python files

Statistics

561
DL(Yr)
220
DL(Mo)
1
Stars
0
Issues
Manifest
Branch
Latest
Version
0.2.2
License
GPL-3.0-or-later, CC-BY-SA-4.0, Unlicense
Dependencies 1
  • Compat: PySide6
Static Analysis 1
HIGH 1
package.xml1
  • Declared branch 'Latest' does not match git branch 'Stable'
INFO 1
Layout1
  • Uses extension based layout
Authors/Maintainers 2
PhoneDroid Eddy Verlinden

CommandPanel

No description

97 / 100

Repository

https://github.com/triplus/CommandPanel
master · Created: 2017-06-30 · Updated: 7 yr · 10 python files

Statistics

0
DL(Yr)
0
DL(Mo)
3
Stars
1
Issues
Dependencies 1
  • Internal: PySide
Static Analysis 1
HIGH 1
package.xml1
  • File not found.
INFO 1
Layout1
  • Uses exec based layout
Authors/Maintainers 0

CubeMenu

No description

97 / 100

Repository

https://github.com/triplus/CubeMenu
master · Created: 2020-02-08 · Updated: 6 yr · 8 python files

Statistics

0
DL(Yr)
0
DL(Mo)
6
Stars
1
Issues
Dependencies 1
  • Internal: PySide
Static Analysis 1
HIGH 1
package.xml1
  • File not found.
INFO 1
Layout1
  • Uses exec based layout
Authors/Maintainers 0

IconThemes

No description

97 / 100

Repository

https://github.com/triplus/IconThemes
master · Created: 2016-10-10 · Updated: 6 yr · 3 python files

Statistics

431
DL(Yr)
0
DL(Mo)
21
Stars
8
Issues
Dependencies 1
  • Internal: PySide
Static Analysis 1
HIGH 1
package.xml1
  • File not found.
INFO 1
Layout1
  • Uses exec based layout
Authors/Maintainers 0

Plot Latest

2025.10.29· Tools to modify existing plots.

97 / 100

Repository

https://github.com/FreeCAD/Plot
2025.10.29 · 2025.10.29 · Created: 2018-09-22 · Updated: 7 mo · 23 python files

Statistics

0
DL(Yr)
0
DL(Mo)
15
Stars
0
Issues
Manifest
Branch
Latest
Version
2025.10.29
License
LGPL-2.1-or-later, CC-BY-SA-4.0
Dependencies 2
  • Compat: PySide6
  • Warn: matplotlib (Not in AddonManager allowed packages)
Static Analysis 1
HIGH 1
package.xml1
  • Declared branch 'Latest' does not match git branch '2025.10.29'
INFO 1
Layout1
  • Uses extension based layout
Authors/Maintainers 4
PhoneDroid looooo Jose Luis Cercós Pita hasecilu

SelectorToolbar

No description

97 / 100

Repository

https://github.com/triplus/SelectorToolbar
master · Created: 2017-03-18 · Updated: 7 yr · 2 python files

Statistics

0
DL(Yr)
0
DL(Mo)
8
Stars
3
Issues
Dependencies 1
  • Internal: PySide
Static Analysis 1
HIGH 1
package.xml1
  • File not found.
INFO 1
Layout1
  • Uses exec based layout
Authors/Maintainers 0

TabBar

No description

97 / 100

Repository

https://github.com/triplus/TabBar
master · Created: 2016-01-09 · Updated: 7 yr · 2 python files

Statistics

0
DL(Yr)
0
DL(Mo)
9
Stars
1
Issues
Dependencies 1
  • Internal: PySide
Static Analysis 1
HIGH 1
package.xml1
  • File not found.
INFO 1
Layout1
  • Uses exec based layout
Authors/Maintainers 0

Templater main

0.0.2· A workbench to gather some drafting related tools

97 / 100

Repository

https://github.com/FC-FBXL5/Templater
main · Created: 2025-06-20 · Updated: today · 8 python files

Statistics

0
DL(Yr)
0
DL(Mo)
1
Stars
0
Issues
Manifest
Branch
main
Version
0.0.2
License
LGPL-3.0-or-later
Dependencies 1
  • Internal: PySide
Static Analysis 1
HIGH 1
package.xml1
  • line 9: Missing license file 'None'
INFO 2
package.xml1
  • Missing author information in package.xml
Layout1
  • Uses exec based layout
Authors/Maintainers 1
FBXL5

ToolbarStyle

No description

97 / 100

Repository

https://github.com/triplus/ToolbarStyle
master · Created: 2018-01-31 · Updated: 7 yr · 3 python files

Statistics

0
DL(Yr)
0
DL(Mo)
3
Stars
0
Issues
Dependencies 1
  • Internal: PySide
Static Analysis 1
HIGH 1
package.xml1
  • File not found.
INFO 1
Layout1
  • Uses exec based layout
Authors/Maintainers 0

ose-piping

No description

97 / 100

Repository

https://github.com/rkrenzler/ose-piping-workbench
master · Created: 2018-02-17 · Updated: 3 yr · 35 python files

Statistics

0
DL(Yr)
0
DL(Mo)
13
Stars
6
Issues
Dependencies 2
  • Internal: PySide
  • Warn: pCmd (Not in AddonManager allowed packages)
Static Analysis 1
HIGH 1
package.xml1
  • File not found.
INFO 1
Layout1
  • Uses exec based layout
Authors/Maintainers 0

pivy_trackers

No description

97 / 100

Repository

https://github.com/joelgraff/pivy_trackers
master · Created: 2019-09-19 · Updated: 6 yr · 61 python files

Statistics

0
DL(Yr)
0
DL(Mo)
23
Stars
6
Issues
Dependencies 2
  • Internal: PySide
  • Internal: pivy
Static Analysis 1
HIGH 1
package.xml1
  • File not found.
INFO 1
Layout1
  • No Mod init scripts found
Authors/Maintainers 0

yaml-workbench master

0.1.4· A FreeCAD addon that loads and manipulates objects via YAML files.

97 / 100

Repository

https://github.com/Mambix/FreeCAD-yaml-workbench
v0.1.4 · v0.1.4 · Created: 2017-11-26 · Updated: 8 mo · 23 python files

Statistics

0
DL(Yr)
0
DL(Mo)
12
Stars
2
Issues
Manifest
Branch
master
Version
0.1.4
License
LGPL-2.1-or-later
Dependencies 3
  • Internal: Mesh
  • Warn: PyYAML (Not in AddonManager allowed packages)
  • Warn: Requests (Not in AddonManager allowed packages)
Static Analysis 1
HIGH 1
package.xml1
  • Declared branch 'master' does not match git branch 'v0.1.4'
INFO 2
package.xml1
  • Missing author information in package.xml
Layout1
  • Uses extension based layout
Authors/Maintainers 1
MambiX Ltd.

Defeaturing master

1.3.1· A set of tools to edit a Shape or a STEP model.

96.9 / 100

Repository

https://github.com/easyw/Defeaturing_WB
master · Created: 2018-07-02 · Updated: 2 mo · 8 python files

Statistics

4,025
DL(Yr)
1,085
DL(Mo)
36
Stars
9
Issues
Manifest
Branch
master
Version
1.3.1
License
AGPLv3.0
Dependencies 2
  • Internal: Draft
  • Internal: PySide
Static Analysis 2
HIGH 1
package.xml1
  • line 7: Missing license file 'LICENSE'
LOW 1
license.*1
  • File not found.
INFO 2
package.xml1
  • Missing author information in package.xml
Layout1
  • Uses exec based layout
Authors/Maintainers 1
Maui

MeshRemodel master

1.11.0· Workbench for remodeling and repairing mesh objects.

96.9 / 100

Repository

https://github.com/mwganson/MeshRemodel
master · Created: 2019-08-18 · Updated: 2 mo · 10 python files

Statistics

3,903
DL(Yr)
882
DL(Mo)
32
Stars
0
Issues
Manifest
Branch
master
Version
1.11.0
License
LGPL-2.1-or-later
Dependencies 7
  • Compat: PySide6
  • Compat: shiboken6
  • Internal: Draft
  • Internal: Mesh
  • Internal: PySide
  • Warn: Requests (Not in AddonManager allowed packages)
  • Warn: numpy (Not in AddonManager allowed packages)
Static Analysis 4
MEDIUM 3
freecad/Mesh_Remodel/MeshRemodelCmd.py1
  • line 1312: Possible SQL injection vector through string-based query construction.
freecad/Mesh_Remodel/Workbench.py2
  • line 101: Call to requests without timeout
  • line 105: Using xml.etree.ElementTree.fromstring to parse untrusted XML data is known to be vulnerable to XML attacks. Replace xml.etree.ElementTree.fromstring with its defusedxml equivalent function or make sure defusedxml.defuse_stdlib() is called
LOW 1
freecad/Mesh_Remodel/Workbench.py1
  • line 95: Using xml.etree.ElementTree to parse untrusted XML data is known to be vulnerable to XML attacks. Replace xml.etree.ElementTree with the equivalent defusedxml package, or make sure defusedxml.defuse_stdlib() is called.
INFO 1
Layout1
  • Uses extension based layout
Authors/Maintainers 1
Mark Ganson

symbols_library

No description

96.9 / 100

Repository

https://github.com/FreeCAD/FreeCAD-symbols
master · Created: 2015-04-21 · Updated: 16 d · 0 python files

Statistics

755
DL(Yr)
416
DL(Mo)
37
Stars
0
Issues
Static Analysis 2
HIGH 1
package.xml1
  • File not found.
LOW 1
license.*1
  • File not found.
INFO 1
Layout1
  • No Mod init scripts found
Authors/Maintainers 0

dxf-library

No description

96.9 / 100

Repository

https://github.com/yorikvanhavre/Draft-dxf-importer
master · Created: 2013-06-22 · Updated: 2 yr · 4 python files

Statistics

1,012
DL(Yr)
354
DL(Mo)
73
Stars
4
Issues
Static Analysis 2
HIGH 1
package.xml1
  • File not found.
LOW 1
license.*1
  • File not found.
INFO 1
Layout1
  • No Mod init scripts found
Authors/Maintainers 0

Cubinets main

0.1.0-demo· Visualize cabinet assemblies using parametric templates and generate cut lists.

96.9 / 100

Repository

https://github.com/foreachidea/Cubinets
latest · Created: 2026-02-20 · Updated: 2 mo · 28 python files

Statistics

0
DL(Yr)
0
DL(Mo)
1
Stars
0
Issues
Manifest
Branch
main
Version
0.1.0-demo
License
GPL-3.0-or-later
Dependencies 2
  • Compat: PySide6
  • Internal: PySide
Static Analysis 2
HIGH 1
package.xml1
  • Declared branch 'main' does not match git branch 'latest'
LOW 1
freecad/Cubinets/File.py1
  • line 68: Standard pseudo-random generators are not suitable for security/cryptographic purposes.
INFO 1
Layout1
  • Uses extension based layout
Authors/Maintainers 1
Vytautas Rimkevicius

Cubinets main

0.1.0-demo· Visualize cabinet assemblies using parametric templates and generate cut lists.

96.9 / 100

Repository

https://github.com/foreachidea/Cubinets
stable · Created: 2026-02-20 · Updated: 2 mo · 28 python files

Statistics

0
DL(Yr)
0
DL(Mo)
1
Stars
0
Issues
Manifest
Branch
main
Version
0.1.0-demo
License
GPL-3.0-or-later
Dependencies 2
  • Compat: PySide6
  • Internal: PySide
Static Analysis 2
HIGH 1
package.xml1
  • Declared branch 'main' does not match git branch 'stable'
LOW 1
freecad/Cubinets/File.py1
  • line 68: Standard pseudo-random generators are not suitable for security/cryptographic purposes.
INFO 1
Layout1
  • Uses extension based layout
Authors/Maintainers 1
Vytautas Rimkevicius

addFC main

3.6.4· Additional tools for FreeCAD.

96.8 / 100

Repository

https://github.com/GS90/addFC
main · Created: 2024-05-12 · Updated: 8 d · 21 python files

Statistics

6,003
DL(Yr)
1,267
DL(Mo)
38
Stars
0
Issues
Manifest
Branch
main
Version
3.6.4
License
LGPL-2.1-or-later
Dependencies 7
  • Internal: Arch
  • Internal: Draft
  • Internal: Mesh
  • Internal: PySide
  • Warn: ezdxf (Not in AddonManager allowed packages)
  • Warn: numpy (Not in AddonManager allowed packages)
  • Warn: stepZ (Not in AddonManager allowed packages)
Static Analysis 14
MEDIUM 2
addon/addFC/Preference.py1
  • line 101: Using xml.etree.ElementTree.parse to parse untrusted XML data is known to be vulnerable to XML attacks. Replace xml.etree.ElementTree.parse with its defusedxml equivalent function or make sure defusedxml.defuse_stdlib() is called
addon/addFC/toolkit/Library.py1
  • line 401: Use of extra potential SQL attack vector.
LOW 12
addon/addFC/Other.py9
  • line 26: Consider possible security implications associated with the subprocess module.
  • line 64: Starting a process with a partial executable path
  • line 64: subprocess call - check for execution of untrusted input.
  • line 65: Starting a process with a partial executable path
  • line 65: subprocess call - check for execution of untrusted input.
  • line 66: Starting a process with a partial executable path
  • line 66: subprocess call - check for execution of untrusted input.
  • line 144: Starting a process with a partial executable path
  • line 144: subprocess call - check for execution of untrusted input.
addon/addFC/Preference.py3
  • line 30: Consider possible security implications associated with the subprocess module.
  • line 32: Using xml.etree.ElementTree to parse untrusted XML data is known to be vulnerable to XML attacks. Replace xml.etree.ElementTree with the equivalent defusedxml package, or make sure defusedxml.defuse_stdlib() is called.
  • line 123: subprocess call - check for execution of untrusted input.
INFO 1
Layout1
  • No Mod init scripts found
Authors/Maintainers 1
Golodnikov Sergey

ConstraintDesign main

beta-0.1· This addon adds a design workbench that is specially designed to be as flexible and stable as possible.

96.8 / 100

Repository

https://github.com/drwho495/ConstraintDesign-wb
main · Created: 2025-04-13 · Updated: 2 mo · 47 python files

Statistics

1,625
DL(Yr)
325
DL(Mo)
14
Stars
16
Issues
Manifest
Branch
main
Version
beta-0.1
License
LGPL-2.1-only
Dependencies 2
  • Internal: PySide
  • Internal: pivy
Static Analysis 3
HIGH 1
Layout1
  • Invalid __init__.py file in root. Change to Init.py
LOW 2
Entities/Extrusion.py1
  • line 659: Try, Except, Continue detected.
Utils/Utils.py1
  • line 254: Standard pseudo-random generators are not suitable for security/cryptographic purposes.
INFO 2
package.xml1
  • Missing author information in package.xml
Layout1
  • Uses exec based layout
Authors/Maintainers 1
drwho495

Lithophane

No description

96.8 / 100

Repository

https://github.com/furti/FreeCAD-Lithophane
master · Created: 2018-06-05 · Updated: 5 yr · 37 python files

Statistics

116
DL(Yr)
116
DL(Mo)
36
Stars
14
Issues
Dependencies 7
  • Compat: PySide2
  • Internal: Draft
  • Internal: Mesh
  • Internal: Points
  • Internal: PySide
  • Internal: pivy
  • Warn: bpy (Not in AddonManager allowed packages)
Static Analysis 3
HIGH 1
package.xml1
  • File not found.
LOW 2
blender/blender_processor.py2
  • line 4: Consider possible security implications associated with the subprocess module.
  • line 100: subprocess call - check for execution of untrusted input.
INFO 1
Layout1
  • Uses exec based layout
Authors/Maintainers 0

lattice2 master

1.1· Tools and arrays of all sorts and kinds, and local coordinate systems

96.7 / 100

Repository

https://github.com/DeepSOIC/Lattice2
master · Created: 2015-11-26 · Updated: 21 d · 73 python files

Statistics

7,295
DL(Yr)
1,789
DL(Mo)
80
Stars
34
Issues
Manifest
Branch
master
Version
1.1
License
LGPL-2.0-or-later
Dependencies 5
  • Internal: Draft
  • Internal: PySide
  • Internal: Sketcher
  • Internal: pivy
  • Warn: Show (Not in AddonManager allowed packages)
Static Analysis 4
HIGH 1
package.xml1
  • line 8: Missing license file 'LICENSE'
LOW 3
lattice2ShapeInfoFeature.py1
  • line 155: Try, Except, Continue detected.
lattice2ValueSeriesGenerator.py1
  • line 204: Standard pseudo-random generators are not suitable for security/cryptographic purposes.
license.*1
  • File not found.
INFO 2
package.xml1
  • Missing author information in package.xml
Layout1
  • Uses exec based layout
Authors/Maintainers 1
DeepSOIC

Telemetry main

1.0.5· Help improve FreeCAD by sending basic metrics to the development team.

96.6 / 100

Repository

https://github.com/FreeCAD/FreeCAD-Telemetry
main · Created: 2025-02-16 · Updated: today · 9 python files

Statistics

1,648
DL(Yr)
298
DL(Mo)
12
Stars
6
Issues
Manifest
Branch
main
Version
1.0.5
License
LGPL-2.1-or-later, CC-BY-4.0
Dependencies 3
  • Internal: PySide
  • Warn: posthog (Not in AddonManager allowed packages)
  • Warn: sentry_sdk (Not in AddonManager allowed packages)
Static Analysis 7
MEDIUM 3
Resources/translations/run_translation_cycle.py2
  • line 88: Audit url open for permitted schemes. Allowing use of file:/ or custom schemes is often unexpected.
  • line 138: Audit url open for permitted schemes. Allowing use of file:/ or custom schemes is often unexpected.
TelemetryPreferences.py1
  • line 159: Audit url open for permitted schemes. Allowing use of file:/ or custom schemes is often unexpected.
LOW 4
Resources/translations/run_translation_cycle.py4
  • line 37: Consider possible security implications associated with the subprocess module.
  • line 188: Starting a process with a partial executable path
  • line 188: subprocess call - check for execution of untrusted input.
  • line 351: subprocess call - check for execution of untrusted input.
INFO 2
package.xml1
  • Missing author information in package.xml
Layout1
  • Uses exec based layout
Authors/Maintainers 1
The FreeCAD project association AISBL

Motion-Control Latest

1.1.0· Link motion controller to an assembly using OPC UA.

96.6 / 100

Repository

https://github.com/Addon-Shelter/Motion-Control
Stable · v1.1.0 · Created: 2025-09-25 · Updated: 1 mo · 13 python files

Statistics

0
DL(Yr)
0
DL(Mo)
0
Stars
0
Issues
Manifest
Branch
Latest
Version
1.1.0
License
GPL-3.0-or-later
Dependencies 3
  • Compat: PySide6
  • Warn: aioconsole (Not in AddonManager allowed packages)
  • Warn: asyncua (Not in AddonManager allowed packages)
Static Analysis 5
HIGH 1
package.xml1
  • Declared branch 'Latest' does not match git branch 'Stable'
LOW 4
Demo/Demo_Cnc/DemoServer/opcserver.py4
  • line 147: Starting a process with a shell: Seems safe, but may be changed in the future, consider rewriting without shell
  • line 147: Starting a process with a partial executable path
  • line 190: Starting a process with a shell: Seems safe, but may be changed in the future, consider rewriting without shell
  • line 190: Starting a process with a partial executable path
INFO 1
Layout1
  • Uses extension based layout
Authors/Maintainers 2
heissgetraenk PhoneDroid

EM master

2.1.1· This project is dedicated to building an ElectroMagnetic workbench for FreeCAD, with support for inductance and capacitance solvers.

96.5 / 100

Repository

https://github.com/ediloren/EM-Workbench-for-FreeCAD
master · Created: 2016-10-03 · Updated: 2 yr · 24 python files

Statistics

640
DL(Yr)
255
DL(Mo)
66
Stars
6
Issues
Manifest
Branch
master
Version
2.1.1
License
LGPLv2.1
Dependencies 6
  • Internal: Draft
  • Internal: Mesh
  • Internal: PySide
  • Internal: pivy
  • Warn: numpy (Not in AddonManager allowed packages)
  • Warn: scipy (Not in AddonManager allowed packages)
Static Analysis 6
HIGH 1
package.xml1
  • line 8: Missing license file 'LICENSE'
LOW 5
launch_fastercap.py2
  • line 25: Consider possible security implications associated with the subprocess module.
  • line 32: subprocess call - check for execution of untrusted input.
launch_fasthenry.py2
  • line 27: Consider possible security implications associated with the subprocess module.
  • line 34: subprocess call - check for execution of untrusted input.
license.*1
  • File not found.
INFO 2
package.xml1
  • Missing author information in package.xml
Layout1
  • Uses exec based layout
Authors/Maintainers 1
Enrico Di Lorenzo

slic3r-tools

No description

96.3 / 100

Repository

https://github.com/limikael/freecad-slic3r-tools
master · Created: 2019-05-08 · Updated: 6 yr · 9 python files

Statistics

0
DL(Yr)
0
DL(Mo)
17
Stars
8
Issues
Dependencies 2
  • Internal: Mesh
  • Internal: PySide
Static Analysis 8
HIGH 1
package.xml1
  • File not found.
LOW 7
Slcr.py2
  • line 1: Consider possible security implications associated with the subprocess module.
  • line 39: subprocess call - check for execution of untrusted input.
SlcrDoc.py2
  • line 1: Consider possible security implications associated with the subprocess module.
  • line 109: subprocess call - check for execution of untrusted input.
build.py2
  • line 4: Starting a process with a shell: Seems safe, but may be changed in the future, consider rewriting without shell
  • line 4: Starting a process with a partial executable path
license.*1
  • File not found.
INFO 1
Layout1
  • Uses exec based layout
Authors/Maintainers 0

LCInterlocking master

1.5.1· Create interlocking parts for laser cutting or CNC milling

96 / 100

Repository

https://github.com/execuc/LCInterlocking
master · 1.5.1 · Created: 2016-06-20 · Updated: 6 mo · 32 python files

Statistics

2,187
DL(Yr)
667
DL(Mo)
184
Stars
34
Issues
Manifest
Branch
master
Version
1.5.1
License
LGPL-2.1-or-later
Dependencies 2
  • Internal: Draft
  • Internal: PySide
Static Analysis 2
HIGH 1
package.xml1
  • line 7: Element maintainer failed to validate attributes
MEDIUM 1
panel/propertieslist.py1
  • line 37: Use of possibly insecure function - consider using safer ast.literal_eval.
INFO 1
Layout1
  • Uses exec based layout
Authors/Maintainers 1
execuc

Plot master

2024.11.26· Some tools to manipulate the FreeCAD plots

96 / 100

Repository

https://github.com/FreeCAD/Plot
2024.11.26 · 2024.11.26 · Created: 2018-09-22 · Updated: 1 yr · 16 python files

Statistics

0
DL(Yr)
0
DL(Mo)
15
Stars
0
Issues
Manifest
Branch
master
Version
2024.11.26
License
LGPL-2.1-or-later
Dependencies 4
  • Internal: PySide
  • Warn: PyQt5 (Not in AddonManager allowed packages)
  • Warn: matplotlib (Not in AddonManager allowed packages)
  • Warn: setuptools (Not in AddonManager allowed packages)
Static Analysis 2
HIGH 1
package.xml1
  • Declared branch 'master' does not match git branch '2024.11.26'
MEDIUM 1
setup.py1
  • line 8: Use of exec detected.
INFO 2
package.xml1
  • Missing author information in package.xml
Layout1
  • Uses extension based layout
Authors/Maintainers 1
Jose Luis Cercós Pita

InventorLoader master

1.5.1· This plugin enables FreeCAD to import Inventor part files (*.IPT), ACIS files (*.SAT, *.SAB), 3D-Solids from DXF files and Fusion360 (*.f3d)...

95.7 / 100

Repository

https://github.com/jmplonka/InventorLoader
master · Created: 2017-02-09 · Updated: 1 yr · 39 python files

Statistics

2,241
DL(Yr)
705
DL(Mo)
161
Stars
58
Issues
Manifest
Branch
master
Version
1.5.1
License
LGPL-3.0-or-later
Dependencies 10
  • Internal: Draft
  • Internal: Mesh
  • Internal: PySide
  • Internal: Sketcher
  • Internal: pivy
  • Warn: ezdxf (Not in AddonManager allowed packages)
  • Warn: olefile (Not in AddonManager allowed packages)
  • Warn: xlrd (Not in AddonManager allowed packages)
  • Warn: xlutils (Not in AddonManager allowed packages)
  • Warn: xlwt (Not in AddonManager allowed packages)
Static Analysis 5
HIGH 1
package.xml1
  • line 6: Missing license file 'None'
MEDIUM 1
Acis.py1
  • line 276: Use of possibly insecure function - consider using safer ast.literal_eval.
LOW 3
Acis.py1
  • line 5051: Possible hardcoded password: '('
InitGui.py2
  • line 15: subprocess call - check for execution of untrusted input.
  • line 17: Consider possible security implications associated with the subprocess module.
INFO 2
package.xml1
  • Missing author information in package.xml
Layout1
  • Uses exec based layout
Authors/Maintainers 1
jmplonka

fasteners master

0.5.51· Some common fasteners and fastener tools for FreeCAD.

95.6 / 100

Repository

https://github.com/shaise/FreeCAD_FastenersWB
master · Created: 2015-06-18 · Updated: 8 d · 92 python files

Statistics

72,348
DL(Yr)
22,705
DL(Mo)
387
Stars
81
Issues
Manifest
Branch
master
Version
0.5.51
License
GPL-2.0-or-later
Dependencies 5
  • Compat: PySide2
  • Internal: Draft
  • Internal: PySide
  • Warn: pytest (Not in AddonManager allowed packages)
  • Warn: utils (Not in AddonManager allowed packages)
Static Analysis 6
HIGH 1
Resources/translations/compile_qm.py1
  • line 34: Starting a process with a shell, possible injection detected, security issue.
MEDIUM 1
screw_maker.py1
  • line 156: Use of possibly insecure function - consider using safer ast.literal_eval.
LOW 4
Resources/translations/create_ts.py4
  • line 35: Starting a process with a shell: Seems safe, but may be changed in the future, consider rewriting without shell
  • line 35: Starting a process with a partial executable path
  • line 48: Starting a process with a shell: Seems safe, but may be changed in the future, consider rewriting without shell
  • line 48: Starting a process with a partial executable path
INFO 2
package.xml1
  • Missing author information in package.xml
Layout1
  • Uses exec based layout
Authors/Maintainers 1
Shai Seger

Road main

2026.04.11· Road is the Transportation and Geomatics Engineering workbench for FreeCAD.

95.6 / 100

Repository

https://github.com/HakanSeven12/Road
main · Created: 2025-01-01 · Updated: 1 mo · 128 python files

Statistics

2,252
DL(Yr)
388
DL(Mo)
39
Stars
7
Issues
Manifest
Branch
main
Version
2026.04.11
License
LGPL-2.1-or-later, CC-BY-SA-4.0
Dependencies 7
  • Internal: Mesh
  • Internal: Points
  • Internal: PySide
  • Internal: pivy
  • Warn: numpy (Not in AddonManager allowed packages)
  • Warn: pyproj (Not in AddonManager allowed packages)
  • Warn: scipy (Not in AddonManager allowed packages)
Static Analysis 17
MEDIUM 3
freecad/road/tasks/task_selection.py2
  • line 40: Possible SQL injection vector through string-based query construction.
  • line 102: Possible SQL injection vector through string-based query construction.
modules/landxml/landxml_reader.py1
  • line 166: Using xml.etree.ElementTree.parse to parse untrusted XML data is known to be vulnerable to XML attacks. Replace xml.etree.ElementTree.parse with its defusedxml equivalent function or make sure defusedxml.defuse_stdlib() is called
LOW 14
freecad/road/geometry/alignment/alignment.py2
  • line 371: Try, Except, Continue detected.
  • line 645: Try, Except, Continue detected.
freecad/road/objects/road.py1
  • line 78: Try, Except, Continue detected.
freecad/road/viewproviders/view_terrain.py3
  • line 24: Standard pseudo-random generators are not suitable for security/cryptographic purposes.
  • line 24: Standard pseudo-random generators are not suitable for security/cryptographic purposes.
  • line 24: Standard pseudo-random generators are not suitable for security/cryptographic purposes.
freecad/road/viewproviders/view_volume.py3
  • line 20: Standard pseudo-random generators are not suitable for security/cryptographic purposes.
  • line 20: Standard pseudo-random generators are not suitable for security/cryptographic purposes.
  • line 20: Standard pseudo-random generators are not suitable for security/cryptographic purposes.
modules/landxml/alignment_parser.py1
  • line 9: Using xml.etree.ElementTree to parse untrusted XML data is known to be vulnerable to XML attacks. Replace xml.etree.ElementTree with the equivalent defusedxml package, or make sure defusedxml.defuse_stdlib() is called.
modules/landxml/cgpoint_parser.py1
  • line 9: Using xml.etree.ElementTree to parse untrusted XML data is known to be vulnerable to XML attacks. Replace xml.etree.ElementTree with the equivalent defusedxml package, or make sure defusedxml.defuse_stdlib() is called.
modules/landxml/landxml_reader.py1
  • line 4: Using xml.etree.ElementTree to parse untrusted XML data is known to be vulnerable to XML attacks. Replace xml.etree.ElementTree with the equivalent defusedxml package, or make sure defusedxml.defuse_stdlib() is called.
modules/landxml/profile_parser.py1
  • line 9: Using xml.etree.ElementTree to parse untrusted XML data is known to be vulnerable to XML attacks. Replace xml.etree.ElementTree with the equivalent defusedxml package, or make sure defusedxml.defuse_stdlib() is called.
modules/landxml/surface_parser.py1
  • line 9: Using xml.etree.ElementTree to parse untrusted XML data is known to be vulnerable to XML attacks. Replace xml.etree.ElementTree with the equivalent defusedxml package, or make sure defusedxml.defuse_stdlib() is called.
INFO 2
package.xml1
  • Missing author information in package.xml
Layout1
  • Uses extension based layout
Authors/Maintainers 1
Hakan Seven

btl main

0.9.9· A FreeCAD Path Addon to manage your tool library.

95.5 / 100

Repository

https://github.com/knipknap/better-tool-library
main · Created: 2023-07-15 · Updated: 9 mo · 49 python files

Statistics

0
DL(Yr)
0
DL(Mo)
41
Stars
17
Issues
Manifest
Branch
main
Version
0.9.9
License
MIT
Dependencies 7
  • Internal: PySide
  • Warn: Path (Not in AddonManager allowed packages)
  • Warn: PyQt5 (Not in AddonManager allowed packages)
  • Warn: matplotlib (Not in AddonManager allowed packages)
  • Warn: numpy (Not in AddonManager allowed packages)
  • Warn: pip (Not in AddonManager allowed packages)
  • Warn: scipy (Not in AddonManager allowed packages)
Static Analysis 7
HIGH 1
package.xml1
  • line 2: Expecting a namespace for element package
MEDIUM 1
btl/util.py1
  • line 21: Using xml.etree.ElementTree.fromstring to parse untrusted XML data is known to be vulnerable to XML attacks. Replace xml.etree.ElementTree.fromstring with its defusedxml equivalent function or make sure defusedxml.defuse_stdlib() is called
LOW 5
btl/params.py1
  • line 154: Standard pseudo-random generators are not suitable for security/cryptographic purposes.
btl/util.py1
  • line 3: Using xml.etree.ElementTree to parse untrusted XML data is known to be vulnerable to XML attacks. Replace xml.etree.ElementTree with the equivalent defusedxml package, or make sure defusedxml.defuse_stdlib() is called.
btl/version.py3
  • line 2: Consider possible security implications associated with the subprocess module.
  • line 8: Starting a process with a partial executable path
  • line 8: subprocess call - check for execution of untrusted input.
INFO 2
package.xml1
  • Missing author information in package.xml
Layout1
  • Uses exec based layout
Authors/Maintainers 1
Samuel Abels

BillOfMaterials main

1.1.1· A workbench to create Bill of Materials (BoM) independent of the assembly workbench of your choice.

95.4 / 100

Repository

https://github.com/APEbbers/BillOfMaterials-WB
main · v1.1.1 · Created: 2023-11-05 · Updated: 21 d · 35 python files

Statistics

2,840
DL(Yr)
1,060
DL(Mo)
29
Stars
6
Issues
Manifest
Branch
main
Version
1.1.1
License
LGPL-3.0-or-later
Dependencies 3
  • Internal: PySide
  • Warn: matplotlib (Not in AddonManager allowed packages)
  • Warn: openpyxl (Not in AddonManager allowed packages)
Static Analysis 8
HIGH 1
Layout1
  • Invalid __init__.py file in root. Change to Init.py
MEDIUM 1
StyleMapping_BOM_WB.py1
  • line 86: Using xml.etree.ElementTree.parse to parse untrusted XML data is known to be vulnerable to XML attacks. Replace xml.etree.ElementTree.parse with its defusedxml equivalent function or make sure defusedxml.defuse_stdlib() is called
LOW 6
Standard_Functions_BOM_WB.py5
  • line 287: Consider possible security implications associated with the subprocess module.
  • line 294: subprocess call - check for execution of untrusted input.
  • line 296: Starting a process without a shell.
  • line 300: Starting a process with a partial executable path
  • line 300: subprocess call - check for execution of untrusted input.
StyleMapping_BOM_WB.py1
  • line 46: Using xml.etree.ElementTree to parse untrusted XML data is known to be vulnerable to XML attacks. Replace xml.etree.ElementTree with the equivalent defusedxml package, or make sure defusedxml.defuse_stdlib() is called.
INFO 2
package.xml1
  • Missing author information in package.xml
Layout1
  • Uses exec based layout
Authors/Maintainers 1
Paul Ebbers

DynamicData master

2.78· Container object for holding custom properties, alternative to spreadsheet

94.9 / 100

Repository

https://github.com/mwganson/DynamicData
master · Created: 2018-09-22 · Updated: 1 mo · 4 python files

Statistics

2,306
DL(Yr)
623
DL(Mo)
51
Stars
24
Issues
Manifest
Branch
master
Version
2.78
License
LGPL-2.1-or-later
Dependencies 2
  • Internal: PySide
  • Warn: Requests (Not in AddonManager allowed packages)
Static Analysis 4
HIGH 1
package.xml1
  • line 2: Expecting a namespace for element package
MEDIUM 2
freecad/Dynamic_Data/init_gui.py2
  • line 113: Call to requests without timeout
  • line 117: Using xml.etree.ElementTree.fromstring to parse untrusted XML data is known to be vulnerable to XML attacks. Replace xml.etree.ElementTree.fromstring with its defusedxml equivalent function or make sure defusedxml.defuse_stdlib() is called
LOW 1
freecad/Dynamic_Data/init_gui.py1
  • line 98: Using xml.etree.ElementTree to parse untrusted XML data is known to be vulnerable to XML attacks. Replace xml.etree.ElementTree with the equivalent defusedxml package, or make sure defusedxml.defuse_stdlib() is called.
INFO 2
package.xml1
  • Missing author information in package.xml
Layout1
  • Uses extension based layout
Authors/Maintainers 1
TheMarkster

Assembly3 master

0.12.3· Assembly3 workbench an attempt to bring assembly capability to FreeCAD using SolveSpace constraint solver

94.7 / 100

Repository

https://github.com/realthunder/FreeCAD_assembly3
master · Created: 2017-09-10 · Updated: 6 mo · 18 python files

Statistics

2,398
DL(Yr)
630
DL(Mo)
903
Stars
333
Issues
Manifest
Branch
master
Version
0.12.3
License
GPL-3.0-only
Dependencies 10
  • Compat: PySide2
  • Internal: Draft
  • Internal: PySide
  • Internal: pivy
  • Warn: numpy (Not in AddonManager allowed packages)
  • Warn: py_slvs (Not in AddonManager allowed packages)
  • Warn: scipy (Not in AddonManager allowed packages)
  • Warn: setuptools (Not in AddonManager allowed packages)
  • Warn: slvs (Not in AddonManager allowed packages)
  • Warn: sympy (Not in AddonManager allowed packages)
Static Analysis 6
HIGH 1
Layout1
  • Invalid __init__.py file in root.
MEDIUM 2
freecad/asm3/deps/six.py1
  • line 709: Use of exec detected.
setup.py1
  • line 7: Use of exec detected.
LOW 3
freecad/asm3/install_prompt.py3
  • line 5: Consider possible security implications associated with the subprocess module.
  • line 68: subprocess call - check for execution of untrusted input.
  • line 71: subprocess call - check for execution of untrusted input.
INFO 2
package.xml1
  • Missing author information in package.xml
Layout1
  • Uses extension based layout
Authors/Maintainers 1
RealThunder

3D_Printing_Tools

No description

94.6 / 100

Repository

https://github.com/mark1791/3D_Printing_Tools
master · Created: 2019-01-30 · Updated: 7 yr · 5 python files

Statistics

3,144
DL(Yr)
1,056
DL(Mo)
54
Stars
7
Issues
Dependencies 2
  • Internal: Mesh
  • Internal: PySide
Static Analysis 7
HIGH 1
package.xml1
  • File not found.
MEDIUM 2
_SMutils.py2
  • line 53: Use of possibly insecure function - consider using safer ast.literal_eval.
  • line 63: Use of possibly insecure function - consider using safer ast.literal_eval.
LOW 4
SM_Graphic_Properties.py3
  • line 42: Standard pseudo-random generators are not suitable for security/cryptographic purposes.
  • line 43: Standard pseudo-random generators are not suitable for security/cryptographic purposes.
  • line 44: Standard pseudo-random generators are not suitable for security/cryptographic purposes.
SM_Mesh_Solid.py1
  • line 43: Standard pseudo-random generators are not suitable for security/cryptographic purposes.
INFO 1
Layout1
  • Uses exec based layout
Authors/Maintainers 0

DesignSPHysics master

0.8.1 (29-05-2025)· DesignSPHysics is a macro/addon for FreeCAD that provides a Graphical User Interface for fluid and multi-physics solver DualSPHysics

94.4 / 100

Repository

https://github.com/DualSPHysics/DesignSPHysics
master · Created: 2018-07-31 · Updated: 4 mo · 315 python files

Statistics

682
DL(Yr)
193
DL(Mo)
150
Stars
33
Issues
Manifest
Branch
master
Version
0.8.1 (29-05-2025)
License
GPL-3.0-or-later
Dependencies 6
  • Compat: PySide2
  • Internal: Draft
  • Internal: Fem
  • Internal: Mesh
  • Warn: defusedexpat (Not in AddonManager allowed packages)
  • Warn: ordereddict (Not in AddonManager allowed packages)
Static Analysis 20
MEDIUM 4
mod/dataobjects/configuration/executable_paths.py1
  • line 114: Pickle and modules that wrap it can be unsafe when used to deserialize untrusted data, possible security issue.
mod/main.py1
  • line 95: Audit url open for permitted schemes. Allowing use of file:/ or custom schemes is often unexpected.
mod/tools/stdout_tools.py1
  • line 46: Probable insecure usage of temp file/directory.
mod/xml/importer.py1
  • line 144: Using xml.etree.ElementTree.fromstring to parse untrusted XML data is known to be vulnerable to XML attacks. Replace xml.etree.ElementTree.fromstring with its defusedxml equivalent function or make sure defusedxml.defuse_stdlib() is called
LOW 16
mod/dataobjects/configuration/executable_paths.py1
  • line 9: Consider possible security implications associated with pickle module.
mod/dataobjects/motion/focused_piston_wave_gen.py1
  • line 34: Standard pseudo-random generators are not suitable for security/cryptographic purposes.
mod/dataobjects/motion/irregular_flap_wave_gen.py1
  • line 30: Standard pseudo-random generators are not suitable for security/cryptographic purposes.
mod/dataobjects/motion/irregular_piston_wave_gen.py1
  • line 29: Standard pseudo-random generators are not suitable for security/cryptographic purposes.
mod/dataobjects/relaxation_zone/relaxation_zone_irregular.py1
  • line 16: Standard pseudo-random generators are not suitable for security/cryptographic purposes.
mod/tools/file_tools.py2
  • line 16: Consider possible security implications associated with pickle module.
  • line 23: Consider possible security implications associated with UnpicklingError module.
mod/tools/pickle_tool.py1
  • line 2: Consider possible security implications associated with pickle module.
mod/tools/post_processing_tools.py3
  • line 5: Consider possible security implications associated with the subprocess module.
  • line 73: subprocess call - check for execution of untrusted input.
  • line 378: subprocess call - check for execution of untrusted input.
mod/widgets/dock/dock_widgets/gencase_completed_dialog.py2
  • line 5: Consider possible security implications associated with the subprocess module.
  • line 116: subprocess call - check for execution of untrusted input.
mod/xml/importer.py1
  • line 12: Using xml.etree.ElementTree to parse untrusted XML data is known to be vulnerable to XML attacks. Replace xml.etree.ElementTree with the equivalent defusedxml package, or make sure defusedxml.defuse_stdlib() is called.
mod/xml/xmltodict.py2
  • line 9: Using XMLGenerator to parse untrusted XML data is known to be vulnerable to XML attacks. Replace XMLGenerator with the equivalent defusedxml package, or make sure defusedxml.defuse_stdlib() is called.
  • line 10: Using AttributesImpl to parse untrusted XML data is known to be vulnerable to XML attacks. Replace AttributesImpl with the equivalent defusedxml package, or make sure defusedxml.defuse_stdlib() is called.
INFO 2
package.xml1
  • Missing author information in package.xml
Layout1
  • No Mod init scripts found
Authors/Maintainers 1
Iván Martínez Estévez

freecad.gears master

1.3· A gear workbench for FreeCAD

94 / 100

Repository

https://github.com/looooo/freecad.gears
master · Created: 2014-04-08 · Updated: 2 mo · 31 python files

Statistics

29,757
DL(Yr)
8,189
DL(Mo)
334
Stars
79
Issues
Manifest
Branch
master
Version
1.3
License
GPL-3.0-or-later
Dependencies 5
  • Internal: PySide
  • Warn: numpy (Not in AddonManager allowed packages)
  • Warn: pytest (Not in AddonManager allowed packages)
  • Warn: scipy (Not in AddonManager allowed packages)
  • Warn: sympy (Not in AddonManager allowed packages)
Static Analysis 2
HIGH 2
package.xml2
  • line 22: Did not expect element depend there
  • line 15: Element content has extra content: workbench
INFO 2
package.xml1
  • Missing author information in package.xml
Layout1
  • Uses extension based layout
Authors/Maintainers 1
looooo

OpenTheme main

2025.05.20· An accessible and coordinated set of Light and Dark themes for FreeCAD

94 / 100

Repository

https://github.com/obelisk79/OpenTheme
main · Created: 2024-01-24 · Updated: 4 mo · 0 python files

Statistics

27,791
DL(Yr)
6,520
DL(Mo)
102
Stars
59
Issues
Manifest
Branch
main
Version
2025.05.20
License
LGPL-2.1-or-later
Static Analysis 2
HIGH 2
package.xml2
  • line 17: Element preferencepack has extra content: type
  • line 13: Element content has extra content: preferencepack
INFO 2
package.xml1
  • Missing author information in package.xml
Layout1
  • No Mod init scripts found
Authors/Maintainers 1
Obelisk79

FreeCAD-themes main

2025.11.25· Additional themes for FreeCAD

94 / 100

Repository

https://github.com/FreeCAD/FreeCAD-themes
main · Created: 2024-06-24 · Updated: 1 mo · 0 python files

Statistics

7,432
DL(Yr)
2,094
DL(Mo)
9
Stars
4
Issues
Manifest
Branch
main
Version
2025.11.25
License
LGPL-2.1-or-later
Static Analysis 2
HIGH 2
package.xml2
  • line 15: Element preferencepack has extra content: type
  • line 13: Element content has extra content: preferencepack
INFO 2
package.xml1
  • Missing author information in package.xml
Layout1
  • No Mod init scripts found
Authors/Maintainers 1
The FreeCAD Team

Color-Palette-Theme main

2.2.2· Choose your colors with the "ColorPalette" Theme and increase the focus on objects and texts(FreeCAD v1.1.0 ≥)

94 / 100

Repository

https://github.com/altangarts/FreeCAD-Themes-ColorPalette
main · Created: 2024-12-25 · Updated: 5 d · 0 python files

Statistics

3,899
DL(Yr)
844
DL(Mo)
11
Stars
1
Issues
Manifest
Branch
main
Version
2.2.2
License
LGPL-2.1-or-later
Static Analysis 2
HIGH 2
package.xml2
  • line 17: Element preferencepack has extra content: type
  • line 13: Element content has extra content: preferencepack
INFO 2
package.xml1
  • Missing author information in package.xml
Layout1
  • No Mod init scripts found
Authors/Maintainers 1
altangarts

PieMenu master

1.12.4· The PieMenu module is a tool to accelerate and simplify your workflow in usage of FreeCAD.

94 / 100

Repository

https://github.com/Grubuntu/PieMenu
master · Created: 2024-01-13 · Updated: 2 mo · 2 python files

Statistics

4,149
DL(Yr)
763
DL(Mo)
32
Stars
4
Issues
Manifest
Branch
master
Version
1.12.4
License
LGPL-2.1-or-later
Dependencies 1
  • Internal: PySide
Static Analysis 2
HIGH 2
package.xml2
  • line 7: Element maintainer failed to validate attributes
  • line 8: Missing license file 'LICENSE'
INFO 2
package.xml1
  • Missing author information in package.xml
Layout1
  • Uses exec based layout
Authors/Maintainers 1
Grubuntu

OpticsWorkbench main

1.3.5· Geometrical optics for FreeCAD. Performs simple raytracing through your FreeCAD objects.

94 / 100

Repository

https://github.com/chbergmann/OpticsWorkbench
main · Created: 2021-07-03 · Updated: 3 d · 16 python files

Statistics

1,711
DL(Yr)
618
DL(Mo)
158
Stars
10
Issues
Manifest
Branch
main
Version
1.3.5
License
LGPL-2.1
Dependencies 6
  • Internal: BOPTools
  • Internal: PySide
  • Internal: Sketcher
  • Warn: matplotlib (Not in AddonManager allowed packages)
  • Warn: numpy (Not in AddonManager allowed packages)
  • Warn: scipy (Not in AddonManager allowed packages)
Static Analysis 2
HIGH 2
package.xml2
  • line 20: Did not expect element depend there
  • line 14: Element content has extra content: workbench
INFO 2
package.xml1
  • Missing author information in package.xml
Layout1
  • Uses exec based layout
Authors/Maintainers 1
Christi

Estimate main

0.1.5· A FreeCAD workbench to estimate material quantity by volume or weight for selected parts

94 / 100

Repository

https://github.com/erroronline1/estimateWB
master · Created: 2022-03-04 · Updated: 16 d · 6 python files

Statistics

1,807
DL(Yr)
422
DL(Mo)
13
Stars
1
Issues
Manifest
Branch
main
Version
0.1.5
License
LGPL-3.0-or-later
Dependencies 1
  • Internal: PySide
Static Analysis 2
HIGH 2
package.xml2
  • line 44: Missing license file 'LICENSE'
  • Declared branch 'main' does not match git branch 'master'
INFO 1
Layout1
  • Uses extension based layout
Authors/Maintainers 1
error on line 1

Freecad-Built-in-themes-beta main

1.2.2· Beta versions of the preference Packs included with the FreeCAD distribution

94 / 100

Repository

https://github.com/MisterMakerNL/Freecad-Built-in-themes-beta
main · Created: 2023-06-11 · Updated: 2 yr · 0 python files

Statistics

1,519
DL(Yr)
396
DL(Mo)
4
Stars
1
Issues
Manifest
Branch
main
Version
1.2.2
License
LGPL-2.0-or-later
Static Analysis 2
HIGH 2
package.xml2
  • line 2: Expecting a namespace for element package
  • line 7: Missing license file '../../LICENSE'
INFO 2
package.xml1
  • Missing author information in package.xml
Layout1
  • No Mod init scripts found
Authors/Maintainers 1
MisterMaker

NordicFC main

1.0.1· Nordic themes and preference pack.

94 / 100

Repository

https://github.com/erroronline1/NordicFC
main · Created: 2025-09-20 · Updated: 5 d · 0 python files

Statistics

159
DL(Yr)
159
DL(Mo)
21
Stars
2
Issues
Manifest
Branch
main
Version
1.0.1
License
LGPL-2.1-or-later
Static Analysis 2
HIGH 2
package.xml2
  • line 90: Element preferencepack has extra content: type
  • line 83: Element content has extra content: preferencepack
INFO 1
Layout1
  • No Mod init scripts found
Authors/Maintainers 1
error on line 1

Machines Latest

1.0.0· Collection of Community Maintained Machines

94 / 100

Repository

https://github.com/FreeCAD/Machines
Latest · Created: 2026-03-13 · Updated: 22 d · 0 python files

Statistics

0
DL(Yr)
0
DL(Mo)
3
Stars
1
Issues
Manifest
Branch
Latest
Version
1.0.0
License
CC-BY-SA-4.0
Static Analysis 2
HIGH 2
package.xml2
  • line 82: Did not expect element machine there
  • line 83: Element content has extra content: machine
INFO 1
Layout1
  • No Mod init scripts found
Authors/Maintainers 1
Sliptonic

SlopedPlanesMacro

No description

94 / 100

Repository

https://github.com/luzpaz/SlopedPlanesMacro
master · Created: 2017-11-14 · Updated: 7 yr · 14 python files

Statistics

0
DL(Yr)
0
DL(Mo)
4
Stars
0
Issues
Dependencies 2
  • Internal: PySide
  • Internal: Sketcher
Static Analysis 2
HIGH 2
package.xml1
  • File not found.
Layout1
  • Invalid __init__.py file in root.
INFO 1
Layout1
  • No Mod init scripts found
Authors/Maintainers 0

Smooth-Toolsync main

0.1.0· The Smooth addon provides bidirectional synchronization between FreeCAD's CAM tool libraries and the Smooth tool data exchange system. ...

94 / 100

Repository

https://github.com/loobric/smooth-freecad.git
master · Created: 2025-10-27 · Updated: 4 mo · 13 python files

Statistics

0
DL(Yr)
0
DL(Mo)
3
Stars
3
Issues
Manifest
Branch
main
Version
0.1.0
License
MIT
Dependencies 5
  • Internal: PySide
  • Warn: Path (Not in AddonManager allowed packages)
  • Warn: Requests (Not in AddonManager allowed packages)
  • Warn: clients (Not in AddonManager allowed packages)
  • Warn: pytest (Not in AddonManager allowed packages)
Static Analysis 2
HIGH 2
package.xml2
  • line 39: Element package has extra content: tags
  • Declared branch 'main' does not match git branch 'master'
INFO 2
package.xml1
  • Missing author information in package.xml
Layout1
  • Uses extension based layout
Authors/Maintainers 1
Brad Collette

CfdOF master

1.36.8· Computational Fluid Dynamics (CFD) based on OpenFOAM.

93.9 / 100

Repository

https://github.com/jaheyns/CfdOF
master · Created: 2016-12-02 · Updated: today · 74 python files

Statistics

12,296
DL(Yr)
4,428
DL(Mo)
660
Stars
17
Issues
Manifest
Branch
master
Version
1.36.8
License
LGPL-3.0-or-later
Dependencies 8
  • Internal: BOPTools
  • Internal: Fem
  • Internal: PySide
  • Internal: pivy
  • Warn: PyQt5 (Not in AddonManager allowed packages)
  • Warn: certifi (Not in AddonManager allowed packages)
  • Warn: matplotlib (Not in AddonManager allowed packages)
  • Warn: numpy (Not in AddonManager allowed packages)
Static Analysis 25
MEDIUM 4
CfdOF/CfdPreferencePage.py1
  • line 549: Audit url open for permitted schemes. Allowing use of file:/ or custom schemes is often unexpected.
CfdOF/CfdTools.py2
  • line 828: Probable insecure usage of temp file/directory.
  • line 1756: Use of exec detected.
CfdOF/Solve/CfdCaseWriterFoam.py1
  • line 168: Probable insecure usage of temp file/directory.
LOW 21
CfdOF/CfdPreferencePage.py1
  • line 41: Using escape to parse untrusted XML data is known to be vulnerable to XML attacks. Replace escape with the equivalent defusedxml package, or make sure defusedxml.defuse_stdlib() is called.
CfdOF/CfdTools.py15
  • line 37: Consider possible security implications associated with the subprocess module.
  • line 576: subprocess call - check for execution of untrusted input.
  • line 1688: Starting a process with a partial executable path
  • line 1688: subprocess call - check for execution of untrusted input.
  • line 1690: Starting a process with a partial executable path
  • line 1690: subprocess call - check for execution of untrusted input.
  • line 1692: Starting a process with a partial executable path
  • line 1692: subprocess call - check for execution of untrusted input.
  • line 1820: Consider possible security implications associated with the subprocess module.
  • line 1825: Starting a process with a partial executable path
  • line 1825: subprocess call - check for execution of untrusted input.
  • line 1829: Starting a process with a partial executable path
  • line 1829: subprocess call - check for execution of untrusted input.
  • line 1893: subprocess call - check for execution of untrusted input.
  • line 1915: subprocess call - check for execution of untrusted input.
CfdOF/Mesh/CfdMeshTools.py3
  • line 545: Standard pseudo-random generators are not suitable for security/cryptographic purposes.
  • line 546: Standard pseudo-random generators are not suitable for security/cryptographic purposes.
  • line 547: Standard pseudo-random generators are not suitable for security/cryptographic purposes.
CfdOF/WindowsRunWrapper.py2
  • line 30: Consider possible security implications associated with the subprocess module.
  • line 69: subprocess call - check for execution of untrusted input.
INFO 1
Layout1
  • Uses exec based layout
Authors/Maintainers 1
Oliver Oxtoby

Silk master

0.2.9· NURBS Surface modeling tools focused on low degree and seam continuity

93.9 / 100

Repository

https://github.com/edwardvmills/Silk
master · Created: 2017-05-20 · Updated: 1 d · 43 python files

Statistics

4,791
DL(Yr)
1,966
DL(Mo)
86
Stars
4
Issues
Manifest
Branch
master
Version
0.2.9
License
GPL-3.0-or-later
Dependencies 2
  • Internal: PySide
  • Warn: numpy (Not in AddonManager allowed packages)
Static Analysis 3
HIGH 2
package.xml2
  • line 2: Expecting a namespace for element package
  • line 8: Missing license file 'LICENSE'
LOW 1
license.*1
  • File not found.
INFO 2
package.xml1
  • Missing author information in package.xml
Layout1
  • Uses exec based layout
Authors/Maintainers 1
edwardvmills

STEMFIE main

0.3.1· A simple workbench for generating STEMFIE system components.

93.9 / 100

Repository

https://github.com/bilbaomakers/StemfieWB
main · 0.3.1 · Created: 2021-07-06 · Updated: 1 yr · 15 python files

Statistics

0
DL(Yr)
0
DL(Mo)
23
Stars
5
Issues
Manifest
Branch
main
Version
0.3.1
License
GPL-2.0-or-later
Dependencies 2
  • Warn: numpy (Not in AddonManager allowed packages)
  • Warn: pygears (Not in AddonManager allowed packages)
Static Analysis 3
HIGH 2
package.xml2
  • line 45: Element workbench has extra content: text
  • line 45: Element content has extra content: workbench
LOW 1
freecad/stemfie/Stemfie.py1
  • line 79: Standard pseudo-random generators are not suitable for security/cryptographic purposes.
INFO 1
Layout1
  • Uses extension based layout
Authors/Maintainers 2
Bilbao Makers hasecilu

SteelColumn

No description

93.9 / 100

Repository

https://github.com/ebrahimraeyat/momen
master · Created: 2020-08-28 · Updated: 1 yr · 16 python files

Statistics

0
DL(Yr)
0
DL(Mo)
8
Stars
0
Issues
Dependencies 8
  • Compat: PySide2
  • Internal: Arch
  • Internal: Draft
  • Internal: PySide
  • Warn: GitPython (Not in AddonManager allowed packages)
  • Warn: PyQt5 (Not in AddonManager allowed packages)
  • Warn: ezdxf (Not in AddonManager allowed packages)
  • Warn: sec (Not in AddonManager allowed packages)
Static Analysis 3
HIGH 2
package.xml1
  • File not found.
Layout1
  • Invalid __init__.py file in root. Change to Init.py
LOW 1
techdraw.py1
  • line 296: Standard pseudo-random generators are not suitable for security/cryptographic purposes.
INFO 1
Layout1
  • Uses exec based layout
Authors/Maintainers 0

Alternate_OpenSCAD master

1.0.0· An alternate OpenSCAD importer with some experimental features.

93.8 / 100

Repository

https://github.com/KeithSloan/OpenSCAD_Alt_Import
master · Created: 2020-02-04 · Updated: 3 mo · 19 python files

Statistics

2,229
DL(Yr)
549
DL(Mo)
16
Stars
10
Issues
Manifest
Branch
master
Version
1.0.0
License
LGPL-2.1-or-later
Dependencies 8
  • Internal: Draft
  • Internal: Mesh
  • Internal: PySide
  • Internal: pivy
  • Warn: ezdxf (Not in AddonManager allowed packages)
  • Warn: numpy (Not in AddonManager allowed packages)
  • Warn: ply (Not in AddonManager allowed packages)
  • Warn: scadParser (Not in AddonManager allowed packages)
Static Analysis 26
MEDIUM 4
OpenSCADHull.py3
  • line 206: Probable insecure usage of temp file/directory.
  • line 207: Probable insecure usage of temp file/directory.
  • line 208: Probable insecure usage of temp file/directory.
importAltCSG.py1
  • line 981: Using xml.sax.make_parser to parse untrusted XML data is known to be vulnerable to XML attacks. Replace xml.sax.make_parser with its defusedxml equivalent function or make sure defusedxml.defuse_stdlib() is called
LOW 22
DXFObjects.py2
  • line 134: Consider possible security implications associated with the subprocess module.
  • line 140: subprocess call - check for execution of untrusted input.
OpenSCADCommands.py3
  • line 77: Standard pseudo-random generators are not suitable for security/cryptographic purposes.
  • line 77: Standard pseudo-random generators are not suitable for security/cryptographic purposes.
  • line 77: Standard pseudo-random generators are not suitable for security/cryptographic purposes.
OpenSCADObjects.py2
  • line 349: Consider possible security implications associated with the subprocess module.
  • line 355: subprocess call - check for execution of untrusted input.
OpenSCADUtils.py11
  • line 61: Consider possible security implications associated with the subprocess module.
  • line 72: Consider possible security implications associated with the subprocess module.
  • line 87: Starting a process with a partial executable path
  • line 87: subprocess call - check for execution of untrusted input.
  • line 99: Starting a process with a partial executable path
  • line 99: subprocess call - check for execution of untrusted input.
  • line 127: Consider possible security implications associated with the subprocess module.
  • line 134: subprocess call - check for execution of untrusted input.
  • line 165: Consider possible security implications associated with the subprocess module.
  • line 166: Consider possible security implications associated with the subprocess module.
  • line 170: subprocess call - check for execution of untrusted input.
importAltCSG.py4
  • line 33: Using xml.sax to parse untrusted XML data is known to be vulnerable to XML attacks. Replace xml.sax with the equivalent defusedxml package, or make sure defusedxml.defuse_stdlib() is called.
  • line 521: Standard pseudo-random generators are not suitable for security/cryptographic purposes.
  • line 521: Standard pseudo-random generators are not suitable for security/cryptographic purposes.
  • line 521: Standard pseudo-random generators are not suitable for security/cryptographic purposes.
INFO 1
Layout1
  • Uses extension based layout
Authors/Maintainers 1
Keith Sloan

nurbs

No description

93.4 / 100

Repository

https://github.com/microelly2/freecad-nurbs
master · Created: 2016-08-01 · Updated: 7 yr · 110 python files

Statistics

0
DL(Yr)
0
DL(Mo)
26
Stars
6
Issues
Dependencies 8
  • Internal: Draft
  • Internal: Mesh
  • Internal: Points
  • Internal: PySide
  • Internal: pivy
  • Warn: matplotlib (Not in AddonManager allowed packages)
  • Warn: numpy (Not in AddonManager allowed packages)
  • Warn: scipy (Not in AddonManager allowed packages)
Static Analysis 19
HIGH 1
package.xml1
  • File not found.
MEDIUM 2
nurbswb/needle_models.py1
  • line 913: Use of possibly insecure function - consider using safer ast.literal_eval.
nurbswb/sole_models.py1
  • line 99: Use of possibly insecure function - consider using safer ast.literal_eval.
LOW 16
examples/example_create_random_nurbs_with_grids.py6
  • line 27: Standard pseudo-random generators are not suitable for security/cryptographic purposes.
  • line 28: Standard pseudo-random generators are not suitable for security/cryptographic purposes.
  • line 31: Standard pseudo-random generators are not suitable for security/cryptographic purposes.
  • line 37: Standard pseudo-random generators are not suitable for security/cryptographic purposes.
  • line 38: Standard pseudo-random generators are not suitable for security/cryptographic purposes.
  • line 42: Standard pseudo-random generators are not suitable for security/cryptographic purposes.
nurbswb/mesh_generator.py9
  • line 110: Standard pseudo-random generators are not suitable for security/cryptographic purposes.
  • line 110: Standard pseudo-random generators are not suitable for security/cryptographic purposes.
  • line 110: Standard pseudo-random generators are not suitable for security/cryptographic purposes.
  • line 137: Standard pseudo-random generators are not suitable for security/cryptographic purposes.
  • line 137: Standard pseudo-random generators are not suitable for security/cryptographic purposes.
  • line 137: Standard pseudo-random generators are not suitable for security/cryptographic purposes.
  • line 153: Standard pseudo-random generators are not suitable for security/cryptographic purposes.
  • line 153: Standard pseudo-random generators are not suitable for security/cryptographic purposes.
  • line 153: Standard pseudo-random generators are not suitable for security/cryptographic purposes.
license.*1
  • File not found.
INFO 1
Layout1
  • Uses exec based layout
Authors/Maintainers 0

Design456 main

0.00.1· Direct Modeling Workbench for FreeCAD

93.1 / 100

Repository

https://github.com/MariwanJ/Design456
main · Created: 2021-01-29 · Updated: 5 d · 80 python files

Statistics

1,329
DL(Yr)
390
DL(Mo)
62
Stars
5
Issues
Manifest
Branch
main
Version
0.00.1
License
GPL-3.0-or-later
Dependencies 6
  • Internal: BOPTools
  • Internal: Draft
  • Internal: Mesh
  • Internal: PySide
  • Internal: pivy
  • Warn: PyQt5 (Not in AddonManager allowed packages)
Static Analysis 11
HIGH 2
package.xml2
  • line 2: Expecting a namespace for element package
  • line 8: Missing license file 'LICENSE'
LOW 9
freecad/Design456/Design456Parts1.py6
  • line 466: Standard pseudo-random generators are not suitable for security/cryptographic purposes.
  • line 467: Standard pseudo-random generators are not suitable for security/cryptographic purposes.
  • line 468: Standard pseudo-random generators are not suitable for security/cryptographic purposes.
  • line 469: Standard pseudo-random generators are not suitable for security/cryptographic purposes.
  • line 470: Standard pseudo-random generators are not suitable for security/cryptographic purposes.
  • line 471: Standard pseudo-random generators are not suitable for security/cryptographic purposes.
freecad/Design456/FACE_D.py3
  • line 168: Standard pseudo-random generators are not suitable for security/cryptographic purposes.
  • line 169: Standard pseudo-random generators are not suitable for security/cryptographic purposes.
  • line 170: Standard pseudo-random generators are not suitable for security/cryptographic purposes.
INFO 2
package.xml1
  • Missing author information in package.xml
Layout1
  • Uses extension based layout
Authors/Maintainers 1
Mariwan Jalal

workfeature

No description

93 / 100

Repository

https://github.com/Rentlau/WorkFeature-WB
master · Created: 2018-01-29 · Updated: 1 yr · 35 python files

Statistics

0
DL(Yr)
0
DL(Mo)
13
Stars
6
Issues
Dependencies 3
  • Internal: PySide
  • Warn: numpy (Not in AddonManager allowed packages)
  • Warn: opencv-python (Not in AddonManager allowed packages)
Static Analysis 3
HIGH 2
package.xml1
  • File not found.
Layout1
  • Invalid __init__.py file in root. Change to Init.py
MEDIUM 1
WF_centerFacePoint.py1
  • line 192: Use of possibly insecure function - consider using safer ast.literal_eval.
INFO 1
Layout1
  • Uses exec based layout
Authors/Maintainers 0

BillOfMaterials main

1.1.1· A workbench to create Bill of Materials (BoM) independent of the assembly workbench of your choice.

92.4 / 100

Repository

https://github.com/APEbbers/BillOfMaterials-WB
Develop · Created: 2023-11-05 · Updated: 21 d · 35 python files

Statistics

0
DL(Yr)
0
DL(Mo)
29
Stars
6
Issues
Manifest
Branch
main
Version
1.1.1
License
LGPL-3.0-or-later
Dependencies 3
  • Internal: PySide
  • Warn: matplotlib (Not in AddonManager allowed packages)
  • Warn: openpyxl (Not in AddonManager allowed packages)
Static Analysis 9
HIGH 2
package.xml1
  • Declared branch 'main' does not match git branch 'Develop'
Layout1
  • Invalid __init__.py file in root. Change to Init.py
MEDIUM 1
StyleMapping_BOM_WB.py1
  • line 86: Using xml.etree.ElementTree.parse to parse untrusted XML data is known to be vulnerable to XML attacks. Replace xml.etree.ElementTree.parse with its defusedxml equivalent function or make sure defusedxml.defuse_stdlib() is called
LOW 6
Standard_Functions_BOM_WB.py5
  • line 287: Consider possible security implications associated with the subprocess module.
  • line 294: subprocess call - check for execution of untrusted input.
  • line 296: Starting a process without a shell.
  • line 300: Starting a process with a partial executable path
  • line 300: subprocess call - check for execution of untrusted input.
StyleMapping_BOM_WB.py1
  • line 46: Using xml.etree.ElementTree to parse untrusted XML data is known to be vulnerable to XML attacks. Replace xml.etree.ElementTree with the equivalent defusedxml package, or make sure defusedxml.defuse_stdlib() is called.
INFO 2
package.xml1
  • Missing author information in package.xml
Layout1
  • Uses exec based layout
Authors/Maintainers 1
Paul Ebbers

Assembly4.1 main

0.60.2-0.1· This assembly workbench use lets you put FreeCAD Part and Body together inside a standard Assembly container.

92 / 100

Repository

https://github.com/leoheck/FreeCAD_Assembly4.1
main · Created: 2025-06-23 · Updated: 7 mo · 33 python files

Statistics

4,805
DL(Yr)
1,332
DL(Mo)
22
Stars
3
Issues
Manifest
Branch
main
Version
0.60.2-0.1
License
LGPL-2.1-only
Dependencies 5
  • Internal: PySide
  • Internal: pivy
  • Warn: Pillow (Not in AddonManager allowed packages)
  • Warn: numpy (Not in AddonManager allowed packages)
  • Warn: opencv-python (Not in AddonManager allowed packages)
Static Analysis 6
HIGH 1
package.xml1
  • line 2: Expecting a namespace for element package
MEDIUM 5
freecad/Asm4p1/asm4_objects.py5
  • line 577: Use of possibly insecure function - consider using safer ast.literal_eval.
  • line 579: Use of possibly insecure function - consider using safer ast.literal_eval.
  • line 584: Use of possibly insecure function - consider using safer ast.literal_eval.
  • line 586: Use of exec detected.
  • line 588: Use of exec detected.
INFO 2
package.xml1
  • Missing author information in package.xml
Layout1
  • Uses extension based layout
Authors/Maintainers 1
leoheck

AddonManager main

2026.5.14· Tool to install workbenches, macros, themes, etc.

91.8 / 100

Repository

https://github.com/FreeCAD/AddonManager
main · Created: 2025-04-06 · Updated: 4 d · 99 python files

Statistics

13,746
DL(Yr)
2,065
DL(Mo)
9
Stars
40
Issues
Manifest
Branch
main
Version
2026.5.14
License
LGPL-2.1-or-later
Dependencies 10
  • Compat: PySide2
  • Compat: PySide6
  • Internal: PySide
  • Warn: Markdown (Not in AddonManager allowed packages)
  • Warn: Requests (Not in AddonManager allowed packages)
  • Warn: defusedxml (Not in AddonManager allowed packages)
  • Warn: freecad_addon_analyzer (Not in AddonManager allowed packages)
  • Warn: freecad_addon_analyzer.egg (Not in AddonManager allowed packages)
  • Warn: importlib_metadata (Not in AddonManager allowed packages)
  • Warn: pyfakefs (Not in AddonManager allowed packages)
Static Analysis 46
MEDIUM 4
Resources/translations/run_translation_cycle.py2
  • line 91: Audit url open for permitted schemes. Allowing use of file:/ or custom schemes is often unexpected.
  • line 146: Audit url open for permitted schemes. Allowing use of file:/ or custom schemes is often unexpected.
addonmanager_uninstaller.py1
  • line 151: Use of exec detected.
addonmanager_utilities.py1
  • line 447: Audit url open for permitted schemes. Allowing use of file:/ or custom schemes is often unexpected.
LOW 38
Addon.py1
  • line 32: Using ParseError to parse untrusted XML data is known to be vulnerable to XML attacks. Replace ParseError with the equivalent defusedxml package, or make sure defusedxml.defuse_stdlib() is called.
AddonCatalog.py1
  • line 28: Using ParseError to parse untrusted XML data is known to be vulnerable to XML attacks. Replace ParseError with the equivalent defusedxml package, or make sure defusedxml.defuse_stdlib() is called.
AddonCatalogCacheCreator.py25
  • line 39: Consider possible security implications associated with the subprocess module.
  • line 40: Using ParseError to parse untrusted XML data is known to be vulnerable to XML attacks. Replace ParseError with the equivalent defusedxml package, or make sure defusedxml.defuse_stdlib() is called.
  • line 249: subprocess call - check for execution of untrusted input.
  • line 474: subprocess call - check for execution of untrusted input.
  • line 490: subprocess call - check for execution of untrusted input.
  • line 495: subprocess call - check for execution of untrusted input.
  • line 501: subprocess call - check for execution of untrusted input.
  • line 532: Starting a process with a partial executable path
  • line 532: subprocess call - check for execution of untrusted input.
  • line 533: Starting a process with a partial executable path
  • line 533: subprocess call - check for execution of untrusted input.
  • line 534: Starting a process with a partial executable path
  • line 534: subprocess call - check for execution of untrusted input.
  • line 538: Starting a process with a partial executable path
  • line 538: subprocess call - check for execution of untrusted input.
  • line 543: Starting a process with a partial executable path
  • line 543: subprocess call - check for execution of untrusted input.
  • line 553: Starting a process with a partial executable path
  • line 553: subprocess call - check for execution of untrusted input.
  • line 567: Starting a process with a partial executable path
  • … 5 more issues
AddonManagerTest/app/test_dependency_installer.py1
  • line 24: Consider possible security implications associated with the subprocess module.
AddonManagerTest/app/test_python_deps.py1
  • line 23: Consider possible security implications associated with the subprocess module.
AddonManagerTest/app/test_utilities.py1
  • line 26: Consider possible security implications associated with the subprocess module.
Resources/translations/run_translation_cycle.py4
  • line 32: Consider possible security implications associated with the subprocess module.
  • line 196: Starting a process with a partial executable path
  • line 196: subprocess call - check for execution of untrusted input.
  • line 359: subprocess call - check for execution of untrusted input.
addonmanager_dependency_installer.py1
  • line 25: Consider possible security implications associated with the subprocess module.
addonmanager_git.py4
  • line 29: Consider possible security implications associated with the subprocess module.
  • line 438: Starting a process with a partial executable path
  • line 438: subprocess call - check for execution of untrusted input.
  • line 446: subprocess call - check for execution of untrusted input.
addonmanager_python_deps.py1
  • line 30: Consider possible security implications associated with the subprocess module.
addonmanager_utilities.py2
  • line 33: Consider possible security implications associated with the subprocess module.
  • line 459: subprocess call - check for execution of untrusted input.
INFO 1
Layout1
  • Uses exec based layout
Authors/Maintainers 4
Kurt Kremitzki Chris Hennes Yorik van Havre Jonathan Wiedemann

AddonManager dev

2026.5.14dev· Development branch of a tool to install workbenches, macros, themes, etc.

91.8 / 100

Repository

https://github.com/FreeCAD/AddonManager
dev · Created: 2025-04-06 · Updated: 4 d · 99 python files

Statistics

0
DL(Yr)
0
DL(Mo)
9
Stars
40
Issues
Manifest
Branch
dev
Version
2026.5.14dev
License
LGPL-2.1-or-later
Dependencies 10
  • Compat: PySide2
  • Compat: PySide6
  • Internal: PySide
  • Warn: Markdown (Not in AddonManager allowed packages)
  • Warn: Requests (Not in AddonManager allowed packages)
  • Warn: defusedxml (Not in AddonManager allowed packages)
  • Warn: freecad_addon_analyzer (Not in AddonManager allowed packages)
  • Warn: freecad_addon_analyzer.egg (Not in AddonManager allowed packages)
  • Warn: importlib_metadata (Not in AddonManager allowed packages)
  • Warn: pyfakefs (Not in AddonManager allowed packages)
Static Analysis 46
MEDIUM 4
Resources/translations/run_translation_cycle.py2
  • line 92: Audit url open for permitted schemes. Allowing use of file:/ or custom schemes is often unexpected.
  • line 147: Audit url open for permitted schemes. Allowing use of file:/ or custom schemes is often unexpected.
addonmanager_uninstaller.py1
  • line 152: Use of exec detected.
addonmanager_utilities.py1
  • line 446: Audit url open for permitted schemes. Allowing use of file:/ or custom schemes is often unexpected.
LOW 38
Addon.py1
  • line 32: Using ParseError to parse untrusted XML data is known to be vulnerable to XML attacks. Replace ParseError with the equivalent defusedxml package, or make sure defusedxml.defuse_stdlib() is called.
AddonCatalog.py1
  • line 28: Using ParseError to parse untrusted XML data is known to be vulnerable to XML attacks. Replace ParseError with the equivalent defusedxml package, or make sure defusedxml.defuse_stdlib() is called.
AddonCatalogCacheCreator.py25
  • line 40: Consider possible security implications associated with the subprocess module.
  • line 42: Using ParseError to parse untrusted XML data is known to be vulnerable to XML attacks. Replace ParseError with the equivalent defusedxml package, or make sure defusedxml.defuse_stdlib() is called.
  • line 251: subprocess call - check for execution of untrusted input.
  • line 476: subprocess call - check for execution of untrusted input.
  • line 492: subprocess call - check for execution of untrusted input.
  • line 497: subprocess call - check for execution of untrusted input.
  • line 503: subprocess call - check for execution of untrusted input.
  • line 534: Starting a process with a partial executable path
  • line 534: subprocess call - check for execution of untrusted input.
  • line 535: Starting a process with a partial executable path
  • line 535: subprocess call - check for execution of untrusted input.
  • line 536: Starting a process with a partial executable path
  • line 536: subprocess call - check for execution of untrusted input.
  • line 540: Starting a process with a partial executable path
  • line 540: subprocess call - check for execution of untrusted input.
  • line 545: Starting a process with a partial executable path
  • line 545: subprocess call - check for execution of untrusted input.
  • line 555: Starting a process with a partial executable path
  • line 555: subprocess call - check for execution of untrusted input.
  • line 569: Starting a process with a partial executable path
  • … 5 more issues
AddonManagerTest/app/test_dependency_installer.py1
  • line 24: Consider possible security implications associated with the subprocess module.
AddonManagerTest/app/test_python_deps.py1
  • line 23: Consider possible security implications associated with the subprocess module.
AddonManagerTest/app/test_utilities.py1
  • line 26: Consider possible security implications associated with the subprocess module.
Resources/translations/run_translation_cycle.py4
  • line 33: Consider possible security implications associated with the subprocess module.
  • line 197: Starting a process with a partial executable path
  • line 197: subprocess call - check for execution of untrusted input.
  • line 360: subprocess call - check for execution of untrusted input.
addonmanager_dependency_installer.py1
  • line 25: Consider possible security implications associated with the subprocess module.
addonmanager_git.py4
  • line 29: Consider possible security implications associated with the subprocess module.
  • line 438: Starting a process with a partial executable path
  • line 438: subprocess call - check for execution of untrusted input.
  • line 446: subprocess call - check for execution of untrusted input.
addonmanager_python_deps.py1
  • line 30: Consider possible security implications associated with the subprocess module.
addonmanager_utilities.py2
  • line 33: Consider possible security implications associated with the subprocess module.
  • line 458: subprocess call - check for execution of untrusted input.
INFO 1
Layout1
  • Uses exec based layout
Authors/Maintainers 4
Kurt Kremitzki Chris Hennes Yorik van Havre Jonathan Wiedemann

OSAFE master

2022.05.29· This is a workbench for FreeCAD that creates foundation model from CSI ETABS model results.

91.4 / 100

Repository

https://github.com/ebrahimraeyat/OSAFE
master · Created: 2018-11-08 · Updated: 3 mo · 83 python files

Statistics

0
DL(Yr)
0
DL(Mo)
46
Stars
3
Issues
Manifest
Branch
master
Version
2022.05.29
License
LGPL-2.1-or-later
Dependencies 14
  • Internal: Arch
  • Internal: BOPTools
  • Internal: Draft
  • Internal: PySide
  • Internal: Sketcher
  • Internal: pivy
  • Warn: GitPython (Not in AddonManager allowed packages)
  • Warn: docx (Not in AddonManager allowed packages)
  • Warn: ezdxf (Not in AddonManager allowed packages)
  • Warn: matplotlib (Not in AddonManager allowed packages)
  • Warn: numpy (Not in AddonManager allowed packages)
  • Warn: pandas (Not in AddonManager allowed packages)
  • Warn: pytest (Not in AddonManager allowed packages)
  • Warn: wmi (Not in AddonManager allowed packages)
Static Analysis 23
MEDIUM 7
check_legal.py1
  • line 109: Audit url open for permitted schemes. Allowing use of file:/ or custom schemes is often unexpected.
osafe_funcs/osafe_funcs.py4
  • line 474: Use of possibly insecure function - consider using safer ast.literal_eval.
  • line 482: Use of possibly insecure function - consider using safer ast.literal_eval.
  • line 486: Use of possibly insecure function - consider using safer ast.literal_eval.
  • line 489: Use of possibly insecure function - consider using safer ast.literal_eval.
osafe_objects/punch.py2
  • line 672: Use of possibly insecure function - consider using safer ast.literal_eval.
  • line 673: Use of possibly insecure function - consider using safer ast.literal_eval.
LOW 16
check_legal.py3
  • line 4: Consider possible security implications associated with the subprocess module.
  • line 31: Starting a process with a partial executable path
  • line 31: subprocess call - check for execution of untrusted input.
old_punch/foundraw/safe.py1
  • line 100: Try, Except, Continue detected.
old_punch/safe.py1
  • line 126: Try, Except, Continue detected.
osafe_funcs/osafe_funcs.py1
  • line 1836: Try, Except, Continue detected.
osafe_import_export/export.py4
  • line 118: Starting a process without a shell.
  • line 131: Starting a process without a shell.
  • line 154: Standard pseudo-random generators are not suitable for security/cryptographic purposes.
  • line 216: Starting a process without a shell.
osafe_import_export/report.py4
  • line 13: Consider possible security implications associated with the subprocess module.
  • line 16: Starting a process with a partial executable path
  • line 16: subprocess call - check for execution of untrusted input.
  • line 343: Starting a process without a shell.
osafe_import_export/safe_read_write_f2k.py1
  • line 103: Try, Except, Continue detected.
test/osafe_import_export/test_safe_read_write_f2k.py1
  • line 76: Try, Except, Continue detected.
INFO 2
package.xml1
  • Missing author information in package.xml
Layout1
  • Uses exec based layout
Authors/Maintainers 1
Raeyat Roknabadi Ebrahim

Assembly4 main

0.61.0· This assembly workbench allows you to assemble various native FreeCAD parts (of type Part or Body) into a standard assembly container using ...

91.1 / 100

Repository

https://codeberg.org/Zolko/Assembly4
main · Updated: 8 d · 40 python files

Statistics

10,619
DL(Yr)
3,150
DL(Mo)
0
Stars
0
Issues
Manifest
Branch
main
Version
0.61.0
License
LGPL-2.1-only
Dependencies 5
  • Internal: PySide
  • Internal: pivy
  • Warn: Pillow (Not in AddonManager allowed packages)
  • Warn: numpy (Not in AddonManager allowed packages)
  • Warn: opencv-python (Not in AddonManager allowed packages)
Static Analysis 15
HIGH 1
package.xml1
  • line 2: Expecting a namespace for element package
MEDIUM 5
Code/Asm4_objects.py5
  • line 577: Use of possibly insecure function - consider using safer ast.literal_eval.
  • line 579: Use of possibly insecure function - consider using safer ast.literal_eval.
  • line 584: Use of possibly insecure function - consider using safer ast.literal_eval.
  • line 586: Use of exec detected.
  • line 588: Use of exec detected.
LOW 9
Code/checkInterference.py3
  • line 269: Standard pseudo-random generators are not suitable for security/cryptographic purposes.
  • line 270: Standard pseudo-random generators are not suitable for security/cryptographic purposes.
  • line 271: Standard pseudo-random generators are not suitable for security/cryptographic purposes.
Code/checkInterference_OK.py3
  • line 269: Standard pseudo-random generators are not suitable for security/cryptographic purposes.
  • line 270: Standard pseudo-random generators are not suitable for security/cryptographic purposes.
  • line 271: Standard pseudo-random generators are not suitable for security/cryptographic purposes.
Code/checkInterference_zh.py3
  • line 97: Standard pseudo-random generators are not suitable for security/cryptographic purposes.
  • line 98: Standard pseudo-random generators are not suitable for security/cryptographic purposes.
  • line 99: Standard pseudo-random generators are not suitable for security/cryptographic purposes.
INFO 2
package.xml1
  • Missing author information in package.xml
Layout1
  • No Mod init scripts found
Authors/Maintainers 1
Zolko

Gridfinity master

0.12.4· This Workbench will generate several variations of parametric Gridfinity bins and baseplates that can be easily customized.

91 / 100

Repository

https://github.com/Stu142/FreeCAD-Gridfinity-Workbench
master · v0.12.4 · Created: 2024-03-18 · Updated: 3 mo · 17 python files

Statistics

8,008
DL(Yr)
1,887
DL(Mo)
487
Stars
34
Issues
Manifest
Branch
master
Version
0.12.4
License
lgpl-2.1-or-later
Dependencies 1
  • Internal: PySide
Static Analysis 3
HIGH 3
package.xml3
  • line 2: Expecting an element maintainer, got nothing
  • line 2: Invalid sequence in interleave
  • line 2: Element package failed to validate content
INFO 2
package.xml1
  • Missing maintainers information in package.xml
Layout1
  • Uses extension based layout
Authors/Maintainers 1
Stuart

Cables master

0.3.5· Electrical cables drawing tools workbench for FreeCAD.

91 / 100

Repository

https://github.com/sargo-devel/Cables
master · Created: 2025-01-21 · Updated: 2 mo · 32 python files

Statistics

6,734
DL(Yr)
1,516
DL(Mo)
75
Stars
7
Issues
Manifest
Branch
master
Version
0.3.5
License
LGPL-3.0-or-later
Dependencies 7
  • Internal: Arch
  • Internal: Draft
  • Internal: PySide
  • Internal: Sketcher
  • Internal: pivy
  • Warn: Show (Not in AddonManager allowed packages)
  • Warn: setuptools (Not in AddonManager allowed packages)
Static Analysis 5
HIGH 2
freecad/cables/resources/translations/updateTranslations.py2
  • line 288: Starting a process with a shell, possible injection detected, security issue.
  • line 351: Starting a process with a shell, possible injection detected, security issue.
MEDIUM 3
freecad/cables/resources/translations/updateTranslations.py2
  • line 170: Audit url open for permitted schemes. Allowing use of file:/ or custom schemes is often unexpected.
  • line 222: Audit url open for permitted schemes. Allowing use of file:/ or custom schemes is often unexpected.
setup.py1
  • line 7: Use of exec detected.
INFO 2
package.xml1
  • Missing author information in package.xml
Layout1
  • Uses extension based layout
Authors/Maintainers 1
SargoDevel

QuickMeasure main

2022.10.28· Measures selected features.

91 / 100

Repository

https://github.com/DanMiel/QuickMeasure
main · Created: 2022-10-04 · Updated: 10 mo · 3 python files

Statistics

3,241
DL(Yr)
775
DL(Mo)
10
Stars
4
Issues
Manifest
Branch
main
Version
2022.10.28
License
Dependencies 3
  • Internal: Draft
  • Internal: PySide
  • Warn: numpy (Not in AddonManager allowed packages)
Static Analysis 3
HIGH 3
package.xml3
  • line 2: Expecting an element maintainer, got nothing
  • line 2: Invalid sequence in interleave
  • line 2: Element package failed to validate content
INFO 3
package.xml2
  • Missing author information in package.xml
  • Missing maintainers information in package.xml
Layout1
  • Uses exec based layout
Authors/Maintainers 0

Launcher Latest

0.1.0· Search for commands and run them.

91 / 100

Repository

https://github.com/Addon-Shelter/Runner
Latest · Created: 2026-03-28 · Updated: 2 mo · 7 python files

Statistics

0
DL(Yr)
0
DL(Mo)
0
Stars
0
Issues
Manifest
Branch
Latest
Version
0.1.0
License
LGPL-2.1-or-later, CC-BY-SA-4.0
Dependencies 1
  • Compat: PySide6
Static Analysis 3
HIGH 3
package.xml3
  • line 15: Invalid attribute type for element replace
  • Extra element replace in interleave
  • line 15: Element package failed to validate content
INFO 1
Layout1
  • Uses extension based layout
Authors/Maintainers 2
PhoneDroid Triplus

Machines Latest

1.0.0· Collection of Community Maintained Machines

91 / 100

Repository

https://github.com/FreeCAD/Machines
Stable · v1.0.0 · Created: 2026-03-13 · Updated: 1 mo · 0 python files

Statistics

0
DL(Yr)
0
DL(Mo)
3
Stars
1
Issues
Manifest
Branch
Latest
Version
1.0.0
License
CC-BY-SA-4.0
Static Analysis 3
HIGH 3
package.xml3
  • line 82: Did not expect element Machine there
  • line 83: Element content has extra content: Machine
  • Declared branch 'Latest' does not match git branch 'Stable'
INFO 1
Layout1
  • No Mod init scripts found
Authors/Maintainers 1
Sliptonic

CADExchanger

No description

90.7 / 100

Repository

https://github.com/yorikvanhavre/CADExchanger
master · Created: 2017-03-25 · Updated: 2 yr · 3 python files

Statistics

1,103
DL(Yr)
377
DL(Mo)
75
Stars
6
Issues
Dependencies 1
  • Internal: PySide
Static Analysis 6
HIGH 3
CADExchangerIO.py2
  • line 188: subprocess call with shell=True identified, security issue.
  • line 220: subprocess call with shell=True identified, security issue.
package.xml1
  • File not found.
LOW 3
CADExchangerIO.py3
  • line 31: Consider possible security implications associated with the subprocess module.
  • line 74: subprocess call - check for execution of untrusted input.
  • line 99: subprocess call - check for execution of untrusted input.
INFO 1
Layout1
  • Uses exec based layout
Authors/Maintainers 0

SearchBar main

1.8.0· Adds a search bar widget for tools, document objects, and preferences

90.6 / 100

Repository

https://github.com/APEbbers/SearchBar
main · Created: 2024-11-07 · Updated: 7 mo · 28 python files

Statistics

3,298
DL(Yr)
924
DL(Mo)
6
Stars
7
Issues
Manifest
Branch
main
Version
1.8.0
License
CCOv1
Dependencies 4
  • Internal: PySide
  • Internal: pivy
  • Warn: GitPython (Not in AddonManager allowed packages)
  • Warn: lxml (Not in AddonManager allowed packages)
Static Analysis 9
HIGH 2
package.xml1
  • line 12: Element maintainer failed to validate attributes
Layout1
  • Invalid __init__.py file in root. Change to Init.py
MEDIUM 3
StandardFunctions_SearchBar.py2
  • line 11: Using xml.etree.ElementTree.parse to parse untrusted XML data is known to be vulnerable to XML attacks. Replace xml.etree.ElementTree.parse with its defusedxml equivalent function or make sure defusedxml.defuse_stdlib() is called
  • line 52: Using xml.etree.ElementTree.fromstring to parse untrusted XML data is known to be vulnerable to XML attacks. Replace xml.etree.ElementTree.fromstring with its defusedxml equivalent function or make sure defusedxml.defuse_stdlib() is called
StyleMapping_SearchBar.py1
  • line 83: Using xml.etree.ElementTree.parse to parse untrusted XML data is known to be vulnerable to XML attacks. Replace xml.etree.ElementTree.parse with its defusedxml equivalent function or make sure defusedxml.defuse_stdlib() is called
LOW 4
ResultsToolbar.py1
  • line 117: Try, Except, Continue detected.
StandardFunctions_SearchBar.py2
  • line 4: Using xml.etree.ElementTree to parse untrusted XML data is known to be vulnerable to XML attacks. Replace xml.etree.ElementTree with the equivalent defusedxml package, or make sure defusedxml.defuse_stdlib() is called.
  • line 39: Using xml.etree.ElementTree to parse untrusted XML data is known to be vulnerable to XML attacks. Replace xml.etree.ElementTree with the equivalent defusedxml package, or make sure defusedxml.defuse_stdlib() is called.
StyleMapping_SearchBar.py1
  • line 43: Using xml.etree.ElementTree to parse untrusted XML data is known to be vulnerable to XML attacks. Replace xml.etree.ElementTree with the equivalent defusedxml package, or make sure defusedxml.defuse_stdlib() is called.
INFO 2
package.xml1
  • Missing author information in package.xml
Layout1
  • Uses exec based layout
Authors/Maintainers 1
Paul Ebbers

woodworking master

3.1.20260416· Woodworking workbench was designed primarily for creating simple cabinets for your home or garage. However, it includes many features that w...

90.4 / 100

Repository

https://github.com/dprojects/Woodworking
master · Created: 2022-02-25 · Updated: 1 mo · 154 python files

Statistics

16,112
DL(Yr)
2,974
DL(Mo)
489
Stars
3
Issues
Manifest
Branch
master
Version
3.1.20260416
License
MIT
Dependencies 9
  • Internal: BOPTools
  • Internal: Draft
  • Internal: PySide
  • Internal: Sketcher
  • Internal: Spreadsheet
  • Internal: TechDraw
  • Internal: pivy
  • Warn: Path (Not in AddonManager allowed packages)
  • Warn: deep_translator (Not in AddonManager allowed packages)
Static Analysis 24
MEDIUM 8
Tools/debugInfo.py2
  • line 239: Audit url open for permitted schemes. Allowing use of file:/ or custom schemes is often unexpected.
  • line 856: Audit url open for permitted schemes. Allowing use of file:/ or custom schemes is often unexpected.
Tools/scanObjects.py1
  • line 1330: Use of possibly insecure function - consider using safer ast.literal_eval.
Tools/setTextures.py1
  • line 517: Audit url open for permitted schemes. Allowing use of file:/ or custom schemes is often unexpected.
Tools/sheet2export.py1
  • line 858: Using xml.etree.ElementTree.fromstring to parse untrusted XML data is known to be vulnerable to XML attacks. Replace xml.etree.ElementTree.fromstring with its defusedxml equivalent function or make sure defusedxml.defuse_stdlib() is called
loadMenu.py2
  • line 217: Audit url open for permitted schemes. Allowing use of file:/ or custom schemes is often unexpected.
  • line 285: Audit url open for permitted schemes. Allowing use of file:/ or custom schemes is often unexpected.
translations/make_AI_translation.py1
  • line 167: Using xml.etree.ElementTree.parse to parse untrusted XML data is known to be vulnerable to XML attacks. Replace xml.etree.ElementTree.parse with its defusedxml equivalent function or make sure defusedxml.defuse_stdlib() is called
LOW 16
Tools/MagicPanels.py4
  • line 2449: Try, Except, Continue detected.
  • line 2570: Try, Except, Continue detected.
  • line 3222: Try, Except, Continue detected.
  • line 4027: Try, Except, Continue detected.
Tools/align2Curve.py1
  • line 138: Try, Except, Continue detected.
Tools/debugInfo.py1
  • line 1013: Try, Except, Continue detected.
Tools/magicView.py2
  • line 350: Try, Except, Continue detected.
  • line 421: Try, Except, Continue detected.
Tools/makeBeautiful.py1
  • line 32: Try, Except, Continue detected.
Tools/selected2Outside.py1
  • line 27: Try, Except, Continue detected.
Tools/sheet2export.py2
  • line 856: Using xml.etree.ElementTree to parse untrusted XML data is known to be vulnerable to XML attacks. Replace xml.etree.ElementTree with the equivalent defusedxml package, or make sure defusedxml.defuse_stdlib() is called.
  • line 867: Try, Except, Continue detected.
Tools/showConstraints.py1
  • line 23: Try, Except, Continue detected.
Tools/showPlacement.py1
  • line 27: Try, Except, Continue detected.
Tools/showVertex.py1
  • line 35: Try, Except, Continue detected.
translations/make_AI_translation.py1
  • line 1: Using xml.etree.ElementTree to parse untrusted XML data is known to be vulnerable to XML attacks. Replace xml.etree.ElementTree with the equivalent defusedxml package, or make sure defusedxml.defuse_stdlib() is called.
INFO 1
Layout1
  • Uses exec based layout
Authors/Maintainers 1
Darek L

pyrate

No description

90.4 / 100

Repository

https://salsa.debian.org/mess42/pyrate
master · Updated: 1 yr · 123 python files

Statistics

0
DL(Yr)
0
DL(Mo)
0
Stars
0
Issues
Dependencies 10
  • Internal: Points
  • Internal: PySide
  • Warn: PyYAML (Not in AddonManager allowed packages)
  • Warn: hypothesis (Not in AddonManager allowed packages)
  • Warn: matplotlib (Not in AddonManager allowed packages)
  • Warn: nltk (Not in AddonManager allowed packages)
  • Warn: numpy (Not in AddonManager allowed packages)
  • Warn: scipy (Not in AddonManager allowed packages)
  • Warn: setuptools (Not in AddonManager allowed packages)
  • Warn: sympy (Not in AddonManager allowed packages)
Static Analysis 11
HIGH 2
package.xml1
  • File not found.
Layout1
  • Invalid __init__.py file in freecad package root.
MEDIUM 3
demos/demo_loadsave.py1
  • line 269: Use of possibly insecure function - consider using safer ast.literal_eval.
pyrateoptics/core/functionobject.py1
  • line 119: Use of exec detected.
pyrateoptics/core/serializer.py1
  • line 457: Use of unsafe yaml load. Allows instantiation of arbitrary objects. Consider yaml.safe_load().
LOW 6
pyrateoptics/core/log.py2
  • line 114: Standard pseudo-random generators are not suitable for security/cryptographic purposes.
  • line 115: Standard pseudo-random generators are not suitable for security/cryptographic purposes.
pyrateoptics/core/names/nltk_list_generator.py1
  • line 82: Standard pseudo-random generators are not suitable for security/cryptographic purposes.
pyrateoptics/raytracer/localcoordinates.py3
  • line 487: Standard pseudo-random generators are not suitable for security/cryptographic purposes.
  • line 488: Standard pseudo-random generators are not suitable for security/cryptographic purposes.
  • line 489: Standard pseudo-random generators are not suitable for security/cryptographic purposes.
INFO 1
Layout1
  • Uses extension based layout
Authors/Maintainers 0

Render master

2024.12.15· (UNMAINTAINED) A workbench to produce high-quality rendered images from your FreeCAD document, using open-source external rendering engines....

90.3 / 100

Repository

https://github.com/FreeCAD/FreeCAD-render
master · Created: 2017-12-17 · Updated: 2 d · 53 python files

Statistics

7,042
DL(Yr)
2,586
DL(Mo)
219
Stars
17
Issues
Manifest
Branch
master
Version
2024.12.15
License
LGPL-2.1-or-later
Dependencies 9
  • Internal: Mesh
  • Internal: PySide
  • Internal: pivy
  • Warn: MaterialX (Not in AddonManager allowed packages)
  • Warn: PyQt6 (Not in AddonManager allowed packages)
  • Warn: freecad_addon_analyzer (Not in AddonManager allowed packages)
  • Warn: freecad_addon_analyzer.egg (Not in AddonManager allowed packages)
  • Warn: numpy (Not in AddonManager allowed packages)
  • Warn: qtpy (Not in AddonManager allowed packages)
Static Analysis 23
HIGH 1
Render/plugins/materialx/importer/converter/materialx_baker.py1
  • line 497: Use of weak SHA1 hash for security. Consider usedforsecurity=False
MEDIUM 5
Render/renderers/Appleseed.py2
  • line 1439: Using xml.etree.ElementTree.fromstring to parse untrusted XML data is known to be vulnerable to XML attacks. Replace xml.etree.ElementTree.fromstring with its defusedxml equivalent function or make sure defusedxml.defuse_stdlib() is called
  • line 1484: Using xml.dom.minidom.parseString to parse untrusted XML data is known to be vulnerable to XML attacks. Replace xml.dom.minidom.parseString with its defusedxml equivalent function or make sure defusedxml.defuse_stdlib() is called
Render/renderers/Cycles.py1
  • line 1025: Using xml.etree.ElementTree.parse to parse untrusted XML data is known to be vulnerable to XML attacks. Replace xml.etree.ElementTree.parse with its defusedxml equivalent function or make sure defusedxml.defuse_stdlib() is called
Render/virtualenv.py2
  • line 386: Audit url open for permitted schemes. Allowing use of file:/ or custom schemes is often unexpected.
  • line 418: Audit url open for permitted schemes. Allowing use of file:/ or custom schemes is often unexpected.
LOW 17
Render/plugins/materialx/importer/materialx_importer.py2
  • line 25: Consider possible security implications associated with the subprocess module.
  • line 77: subprocess call - check for execution of untrusted input.
Render/prefpage.py2
  • line 32: Consider possible security implications associated with the subprocess module.
  • line 305: subprocess call - check for execution of untrusted input.
Render/rdrexecutor.py2
  • line 34: Consider possible security implications associated with the subprocess module.
  • line 94: subprocess call - check for execution of untrusted input.
Render/renderers/Appleseed.py2
  • line 48: Using xml.etree.ElementTree to parse untrusted XML data is known to be vulnerable to XML attacks. Replace xml.etree.ElementTree with the equivalent defusedxml package, or make sure defusedxml.defuse_stdlib() is called.
  • line 49: Using xml.dom.minidom to parse untrusted XML data is known to be vulnerable to XML attacks. Replace xml.dom.minidom with the equivalent defusedxml package, or make sure defusedxml.defuse_stdlib() is called.
Render/renderers/Cycles.py1
  • line 74: Using xml.etree.ElementTree to parse untrusted XML data is known to be vulnerable to XML attacks. Replace xml.etree.ElementTree with the equivalent defusedxml package, or make sure defusedxml.defuse_stdlib() is called.
Render/virtualenv.py8
  • line 47: Consider possible security implications associated with the subprocess module.
  • line 240: subprocess call - check for execution of untrusted input.
  • line 275: subprocess call - check for execution of untrusted input.
  • line 299: subprocess call - check for execution of untrusted input.
  • line 367: subprocess call - check for execution of untrusted input.
  • line 396: subprocess call - check for execution of untrusted input.
  • line 420: subprocess call - check for execution of untrusted input.
  • line 520: subprocess call - check for execution of untrusted input.
INFO 1
Layout1
  • Uses exec based layout
Authors/Maintainers 3
Yorik Van Havre No current maintainer howetuft

EasyProfileFrame main

0.0.1· Simplifies the creation of frames using profiles, such as aluminum profiles. It also includes support for exporting Bill of Materials (BOM).

90 / 100

Repository

https://github.com/ovo-Tim/EasyProfileFrame
main · Created: 2025-01-19 · Updated: 1 yr · 10 python files

Statistics

2,465
DL(Yr)
687
DL(Mo)
20
Stars
6
Issues
Manifest
Branch
main
Version
0.0.1
License
LGPL-3.0-or-later
Dependencies 3
  • Internal: PySide
  • Internal: Sketcher
  • Warn: setuptools (Not in AddonManager allowed packages)
Static Analysis 4
HIGH 3
package.xml3
  • line 2: Expecting an element maintainer, got nothing
  • line 2: Invalid sequence in interleave
  • line 2: Element package failed to validate content
MEDIUM 1
setup.py1
  • line 11: Use of exec detected.
INFO 2
package.xml1
  • Missing maintainers information in package.xml
Layout1
  • Uses extension based layout
Authors/Maintainers 1
ovo-Tim

POV-Ray-Rendering

No description

89.2 / 100

Repository

https://github.com/TheRaytracers/freecad-povray-render
master · Created: 2020-11-30 · Updated: 3 yr · 8 python files

Statistics

197
DL(Yr)
197
DL(Mo)
4
Stars
6
Issues
Dependencies 2
  • Internal: PySide
  • Internal: pivy
Static Analysis 12
HIGH 3
Dialog.py1
  • line 1609: Use of weak MD5 hash for security. Consider usedforsecurity=False
package.xml1
  • File not found.
Layout1
  • Invalid __init__.py file in root. Change to Init.py
MEDIUM 1
Dialog.py1
  • line 667: Using xml.etree.ElementTree.parse to parse untrusted XML data is known to be vulnerable to XML attacks. Replace xml.etree.ElementTree.parse with its defusedxml equivalent function or make sure defusedxml.defuse_stdlib() is called
LOW 8
Dialog.py5
  • line 27: Consider possible security implications associated with the subprocess module.
  • line 28: Using xml.etree.ElementTree to parse untrusted XML data is known to be vulnerable to XML attacks. Replace xml.etree.ElementTree with the equivalent defusedxml package, or make sure defusedxml.defuse_stdlib() is called.
  • line 1434: subprocess call - check for execution of untrusted input.
  • line 1445: subprocess call - check for execution of untrusted input.
  • line 1737: subprocess call - check for execution of untrusted input.
Exporter.py3
  • line 31: Consider possible security implications associated with the subprocess module.
  • line 1931: subprocess call - check for execution of untrusted input.
  • line 1934: subprocess call - check for execution of untrusted input.
INFO 1
Layout1
  • Uses exec based layout
Authors/Maintainers 0

osh-autodoc-workbench main

0.2.3· A workbench that support the creation of assembly manuals of open source hardware.

89 / 100

Repository

https://codeberg.org/osh-autodoc/osh-autodoc-workbench
main · Updated: 3 mo · 23 python files

Statistics

0
DL(Yr)
0
DL(Mo)
0
Stars
0
Issues
Manifest
Branch
main
Version
0.2.3
License
LGPL-3.0-or-later
Dependencies 6
  • Compat: PySide6
  • Internal: Draft
  • Internal: PySide
  • Internal: TechDraw
  • Internal: pivy
  • Warn: setuptools (Not in AddonManager allowed packages)
Static Analysis 9
HIGH 1
package.xml1
  • line 19: Missing license file 'None'
MEDIUM 8
freecad/OSHAutoDocWorkbench/layer_state_manager.py6
  • line 663: Use of possibly insecure function - consider using safer ast.literal_eval.
  • line 665: Use of possibly insecure function - consider using safer ast.literal_eval.
  • line 667: Use of possibly insecure function - consider using safer ast.literal_eval.
  • line 669: Use of possibly insecure function - consider using safer ast.literal_eval.
  • line 673: Use of possibly insecure function - consider using safer ast.literal_eval.
  • line 675: Use of possibly insecure function - consider using safer ast.literal_eval.
freecad/OSHAutoDocWorkbench/util/util.py1
  • line 50: Use of possibly insecure function - consider using safer ast.literal_eval.
setup.py1
  • line 13: Use of exec detected.
INFO 1
Layout1
  • Uses extension based layout
Authors/Maintainers 2
Pieter Hijma J.C. Mariscal-Melgar

SaveAndRestore main

0.2.3· A simple addon to save and restore your settings

88.9 / 100

Repository

https://github.com/APEbbers/SaveAndRestore
main · Created: 2025-04-23 · Updated: 1 mo · 11 python files

Statistics

3,440
DL(Yr)
997
DL(Mo)
7
Stars
2
Issues
Manifest
Branch
main
Version
0.2.3
License
MIT
Dependencies 3
  • Internal: PySide
  • Warn: GitPython (Not in AddonManager allowed packages)
  • Warn: matplotlib (Not in AddonManager allowed packages)
Static Analysis 26
HIGH 2
Standard_Functions_SaveAndRestore.py1
  • line 962: subprocess call with shell=True identified, security issue.
package.xml1
  • line 12: Element maintainer failed to validate attributes
MEDIUM 3
Standard_Functions_SaveAndRestore.py2
  • line 496: Using xml.etree.ElementTree.parse to parse untrusted XML data is known to be vulnerable to XML attacks. Replace xml.etree.ElementTree.parse with its defusedxml equivalent function or make sure defusedxml.defuse_stdlib() is called
  • line 533: Using xml.etree.ElementTree.fromstring to parse untrusted XML data is known to be vulnerable to XML attacks. Replace xml.etree.ElementTree.fromstring with its defusedxml equivalent function or make sure defusedxml.defuse_stdlib() is called
StyleMapping_SaveAndRestore.py1
  • line 101: Using xml.etree.ElementTree.parse to parse untrusted XML data is known to be vulnerable to XML attacks. Replace xml.etree.ElementTree.parse with its defusedxml equivalent function or make sure defusedxml.defuse_stdlib() is called
LOW 21
LoadDialog_SaveAndRestore.py9
  • line 40: Consider possible security implications associated with the subprocess module.
  • line 268: subprocess call - check for execution of untrusted input.
  • line 281: Starting a process with a partial executable path
  • line 281: subprocess call - check for execution of untrusted input.
  • line 330: Starting a process with a partial executable path
  • line 330: subprocess call - check for execution of untrusted input.
  • line 429: subprocess call - check for execution of untrusted input.
  • line 435: Starting a process with a partial executable path
  • line 435: subprocess call - check for execution of untrusted input.
Standard_Functions_SaveAndRestore.py11
  • line 317: Consider possible security implications associated with the subprocess module.
  • line 324: subprocess call - check for execution of untrusted input.
  • line 326: Starting a process without a shell.
  • line 330: Starting a process with a partial executable path
  • line 330: subprocess call - check for execution of untrusted input.
  • line 489: Using xml.etree.ElementTree to parse untrusted XML data is known to be vulnerable to XML attacks. Replace xml.etree.ElementTree with the equivalent defusedxml package, or make sure defusedxml.defuse_stdlib() is called.
  • line 523: Using xml.etree.ElementTree to parse untrusted XML data is known to be vulnerable to XML attacks. Replace xml.etree.ElementTree with the equivalent defusedxml package, or make sure defusedxml.defuse_stdlib() is called.
  • line 945: Try, Except, Continue detected.
  • line 958: Consider possible security implications associated with the subprocess module.
  • line 966: Consider possible security implications associated with the subprocess module.
  • line 974: subprocess call - check for execution of untrusted input.
StyleMapping_SaveAndRestore.py1
  • line 61: Using xml.etree.ElementTree to parse untrusted XML data is known to be vulnerable to XML attacks. Replace xml.etree.ElementTree with the equivalent defusedxml package, or make sure defusedxml.defuse_stdlib() is called.
INFO 2
package.xml1
  • Missing author information in package.xml
Layout1
  • Uses exec based layout
Authors/Maintainers 1
Paul Ebbers

TitleBlock main

0.5.2.2· An extension for the TechDraw workbench to fill a TitleBlock with the aid of the Spreadsheet workbench.

88.4 / 100

Repository

https://github.com/APEbbers/TitleBlock-WB
main · Created: 2023-10-07 · Updated: 9 mo · 18 python files

Statistics

0
DL(Yr)
0
DL(Mo)
4
Stars
2
Issues
Manifest
Branch
main
Version
0.5.2.2
License
LGPL-2.1-or-later
Dependencies 4
  • Internal: PySide
  • Warn: matplotlib (Not in AddonManager allowed packages)
  • Warn: openpyxl (Not in AddonManager allowed packages)
  • Warn: pycurl (Not in AddonManager allowed packages)
Static Analysis 11
HIGH 3
utils/updateTranslations.py3
  • line 137: Starting a process with a shell, possible injection detected, security issue.
  • line 179: Starting a process with a shell, possible injection detected, security issue.
  • line 200: Starting a process with a shell, possible injection detected, security issue.
MEDIUM 2
utils/updateTranslations.py2
  • line 194: Using xml.sax.parseString to parse untrusted XML data is known to be vulnerable to XML attacks. Replace xml.sax.parseString with its defusedxml equivalent function or make sure defusedxml.defuse_stdlib() is called
  • line 218: Using xml.sax.parseString to parse untrusted XML data is known to be vulnerable to XML attacks. Replace xml.sax.parseString with its defusedxml equivalent function or make sure defusedxml.defuse_stdlib() is called
LOW 6
Standard_Functions_TB.py5
  • line 316: Consider possible security implications associated with the subprocess module.
  • line 323: subprocess call - check for execution of untrusted input.
  • line 325: Starting a process without a shell.
  • line 329: Starting a process with a partial executable path
  • line 329: subprocess call - check for execution of untrusted input.
utils/updateTranslations.py1
  • line 55: Using xml.sax to parse untrusted XML data is known to be vulnerable to XML attacks. Replace xml.sax with the equivalent defusedxml package, or make sure defusedxml.defuse_stdlib() is called.
INFO 2
package.xml1
  • Missing author information in package.xml
Layout1
  • Uses exec based layout
Authors/Maintainers 1
Paul Ebbers

Launcher Latest

0.1.0· Search for commands and run them.

88 / 100

Repository

https://github.com/Addon-Shelter/Runner
Stable · v0.1.0 · Created: 2026-03-28 · Updated: 2 mo · 2 python files

Statistics

0
DL(Yr)
0
DL(Mo)
0
Stars
0
Issues
Manifest
Branch
Latest
Version
0.1.0
License
LGPL-2.1-or-later, CC-BY-SA-4.0
Dependencies 1
  • Compat: PySide6
Static Analysis 4
HIGH 4
package.xml4
  • line 15: Invalid attribute type for element replace
  • Extra element replace in interleave
  • line 15: Element package failed to validate content
  • Declared branch 'Latest' does not match git branch 'Stable'
INFO 1
Layout1
  • Uses extension based layout
Authors/Maintainers 2
PhoneDroid Triplus

FreeCAD-Ribbon main

1.10.11· A Ribbon interface for FreeCAD

87.7 / 100

Repository

https://github.com/APEbbers/FreeCAD-Ribbon
main · Created: 2024-09-28 · Updated: 2 d · 45 python files

Statistics

4,061
DL(Yr)
1,163
DL(Mo)
106
Stars
9
Issues
Manifest
Branch
main
Version
1.10.11
License
GPL-3.0-or-later
Dependencies 6
  • Internal: PySide
  • Warn: GitPython (Not in AddonManager allowed packages)
  • Warn: Requests (Not in AddonManager allowed packages)
  • Warn: matplotlib (Not in AddonManager allowed packages)
  • Warn: numpy (Not in AddonManager allowed packages)
  • Warn: setuptools_scm (Not in AddonManager allowed packages)
Static Analysis 29
HIGH 2
package.xml1
  • line 12: Element maintainer failed to validate attributes
Layout1
  • Invalid __init__.py file in root. Change to Init.py
MEDIUM 4
Standard_Functions_Ribbon.py3
  • line 497: Using xml.etree.ElementTree.parse to parse untrusted XML data is known to be vulnerable to XML attacks. Replace xml.etree.ElementTree.parse with its defusedxml equivalent function or make sure defusedxml.defuse_stdlib() is called
  • line 539: Audit url open for permitted schemes. Allowing use of file:/ or custom schemes is often unexpected.
  • line 541: Using xml.etree.ElementTree.fromstring to parse untrusted XML data is known to be vulnerable to XML attacks. Replace xml.etree.ElementTree.fromstring with its defusedxml equivalent function or make sure defusedxml.defuse_stdlib() is called
StyleMapping_Ribbon.py1
  • line 122: Using xml.etree.ElementTree.parse to parse untrusted XML data is known to be vulnerable to XML attacks. Replace xml.etree.ElementTree.parse with its defusedxml equivalent function or make sure defusedxml.defuse_stdlib() is called
LOW 23
FCBinding.py1
  • line 3522: Try, Except, Continue detected.
LoadDesign_Ribbon.py4
  • line 3246: Try, Except, Continue detected.
  • line 4665: Try, Except, Continue detected.
  • line 4710: Try, Except, Continue detected.
  • line 4758: Try, Except, Continue detected.
Standard_Functions_Ribbon.py17
  • line 23: Using Element to parse untrusted XML data is known to be vulnerable to XML attacks. Replace Element with the equivalent defusedxml package, or make sure defusedxml.defuse_stdlib() is called.
  • line 255: Consider possible security implications associated with the subprocess module.
  • line 263: Starting a process with a partial executable path
  • line 263: subprocess call - check for execution of untrusted input.
  • line 265: Starting a process without a shell.
  • line 269: Starting a process with a partial executable path
  • line 269: subprocess call - check for execution of untrusted input.
  • line 271: Starting a process with a partial executable path
  • line 271: subprocess call - check for execution of untrusted input.
  • line 318: Consider possible security implications associated with the subprocess module.
  • line 325: subprocess call - check for execution of untrusted input.
  • line 327: Starting a process without a shell.
  • line 331: Starting a process with a partial executable path
  • line 331: subprocess call - check for execution of untrusted input.
  • line 490: Using xml.etree.ElementTree to parse untrusted XML data is known to be vulnerable to XML attacks. Replace xml.etree.ElementTree with the equivalent defusedxml package, or make sure defusedxml.defuse_stdlib() is called.
  • line 525: Using xml.etree.ElementTree to parse untrusted XML data is known to be vulnerable to XML attacks. Replace xml.etree.ElementTree with the equivalent defusedxml package, or make sure defusedxml.defuse_stdlib() is called.
  • line 955: Try, Except, Continue detected.
StyleMapping_Ribbon.py1
  • line 76: Using xml.etree.ElementTree to parse untrusted XML data is known to be vulnerable to XML attacks. Replace xml.etree.ElementTree with the equivalent defusedxml package, or make sure defusedxml.defuse_stdlib() is called.
INFO 2
package.xml1
  • Missing author information in package.xml
Layout1
  • Uses exec based layout
Authors/Maintainers 1
Paul Ebbers

SearchBar main

1.8.0· Adds a search bar widget for tools, document objects, and preferences

87.6 / 100

Repository

https://github.com/APEbbers/SearchBar
Develop · Created: 2024-11-07 · Updated: 8 mo · 28 python files

Statistics

0
DL(Yr)
0
DL(Mo)
6
Stars
7
Issues
Manifest
Branch
main
Version
1.8.0
License
CCOv1
Dependencies 4
  • Internal: PySide
  • Internal: pivy
  • Warn: GitPython (Not in AddonManager allowed packages)
  • Warn: lxml (Not in AddonManager allowed packages)
Static Analysis 10
HIGH 3
package.xml2
  • line 12: Element maintainer failed to validate attributes
  • Declared branch 'main' does not match git branch 'Develop'
Layout1
  • Invalid __init__.py file in root. Change to Init.py
MEDIUM 3
StandardFunctions_SearchBar.py2
  • line 11: Using xml.etree.ElementTree.parse to parse untrusted XML data is known to be vulnerable to XML attacks. Replace xml.etree.ElementTree.parse with its defusedxml equivalent function or make sure defusedxml.defuse_stdlib() is called
  • line 52: Using xml.etree.ElementTree.fromstring to parse untrusted XML data is known to be vulnerable to XML attacks. Replace xml.etree.ElementTree.fromstring with its defusedxml equivalent function or make sure defusedxml.defuse_stdlib() is called
StyleMapping_SearchBar.py1
  • line 83: Using xml.etree.ElementTree.parse to parse untrusted XML data is known to be vulnerable to XML attacks. Replace xml.etree.ElementTree.parse with its defusedxml equivalent function or make sure defusedxml.defuse_stdlib() is called
LOW 4
ResultsToolbar.py1
  • line 117: Try, Except, Continue detected.
StandardFunctions_SearchBar.py2
  • line 4: Using xml.etree.ElementTree to parse untrusted XML data is known to be vulnerable to XML attacks. Replace xml.etree.ElementTree with the equivalent defusedxml package, or make sure defusedxml.defuse_stdlib() is called.
  • line 39: Using xml.etree.ElementTree to parse untrusted XML data is known to be vulnerable to XML attacks. Replace xml.etree.ElementTree with the equivalent defusedxml package, or make sure defusedxml.defuse_stdlib() is called.
StyleMapping_SearchBar.py1
  • line 43: Using xml.etree.ElementTree to parse untrusted XML data is known to be vulnerable to XML attacks. Replace xml.etree.ElementTree with the equivalent defusedxml package, or make sure defusedxml.defuse_stdlib() is called.
INFO 2
package.xml1
  • Missing author information in package.xml
Layout1
  • Uses exec based layout
Authors/Maintainers 1
Paul Ebbers

kicadStepUpMod master

11.08.2· A bidirectional ECAD/MCAD collaboration between KiCAD and FreeCAD.

85.9 / 100

Repository

https://github.com/easyw/kicadStepUpMod
master · Created: 2017-09-12 · Updated: 5 mo · 34 python files

Statistics

6,972
DL(Yr)
1,483
DL(Mo)
646
Stars
39
Issues
Manifest
Branch
master
Version
11.08.2
License
AGPLv3.0
Dependencies 17
  • Internal: BOPTools
  • Internal: Draft
  • Internal: Mesh
  • Internal: PySide
  • Internal: Sketcher
  • Internal: TechDraw
  • Internal: pivy
  • Warn: Aligner (Not in AddonManager allowed packages)
  • Warn: Caliper (Not in AddonManager allowed packages)
  • Warn: Mover (Not in AddonManager allowed packages)
  • Warn: Path (Not in AddonManager allowed packages)
  • Warn: Requests (Not in AddonManager allowed packages)
  • Warn: ezdxf (Not in AddonManager allowed packages)
  • Warn: freecad_addon_analyzer (Not in AddonManager allowed packages)
  • Warn: freecad_addon_analyzer.egg (Not in AddonManager allowed packages)
  • Warn: numpy (Not in AddonManager allowed packages)
  • Warn: stepZ (Not in AddonManager allowed packages)
Static Analysis 18
HIGH 3
kicadStepUpCMD.py2
  • line 4668: Starting a process with a shell, possible injection detected, security issue.
  • line 4671: subprocess call with shell=True identified, security issue.
package.xml1
  • line 7: Missing license file 'LICENSE'
MEDIUM 4
InitGui.py1
  • line 433: Possible SQL injection vector through string-based query construction.
commits_num.py3
  • line 11: Call to requests without timeout
  • line 22: Audit url open for permitted schemes. Allowing use of file:/ or custom schemes is often unexpected.
  • line 52: Call to requests without timeout
LOW 11
fps.py2
  • line 195: Standard pseudo-random generators are not suitable for security/cryptographic purposes.
  • line 216: Standard pseudo-random generators are not suitable for security/cryptographic purposes.
kicadStepUpCMD.py5
  • line 4655: Consider possible security implications associated with the subprocess module.
  • line 4662: Starting a process with a partial executable path
  • line 4662: subprocess call - check for execution of untrusted input.
  • line 4664: Starting a process with a partial executable path
  • line 4664: subprocess call - check for execution of untrusted input.
kicad_parser.py1
  • line 1294: Try, Except, Continue detected.
tracks.py2
  • line 206: Standard pseudo-random generators are not suitable for security/cryptographic purposes.
  • line 236: Standard pseudo-random generators are not suitable for security/cryptographic purposes.
license.*1
  • File not found.
INFO 2
package.xml1
  • Missing author information in package.xml
Layout1
  • Uses exec based layout
Authors/Maintainers 1
Maui

fcVM main

2024.9.5· Finite element collapse analysis based on the von Mises plasticity model for use with FreeCAD

85.9 / 100

Repository

https://github.com/HarryvL/fcVM-workbench
main · Created: 2024-01-17 · Updated: 10 mo · 4 python files

Statistics

0
DL(Yr)
0
DL(Mo)
11
Stars
3
Issues
Manifest
Branch
main
Version
2024.9.5
License
Dependencies 9
  • Internal: PySide
  • Warn: cholespy (Not in AddonManager allowed packages)
  • Warn: femtools (Not in AddonManager allowed packages)
  • Warn: matplotlib (Not in AddonManager allowed packages)
  • Warn: numba (Not in AddonManager allowed packages)
  • Warn: numpy (Not in AddonManager allowed packages)
  • Warn: pyvista (Not in AddonManager allowed packages)
  • Warn: scipy (Not in AddonManager allowed packages)
  • Warn: sksparse_minimal (Not in AddonManager allowed packages)
Static Analysis 7
HIGH 4
package.xml4
  • line 2: Expecting an element maintainer, got nothing
  • line 2: Expecting an element license, got nothing
  • line 2: Invalid sequence in interleave
  • line 2: Element package failed to validate content
MEDIUM 2
InitGui.py2
  • line 233: Use of exec detected.
  • line 280: Use of exec detected.
LOW 1
license.*1
  • File not found.
INFO 2
package.xml1
  • Missing author information in package.xml
Layout1
  • Uses exec based layout
Authors/Maintainers 1
HarryvL

FreeGrid main

2.2.0· A simple tools workbench for generating FreeGrid storage system components.

85.5 / 100

Repository

https://github.com/instancezero/in3dca-freegrid.git
main · Created: 2022-07-25 · Updated: 1 yr · 9 python files

Statistics

708
DL(Yr)
143
DL(Mo)
47
Stars
2
Issues
Manifest
Branch
main
Version
2.2.0
License
AGPL-3.0-or-later
Dependencies 3
  • Internal: PySide
  • Internal: Sketcher
  • Warn: setuptools (Not in AddonManager allowed packages)
Static Analysis 11
HIGH 4
package.xml4
  • line 12: Element maintainer failed to validate attributes
  • line 14: Element maintainer failed to validate attributes
  • Extra element maintainer in interleave
  • line 14: Element package failed to validate content
MEDIUM 2
freecad/freegrid/resources/translations/update_crowdin.py2
  • line 173: Audit url open for permitted schemes. Allowing use of file:/ or custom schemes is often unexpected.
  • line 254: Audit url open for permitted schemes. Allowing use of file:/ or custom schemes is often unexpected.
LOW 5
freecad/freegrid/commands.py1
  • line 141: Standard pseudo-random generators are not suitable for security/cryptographic purposes.
freecad/freegrid/resources/translations/update_crowdin.py4
  • line 75: Consider possible security implications associated with the subprocess module.
  • line 408: subprocess call - check for execution of untrusted input.
  • line 409: subprocess call - check for execution of untrusted input.
  • line 413: subprocess call - check for execution of untrusted input.
INFO 1
Layout1
  • Uses extension based layout
Authors/Maintainers 3
Alan Langford hasecilu Michael K Johnson

Corridor-Road main

1.0.1· FreeCAD workbench for parametric road corridor design, review, and output preparation.

85.5 / 100

Repository

https://github.com/ganadara135/CorridorRoad
main · Created: 2026-02-23 · Updated: today · 453 python files

Statistics

0
DL(Yr)
0
DL(Mo)
3
Stars
1
Issues
Manifest
Branch
main
Version
1.0.1
License
LGPL-2.1-or-later
Dependencies 4
  • Compat: PySide2
  • Compat: PySide6
  • Internal: Mesh
  • Internal: PySide
Static Analysis 116
HIGH 1
freecad/Corridor_Road/v1/exchange/ifc_export.py1
  • line 243: Use of weak SHA1 hash for security. Consider usedforsecurity=False
LOW 115
freecad/Corridor_Road/objects/coord_transform.py1
  • line 71: Try, Except, Continue detected.
freecad/Corridor_Road/objects/corridor_segment_builder.py4
  • line 186: Possible hardcoded password: 'region'
  • line 188: Possible hardcoded password: 'structure'
  • line 190: Possible hardcoded password: 'notch'
  • line 297: Try, Except, Continue detected.
freecad/Corridor_Road/objects/obj_centerline3d_display.py5
  • line 432: Try, Except, Continue detected.
  • line 620: Try, Except, Continue detected.
  • line 652: Try, Except, Continue detected.
  • line 717: Try, Except, Continue detected.
  • line 850: Try, Except, Continue detected.
freecad/Corridor_Road/objects/obj_cut_fill_calc.py4
  • line 314: Try, Except, Continue detected.
  • line 345: Try, Except, Continue detected.
  • line 371: Try, Except, Continue detected.
  • line 689: Try, Except, Continue detected.
freecad/Corridor_Road/objects/obj_region_plan.py4
  • line 373: Try, Except, Continue detected.
  • line 385: Try, Except, Continue detected.
  • line 652: Try, Except, Continue detected.
  • line 922: Try, Except, Continue detected.
freecad/Corridor_Road/objects/obj_section_set.py13
  • line 58: Try, Except, Continue detected.
  • line 447: Try, Except, Continue detected.
  • line 470: Try, Except, Continue detected.
  • line 480: Try, Except, Continue detected.
  • line 1076: Try, Except, Continue detected.
  • line 3637: Try, Except, Continue detected.
  • line 3652: Try, Except, Continue detected.
  • line 3753: Try, Except, Continue detected.
  • line 3993: Try, Except, Continue detected.
  • line 4620: Try, Except, Continue detected.
  • line 5362: Possible hardcoded password: 'daylight=fallback:no_terrain'
  • line 5365: Possible hardcoded password: 'daylight=fallback:sampler_failed'
  • line 5371: Possible hardcoded password: 'daylight=off'
freecad/Corridor_Road/objects/obj_structure_set.py5
  • line 203: Try, Except, Continue detected.
  • line 218: Try, Except, Continue detected.
  • line 227: Try, Except, Continue detected.
  • line 229: Try, Except, Continue detected.
  • line 1162: Try, Except, Continue detected.
freecad/Corridor_Road/objects/sketch_alignment_import.py1
  • line 17: Try, Except, Continue detected.
freecad/Corridor_Road/objects/surface_sampling_core.py3
  • line 67: Try, Except, Continue detected.
  • line 79: Try, Except, Continue detected.
  • line 100: Try, Except, Continue detected.
freecad/Corridor_Road/objects/unit_policy.py2
  • line 150: Possible hardcoded password: 'm'
  • line 152: Possible hardcoded password: 'mm'
freecad/Corridor_Road/ui/task_alignment_editor.py1
  • line 871: Try, Except, Continue detected.
freecad/Corridor_Road/ui/task_centerline3d.py1
  • line 59: Try, Except, Continue detected.
freecad/Corridor_Road/ui/task_cross_section_editor.py2
  • line 1369: Try, Except, Continue detected.
  • line 1431: Try, Except, Continue detected.
freecad/Corridor_Road/ui/task_cross_section_viewer.py1
  • line 877: Try, Except, Continue detected.
freecad/Corridor_Road/ui/task_profile_editor.py1
  • line 122: Possible hardcoded password: 'custom'
freecad/Corridor_Road/ui/task_region_editor.py2
  • line 140: Possible hardcoded password: 'custom'
  • line 2835: Try, Except, Continue detected.
freecad/Corridor_Road/ui/task_section_generator.py2
  • line 183: Try, Except, Continue detected.
  • line 195: Try, Except, Continue detected.
freecad/Corridor_Road/ui/task_structure_editor.py3
  • line 193: Possible hardcoded password: 'custom'
  • line 2480: Try, Except, Continue detected.
  • line 2506: Try, Except, Continue detected.
freecad/Corridor_Road/ui/task_typical_section_editor.py1
  • line 237: Possible hardcoded password: 'custom'
freecad/Corridor_Road/v1/commands/cmd_build_corridor.py9
  • line 3529: Try, Except, Continue detected.
  • line 3630: Try, Except, Continue detected.
  • line 3667: Try, Except, Continue detected.
  • line 3693: Try, Except, Continue detected.
  • line 3783: Try, Except, Continue detected.
  • line 3812: Try, Except, Continue detected.
  • line 5466: Try, Except, Continue detected.
  • line 5834: Try, Except, Continue detected.
  • line 6019: Try, Except, Continue detected.
freecad/Corridor_Road/v1/commands/cmd_drainage_editor.py1
  • line 1674: Try, Except, Continue detected.
freecad/Corridor_Road/v1/commands/cmd_earthwork_balance.py1
  • line 48: Try, Except, Continue detected.
freecad/Corridor_Road/v1/commands/cmd_edit_tin.py1
  • line 1580: Try, Except, Continue detected.
freecad/Corridor_Road/v1/commands/cmd_profile_editor.py2
  • line 2335: Try, Except, Continue detected.
  • line 2482: Try, Except, Continue detected.
freecad/Corridor_Road/v1/commands/cmd_region_editor.py2
  • line 596: Try, Except, Continue detected.
  • line 663: Try, Except, Continue detected.
freecad/Corridor_Road/v1/commands/cmd_review_plan_profile.py4
  • line 52: Try, Except, Continue detected.
  • line 247: Try, Except, Continue detected.
  • line 337: Try, Except, Continue detected.
  • line 364: Try, Except, Continue detected.
freecad/Corridor_Road/v1/commands/cmd_structure_editor.py1
  • line 3566: Try, Except, Continue detected.
freecad/Corridor_Road/v1/commands/cmd_view_sections.py4
  • line 339: Try, Except, Continue detected.
  • line 355: Try, Except, Continue detected.
  • line 378: Try, Except, Continue detected.
  • line 635: Try, Except, Continue detected.
freecad/Corridor_Road/v1/commands/cmd_watertight_solids.py4
  • line 2189: Try, Except, Continue detected.
  • line 2193: Try, Except, Continue detected.
  • line 2288: Try, Except, Continue detected.
  • line 2684: Try, Except, Continue detected.
freecad/Corridor_Road/v1/objects/obj_alignment.py2
  • line 364: Try, Except, Continue detected.
  • line 402: Try, Except, Continue detected.
freecad/Corridor_Road/v1/objects/obj_stationing.py1
  • line 352: Try, Except, Continue detected.
freecad/Corridor_Road/v1/services/builders/applied_section_service.py1
  • line 1934: Try, Except, Continue detected.
freecad/Corridor_Road/v1/services/builders/corridor_solid_service.py2
  • line 265: Try, Except, Continue detected.
  • line 284: Try, Except, Continue detected.
freecad/Corridor_Road/v1/services/builders/corridor_surface_service.py1
  • line 323: Try, Except, Continue detected.
freecad/Corridor_Road/v1/services/builders/earthwork_quantity_service.py1
  • line 104: Try, Except, Continue detected.
freecad/Corridor_Road/v1/services/builders/solid_target_discovery_service.py4
  • line 677: Try, Except, Continue detected.
  • line 690: Try, Except, Continue detected.
  • line 734: Try, Except, Continue detected.
  • line 744: Try, Except, Continue detected.
freecad/Corridor_Road/v1/services/evaluation/alignment_evaluation_service.py1
  • line 151: Try, Except, Continue detected.
freecad/Corridor_Road/v1/services/evaluation/alignment_station_sampling_service.py1
  • line 168: Try, Except, Continue detected.
freecad/Corridor_Road/v1/services/evaluation/drainage_resolution_service.py1
  • line 754: Try, Except, Continue detected.
freecad/Corridor_Road/v1/services/evaluation/profile_earthwork_area_hint_service.py1
  • line 141: Try, Except, Continue detected.
freecad/Corridor_Road/v1/services/evaluation/station_context_resolver.py1
  • line 99: Try, Except, Continue detected.
freecad/Corridor_Road/v1/services/evaluation/surface_transition_validation_service.py1
  • line 152: Try, Except, Continue detected.
freecad/Corridor_Road/v1/services/evaluation/tin_sampling_service.py1
  • line 413: Try, Except, Continue detected.
freecad/Corridor_Road/v1/services/mapping/drainage_pipeline_network_mapper.py1
  • line 202: Try, Except, Continue detected.
freecad/Corridor_Road/v1/services/mapping/drainage_pipeline_solid_mapper.py1
  • line 53: Try, Except, Continue detected.
freecad/Corridor_Road/v1/services/mapping/exchange_output_mapper.py1
  • line 222: Try, Except, Continue detected.
freecad/Corridor_Road/v1/ui/common/station_context.py1
  • line 59: Try, Except, Continue detected.
freecad/Corridor_Road/v1/ui/viewers/profile_review_view.py6
  • line 847: Try, Except, Continue detected.
  • line 933: Try, Except, Continue detected.
  • line 947: Try, Except, Continue detected.
  • line 1369: Try, Except, Continue detected.
  • line 1400: Try, Except, Continue detected.
  • line 1647: Try, Except, Continue detected.
tests/regression/smoke_centerline3d_display_segmentation.py1
  • line 43: Try, Except, Continue detected.
INFO 1
Layout1
  • Uses extension based layout
Authors/Maintainers 1
Kcod

SaveAndRestore main

0.2.3· A simple addon to save and restore your settings

85.1 / 100

Repository

https://github.com/APEbbers/SaveAndRestore
Develop · Created: 2025-04-23 · Updated: 4 d · 11 python files

Statistics

0
DL(Yr)
0
DL(Mo)
7
Stars
2
Issues
Manifest
Branch
main
Version
0.2.3
License
MIT
Dependencies 3
  • Internal: PySide
  • Warn: GitPython (Not in AddonManager allowed packages)
  • Warn: matplotlib (Not in AddonManager allowed packages)
Static Analysis 35
HIGH 3
Standard_Functions_SaveAndRestore.py1
  • line 962: subprocess call with shell=True identified, security issue.
package.xml2
  • line 12: Element maintainer failed to validate attributes
  • Declared branch 'main' does not match git branch 'Develop'
MEDIUM 3
Standard_Functions_SaveAndRestore.py2
  • line 496: Using xml.etree.ElementTree.parse to parse untrusted XML data is known to be vulnerable to XML attacks. Replace xml.etree.ElementTree.parse with its defusedxml equivalent function or make sure defusedxml.defuse_stdlib() is called
  • line 533: Using xml.etree.ElementTree.fromstring to parse untrusted XML data is known to be vulnerable to XML attacks. Replace xml.etree.ElementTree.fromstring with its defusedxml equivalent function or make sure defusedxml.defuse_stdlib() is called
StyleMapping_SaveAndRestore.py1
  • line 101: Using xml.etree.ElementTree.parse to parse untrusted XML data is known to be vulnerable to XML attacks. Replace xml.etree.ElementTree.parse with its defusedxml equivalent function or make sure defusedxml.defuse_stdlib() is called
LOW 29
LoadDialog_SaveAndRestore.py17
  • line 40: Consider possible security implications associated with the subprocess module.
  • line 296: subprocess call - check for execution of untrusted input.
  • line 309: Starting a process with a partial executable path
  • line 309: subprocess call - check for execution of untrusted input.
  • line 358: Starting a process with a partial executable path
  • line 358: subprocess call - check for execution of untrusted input.
  • line 457: subprocess call - check for execution of untrusted input.
  • line 463: Starting a process with a partial executable path
  • line 463: subprocess call - check for execution of untrusted input.
  • line 575: subprocess call - check for execution of untrusted input.
  • line 587: Starting a process with a partial executable path
  • line 587: subprocess call - check for execution of untrusted input.
  • line 629: Starting a process with a partial executable path
  • line 629: subprocess call - check for execution of untrusted input.
  • line 780: Starting a process with a partial executable path
  • line 780: subprocess call - check for execution of untrusted input.
  • line 782: Starting a process without a shell.
Standard_Functions_SaveAndRestore.py11
  • line 317: Consider possible security implications associated with the subprocess module.
  • line 324: subprocess call - check for execution of untrusted input.
  • line 326: Starting a process without a shell.
  • line 330: Starting a process with a partial executable path
  • line 330: subprocess call - check for execution of untrusted input.
  • line 489: Using xml.etree.ElementTree to parse untrusted XML data is known to be vulnerable to XML attacks. Replace xml.etree.ElementTree with the equivalent defusedxml package, or make sure defusedxml.defuse_stdlib() is called.
  • line 523: Using xml.etree.ElementTree to parse untrusted XML data is known to be vulnerable to XML attacks. Replace xml.etree.ElementTree with the equivalent defusedxml package, or make sure defusedxml.defuse_stdlib() is called.
  • line 945: Try, Except, Continue detected.
  • line 958: Consider possible security implications associated with the subprocess module.
  • line 966: Consider possible security implications associated with the subprocess module.
  • line 974: subprocess call - check for execution of untrusted input.
StyleMapping_SaveAndRestore.py1
  • line 61: Using xml.etree.ElementTree to parse untrusted XML data is known to be vulnerable to XML attacks. Replace xml.etree.ElementTree with the equivalent defusedxml package, or make sure defusedxml.defuse_stdlib() is called.
INFO 2
package.xml1
  • Missing author information in package.xml
Layout1
  • Uses exec based layout
Authors/Maintainers 1
Paul Ebbers

freecad_streamdeck_addon main

0.1.7· FreeCAD addon to use an Elgato Stream Deck macropad as an input device.

85 / 100

Repository

https://github.com/Giraut/freecad_streamdeck_addon
main · Created: 2024-02-25 · Updated: 2 yr · 6 python files

Statistics

0
DL(Yr)
0
DL(Mo)
18
Stars
7
Issues
Manifest
Branch
main
Version
0.1.7
License
GPL-3.0-or-later
Dependencies 3
  • Internal: PySide
  • Warn: Pillow (Not in AddonManager allowed packages)
  • Warn: StreamDeck (Not in AddonManager allowed packages)
Static Analysis 5
HIGH 5
streamdeck_addon.py2
  • line 102: Starting a process with a shell, possible injection detected, security issue.
  • line 493: Starting a process with a shell, possible injection detected, security issue.
package.xml3
  • line 2: Expecting an element maintainer, got nothing
  • line 2: Invalid sequence in interleave
  • line 2: Element package failed to validate content
INFO 2
package.xml1
  • Missing maintainers information in package.xml
Layout1
  • Uses exec based layout
Authors/Maintainers 1
Giraut

FEMbyGEN master

2.5.5· Parametric Finite Element Analysis(FEM)

84.9 / 100

Repository

https://github.com/Serince/FEMbyGEN
master · Created: 2022-07-27 · Updated: 7 d · 28 python files

Statistics

1,843
DL(Yr)
660
DL(Mo)
46
Stars
5
Issues
Manifest
Branch
master
Version
2.5.5
License
LGPL-2.1-only
Dependencies 11
  • Compat: PySide2
  • Compat: PySide6
  • Internal: Fem
  • Internal: Mesh
  • Internal: PySide
  • Warn: femtools (Not in AddonManager allowed packages)
  • Warn: freecad_addon_analyzer (Not in AddonManager allowed packages)
  • Warn: freecad_addon_analyzer.egg (Not in AddonManager allowed packages)
  • Warn: matplotlib (Not in AddonManager allowed packages)
  • Warn: numpy (Not in AddonManager allowed packages)
  • Warn: scipy (Not in AddonManager allowed packages)
Static Analysis 12
HIGH 2
package.xml2
  • line 20: Did not expect element depend there
  • line 11: Element content has extra content: workbench
MEDIUM 9
fembygen/design/pydoe2/build_regression_matrix.py2
  • line 88: Use of possibly insecure function - consider using safer ast.literal_eval.
  • line 93: Use of possibly insecure function - consider using safer ast.literal_eval.
fembygen/topology/beso_lib.py6
  • line 701: Use of possibly insecure function - consider using safer ast.literal_eval.
  • line 871: Use of possibly insecure function - consider using safer ast.literal_eval.
  • line 979: Use of possibly insecure function - consider using safer ast.literal_eval.
  • line 1040: Use of possibly insecure function - consider using safer ast.literal_eval.
  • line 1077: Use of possibly insecure function - consider using safer ast.literal_eval.
  • line 1125: Use of possibly insecure function - consider using safer ast.literal_eval.
fembygen/topology/beso_main.py1
  • line 442: Function call with shell=True parameter identified, possible security issue.
LOW 1
fembygen/topology/beso_main.py1
  • line 9: Consider possible security implications associated with the subprocess module.
INFO 2
package.xml1
  • Missing author information in package.xml
Layout1
  • Uses exec based layout
Authors/Maintainers 1
Serdar T. Ince

drawing_dimensioning

No description

84.5 / 100

Repository

https://github.com/Addon-Shelter/Drawing-Dimensioning
v0.19.4 · 0.19.4 · Created: 2025-11-03 · Updated: 7 mo · 59 python files

Statistics

0
DL(Yr)
0
DL(Mo)
0
Stars
0
Issues
Dependencies 4
  • Internal: PySide
  • Warn: dxfwrite (Not in AddonManager allowed packages)
  • Warn: matplotlib (Not in AddonManager allowed packages)
  • Warn: numpy (Not in AddonManager allowed packages)
Static Analysis 14
HIGH 3
Gui/Resources/compile_resources_pack.py1
  • line 20: Starting a process with a shell, possible injection detected, security issue.
drawingDimensioning/unfold/export_to_dxf.py1
  • line 36: subprocess call with shell=True identified, security issue.
package.xml1
  • File not found.
MEDIUM 6
drawingDimensioning/proxies.py2
  • line 36: Pickle and modules that wrap it can be unsafe when used to deserialize untrusted data, possible security issue.
  • line 37: Pickle and modules that wrap it can be unsafe when used to deserialize untrusted data, possible security issue.
test/test_linear_dimension.py4
  • line 11: Using xml.dom.minidom.parseString to parse untrusted XML data is known to be vulnerable to XML attacks. Replace xml.dom.minidom.parseString with its defusedxml equivalent function or make sure defusedxml.defuse_stdlib() is called
  • line 22: Using xml.etree.ElementTree.fromstring to parse untrusted XML data is known to be vulnerable to XML attacks. Replace xml.etree.ElementTree.fromstring with its defusedxml equivalent function or make sure defusedxml.defuse_stdlib() is called
  • line 28: Using xml.etree.ElementTree.fromstring to parse untrusted XML data is known to be vulnerable to XML attacks. Replace xml.etree.ElementTree.fromstring with its defusedxml equivalent function or make sure defusedxml.defuse_stdlib() is called
  • line 34: Using xml.etree.ElementTree.fromstring to parse untrusted XML data is known to be vulnerable to XML attacks. Replace xml.etree.ElementTree.fromstring with its defusedxml equivalent function or make sure defusedxml.defuse_stdlib() is called
LOW 5
drawingDimensioning/proxies.py1
  • line 1: Consider possible security implications associated with pickle module.
drawingDimensioning/selectionOverlay/__init__.py1
  • line 10: Consider possible security implications associated with pickle module.
drawingDimensioning/unfold/export_to_dxf.py1
  • line 4: Consider possible security implications associated with the subprocess module.
test/test_linear_dimension.py2
  • line 8: Using xml.etree.ElementTree to parse untrusted XML data is known to be vulnerable to XML attacks. Replace xml.etree.ElementTree with the equivalent defusedxml package, or make sure defusedxml.defuse_stdlib() is called.
  • line 10: Using xml.dom.minidom to parse untrusted XML data is known to be vulnerable to XML attacks. Replace xml.dom.minidom with the equivalent defusedxml package, or make sure defusedxml.defuse_stdlib() is called.
INFO 1
Layout1
  • Uses exec based layout
Authors/Maintainers 0

Manipulator master

1.6.4· A handy way to Move and Align objects in FreeCAD.

83.6 / 100

Repository

https://github.com/easyw/Manipulator
master · Created: 2017-10-02 · Updated: 2 mo · 10 python files

Statistics

7,934
DL(Yr)
2,123
DL(Mo)
76
Stars
24
Issues
Manifest
Branch
master
Version
1.6.4
License
GPLv3.0
Dependencies 9
  • Internal: Arch
  • Internal: Draft
  • Internal: PySide
  • Internal: Sketcher
  • Internal: pivy
  • Warn: Drawing (Not in AddonManager allowed packages)
  • Warn: Requests (Not in AddonManager allowed packages)
  • Warn: Show (Not in AddonManager allowed packages)
  • Warn: numpy (Not in AddonManager allowed packages)
Static Analysis 14
HIGH 3
ManipulatorCMD.py2
  • line 182: Starting a process with a shell, possible injection detected, security issue.
  • line 185: subprocess call with shell=True identified, security issue.
package.xml1
  • line 7: Missing license file 'LICENSE'
MEDIUM 7
Aligner.py1
  • line 1706: Possible SQL injection vector through string-based query construction.
InitGui.py1
  • line 144: Possible SQL injection vector through string-based query construction.
commits_num_.py3
  • line 11: Call to requests without timeout
  • line 22: Audit url open for permitted schemes. Allowing use of file:/ or custom schemes is often unexpected.
  • line 52: Call to requests without timeout
oDraft.py2
  • line 3402: Use of possibly insecure function - consider using safer ast.literal_eval.
  • line 3643: Use of possibly insecure function - consider using safer ast.literal_eval.
LOW 4
ManipulatorCMD.py3
  • line 175: Consider possible security implications associated with the subprocess module.
  • line 178: Starting a process with a partial executable path
  • line 178: subprocess call - check for execution of untrusted input.
license.*1
  • File not found.
INFO 2
package.xml1
  • Missing author information in package.xml
Layout1
  • Uses exec based layout
Authors/Maintainers 1
Maui

Part-o-magic master

1.1.0· Experiment on FreeCAD-wide automation of Part container management

83.5 / 100

Repository

https://github.com/DeepSOIC/Part-o-magic
master · Created: 2016-05-20 · Updated: 21 d · 62 python files

Statistics

0
DL(Yr)
0
DL(Mo)
15
Stars
27
Issues
Manifest
Branch
master
Version
1.1.0
License
LGPL-2.0-or-later
Dependencies 4
  • Internal: BOPTools
  • Internal: PySide
  • Internal: pivy
  • Warn: Show (Not in AddonManager allowed packages)
Static Analysis 21
MEDIUM 16
PartOMagic/Base/FilePlant/FCObject.py1
  • line 99: Using xml.etree.ElementTree.fromstring to parse untrusted XML data is known to be vulnerable to XML attacks. Replace xml.etree.ElementTree.fromstring with its defusedxml equivalent function or make sure defusedxml.defuse_stdlib() is called
PartOMagic/Base/FilePlant/FCProject.py9
  • line 73: Using xml.etree.ElementTree.fromstring to parse untrusted XML data is known to be vulnerable to XML attacks. Replace xml.etree.ElementTree.fromstring with its defusedxml equivalent function or make sure defusedxml.defuse_stdlib() is called
  • line 78: Using xml.etree.ElementTree.fromstring to parse untrusted XML data is known to be vulnerable to XML attacks. Replace xml.etree.ElementTree.fromstring with its defusedxml equivalent function or make sure defusedxml.defuse_stdlib() is called
  • line 97: Using xml.etree.ElementTree.parse to parse untrusted XML data is known to be vulnerable to XML attacks. Replace xml.etree.ElementTree.parse with its defusedxml equivalent function or make sure defusedxml.defuse_stdlib() is called
  • line 99: Using xml.etree.ElementTree.parse to parse untrusted XML data is known to be vulnerable to XML attacks. Replace xml.etree.ElementTree.parse with its defusedxml equivalent function or make sure defusedxml.defuse_stdlib() is called
  • line 128: Using xml.etree.ElementTree.fromstring to parse untrusted XML data is known to be vulnerable to XML attacks. Replace xml.etree.ElementTree.fromstring with its defusedxml equivalent function or make sure defusedxml.defuse_stdlib() is called
  • line 133: Using xml.etree.ElementTree.parse to parse untrusted XML data is known to be vulnerable to XML attacks. Replace xml.etree.ElementTree.parse with its defusedxml equivalent function or make sure defusedxml.defuse_stdlib() is called
  • line 141: Using xml.etree.ElementTree.fromstring to parse untrusted XML data is known to be vulnerable to XML attacks. Replace xml.etree.ElementTree.fromstring with its defusedxml equivalent function or make sure defusedxml.defuse_stdlib() is called
  • line 144: Using xml.etree.ElementTree.parse to parse untrusted XML data is known to be vulnerable to XML attacks. Replace xml.etree.ElementTree.parse with its defusedxml equivalent function or make sure defusedxml.defuse_stdlib() is called
  • line 153: Using xml.etree.ElementTree.fromstring to parse untrusted XML data is known to be vulnerable to XML attacks. Replace xml.etree.ElementTree.fromstring with its defusedxml equivalent function or make sure defusedxml.defuse_stdlib() is called
PartOMagic/Base/FilePlant/FCProperty.py4
  • line 19: Using xml.etree.ElementTree.fromstring to parse untrusted XML data is known to be vulnerable to XML attacks. Replace xml.etree.ElementTree.fromstring with its defusedxml equivalent function or make sure defusedxml.defuse_stdlib() is called
  • line 171: Using xml.etree.ElementTree.fromstring to parse untrusted XML data is known to be vulnerable to XML attacks. Replace xml.etree.ElementTree.fromstring with its defusedxml equivalent function or make sure defusedxml.defuse_stdlib() is called
  • line 220: Using xml.etree.ElementTree.fromstring to parse untrusted XML data is known to be vulnerable to XML attacks. Replace xml.etree.ElementTree.fromstring with its defusedxml equivalent function or make sure defusedxml.defuse_stdlib() is called
  • line 269: Using xml.etree.ElementTree.fromstring to parse untrusted XML data is known to be vulnerable to XML attacks. Replace xml.etree.ElementTree.fromstring with its defusedxml equivalent function or make sure defusedxml.defuse_stdlib() is called
PartOMagic/Base/FilePlant/PropertyExpressionEngine.py2
  • line 81: Using xml.etree.ElementTree.fromstring to parse untrusted XML data is known to be vulnerable to XML attacks. Replace xml.etree.ElementTree.fromstring with its defusedxml equivalent function or make sure defusedxml.defuse_stdlib() is called
  • line 113: Using xml.etree.ElementTree.fromstring to parse untrusted XML data is known to be vulnerable to XML attacks. Replace xml.etree.ElementTree.fromstring with its defusedxml equivalent function or make sure defusedxml.defuse_stdlib() is called
LOW 5
PartOMagic/Base/FilePlant/FCObject.py1
  • line 2: Using ElementTree to parse untrusted XML data is known to be vulnerable to XML attacks. Replace ElementTree with the equivalent defusedxml package, or make sure defusedxml.defuse_stdlib() is called.
PartOMagic/Base/FilePlant/FCProject.py1
  • line 2: Using ElementTree to parse untrusted XML data is known to be vulnerable to XML attacks. Replace ElementTree with the equivalent defusedxml package, or make sure defusedxml.defuse_stdlib() is called.
PartOMagic/Base/FilePlant/FCProperty.py1
  • line 1: Using ElementTree to parse untrusted XML data is known to be vulnerable to XML attacks. Replace ElementTree with the equivalent defusedxml package, or make sure defusedxml.defuse_stdlib() is called.
PartOMagic/Base/FilePlant/PropertyExpressionEngine.py1
  • line 1: Using ElementTree to parse untrusted XML data is known to be vulnerable to XML attacks. Replace ElementTree with the equivalent defusedxml package, or make sure defusedxml.defuse_stdlib() is called.
PartOMagic/Gui/Tools/SelectionTools.py1
  • line 120: Try, Except, Continue detected.
INFO 2
package.xml1
  • Missing author information in package.xml
Layout1
  • Uses exec based layout
Authors/Maintainers 1
DeepSOIC

A2plus master

0.4.68· Another assembly workbench for FreeCAD, following and extending Hamish's Assembly 2 workbench hence Assembly2plus. The main goal of A2plus i...

83 / 100

Repository

https://github.com/kbwbe/A2plus
master · Created: 2018-06-28 · Updated: 3 mo · 38 python files

Statistics

13,169
DL(Yr)
3,914
DL(Mo)
205
Stars
49
Issues
Manifest
Branch
master
Version
0.4.68
License
LGPL-2.1-or-later
Dependencies 6
  • Compat: PySide2
  • Compat: PySide6
  • Internal: PySide
  • Internal: Spreadsheet
  • Internal: pivy
  • Warn: numpy (Not in AddonManager allowed packages)
Static Analysis 45
HIGH 4
CD_ConstraintViewer.py1
  • line 258: subprocess call with shell=True identified, security issue.
GuiA2p/Resources/compile_resources_pack.py1
  • line 20: Starting a process with a shell, possible injection detected, security issue.
compileA2pResources.py1
  • line 57: Starting a process with a shell, possible injection detected, security issue.
Layout1
  • Invalid __init__.py file in root. Change to Init.py
MEDIUM 1
a2p_fcdocumentreader.py1
  • line 228: Using xml.etree.ElementTree.fromstring to parse untrusted XML data is known to be vulnerable to XML attacks. Replace xml.etree.ElementTree.fromstring with its defusedxml equivalent function or make sure defusedxml.defuse_stdlib() is called
LOW 40
CD_ConstraintViewer.py2
  • line 27: Consider possible security implications associated with the subprocess module.
  • line 298: Try, Except, Continue detected.
a2p_dependencies.py12
  • line 431: Standard pseudo-random generators are not suitable for security/cryptographic purposes.
  • line 432: Standard pseudo-random generators are not suitable for security/cryptographic purposes.
  • line 433: Standard pseudo-random generators are not suitable for security/cryptographic purposes.
  • line 665: Standard pseudo-random generators are not suitable for security/cryptographic purposes.
  • line 666: Standard pseudo-random generators are not suitable for security/cryptographic purposes.
  • line 667: Standard pseudo-random generators are not suitable for security/cryptographic purposes.
  • line 807: Standard pseudo-random generators are not suitable for security/cryptographic purposes.
  • line 808: Standard pseudo-random generators are not suitable for security/cryptographic purposes.
  • line 809: Standard pseudo-random generators are not suitable for security/cryptographic purposes.
  • line 847: Standard pseudo-random generators are not suitable for security/cryptographic purposes.
  • line 848: Standard pseudo-random generators are not suitable for security/cryptographic purposes.
  • line 849: Standard pseudo-random generators are not suitable for security/cryptographic purposes.
a2p_fcdocumentreader.py2
  • line 28: Using xml.etree.cElementTree to parse untrusted XML data is known to be vulnerable to XML attacks. Replace xml.etree.cElementTree with the equivalent defusedxml package, or make sure defusedxml.defuse_stdlib() is called.
  • line 30: Using xml.etree.ElementTree to parse untrusted XML data is known to be vulnerable to XML attacks. Replace xml.etree.ElementTree with the equivalent defusedxml package, or make sure defusedxml.defuse_stdlib() is called.
a2p_simpleXMLreader.py1
  • line 36: Using xml.sax.saxutils to parse untrusted XML data is known to be vulnerable to XML attacks. Replace xml.sax.saxutils with the equivalent defusedxml package, or make sure defusedxml.defuse_stdlib() is called.
compileA2pResources.py4
  • line 66: Starting a process with a shell: Seems safe, but may be changed in the future, consider rewriting without shell
  • line 66: Starting a process with a partial executable path
  • line 70: Starting a process with a shell: Seems safe, but may be changed in the future, consider rewriting without shell
  • line 70: Starting a process with a partial executable path
translations/update_ts.py19
  • line 29: Consider possible security implications associated with the subprocess module.
  • line 40: Starting a process with a shell: Seems safe, but may be changed in the future, consider rewriting without shell
  • line 40: Starting a process with a partial executable path
  • line 43: Starting a process with a shell: Seems safe, but may be changed in the future, consider rewriting without shell
  • line 43: Starting a process with a partial executable path
  • line 50: Starting a process with a shell: Seems safe, but may be changed in the future, consider rewriting without shell
  • line 50: Starting a process with a partial executable path
  • line 53: Starting a process with a shell: Seems safe, but may be changed in the future, consider rewriting without shell
  • line 53: Starting a process with a partial executable path
  • line 59: Starting a process with a shell: Seems safe, but may be changed in the future, consider rewriting without shell
  • line 59: Starting a process with a partial executable path
  • line 61: Starting a process with a shell: Seems safe, but may be changed in the future, consider rewriting without shell
  • line 61: Starting a process with a partial executable path
  • line 73: Starting a process with a shell: Seems safe, but may be changed in the future, consider rewriting without shell
  • line 73: Starting a process with a partial executable path
  • line 84: Starting a process with a shell: Seems safe, but may be changed in the future, consider rewriting without shell
  • line 84: Starting a process with a partial executable path
  • line 91: Starting a process with a shell: Seems safe, but may be changed in the future, consider rewriting without shell
  • line 91: Starting a process with a partial executable path
INFO 2
package.xml1
  • Missing author information in package.xml
Layout1
  • Uses exec based layout
Authors/Maintainers 1
kbwbe

FEM_FrontISTR master

0.2.0· A FreeCAD addon that enables a parallel nonliner FEM solver FrontISTR.

82.9 / 100

Repository

https://github.com/FrontISTR/FEM_FrontISTR
master · Created: 2021-04-03 · Updated: 10 mo · 29 python files

Statistics

473
DL(Yr)
0
DL(Mo)
36
Stars
0
Issues
Manifest
Branch
master
Version
0.2.0
License
LGPL-2.1-or-later
Dependencies 8
  • Internal: Draft
  • Internal: Fem
  • Internal: Mesh
  • Internal: PySide
  • Internal: Sketcher
  • Warn: femtools (Not in AddonManager allowed packages)
  • Warn: numpy (Not in AddonManager allowed packages)
  • Warn: six (Not in AddonManager allowed packages)
Static Analysis 17
HIGH 5
fistrtools.py4
  • line 456: subprocess call with shell=True identified, security issue.
  • line 609: subprocess call with shell=True identified, security issue.
  • line 735: subprocess call with shell=True identified, security issue.
  • line 788: subprocess call with shell=True identified, security issue.
task_solver_fistrtools.py1
  • line 369: subprocess call with shell=True identified, security issue.
MEDIUM 1
fistrtools.py1
  • line 645: Audit url open for permitted schemes. Allowing use of file:/ or custom schemes is often unexpected.
LOW 11
femsolver_FrontISTR/tasks.py2
  • line 35: Consider possible security implications associated with the subprocess module.
  • line 88: subprocess call - check for execution of untrusted input.
fistrtools.py8
  • line 35: Consider possible security implications associated with the subprocess module.
  • line 430: Consider possible security implications associated with the subprocess module.
  • line 513: Starting a process with a partial executable path
  • line 513: subprocess call with shell=True seems safe, but may be changed in the future, consider rewriting without shell
  • line 531: Starting a process with a partial executable path
  • line 531: subprocess call with shell=True seems safe, but may be changed in the future, consider rewriting without shell
  • line 547: Starting a process with a partial executable path
  • line 547: subprocess call with shell=True seems safe, but may be changed in the future, consider rewriting without shell
task_solver_fistrtools.py1
  • line 343: Consider possible security implications associated with the subprocess module.
INFO 2
package.xml1
  • Missing author information in package.xml
Layout1
  • Uses exec based layout
Authors/Maintainers 1
FrontISTR-Commons

Reinforcement master

v0.6· A workbench that provides tools for Reinforcement Generation and its Detailing.

82.8 / 100

Repository

https://github.com/amrit3701/FreeCAD-Reinforcement
master · Created: 2017-04-09 · Updated: 3 mo · 66 python files

Statistics

1,418
DL(Yr)
389
DL(Mo)
63
Stars
61
Issues
Manifest
Branch
master
Version
v0.6
License
LGPL-2.1-or-later
Dependencies 5
  • Compat: PySide6
  • Internal: Arch
  • Internal: Draft
  • Internal: PySide
  • Warn: Pillow (Not in AddonManager allowed packages)
Static Analysis 35
HIGH 1
package.xml1
  • line 7: Missing license file 'None'
MEDIUM 12
BarBendingSchedule/BBSfunc.py1
  • line 337: Using xml.dom.minidom.parseString to parse untrusted XML data is known to be vulnerable to XML attacks. Replace xml.dom.minidom.parseString with its defusedxml equivalent function or make sure defusedxml.defuse_stdlib() is called
BillOfMaterial/BillOfMaterialContent.py3
  • line 308: Using xml.etree.ElementTree.fromstring to parse untrusted XML data is known to be vulnerable to XML attacks. Replace xml.etree.ElementTree.fromstring with its defusedxml equivalent function or make sure defusedxml.defuse_stdlib() is called
  • line 355: Using xml.etree.ElementTree.fromstring to parse untrusted XML data is known to be vulnerable to XML attacks. Replace xml.etree.ElementTree.fromstring with its defusedxml equivalent function or make sure defusedxml.defuse_stdlib() is called
  • line 449: Using xml.etree.ElementTree.fromstring to parse untrusted XML data is known to be vulnerable to XML attacks. Replace xml.etree.ElementTree.fromstring with its defusedxml equivalent function or make sure defusedxml.defuse_stdlib() is called
BillOfMaterial/BillOfMaterial_SVG.py3
  • line 998: Using xml.dom.minidom.parseString to parse untrusted XML data is known to be vulnerable to XML attacks. Replace xml.dom.minidom.parseString with its defusedxml equivalent function or make sure defusedxml.defuse_stdlib() is called
  • line 1052: Using xml.dom.minidom.parseString to parse untrusted XML data is known to be vulnerable to XML attacks. Replace xml.dom.minidom.parseString with its defusedxml equivalent function or make sure defusedxml.defuse_stdlib() is called
  • line 1063: Using xml.dom.minidom.parseString to parse untrusted XML data is known to be vulnerable to XML attacks. Replace xml.dom.minidom.parseString with its defusedxml equivalent function or make sure defusedxml.defuse_stdlib() is called
RebarShapeCutList/RebarShapeCutListfunc.py2
  • line 806: Using xml.etree.ElementTree.fromstring to parse untrusted XML data is known to be vulnerable to XML attacks. Replace xml.etree.ElementTree.fromstring with its defusedxml equivalent function or make sure defusedxml.defuse_stdlib() is called
  • line 1282: Using xml.dom.minidom.parseString to parse untrusted XML data is known to be vulnerable to XML attacks. Replace xml.dom.minidom.parseString with its defusedxml equivalent function or make sure defusedxml.defuse_stdlib() is called
ReinforcementDrawing/ReinforcementDrawingfunc.py3
  • line 802: Using xml.etree.ElementTree.fromstring to parse untrusted XML data is known to be vulnerable to XML attacks. Replace xml.etree.ElementTree.fromstring with its defusedxml equivalent function or make sure defusedxml.defuse_stdlib() is called
  • line 818: Using xml.etree.ElementTree.fromstring to parse untrusted XML data is known to be vulnerable to XML attacks. Replace xml.etree.ElementTree.fromstring with its defusedxml equivalent function or make sure defusedxml.defuse_stdlib() is called
  • line 845: Using xml.etree.ElementTree.fromstring to parse untrusted XML data is known to be vulnerable to XML attacks. Replace xml.etree.ElementTree.fromstring with its defusedxml equivalent function or make sure defusedxml.defuse_stdlib() is called
LOW 22
BarBendingSchedule/BBSfunc.py2
  • line 36: Using minidom to parse untrusted XML data is known to be vulnerable to XML attacks. Replace minidom with the equivalent defusedxml package, or make sure defusedxml.defuse_stdlib() is called.
  • line 37: Using ElementTree to parse untrusted XML data is known to be vulnerable to XML attacks. Replace ElementTree with the equivalent defusedxml package, or make sure defusedxml.defuse_stdlib() is called.
BillOfMaterial/BillOfMaterialContent.py1
  • line 30: Using ElementTree to parse untrusted XML data is known to be vulnerable to XML attacks. Replace ElementTree with the equivalent defusedxml package, or make sure defusedxml.defuse_stdlib() is called.
BillOfMaterial/BillOfMaterial_SVG.py2
  • line 35: Using minidom to parse untrusted XML data is known to be vulnerable to XML attacks. Replace minidom with the equivalent defusedxml package, or make sure defusedxml.defuse_stdlib() is called.
  • line 36: Using ElementTree to parse untrusted XML data is known to be vulnerable to XML attacks. Replace ElementTree with the equivalent defusedxml package, or make sure defusedxml.defuse_stdlib() is called.
RebarShapeCutList/RebarShapeCutListfunc.py2
  • line 31: Using minidom to parse untrusted XML data is known to be vulnerable to XML attacks. Replace minidom with the equivalent defusedxml package, or make sure defusedxml.defuse_stdlib() is called.
  • line 32: Using ElementTree to parse untrusted XML data is known to be vulnerable to XML attacks. Replace ElementTree with the equivalent defusedxml package, or make sure defusedxml.defuse_stdlib() is called.
ReinforcementDrawing/ReinforcementDimensioning.py1
  • line 29: Using ElementTree to parse untrusted XML data is known to be vulnerable to XML attacks. Replace ElementTree with the equivalent defusedxml package, or make sure defusedxml.defuse_stdlib() is called.
ReinforcementDrawing/ReinforcementDimensioningfunc.py10
  • line 30: Using ElementTree to parse untrusted XML data is known to be vulnerable to XML attacks. Replace ElementTree with the equivalent defusedxml package, or make sure defusedxml.defuse_stdlib() is called.
  • line 652: Standard pseudo-random generators are not suitable for security/cryptographic purposes.
  • line 680: Standard pseudo-random generators are not suitable for security/cryptographic purposes.
  • line 1026: Standard pseudo-random generators are not suitable for security/cryptographic purposes.
  • line 1054: Standard pseudo-random generators are not suitable for security/cryptographic purposes.
  • line 1441: Standard pseudo-random generators are not suitable for security/cryptographic purposes.
  • line 1469: Standard pseudo-random generators are not suitable for security/cryptographic purposes.
  • line 1860: Standard pseudo-random generators are not suitable for security/cryptographic purposes.
  • line 1888: Standard pseudo-random generators are not suitable for security/cryptographic purposes.
  • line 2284: Standard pseudo-random generators are not suitable for security/cryptographic purposes.
ReinforcementDrawing/ReinforcementDrawingView.py1
  • line 29: Using ElementTree to parse untrusted XML data is known to be vulnerable to XML attacks. Replace ElementTree with the equivalent defusedxml package, or make sure defusedxml.defuse_stdlib() is called.
ReinforcementDrawing/ReinforcementDrawingfunc.py1
  • line 30: Using ElementTree to parse untrusted XML data is known to be vulnerable to XML attacks. Replace ElementTree with the equivalent defusedxml package, or make sure defusedxml.defuse_stdlib() is called.
SVGfunc.py1
  • line 31: Using ElementTree to parse untrusted XML data is known to be vulnerable to XML attacks. Replace ElementTree with the equivalent defusedxml package, or make sure defusedxml.defuse_stdlib() is called.
license.*1
  • File not found.
INFO 2
package.xml1
  • Missing author information in package.xml
Layout1
  • Uses exec based layout
Authors/Maintainers 1
Amritpal Singh (amrit3701)

FreeCAD-Ribbon main

1.11.0dev· A Ribbon interface for FreeCAD

82.5 / 100

Repository

https://github.com/APEbbers/FreeCAD-Ribbon
Develop · Created: 2024-09-28 · Updated: today · 50 python files

Statistics

0
DL(Yr)
0
DL(Mo)
106
Stars
9
Issues
Manifest
Branch
main
Version
1.11.0dev
License
GPL-3.0-or-later
Dependencies 7
  • Compat: PySide2
  • Internal: PySide
  • Warn: GitPython (Not in AddonManager allowed packages)
  • Warn: Requests (Not in AddonManager allowed packages)
  • Warn: matplotlib (Not in AddonManager allowed packages)
  • Warn: numpy (Not in AddonManager allowed packages)
  • Warn: setuptools_scm (Not in AddonManager allowed packages)
Static Analysis 43
HIGH 3
package.xml2
  • line 12: Element maintainer failed to validate attributes
  • Declared branch 'main' does not match git branch 'Develop'
Layout1
  • Invalid __init__.py file in root. Change to Init.py
MEDIUM 5
CacheFunctions.py1
  • line 802: Call to requests without timeout
Standard_Functions_Ribbon.py3
  • line 499: Using xml.etree.ElementTree.parse to parse untrusted XML data is known to be vulnerable to XML attacks. Replace xml.etree.ElementTree.parse with its defusedxml equivalent function or make sure defusedxml.defuse_stdlib() is called
  • line 541: Audit url open for permitted schemes. Allowing use of file:/ or custom schemes is often unexpected.
  • line 543: Using xml.etree.ElementTree.fromstring to parse untrusted XML data is known to be vulnerable to XML attacks. Replace xml.etree.ElementTree.fromstring with its defusedxml equivalent function or make sure defusedxml.defuse_stdlib() is called
StyleMapping_Ribbon.py1
  • line 128: Using xml.etree.ElementTree.parse to parse untrusted XML data is known to be vulnerable to XML attacks. Replace xml.etree.ElementTree.parse with its defusedxml equivalent function or make sure defusedxml.defuse_stdlib() is called
LOW 35
CacheFunctions.py3
  • line 583: Try, Except, Continue detected.
  • line 628: Try, Except, Continue detected.
  • line 676: Try, Except, Continue detected.
FCBinding.py5
  • line 1729: Try, Except, Continue detected.
  • line 1770: Try, Except, Continue detected.
  • line 1811: Try, Except, Continue detected.
  • line 1943: Try, Except, Continue detected.
  • line 4340: Try, Except, Continue detected.
LoadAddCommands.py4
  • line 1652: Try, Except, Continue detected.
  • line 1971: Try, Except, Continue detected.
  • line 2016: Try, Except, Continue detected.
  • line 2064: Try, Except, Continue detected.
LoadDesign_Ribbon.py5
  • line 2951: Try, Except, Continue detected.
  • line 4418: Try, Except, Continue detected.
  • line 4463: Try, Except, Continue detected.
  • line 4511: Try, Except, Continue detected.
  • line 4996: Try, Except, Continue detected.
Standard_Functions_Ribbon.py17
  • line 23: Using Element to parse untrusted XML data is known to be vulnerable to XML attacks. Replace Element with the equivalent defusedxml package, or make sure defusedxml.defuse_stdlib() is called.
  • line 257: Consider possible security implications associated with the subprocess module.
  • line 265: Starting a process with a partial executable path
  • line 265: subprocess call - check for execution of untrusted input.
  • line 267: Starting a process without a shell.
  • line 271: Starting a process with a partial executable path
  • line 271: subprocess call - check for execution of untrusted input.
  • line 273: Starting a process with a partial executable path
  • line 273: subprocess call - check for execution of untrusted input.
  • line 320: Consider possible security implications associated with the subprocess module.
  • line 327: subprocess call - check for execution of untrusted input.
  • line 329: Starting a process without a shell.
  • line 333: Starting a process with a partial executable path
  • line 333: subprocess call - check for execution of untrusted input.
  • line 492: Using xml.etree.ElementTree to parse untrusted XML data is known to be vulnerable to XML attacks. Replace xml.etree.ElementTree with the equivalent defusedxml package, or make sure defusedxml.defuse_stdlib() is called.
  • line 527: Using xml.etree.ElementTree to parse untrusted XML data is known to be vulnerable to XML attacks. Replace xml.etree.ElementTree with the equivalent defusedxml package, or make sure defusedxml.defuse_stdlib() is called.
  • line 999: Try, Except, Continue detected.
StyleMapping_Ribbon.py1
  • line 82: Using xml.etree.ElementTree to parse untrusted XML data is known to be vulnerable to XML attacks. Replace xml.etree.ElementTree with the equivalent defusedxml package, or make sure defusedxml.defuse_stdlib() is called.
INFO 2
package.xml1
  • Missing author information in package.xml
Layout1
  • Uses exec based layout
Authors/Maintainers 1
Paul Ebbers

GDML Main

2.0.1 Beta· An external workbench for creating GDML models for Geant4 and Root

82.1 / 100

Repository

https://github.com/KeithSloan/GDML
Main · Created: 2019-11-21 · Updated: 2 d · 69 python files

Statistics

0
DL(Yr)
0
DL(Mo)
71
Stars
52
Issues
Manifest
Branch
Main
Version
2.0.1 Beta
License
LGPL-2.1
Dependencies 11
  • Internal: BOPTools
  • Internal: Draft
  • Internal: Mesh
  • Internal: PySide
  • Internal: Sketcher
  • Internal: Spreadsheet
  • Warn: PyQt5 (Not in AddonManager allowed packages)
  • Warn: gmsh (Not in AddonManager allowed packages)
  • Warn: importers (Not in AddonManager allowed packages)
  • Warn: lxml (Not in AddonManager allowed packages)
  • Warn: numpy (Not in AddonManager allowed packages)
Static Analysis 35
MEDIUM 16
Utils.save/buildDirStruct.py1
  • line 17: Using xml.etree.ElementTree.parse to parse untrusted XML data is known to be vulnerable to XML attacks. Replace xml.etree.ElementTree.parse with its defusedxml equivalent function or make sure defusedxml.defuse_stdlib() is called
Utils/buildDirStruct.py1
  • line 17: Using xml.etree.ElementTree.parse to parse untrusted XML data is known to be vulnerable to XML attacks. Replace xml.etree.ElementTree.parse with its defusedxml equivalent function or make sure defusedxml.defuse_stdlib() is called
freecad/gdml/GDMLShared.py12
  • line 111: Use of possibly insecure function - consider using safer ast.literal_eval.
  • line 199: Use of possibly insecure function - consider using safer ast.literal_eval.
  • line 248: Use of possibly insecure function - consider using safer ast.literal_eval.
  • line 312: Use of possibly insecure function - consider using safer ast.literal_eval.
  • line 881: Use of possibly insecure function - consider using safer ast.literal_eval.
  • line 1188: Use of possibly insecure function - consider using safer ast.literal_eval.
  • line 1191: Use of possibly insecure function - consider using safer ast.literal_eval.
  • line 1194: Use of possibly insecure function - consider using safer ast.literal_eval.
  • line 1310: Use of possibly insecure function - consider using safer ast.literal_eval.
  • line 1311: Use of possibly insecure function - consider using safer ast.literal_eval.
  • line 1316: Use of possibly insecure function - consider using safer ast.literal_eval.
  • line 1321: Use of possibly insecure function - consider using safer ast.literal_eval.
freecad/gdml/GmshUtils.py1
  • line 107: Probable insecure usage of temp file/directory.
freecad/gdml/importGDML.py1
  • line 3072: Using xml.etree.ElementTree.parse to parse untrusted XML data is known to be vulnerable to XML attacks. Replace xml.etree.ElementTree.parse with its defusedxml equivalent function or make sure defusedxml.defuse_stdlib() is called
LOW 19
CommandLine/convertObj.py1
  • line 279: Using xml.etree.ElementTree to parse untrusted XML data is known to be vulnerable to XML attacks. Replace xml.etree.ElementTree with the equivalent defusedxml package, or make sure defusedxml.defuse_stdlib() is called.
Macros/calcCenterOfMass.py3
  • line 125: Standard pseudo-random generators are not suitable for security/cryptographic purposes.
  • line 126: Standard pseudo-random generators are not suitable for security/cryptographic purposes.
  • line 127: Standard pseudo-random generators are not suitable for security/cryptographic purposes.
Utils.save/buildDirStruct.py1
  • line 15: Using xml.etree.ElementTree to parse untrusted XML data is known to be vulnerable to XML attacks. Replace xml.etree.ElementTree with the equivalent defusedxml package, or make sure defusedxml.defuse_stdlib() is called.
Utils.save/convertObj.py1
  • line 237: Using xml.etree.ElementTree to parse untrusted XML data is known to be vulnerable to XML attacks. Replace xml.etree.ElementTree with the equivalent defusedxml package, or make sure defusedxml.defuse_stdlib() is called.
Utils/buildDirStruct.py1
  • line 15: Using xml.etree.ElementTree to parse untrusted XML data is known to be vulnerable to XML attacks. Replace xml.etree.ElementTree with the equivalent defusedxml package, or make sure defusedxml.defuse_stdlib() is called.
Utils/calcCenterOfMass.py3
  • line 125: Standard pseudo-random generators are not suitable for security/cryptographic purposes.
  • line 126: Standard pseudo-random generators are not suitable for security/cryptographic purposes.
  • line 127: Standard pseudo-random generators are not suitable for security/cryptographic purposes.
freecad/gdml/GDMLObjects.py3
  • line 4737: Standard pseudo-random generators are not suitable for security/cryptographic purposes.
  • line 4737: Standard pseudo-random generators are not suitable for security/cryptographic purposes.
  • line 4737: Standard pseudo-random generators are not suitable for security/cryptographic purposes.
freecad/gdml/exportGDML.py2
  • line 60: Using xml.etree.ElementTree to parse untrusted XML data is known to be vulnerable to XML attacks. Replace xml.etree.ElementTree with the equivalent defusedxml package, or make sure defusedxml.defuse_stdlib() is called.
  • line 6035: Standard pseudo-random generators are not suitable for security/cryptographic purposes.
freecad/gdml/exportOpenMC.py2
  • line 67: Using xml.etree.ElementTree to parse untrusted XML data is known to be vulnerable to XML attacks. Replace xml.etree.ElementTree with the equivalent defusedxml package, or make sure defusedxml.defuse_stdlib() is called.
  • line 6576: Try, Except, Continue detected.
freecad/gdml/importGDML.py1
  • line 3064: Using xml.etree.ElementTree to parse untrusted XML data is known to be vulnerable to XML attacks. Replace xml.etree.ElementTree with the equivalent defusedxml package, or make sure defusedxml.defuse_stdlib() is called.
freecad/gdml/preProcessLoops.py1
  • line 13: Using xml.etree.ElementTree to parse untrusted XML data is known to be vulnerable to XML attacks. Replace xml.etree.ElementTree with the equivalent defusedxml package, or make sure defusedxml.defuse_stdlib() is called.
INFO 2
package.xml1
  • Missing author information in package.xml
Layout1
  • Uses extension based layout
Authors/Maintainers 1
Keith Sloan

Rocket master

3.3.0· A workbench for designing model rockets.

81.5 / 100

Repository

https://github.com/davesrocketshop/Rocket
v3.3.0 · v3.3.0 · Created: 2021-02-01 · Updated: 2 yr · 266 python files

Statistics

0
DL(Yr)
0
DL(Mo)
74
Stars
9
Issues
Manifest
Branch
master
Version
3.3.0
License
LGPLv2.1
Dependencies 8
  • Compat: PySide2
  • Internal: Fem
  • Internal: PySide
  • Internal: Sketcher
  • Internal: pivy
  • Warn: matplotlib (Not in AddonManager allowed packages)
  • Warn: numpy (Not in AddonManager allowed packages)
  • Warn: pycurl (Not in AddonManager allowed packages)
Static Analysis 15
HIGH 4
util/updateTranslations.py3
  • line 141: Starting a process with a shell, possible injection detected, security issue.
  • line 181: Starting a process with a shell, possible injection detected, security issue.
  • line 201: Starting a process with a shell, possible injection detected, security issue.
package.xml1
  • Declared branch 'master' does not match git branch 'v3.3.0'
MEDIUM 6
Rocket/Importer/OpenRocket/OpenRocket.py1
  • line 157: Using xml.sax.make_parser to parse untrusted XML data is known to be vulnerable to XML attacks. Replace xml.sax.make_parser with its defusedxml equivalent function or make sure defusedxml.defuse_stdlib() is called
Rocket/Importer/RASAero/RASAero.py1
  • line 182: Using xml.sax.make_parser to parse untrusted XML data is known to be vulnerable to XML attacks. Replace xml.sax.make_parser with its defusedxml equivalent function or make sure defusedxml.defuse_stdlib() is called
Rocket/Parts/Material.py1
  • line 161: Possible SQL injection vector through string-based query construction.
Rocket/Parts/PartDatabase.py1
  • line 142: Using xml.sax.make_parser to parse untrusted XML data is known to be vulnerable to XML attacks. Replace xml.sax.make_parser with its defusedxml equivalent function or make sure defusedxml.defuse_stdlib() is called
util/updateTranslations.py2
  • line 194: Using xml.sax.parseString to parse untrusted XML data is known to be vulnerable to XML attacks. Replace xml.sax.parseString with its defusedxml equivalent function or make sure defusedxml.defuse_stdlib() is called
  • line 215: Using xml.sax.parseString to parse untrusted XML data is known to be vulnerable to XML attacks. Replace xml.sax.parseString with its defusedxml equivalent function or make sure defusedxml.defuse_stdlib() is called
LOW 5
Rocket/Importer/OpenRocket/OpenRocket.py1
  • line 33: Using xml.sax to parse untrusted XML data is known to be vulnerable to XML attacks. Replace xml.sax with the equivalent defusedxml package, or make sure defusedxml.defuse_stdlib() is called.
Rocket/Importer/RASAero/RASAero.py1
  • line 33: Using xml.sax to parse untrusted XML data is known to be vulnerable to XML attacks. Replace xml.sax with the equivalent defusedxml package, or make sure defusedxml.defuse_stdlib() is called.
Rocket/Parts/PartDatabase.py1
  • line 31: Using xml.sax to parse untrusted XML data is known to be vulnerable to XML attacks. Replace xml.sax with the equivalent defusedxml package, or make sure defusedxml.defuse_stdlib() is called.
Rocket/Parts/PartDatabaseOrcImporter.py1
  • line 29: Using xml.sax to parse untrusted XML data is known to be vulnerable to XML attacks. Replace xml.sax with the equivalent defusedxml package, or make sure defusedxml.defuse_stdlib() is called.
util/updateTranslations.py1
  • line 54: Using xml.sax to parse untrusted XML data is known to be vulnerable to XML attacks. Replace xml.sax with the equivalent defusedxml package, or make sure defusedxml.defuse_stdlib() is called.
INFO 2
package.xml1
  • Missing author information in package.xml
Layout1
  • Uses exec based layout
Authors/Maintainers 1
David Carter

freecad.optics_design_workbench master

0.7.3· Physically accurate forward ray tracing for optics simulation and optimization with FreeCAD workbench frontend.

79.8 / 100

Repository

https://github.com/zaphB/freecad.optics_design_workbench
master · Created: 2024-07-17 · Updated: 2 mo · 43 python files

Statistics

599
DL(Yr)
0
DL(Mo)
12
Stars
1
Issues
Manifest
Branch
master
Version
0.7.3
License
LGPL-3.0-or-later
Dependencies 13
  • Compat: PySide2
  • Compat: PySide6
  • Internal: PySide
  • Warn: atomicwrites (Not in AddonManager allowed packages)
  • Warn: cloudpickle (Not in AddonManager allowed packages)
  • Warn: ipython (Not in AddonManager allowed packages)
  • Warn: matplotlib (Not in AddonManager allowed packages)
  • Warn: numpy (Not in AddonManager allowed packages)
  • Warn: pandas (Not in AddonManager allowed packages)
  • Warn: pytest (Not in AddonManager allowed packages)
  • Warn: scipy (Not in AddonManager allowed packages)
  • Warn: seaborn (Not in AddonManager allowed packages)
  • Warn: sympy (Not in AddonManager allowed packages)
Static Analysis 52
HIGH 3
test/0-python/z-notebooks.py1
  • line 32: subprocess call with shell=True identified, security issue.
test/1-freecad/run-simulations.py1
  • line 246: subprocess call with shell=True identified, security issue.
package.xml1
  • line 13: Missing license file 'LICENSE'
MEDIUM 7
freecad/optics_design_workbench/freecad_elements/point_source.py2
  • line 185: Use of possibly insecure function - consider using safer ast.literal_eval.
  • line 195: Use of possibly insecure function - consider using safer ast.literal_eval.
freecad/optics_design_workbench/jupyter_utils/freecad_document.py3
  • line 314: Use of possibly insecure function - consider using safer ast.literal_eval.
  • line 562: Use of possibly insecure function - consider using safer ast.literal_eval.
  • line 563: Use of possibly insecure function - consider using safer ast.literal_eval.
freecad/optics_design_workbench/jupyter_utils/parameter_sweeper.py2
  • line 57: Pickle and modules that wrap it can be unsafe when used to deserialize untrusted data, possible security issue.
  • line 72: Probable insecure usage of temp file/directory.
LOW 42
dev/update-packagexml.py3
  • line 3: Consider possible security implications associated with the subprocess module.
  • line 11: subprocess call - check for execution of untrusted input.
  • line 21: subprocess call - check for execution of untrusted input.
freecad/optics_design_workbench/detect_pyside.py3
  • line 8: Consider possible security implications associated with the subprocess module.
  • line 16: Starting a process with a partial executable path
  • line 16: subprocess call - check for execution of untrusted input.
freecad/optics_design_workbench/distributions/random_number_generator.py1
  • line 548: Standard pseudo-random generators are not suitable for security/cryptographic purposes.
freecad/optics_design_workbench/freecad_elements/ray.py2
  • line 358: Standard pseudo-random generators are not suitable for security/cryptographic purposes.
  • line 358: Standard pseudo-random generators are not suitable for security/cryptographic purposes.
freecad/optics_design_workbench/freecad_elements/surface_source.py1
  • line 444: Standard pseudo-random generators are not suitable for security/cryptographic purposes.
freecad/optics_design_workbench/io.py2
  • line 13: Consider possible security implications associated with pickle module.
  • line 145: Standard pseudo-random generators are not suitable for security/cryptographic purposes.
freecad/optics_design_workbench/jupyter_utils/freecad_document.py10
  • line 13: Consider possible security implications associated with the subprocess module.
  • line 85: Starting a process with a partial executable path
  • line 85: subprocess call - check for execution of untrusted input.
  • line 97: subprocess call - check for execution of untrusted input.
  • line 213: Standard pseudo-random generators are not suitable for security/cryptographic purposes.
  • line 237: Standard pseudo-random generators are not suitable for security/cryptographic purposes.
  • line 646: Standard pseudo-random generators are not suitable for security/cryptographic purposes.
  • line 725: subprocess call - check for execution of untrusted input.
  • line 898: Standard pseudo-random generators are not suitable for security/cryptographic purposes.
  • line 1106: subprocess call - check for execution of untrusted input.
freecad/optics_design_workbench/jupyter_utils/parameter_sweeper.py4
  • line 25: Consider possible security implications associated with pickle module.
  • line 72: Standard pseudo-random generators are not suitable for security/cryptographic purposes.
  • line 77: Standard pseudo-random generators are not suitable for security/cryptographic purposes.
  • line 548: Standard pseudo-random generators are not suitable for security/cryptographic purposes.
freecad/optics_design_workbench/simulation/processes/simulation_loop.py3
  • line 36: Consider possible security implications associated with the subprocess module.
  • line 623: Starting a process with a partial executable path
  • line 623: subprocess call - check for execution of untrusted input.
freecad/optics_design_workbench/simulation/processes/worker_process.py3
  • line 12: Consider possible security implications associated with the subprocess module.
  • line 45: Standard pseudo-random generators are not suitable for security/cryptographic purposes.
  • line 59: subprocess call - check for execution of untrusted input.
freecad/optics_design_workbench/simulation/results_store.py6
  • line 15: Consider possible security implications associated with pickle module.
  • line 256: Standard pseudo-random generators are not suitable for security/cryptographic purposes.
  • line 257: Standard pseudo-random generators are not suitable for security/cryptographic purposes.
  • line 438: Standard pseudo-random generators are not suitable for security/cryptographic purposes.
  • line 448: Standard pseudo-random generators are not suitable for security/cryptographic purposes.
  • line 456: Standard pseudo-random generators are not suitable for security/cryptographic purposes.
test/0-python/z-notebooks.py1
  • line 9: Consider possible security implications associated with the subprocess module.
test/1-freecad/run-simulations.py3
  • line 14: Consider possible security implications associated with the subprocess module.
  • line 17: Consider possible security implications associated with pickle module.
  • line 42: subprocess call - check for execution of untrusted input.
INFO 2
package.xml1
  • Missing author information in package.xml
Layout1
  • Uses extension based layout
Authors/Maintainers 1
Philipp Bredol

Cfd

No description

77.3 / 100

Repository

https://github.com/qingfengxia/Cfd
master · Created: 2016-09-29 · Updated: 4 yr · 66 python files

Statistics

0
DL(Yr)
0
DL(Mo)
212
Stars
4
Issues
Dependencies 13
  • Compat: PySide2
  • Internal: Fem
  • Internal: Plot
  • Internal: PySide
  • Internal: pivy
  • Warn: FemTools (Not in AddonManager allowed packages)
  • Warn: PyFoam (Not in AddonManager allowed packages)
  • Warn: PyQt4 (Not in AddonManager allowed packages)
  • Warn: dolfin (Not in AddonManager allowed packages)
  • Warn: femtools (Not in AddonManager allowed packages)
  • Warn: matplotlib (Not in AddonManager allowed packages)
  • Warn: numpy (Not in AddonManager allowed packages)
  • Warn: six (Not in AddonManager allowed packages)
Static Analysis 46
HIGH 5
FoamCaseBuilder/config.py1
  • line 23: subprocess call with shell=True identified, security issue.
FoamCaseBuilder/test/TestRunFoamApplication.py1
  • line 43: subprocess call with shell=True identified, security issue.
FoamCaseBuilder/utility.py1
  • line 454: subprocess call with shell=True identified, security issue.
importGmshMesh.py1
  • line 116: subprocess call with shell=True identified, security issue.
package.xml1
  • File not found.
MEDIUM 4
CfdExample.py1
  • line 80: Probable insecure usage of temp file/directory.
CfdTools.py2
  • line 75: Probable insecure usage of temp file/directory.
  • line 76: Probable insecure usage of temp file/directory.
FoamCaseBuilder/test/TestBuilder.py1
  • line 42: Probable insecure usage of temp file/directory.
LOW 37
CaeMesherGmsh.py2
  • line 29: Consider possible security implications associated with the subprocess module.
  • line 685: subprocess call - check for execution of untrusted input.
CfdFoamTools.py5
  • line 39: Consider possible security implications associated with the subprocess module.
  • line 45: Consider possible security implications associated with the subprocess module.
  • line 211: Consider possible security implications associated with the subprocess module.
  • line 302: Starting a process with a partial executable path
  • line 302: subprocess call - check for execution of untrusted input.
CfdRunnableFenics.py7
  • line 53: Consider possible security implications associated with the subprocess module.
  • line 58: Starting a process with a partial executable path
  • line 58: subprocess call - check for execution of untrusted input.
  • line 60: Starting a process with a partial executable path
  • line 60: subprocess call - check for execution of untrusted input.
  • line 62: Starting a process with a partial executable path
  • line 62: subprocess call - check for execution of untrusted input.
FoamCaseBuilder/BasicBuilder.py7
  • line 470: Consider possible security implications associated with the subprocess module.
  • line 474: Starting a process with a partial executable path
  • line 474: subprocess call - check for execution of untrusted input.
  • line 476: Starting a process with a partial executable path
  • line 476: subprocess call - check for execution of untrusted input.
  • line 478: Starting a process with a partial executable path
  • line 478: subprocess call - check for execution of untrusted input.
FoamCaseBuilder/config.py3
  • line 7: Consider possible security implications associated with the subprocess module.
  • line 75: subprocess call - check for execution of untrusted input.
  • line 131: subprocess call - check for execution of untrusted input.
FoamCaseBuilder/test/TestRunFoamApplication.py7
  • line 26: Consider possible security implications associated with the subprocess module.
  • line 88: subprocess call - check for execution of untrusted input.
  • line 129: Starting a process with a partial executable path
  • line 129: subprocess call - check for execution of untrusted input.
  • line 163: subprocess call - check for execution of untrusted input.
  • line 180: Starting a process with a partial executable path
  • line 180: subprocess call - check for execution of untrusted input.
FoamCaseBuilder/utility.py3
  • line 40: Consider possible security implications associated with the subprocess module.
  • line 58: subprocess call - check for execution of untrusted input.
  • line 64: subprocess call - check for execution of untrusted input.
cfdguiobjects/_TaskPanelCfdSolverControl.py1
  • line 36: Consider possible security implications associated with the subprocess module.
importGmshMesh.py1
  • line 34: Consider possible security implications associated with the subprocess module.
license.*1
  • File not found.
INFO 1
Layout1
  • Uses exec based layout
Authors/Maintainers 0

WebTools master

1.0.0· A collection of tools to work with web services

76.4 / 100

Repository

https://github.com/yorikvanhavre/WebTools
master · Created: 2017-04-08 · Updated: 8 mo · 10 python files

Statistics

0
DL(Yr)
0
DL(Mo)
28
Stars
10
Issues
Manifest
Branch
master
Version
1.0.0
License
LGPL-2.1-or-later
Dependencies 7
  • Internal: Draft
  • Internal: Mesh
  • Internal: PySide
  • Warn: GitPython (Not in AddonManager allowed packages)
  • Warn: Requests (Not in AddonManager allowed packages)
  • Warn: ifcopenshell (Not in AddonManager allowed packages)
  • Warn: importers (Not in AddonManager allowed packages)
Static Analysis 27
HIGH 1
package.xml1
  • line 10: Missing license file 'LICENSE'
MEDIUM 20
BIMServer.py11
  • line 141: Call to requests without timeout
  • line 178: Call to requests without timeout
  • line 191: Call to requests without timeout
  • line 220: Call to requests without timeout
  • line 246: Call to requests without timeout
  • line 263: Call to requests without timeout
  • line 271: Call to requests without timeout
  • line 282: Use of insecure and deprecated function (mktemp).
  • line 305: Call to requests without timeout
  • line 324: Use of insecure and deprecated function (mktemp).
  • line 338: Call to requests without timeout
Sketchfab.py3
  • line 258: Call to requests without timeout
  • line 301: Call to requests without timeout
  • line 343: Call to requests without timeout
Speckle.py6
  • line 31: Call to requests without timeout
  • line 42: Call to requests without timeout
  • line 53: Call to requests without timeout
  • line 63: Call to requests without timeout
  • line 116: Call to requests without timeout
  • line 133: Using xml.sax.make_parser to parse untrusted XML data is known to be vulnerable to XML attacks. Replace xml.sax.make_parser with its defusedxml equivalent function or make sure defusedxml.defuse_stdlib() is called
LOW 6
Sketchfab.py1
  • line 46: Possible hardcoded password: 'https://sketchfab.com/settings/password'
Speckle.py1
  • line 23: Using xml.sax to parse untrusted XML data is known to be vulnerable to XML attacks. Replace xml.sax with the equivalent defusedxml package, or make sure defusedxml.defuse_stdlib() is called.
tools/metadata.py3
  • line 22: Consider possible security implications associated with the subprocess module.
  • line 29: Consider possible security implications associated with the subprocess module.
  • line 30: subprocess call - check for execution of untrusted input.
license.*1
  • File not found.
INFO 2
package.xml1
  • Missing author information in package.xml
Layout1
  • Uses exec based layout
Authors/Maintainers 1
Yorik van Havre

boltsfc main

2022.11.5· Installable FreeCAD package of BOLTS, an Open Library for Technical Specifications.

69.9 / 100

Repository

https://github.com/boltsparts/boltsfc
main · Created: 2017-07-02 · Updated: 4 yr · 51 python files

Statistics

3,725
DL(Yr)
1,312
DL(Mo)
41
Stars
3
Issues
Manifest
Branch
main
Version
2022.11.5
License
LGPLv2.1
Dependencies 3
  • Internal: Arch
  • Internal: PySide
  • Warn: PyYAML (Not in AddonManager allowed packages)
Static Analysis 25
HIGH 3
package.xml3
  • line 2: Expecting an element content, got nothing
  • line 2: Invalid sequence in interleave
  • line 2: Element package failed to validate content
MEDIUM 21
BOLTS/bolttools/test_blt.py1
  • line 26: Use of unsafe yaml load. Allows instantiation of arbitrary objects. Consider yaml.safe_load().
BOLTS/bolttools/test_common.py19
  • line 111: Use of unsafe yaml load. Allows instantiation of arbitrary objects. Consider yaml.safe_load().
  • line 119: Use of unsafe yaml load. Allows instantiation of arbitrary objects. Consider yaml.safe_load().
  • line 128: Use of unsafe yaml load. Allows instantiation of arbitrary objects. Consider yaml.safe_load().
  • line 179: Use of unsafe yaml load. Allows instantiation of arbitrary objects. Consider yaml.safe_load().
  • line 189: Use of unsafe yaml load. Allows instantiation of arbitrary objects. Consider yaml.safe_load().
  • line 200: Use of unsafe yaml load. Allows instantiation of arbitrary objects. Consider yaml.safe_load().
  • line 204: Use of unsafe yaml load. Allows instantiation of arbitrary objects. Consider yaml.safe_load().
  • line 213: Use of unsafe yaml load. Allows instantiation of arbitrary objects. Consider yaml.safe_load().
  • line 278: Use of unsafe yaml load. Allows instantiation of arbitrary objects. Consider yaml.safe_load().
  • line 297: Use of unsafe yaml load. Allows instantiation of arbitrary objects. Consider yaml.safe_load().
  • line 309: Use of unsafe yaml load. Allows instantiation of arbitrary objects. Consider yaml.safe_load().
  • line 321: Use of unsafe yaml load. Allows instantiation of arbitrary objects. Consider yaml.safe_load().
  • line 334: Use of unsafe yaml load. Allows instantiation of arbitrary objects. Consider yaml.safe_load().
  • line 348: Use of unsafe yaml load. Allows instantiation of arbitrary objects. Consider yaml.safe_load().
  • line 355: Use of unsafe yaml load. Allows instantiation of arbitrary objects. Consider yaml.safe_load().
  • line 361: Use of unsafe yaml load. Allows instantiation of arbitrary objects. Consider yaml.safe_load().
  • line 366: Use of unsafe yaml load. Allows instantiation of arbitrary objects. Consider yaml.safe_load().
  • line 377: Use of unsafe yaml load. Allows instantiation of arbitrary objects. Consider yaml.safe_load().
  • line 384: Use of unsafe yaml load. Allows instantiation of arbitrary objects. Consider yaml.safe_load().
BOLTS/bolttools/yaml_in_yaml.py1
  • line 63: Use of unsafe yaml load. Allows instantiation of arbitrary objects. Consider yaml.safe_load().
LOW 1
license.*1
  • File not found.
INFO 2
package.xml1
  • Missing author information in package.xml
Layout1
  • No Mod init scripts found
Authors/Maintainers 1
Bernd Hahnebach

Ondsel-Lens main

2025.12.22.01· Workspace manager for Ondsel Lens workspaces

68.5 / 100

Repository

https://github.com/FreeCAD/Ondsel-Lens-Addon
main · Created: 2025-06-22 · Updated: 5 mo · 66 python files

Statistics

0
DL(Yr)
0
DL(Mo)
4
Stars
8
Issues
Manifest
Branch
main
Version
2025.12.22.01
License
LGPL-2.0-or-later, Apache-2.0, CC0-1.0, CC-BY-SA-2.0, CC-BY-SA-4.0
Dependencies 5
  • Internal: PySide
  • Warn: PyJWT (Not in AddonManager allowed packages)
  • Warn: Requests (Not in AddonManager allowed packages)
  • Warn: config (Not in AddonManager allowed packages)
  • Warn: tzlocal (Not in AddonManager allowed packages)
Static Analysis 24
HIGH 6
register_lens_handler.py1
  • line 112: Starting a process with a shell, possible injection detected, security issue.
package.xml5
  • line 15: Missing license file 'None'
  • line 16: Missing license file 'None'
  • line 17: Missing license file 'None'
  • line 18: Missing license file 'None'
  • line 19: Missing license file 'None'
MEDIUM 13
APIClient.py7
  • line 240: Call to requests without timeout
  • line 264: Call to requests without timeout
  • line 284: Call to requests without timeout
  • line 308: Call to requests without timeout
  • line 335: Call to requests without timeout
  • line 354: Call to requests without timeout
  • line 369: Call to requests without timeout
Utils.py1
  • line 260: Call to requests without timeout
VersionModel.py1
  • line 142: Using xml.etree.ElementTree.fromstring to parse untrusted XML data is known to be vulnerable to XML attacks. Replace xml.etree.ElementTree.fromstring with its defusedxml equivalent function or make sure defusedxml.defuse_stdlib() is called
Workspace.py1
  • line 508: Call to requests without timeout
check_links.py1
  • line 16: Using xml.etree.ElementTree.fromstring to parse untrusted XML data is known to be vulnerable to XML attacks. Replace xml.etree.ElementTree.fromstring with its defusedxml equivalent function or make sure defusedxml.defuse_stdlib() is called
delegates/curation_display_delegate.py1
  • line 193: Call to requests without timeout
integrations/reloadablefile/reloadable.py1
  • line 201: Call to requests without timeout
LOW 5
VersionModel.py1
  • line 9: Using xml.etree.ElementTree to parse untrusted XML data is known to be vulnerable to XML attacks. Replace xml.etree.ElementTree with the equivalent defusedxml package, or make sure defusedxml.defuse_stdlib() is called.
WorkspaceView.py2
  • line 754: Possible hardcoded password: ''
  • line 2834: Standard pseudo-random generators are not suitable for security/cryptographic purposes.
check_links.py1
  • line 6: Using xml.etree.ElementTree to parse untrusted XML data is known to be vulnerable to XML attacks. Replace xml.etree.ElementTree with the equivalent defusedxml package, or make sure defusedxml.defuse_stdlib() is called.
components/login_dialog.py1
  • line 44: Possible hardcoded password: ''
INFO 2
package.xml1
  • Missing author information in package.xml
Layout1
  • Uses exec based layout
Authors/Maintainers 1
Pieter Hijma

Rocket master

5.1.1· Workbench for designing model rockets.

67.8 / 100

Repository

https://github.com/davesrocketshop/Rocket
master · Created: 2021-02-01 · Updated: 4 mo · 311 python files

Statistics

605
DL(Yr)
209
DL(Mo)
74
Stars
9
Issues
Manifest
Branch
master
Version
5.1.1
License
LGPL-2.1-or-later, MIT
Dependencies 10
  • Internal: Fem
  • Internal: PySide
  • Internal: Sketcher
  • Internal: pivy
  • Warn: Materials (Not in AddonManager allowed packages)
  • Warn: Shapely (Not in AddonManager allowed packages)
  • Warn: docx (Not in AddonManager allowed packages)
  • Warn: matplotlib (Not in AddonManager allowed packages)
  • Warn: numpy (Not in AddonManager allowed packages)
  • Warn: pycurl (Not in AddonManager allowed packages)
Static Analysis 51
HIGH 5
util/updateTranslations.py3
  • line 141: Starting a process with a shell, possible injection detected, security issue.
  • line 181: Starting a process with a shell, possible injection detected, security issue.
  • line 201: Starting a process with a shell, possible injection detected, security issue.
util/updatets.py1
  • line 193: Starting a process with a shell, possible injection detected, security issue.
package.xml1
  • line 83: Missing license file 'LICENSE-CODE'
MEDIUM 14
Rocket/Importer/OpenRocket/OpenRocket.py1
  • line 167: Using xml.sax.make_parser to parse untrusted XML data is known to be vulnerable to XML attacks. Replace xml.sax.make_parser with its defusedxml equivalent function or make sure defusedxml.defuse_stdlib() is called
Rocket/Importer/RASAero/RASAero.py1
  • line 185: Using xml.sax.make_parser to parse untrusted XML data is known to be vulnerable to XML attacks. Replace xml.sax.make_parser with its defusedxml equivalent function or make sure defusedxml.defuse_stdlib() is called
Rocket/Importer/Rocksim/Rocksim.py1
  • line 198: Using xml.sax.make_parser to parse untrusted XML data is known to be vulnerable to XML attacks. Replace xml.sax.make_parser with its defusedxml equivalent function or make sure defusedxml.defuse_stdlib() is called
Rocket/Parts/BodyTube.py3
  • line 109: Possible SQL injection vector through string-based query construction.
  • line 115: Possible SQL injection vector through string-based query construction.
  • line 142: Possible SQL injection vector through string-based query construction.
Rocket/Parts/Material.py1
  • line 171: Possible SQL injection vector through string-based query construction.
Rocket/Parts/NoseCone.py1
  • line 134: Possible SQL injection vector through string-based query construction.
Rocket/Parts/PartDatabase.py1
  • line 177: Using xml.sax.make_parser to parse untrusted XML data is known to be vulnerable to XML attacks. Replace xml.sax.make_parser with its defusedxml equivalent function or make sure defusedxml.defuse_stdlib() is called
Rocket/Parts/Transition.py1
  • line 158: Possible SQL injection vector through string-based query construction.
util/updateTranslations.py2
  • line 194: Using xml.sax.parseString to parse untrusted XML data is known to be vulnerable to XML attacks. Replace xml.sax.parseString with its defusedxml equivalent function or make sure defusedxml.defuse_stdlib() is called
  • line 215: Using xml.sax.parseString to parse untrusted XML data is known to be vulnerable to XML attacks. Replace xml.sax.parseString with its defusedxml equivalent function or make sure defusedxml.defuse_stdlib() is called
util/updatecrowdin.py2
  • line 142: Audit url open for permitted schemes. Allowing use of file:/ or custom schemes is often unexpected.
  • line 188: Audit url open for permitted schemes. Allowing use of file:/ or custom schemes is often unexpected.
LOW 30
Rocket/Importer/OpenRocket/OpenRocket.py1
  • line 36: Using xml.sax to parse untrusted XML data is known to be vulnerable to XML attacks. Replace xml.sax with the equivalent defusedxml package, or make sure defusedxml.defuse_stdlib() is called.
Rocket/Importer/RASAero/RASAero.py1
  • line 36: Using xml.sax to parse untrusted XML data is known to be vulnerable to XML attacks. Replace xml.sax with the equivalent defusedxml package, or make sure defusedxml.defuse_stdlib() is called.
Rocket/Importer/Rocksim/Rocksim.py1
  • line 32: Using xml.sax to parse untrusted XML data is known to be vulnerable to XML attacks. Replace xml.sax with the equivalent defusedxml package, or make sure defusedxml.defuse_stdlib() is called.
Rocket/Parts/PartDatabase.py1
  • line 34: Using xml.sax to parse untrusted XML data is known to be vulnerable to XML attacks. Replace xml.sax with the equivalent defusedxml package, or make sure defusedxml.defuse_stdlib() is called.
Rocket/Parts/PartDatabaseOrcImporter.py1
  • line 34: Using xml.sax to parse untrusted XML data is known to be vulnerable to XML attacks. Replace xml.sax with the equivalent defusedxml package, or make sure defusedxml.defuse_stdlib() is called.
util/updateTranslations.py1
  • line 54: Using xml.sax to parse untrusted XML data is known to be vulnerable to XML attacks. Replace xml.sax with the equivalent defusedxml package, or make sure defusedxml.defuse_stdlib() is called.
util/updatecrowdin.py3
  • line 74: Consider possible security implications associated with the subprocess module.
  • line 350: Starting a process with a partial executable path
  • line 350: subprocess call - check for execution of untrusted input.
util/updatets.py23
  • line 51: Consider possible security implications associated with the subprocess module.
  • line 86: Starting a process with a partial executable path
  • line 86: subprocess call - check for execution of untrusted input.
  • line 98: Starting a process with a shell: Seems safe, but may be changed in the future, consider rewriting without shell
  • line 98: Starting a process with a partial executable path
  • line 103: Starting a process with a shell: Seems safe, but may be changed in the future, consider rewriting without shell
  • line 103: Starting a process with a partial executable path
  • line 113: Starting a process with a shell: Seems safe, but may be changed in the future, consider rewriting without shell
  • line 113: Starting a process with a partial executable path
  • line 115: Starting a process with a shell: Seems safe, but may be changed in the future, consider rewriting without shell
  • line 115: Starting a process with a partial executable path
  • line 119: Starting a process with a shell: Seems safe, but may be changed in the future, consider rewriting without shell
  • line 119: Starting a process with a partial executable path
  • line 121: Starting a process with a shell: Seems safe, but may be changed in the future, consider rewriting without shell
  • line 121: Starting a process with a partial executable path
  • line 125: Starting a process with a shell: Seems safe, but may be changed in the future, consider rewriting without shell
  • line 125: Starting a process with a partial executable path
  • line 129: Starting a process with a shell: Seems safe, but may be changed in the future, consider rewriting without shell
  • line 129: Starting a process with a partial executable path
  • line 139: Starting a process with a shell: Seems safe, but may be changed in the future, consider rewriting without shell
  • … 3 more issues
INFO 1
Layout1
  • Uses exec based layout
Authors/Maintainers 1
David Carter

BCFPlugin master

1.0.0· Integrate collaboration in the BIM space through support of the BCF (BIM Collaboration Format).

65.2 / 100

Repository

https://github.com/podestplatz/BCF-Plugin-FreeCAD
master · Created: 2019-05-11 · Updated: 4 yr · 52 python files

Statistics

0
DL(Yr)
0
DL(Mo)
9
Stars
6
Issues
Manifest
Branch
master
Version
1.0.0
License
LGPLv2.1
Dependencies 7
  • Compat: PySide2
  • Internal: Draft
  • Internal: pivy
  • Warn: pyperclip (Not in AddonManager allowed packages)
  • Warn: python_dateutil (Not in AddonManager allowed packages)
  • Warn: pytz (Not in AddonManager allowed packages)
  • Warn: xmlschema (Not in AddonManager allowed packages)
Static Analysis 35
HIGH 8
bcfplugin/tests/interface_tests.py2
  • line 56: Starting a process with a shell, possible injection detected, security issue.
  • line 58: Starting a process with a shell, possible injection detected, security issue.
bcfplugin/tests/search_tests.py2
  • line 51: Starting a process with a shell, possible injection detected, security issue.
  • line 53: Starting a process with a shell, possible injection detected, security issue.
bcfplugin/tests/viewController_tests.py2
  • line 37: Starting a process with a shell, possible injection detected, security issue.
  • line 42: Starting a process with a shell, possible injection detected, security issue.
bcfplugin/tests/writer_tests.py2
  • line 53: Starting a process with a shell, possible injection detected, security issue.
  • line 58: Starting a process with a shell, possible injection detected, security issue.
MEDIUM 9
bcfplugin/rdwr/writer.py4
  • line 529: Using xml.dom.minidom.parseString to parse untrusted XML data is known to be vulnerable to XML attacks. Replace xml.dom.minidom.parseString with its defusedxml equivalent function or make sure defusedxml.defuse_stdlib() is called
  • line 755: Using xml.etree.ElementTree.parse to parse untrusted XML data is known to be vulnerable to XML attacks. Replace xml.etree.ElementTree.parse with its defusedxml equivalent function or make sure defusedxml.defuse_stdlib() is called
  • line 822: Using xml.etree.ElementTree.parse to parse untrusted XML data is known to be vulnerable to XML attacks. Replace xml.etree.ElementTree.parse with its defusedxml equivalent function or make sure defusedxml.defuse_stdlib() is called
  • line 897: Using xml.etree.ElementTree.parse to parse untrusted XML data is known to be vulnerable to XML attacks. Replace xml.etree.ElementTree.parse with its defusedxml equivalent function or make sure defusedxml.defuse_stdlib() is called
bcfplugin/tests/writer_tests.py4
  • line 571: Using xml.etree.ElementTree.parse to parse untrusted XML data is known to be vulnerable to XML attacks. Replace xml.etree.ElementTree.parse with its defusedxml equivalent function or make sure defusedxml.defuse_stdlib() is called
  • line 597: Using xml.etree.ElementTree.parse to parse untrusted XML data is known to be vulnerable to XML attacks. Replace xml.etree.ElementTree.parse with its defusedxml equivalent function or make sure defusedxml.defuse_stdlib() is called
  • line 623: Using xml.etree.ElementTree.parse to parse untrusted XML data is known to be vulnerable to XML attacks. Replace xml.etree.ElementTree.parse with its defusedxml equivalent function or make sure defusedxml.defuse_stdlib() is called
  • line 651: Using xml.etree.ElementTree.parse to parse untrusted XML data is known to be vulnerable to XML attacks. Replace xml.etree.ElementTree.parse with its defusedxml equivalent function or make sure defusedxml.defuse_stdlib() is called
bcfplugin/util.py1
  • line 338: Audit url open for permitted schemes. Allowing use of file:/ or custom schemes is often unexpected.
LOW 18
bcfplugin/frontend/viewController.py1
  • line 72: Standard pseudo-random generators are not suitable for security/cryptographic purposes.
bcfplugin/gui/plugin_view.py1
  • line 39: Consider possible security implications associated with the subprocess module.
bcfplugin/gui/views/topicmetricsdialog.py6
  • line 35: Consider possible security implications associated with the subprocess module.
  • line 127: Starting a process with a partial executable path
  • line 127: subprocess call - check for execution of untrusted input.
  • line 129: Starting a process without a shell.
  • line 131: Starting a process with a partial executable path
  • line 131: subprocess call - check for execution of untrusted input.
bcfplugin/rdwr/markup.py1
  • line 29: Using xml.etree.ElementTree to parse untrusted XML data is known to be vulnerable to XML attacks. Replace xml.etree.ElementTree with the equivalent defusedxml package, or make sure defusedxml.defuse_stdlib() is called.
bcfplugin/rdwr/project.py1
  • line 32: Using xml.etree.ElementTree to parse untrusted XML data is known to be vulnerable to XML attacks. Replace xml.etree.ElementTree with the equivalent defusedxml package, or make sure defusedxml.defuse_stdlib() is called.
bcfplugin/rdwr/threedvector.py1
  • line 29: Using xml.etree.ElementTree to parse untrusted XML data is known to be vulnerable to XML attacks. Replace xml.etree.ElementTree with the equivalent defusedxml package, or make sure defusedxml.defuse_stdlib() is called.
bcfplugin/rdwr/topic.py1
  • line 29: Using xml.etree.ElementTree to parse untrusted XML data is known to be vulnerable to XML attacks. Replace xml.etree.ElementTree with the equivalent defusedxml package, or make sure defusedxml.defuse_stdlib() is called.
bcfplugin/rdwr/writer.py2
  • line 44: Using xml.etree.ElementTree to parse untrusted XML data is known to be vulnerable to XML attacks. Replace xml.etree.ElementTree with the equivalent defusedxml package, or make sure defusedxml.defuse_stdlib() is called.
  • line 45: Using xml.dom.minidom to parse untrusted XML data is known to be vulnerable to XML attacks. Replace xml.dom.minidom with the equivalent defusedxml package, or make sure defusedxml.defuse_stdlib() is called.
bcfplugin/tests/interface_tests.py1
  • line 28: Using xml.etree.ElementTree to parse untrusted XML data is known to be vulnerable to XML attacks. Replace xml.etree.ElementTree with the equivalent defusedxml package, or make sure defusedxml.defuse_stdlib() is called.
bcfplugin/tests/search_tests.py1
  • line 27: Using xml.etree.ElementTree to parse untrusted XML data is known to be vulnerable to XML attacks. Replace xml.etree.ElementTree with the equivalent defusedxml package, or make sure defusedxml.defuse_stdlib() is called.
bcfplugin/tests/writer_tests.py1
  • line 27: Using xml.etree.ElementTree to parse untrusted XML data is known to be vulnerable to XML attacks. Replace xml.etree.ElementTree with the equivalent defusedxml package, or make sure defusedxml.defuse_stdlib() is called.
license.*1
  • File not found.
INFO 2
package.xml1
  • Missing author information in package.xml
Layout1
  • No Mod init scripts found
Authors/Maintainers 1
Patrick Podest (podestplatz)

Curves main

0.6.71· A collection of tools mainly dedicated to NURBS curves and surfaces modeling.

59.9 / 100

Repository

https://github.com/tomate44/CurvesWB
main · Created: 2016-08-06 · Updated: today · 119 python files

Statistics

46,888
DL(Yr)
12,111
DL(Mo)
144
Stars
33
Issues
Manifest
Branch
main
Version
0.6.71
License
LGPL-2.1-or-later, Apache-2.0
Dependencies 9
  • Compat: PySide2
  • Internal: BOPTools
  • Internal: PySide
  • Internal: Sketcher
  • Internal: pivy
  • Warn: numpy (Not in AddonManager allowed packages)
  • Warn: scipy (Not in AddonManager allowed packages)
  • Warn: setuptools (Not in AddonManager allowed packages)
  • Warn: splipy (Not in AddonManager allowed packages)
Static Analysis 39
HIGH 1
package.xml1
  • line 2: Expecting a namespace for element package
MEDIUM 37
freecad/Curves/Discretize.py1
  • line 57: Use of possibly insecure function - consider using safer ast.literal_eval.
freecad/Curves/FC_interaction_example.py1
  • line 242: Use of possibly insecure function - consider using safer ast.literal_eval.
freecad/Curves/ParametricBlendCurve.py1
  • line 661: Use of possibly insecure function - consider using safer ast.literal_eval.
freecad/Curves/ParametricComb.py4
  • line 225: Use of possibly insecure function - consider using safer ast.literal_eval.
  • line 231: Use of possibly insecure function - consider using safer ast.literal_eval.
  • line 260: Use of possibly insecure function - consider using safer ast.literal_eval.
  • line 266: Use of possibly insecure function - consider using safer ast.literal_eval.
freecad/Curves/ProfileSketch.py2
  • line 39: Use of possibly insecure function - consider using safer ast.literal_eval.
  • line 42: Use of possibly insecure function - consider using safer ast.literal_eval.
freecad/Curves/Sketch_On_Surface.py2
  • line 308: Use of possibly insecure function - consider using safer ast.literal_eval.
  • line 525: Use of possibly insecure function - consider using safer ast.literal_eval.
freecad/Curves/TrimFace.py2
  • line 53: Use of possibly insecure function - consider using safer ast.literal_eval.
  • line 65: Use of possibly insecure function - consider using safer ast.literal_eval.
freecad/Curves/_utils.py2
  • line 68: Use of possibly insecure function - consider using safer ast.literal_eval.
  • line 84: Use of possibly insecure function - consider using safer ast.literal_eval.
freecad/Curves/blendSurface.py2
  • line 200: Use of possibly insecure function - consider using safer ast.literal_eval.
  • line 210: Use of possibly insecure function - consider using safer ast.literal_eval.
freecad/Curves/gordon_profile_FP.py3
  • line 68: Use of possibly insecure function - consider using safer ast.literal_eval.
  • line 74: Use of possibly insecure function - consider using safer ast.literal_eval.
  • line 78: Use of possibly insecure function - consider using safer ast.literal_eval.
freecad/Curves/manipulators.py6
  • line 112: Use of possibly insecure function - consider using safer ast.literal_eval.
  • line 115: Use of possibly insecure function - consider using safer ast.literal_eval.
  • line 118: Use of possibly insecure function - consider using safer ast.literal_eval.
  • line 267: Use of possibly insecure function - consider using safer ast.literal_eval.
  • line 270: Use of possibly insecure function - consider using safer ast.literal_eval.
  • line 273: Use of possibly insecure function - consider using safer ast.literal_eval.
freecad/Curves/pasteSVG.py1
  • line 33: Using xml.sax.parseString to parse untrusted XML data is known to be vulnerable to XML attacks. Replace xml.sax.parseString with its defusedxml equivalent function or make sure defusedxml.defuse_stdlib() is called
freecad/Curves/pipeshellFP.py1
  • line 82: Use of possibly insecure function - consider using safer ast.literal_eval.
freecad/Curves/pipeshellProfileFP.py2
  • line 44: Use of possibly insecure function - consider using safer ast.literal_eval.
  • line 59: Use of possibly insecure function - consider using safer ast.literal_eval.
freecad/Curves/profile_editor.py3
  • line 68: Use of possibly insecure function - consider using safer ast.literal_eval.
  • line 71: Use of possibly insecure function - consider using safer ast.literal_eval.
  • line 74: Use of possibly insecure function - consider using safer ast.literal_eval.
freecad/Curves/splitCurves_2.py3
  • line 289: Use of possibly insecure function - consider using safer ast.literal_eval.
  • line 292: Use of possibly insecure function - consider using safer ast.literal_eval.
  • line 295: Use of possibly insecure function - consider using safer ast.literal_eval.
setup.py1
  • line 12: Use of exec detected.
LOW 1
freecad/Curves/pasteSVG.py1
  • line 11: Using xml.sax to parse untrusted XML data is known to be vulnerable to XML attacks. Replace xml.sax with the equivalent defusedxml package, or make sure defusedxml.defuse_stdlib() is called.
INFO 2
package.xml1
  • Missing author information in package.xml
Layout1
  • Uses extension based layout
Authors/Maintainers 1
Christophe Grellier

AnimationFreeCAD main

1.0-beta· The FreeCAD Animation workbench allows users to animate any object easily through visual scripting Nodes thanks to PyFlow.

44.2 / 100

Repository

https://github.com/QuentinTournier40/AnimationFreeCAD
main · Created: 2022-01-29 · Updated: 1 yr · 630 python files

Statistics

1,397
DL(Yr)
458
DL(Mo)
34
Stars
10
Issues
Manifest
Branch
main
Version
1.0-beta
License
Apache-2.0
Dependencies 21
  • Compat: PySide2
  • Compat: shiboken2
  • Internal: Draft
  • Internal: PySide
  • Warn: ConfigParser (Not in AddonManager allowed packages)
  • Warn: Image (Not in AddonManager allowed packages)
  • Warn: Pillow (Not in AddonManager allowed packages)
  • Warn: PyQt4 (Not in AddonManager allowed packages)
  • Warn: PyQt5 (Not in AddonManager allowed packages)
  • Warn: Pygments (Not in AddonManager allowed packages)
  • Warn: Sphinx (Not in AddonManager allowed packages)
  • Warn: aenum (Not in AddonManager allowed packages)
  • Warn: lxml (Not in AddonManager allowed packages)
  • Warn: nose (Not in AddonManager allowed packages)
  • Warn: numpy (Not in AddonManager allowed packages)
  • Warn: opencv-python (Not in AddonManager allowed packages)
  • Warn: recommonmark (Not in AddonManager allowed packages)
  • Warn: setuptools (Not in AddonManager allowed packages)
  • Warn: shiboken (Not in AddonManager allowed packages)
  • Warn: sip (Not in AddonManager allowed packages)
  • Warn: six (Not in AddonManager allowed packages)
Static Analysis 104
HIGH 2
PyFlow/Packages/PyFlowBase/UI/UIPythonNode.py1
  • line 220: subprocess call with shell=True identified, security issue.
package.xml1
  • line 2: Expecting a namespace for element package
MEDIUM 44
PyFlow/Core/PyCodeCompiler.py2
  • line 42: Use of exec detected.
  • line 64: Use of exec detected.
PyFlow/Packages/AnimationFreeCAD/Class/Rotation.py1
  • line 45: Use of exec detected.
PyFlow/Packages/AnimationFreeCAD/Class/TranslationAvecCourbe.py1
  • line 56: Use of exec detected.
PyFlow/Packages/AnimationFreeCAD/Class/TranslationTest.py1
  • line 56: Use of exec detected.
PyFlow/Packages/AnimationFreeCAD/Class/translationFormuleMathematiques.py5
  • line 26: Use of possibly insecure function - consider using safer ast.literal_eval.
  • line 27: Use of possibly insecure function - consider using safer ast.literal_eval.
  • line 28: Use of possibly insecure function - consider using safer ast.literal_eval.
  • line 48: Use of exec detected.
  • line 56: Use of exec detected.
requirements/Qt.py-master/examples/loadUi/baseinstance2.py3
  • line 35: Using xml.etree.ElementTree.parse to parse untrusted XML data is known to be vulnerable to XML attacks. Replace xml.etree.ElementTree.parse with its defusedxml equivalent function or make sure defusedxml.defuse_stdlib() is called
  • line 45: Use of exec detected.
  • line 50: Use of possibly insecure function - consider using safer ast.literal_eval.
requirements/Qt.py-master/membership.py3
  • line 158: Use of exec detected.
  • line 167: Use of exec detected.
  • line 176: Use of exec detected.
requirements/blinker-master/tests/test_utilities.py1
  • line 23: Pickle and modules that wrap it can be unsafe when used to deserialize untrusted data, possible security issue.
requirements/docutils-0.18/docutils/utils/math/math2html.py1
  • line 3173: Use of possibly insecure function - consider using safer ast.literal_eval.
requirements/docutils-0.18/docutils/writers/docutils_xml.py1
  • line 84: Using xml.sax.make_parser to parse untrusted XML data is known to be vulnerable to XML attacks. Replace xml.sax.make_parser with its defusedxml equivalent function or make sure defusedxml.defuse_stdlib() is called
requirements/docutils-0.18/docutils/writers/odf_odt/__init__.py6
  • line 758: Using xml.dom.minidom.parseString to parse untrusted XML data is known to be vulnerable to XML attacks. Replace xml.dom.minidom.parseString with its defusedxml equivalent function or make sure defusedxml.defuse_stdlib() is called
  • line 985: Using xml.etree.ElementTree.fromstring to parse untrusted XML data is known to be vulnerable to XML attacks. Replace xml.etree.ElementTree.fromstring with its defusedxml equivalent function or make sure defusedxml.defuse_stdlib() is called
  • line 986: Using xml.etree.ElementTree.fromstring to parse untrusted XML data is known to be vulnerable to XML attacks. Replace xml.etree.ElementTree.fromstring with its defusedxml equivalent function or make sure defusedxml.defuse_stdlib() is called
  • line 991: Using xml.etree.ElementTree.fromstring to parse untrusted XML data is known to be vulnerable to XML attacks. Replace xml.etree.ElementTree.fromstring with its defusedxml equivalent function or make sure defusedxml.defuse_stdlib() is called
  • line 2688: Using xml.etree.ElementTree.fromstring to parse untrusted XML data is known to be vulnerable to XML attacks. Replace xml.etree.ElementTree.fromstring with its defusedxml equivalent function or make sure defusedxml.defuse_stdlib() is called
  • line 2910: Using xml.etree.ElementTree.fromstring to parse untrusted XML data is known to be vulnerable to XML attacks. Replace xml.etree.ElementTree.fromstring with its defusedxml equivalent function or make sure defusedxml.defuse_stdlib() is called
requirements/docutils-0.18/test/functional/tests/footnotes_html5.py1
  • line 2: Use of exec detected.
requirements/docutils-0.18/test/functional/tests/standalone_rst_docutils_xml.py1
  • line 2: Use of exec detected.
requirements/docutils-0.18/test/functional/tests/standalone_rst_html4css1.py1
  • line 2: Use of exec detected.
requirements/docutils-0.18/test/functional/tests/standalone_rst_html5.py1
  • line 2: Use of exec detected.
requirements/docutils-0.18/test/functional/tests/standalone_rst_latex.py1
  • line 2: Use of exec detected.
requirements/docutils-0.18/test/functional/tests/standalone_rst_manpage.py1
  • line 2: Use of exec detected.
requirements/docutils-0.18/test/functional/tests/standalone_rst_pseudoxml.py1
  • line 2: Use of exec detected.
requirements/docutils-0.18/test/functional/tests/standalone_rst_s5_html_1.py1
  • line 2: Use of exec detected.
requirements/docutils-0.18/test/functional/tests/standalone_rst_s5_html_2.py1
  • line 3: Use of exec detected.
requirements/docutils-0.18/test/functional/tests/standalone_rst_xetex.py1
  • line 2: Use of exec detected.
requirements/docutils-0.18/test/test_functional.py2
  • line 114: Use of exec detected.
  • line 116: Use of exec detected.
requirements/docutils-0.18/test/test_pickle.py1
  • line 23: Pickle and modules that wrap it can be unsafe when used to deserialize untrusted data, possible security issue.
requirements/docutils-0.18/test/test_publisher.py1
  • line 160: Pickle and modules that wrap it can be unsafe when used to deserialize untrusted data, possible security issue.
requirements/docutils-0.18/test/test_writers/test_odt.py1
  • line 107: Using xml.etree.ElementTree.fromstring to parse untrusted XML data is known to be vulnerable to XML attacks. Replace xml.etree.ElementTree.fromstring with its defusedxml equivalent function or make sure defusedxml.defuse_stdlib() is called
requirements/docutils-0.18/tools/dev/create_unimap.py1
  • line 66: Using xml.dom.minidom.parse to parse untrusted XML data is known to be vulnerable to XML attacks. Replace xml.dom.minidom.parse with its defusedxml equivalent function or make sure defusedxml.defuse_stdlib() is called
requirements/docutils-0.18/tools/dev/profile_docutils.py1
  • line 38: Use of exec detected.
requirements/nine-1.1.0/nine-1.1.0/nine/__init__.py1
  • line 52: Use of exec detected.
requirements/nine-1.1.0/nine/__init__.py1
  • line 52: Use of exec detected.
LOW 58
PyFlow/App.py3
  • line 21: Consider possible security implications associated with the subprocess module.
  • line 71: Standard pseudo-random generators are not suitable for security/cryptographic purposes.
  • line 205: Try, Except, Continue detected.
PyFlow/Core/GraphBase.py1
  • line 235: Try, Except, Continue detected.
PyFlow/Packages/AnimationFreeCAD/Class/Exportation.py1
  • line 4: Consider possible security implications associated with FALSE module.
PyFlow/Packages/PyFlowBase/FunctionLibraries/DefaultLib.py4
  • line 55: Starting a process with a shell: Seems safe, but may be changed in the future, consider rewriting without shell
  • line 55: Starting a process with a partial executable path
  • line 57: Starting a process with a shell: Seems safe, but may be changed in the future, consider rewriting without shell
  • line 57: Starting a process with a partial executable path
PyFlow/Packages/PyFlowBase/FunctionLibraries/RandomLib.py1
  • line 36: Standard pseudo-random generators are not suitable for security/cryptographic purposes.
PyFlow/Packages/PyFlowBase/Tools/LoggerTool.py2
  • line 30: Consider possible security implications associated with the subprocess module.
  • line 256: subprocess call - check for execution of untrusted input.
PyFlow/Packages/PyFlowBase/UI/UIPythonNode.py1
  • line 17: Consider possible security implications associated with the subprocess module.
PyFlow/UI/CompileUiQt.py2
  • line 18: Consider possible security implications associated with the subprocess module.
  • line 41: subprocess call - check for execution of untrusted input.
PyFlow/UI/EncodeResources.py2
  • line 18: Consider possible security implications associated with the subprocess module.
  • line 54: subprocess call - check for execution of untrusted input.
PyFlow/Wizards/PkgGen.py1
  • line 152: Standard pseudo-random generators are not suitable for security/cryptographic purposes.
requirements/Qt.py-master/Qt.py1
  • line 942: Using ElementTree to parse untrusted XML data is known to be vulnerable to XML attacks. Replace ElementTree with the equivalent defusedxml package, or make sure defusedxml.defuse_stdlib() is called.
requirements/Qt.py-master/examples/loadUi/baseinstance2.py1
  • line 32: Using xml.etree.ElementTree to parse untrusted XML data is known to be vulnerable to XML attacks. Replace xml.etree.ElementTree with the equivalent defusedxml package, or make sure defusedxml.defuse_stdlib() is called.
requirements/Qt.py-master/run_tests.py5
  • line 4: Consider possible security implications associated with the subprocess module.
  • line 43: subprocess call - check for execution of untrusted input.
  • line 47: subprocess call - check for execution of untrusted input.
  • line 50: subprocess call - check for execution of untrusted input.
  • line 53: subprocess call - check for execution of untrusted input.
requirements/Qt.py-master/tests.py9
  • line 9: Consider possible security implications associated with the subprocess module.
  • line 441: Using ElementTree to parse untrusted XML data is known to be vulnerable to XML attacks. Replace ElementTree with the equivalent defusedxml package, or make sure defusedxml.defuse_stdlib() is called.
  • line 560: subprocess call - check for execution of untrusted input.
  • line 568: subprocess call - check for execution of untrusted input.
  • line 576: subprocess call - check for execution of untrusted input.
  • line 594: subprocess call - check for execution of untrusted input.
  • line 637: subprocess call - check for execution of untrusted input.
  • line 647: subprocess call - check for execution of untrusted input.
  • line 836: subprocess call - check for execution of untrusted input.
requirements/blinker-master/tests/test_utilities.py1
  • line 1: Consider possible security implications associated with pickle module.
requirements/docutils-0.18/docutils/nodes.py2
  • line 93: Using xml.dom.minidom to parse untrusted XML data is known to be vulnerable to XML attacks. Replace xml.dom.minidom with the equivalent defusedxml package, or make sure defusedxml.defuse_stdlib() is called.
  • line 1350: Using xml.dom.minidom to parse untrusted XML data is known to be vulnerable to XML attacks. Replace xml.dom.minidom with the equivalent defusedxml package, or make sure defusedxml.defuse_stdlib() is called.
requirements/docutils-0.18/docutils/utils/math/tex2mathml_extern.py8
  • line 19: Consider possible security implications associated with the subprocess module.
  • line 33: Starting a process with a partial executable path
  • line 33: subprocess call - check for execution of untrusted input.
  • line 49: Starting a process with a partial executable path
  • line 49: subprocess call - check for execution of untrusted input.
  • line 79: Starting a process with a partial executable path
  • line 79: subprocess call - check for execution of untrusted input.
  • line 121: subprocess call - check for execution of untrusted input.
requirements/docutils-0.18/docutils/utils/smartquotes.py1
  • line 568: Possible hardcoded password: ' '
requirements/docutils-0.18/docutils/writers/docutils_xml.py1
  • line 14: Using xml.sax.saxutils to parse untrusted XML data is known to be vulnerable to XML attacks. Replace xml.sax.saxutils with the equivalent defusedxml package, or make sure defusedxml.defuse_stdlib() is called.
requirements/docutils-0.18/docutils/writers/odf_odt/__init__.py4
  • line 19: Using ElementTree to parse untrusted XML data is known to be vulnerable to XML attacks. Replace ElementTree with the equivalent defusedxml package, or make sure defusedxml.defuse_stdlib() is called.
  • line 20: Using minidom to parse untrusted XML data is known to be vulnerable to XML attacks. Replace minidom with the equivalent defusedxml package, or make sure defusedxml.defuse_stdlib() is called.
  • line 1104: Starting a process with a shell: Seems safe, but may be changed in the future, consider rewriting without shell
  • line 1104: Starting a process with a partial executable path
requirements/docutils-0.18/docutils/writers/pep_html/__init__.py1
  • line 83: Standard pseudo-random generators are not suitable for security/cryptographic purposes.
requirements/docutils-0.18/test/test_pickle.py1
  • line 12: Consider possible security implications associated with pickle module.
requirements/docutils-0.18/test/test_publisher.py1
  • line 11: Consider possible security implications associated with pickle module.
requirements/docutils-0.18/test/test_writers/test_odt.py1
  • line 36: Using xml.etree.ElementTree to parse untrusted XML data is known to be vulnerable to XML attacks. Replace xml.etree.ElementTree with the equivalent defusedxml package, or make sure defusedxml.defuse_stdlib() is called.
requirements/docutils-0.18/tools/dev/create_unimap.py1
  • line 13: Using minidom to parse untrusted XML data is known to be vulnerable to XML attacks. Replace minidom with the equivalent defusedxml package, or make sure defusedxml.defuse_stdlib() is called.
requirements/docutils-0.18/tools/test/test_buildhtml.py2
  • line 27: Consider possible security implications associated with the subprocess module.
  • line 39: subprocess call - check for execution of untrusted input.
INFO 1
Layout1
  • Uses exec based layout
Authors/Maintainers 2
Quentin Tournier Andréas Cottet

workfeature-macro

No description

17.9 / 100

Repository

https://github.com/Rentlau/WorkFeature
master · Created: 2015-02-15 · Updated: 1 yr · 34 python files

Statistics

0
DL(Yr)
0
DL(Mo)
28
Stars
3
Issues
Dependencies 6
  • Compat: PySide2
  • Internal: Draft
  • Internal: Mesh
  • Internal: PySide
  • Internal: pivy
  • Warn: numpy (Not in AddonManager allowed packages)
Static Analysis 81
HIGH 1
package.xml1
  • File not found.
MEDIUM 34
WorkFeature/ParCurve/WF_ObjParCurve.py66
  • line 610: Use of possibly insecure function - consider using safer ast.literal_eval.
  • line 615: Use of possibly insecure function - consider using safer ast.literal_eval.
  • line 620: Use of possibly insecure function - consider using safer ast.literal_eval.
  • line 625: Use of possibly insecure function - consider using safer ast.literal_eval.
  • line 750: Use of possibly insecure function - consider using safer ast.literal_eval.
  • line 751: Use of possibly insecure function - consider using safer ast.literal_eval.
  • line 779: Use of possibly insecure function - consider using safer ast.literal_eval.
  • line 780: Use of possibly insecure function - consider using safer ast.literal_eval.
  • line 781: Use of possibly insecure function - consider using safer ast.literal_eval.
  • line 789: Use of possibly insecure function - consider using safer ast.literal_eval.
  • line 790: Use of possibly insecure function - consider using safer ast.literal_eval.
  • line 791: Use of possibly insecure function - consider using safer ast.literal_eval.
  • line 801: Use of possibly insecure function - consider using safer ast.literal_eval.
  • line 802: Use of possibly insecure function - consider using safer ast.literal_eval.
  • line 803: Use of possibly insecure function - consider using safer ast.literal_eval.
  • line 855: Use of exec detected.
  • line 894: Use of possibly insecure function - consider using safer ast.literal_eval.
  • line 895: Use of possibly insecure function - consider using safer ast.literal_eval.
  • line 896: Use of possibly insecure function - consider using safer ast.literal_eval.
  • line 942: Use of exec detected.
  • … 46 more issues
WorkFeature/ParCurve/WF_ObjParCurveEdit.py1
  • line 266: Use of possibly insecure function - consider using safer ast.literal_eval.
WorkFeature/WF.py12
  • line 1001: Use of possibly insecure function - consider using safer ast.literal_eval.
  • line 3804: Possible SQL injection vector through string-based query construction.
  • line 4199: Possible SQL injection vector through string-based query construction.
  • line 5727: Possible SQL injection vector through string-based query construction.
  • line 5805: Possible SQL injection vector through string-based query construction.
  • line 5806: Possible SQL injection vector through string-based query construction.
  • line 5807: Possible SQL injection vector through string-based query construction.
  • line 5808: Possible SQL injection vector through string-based query construction.
  • line 12983: Possible SQL injection vector through string-based query construction.
  • line 13084: Possible SQL injection vector through string-based query construction.
  • line 13421: Possible SQL injection vector through string-based query construction.
  • line 13478: Possible SQL injection vector through string-based query construction.
LOW 1
license.*1
  • File not found.
INFO 1
Layout1
  • No Mod init scripts found
Authors/Maintainers 0

pcb master

6.2023.1· Printed Circuit Board (PCB) Workbench for FreeCAD

0 / 100

Repository

https://github.com/marmni/FreeCAD-PCB
master · Created: 2016-01-06 · Updated: 2 mo · 280 python files

Statistics

2,814
DL(Yr)
825
DL(Mo)
118
Stars
7
Issues
Manifest
Branch
master
Version
6.2023.1
License
AGPLv3.0
Dependencies 19
  • Internal: Draft
  • Internal: Mesh
  • Internal: PySide
  • Internal: Sketcher
  • Internal: pivy
  • Warn: ConfigParser (Not in AddonManager allowed packages)
  • Warn: PyQt4 (Not in AddonManager allowed packages)
  • Warn: Sybase (Not in AddonManager allowed packages)
  • Warn: cdecimal (Not in AddonManager allowed packages)
  • Warn: cx_Oracle (Not in AddonManager allowed packages)
  • Warn: dataBase (Not in AddonManager allowed packages)
  • Warn: mx (Not in AddonManager allowed packages)
  • Warn: pgdb (Not in AddonManager allowed packages)
  • Warn: protobuf (Not in AddonManager allowed packages)
  • Warn: pysqlcipher3 (Not in AddonManager allowed packages)
  • Warn: pysqlite (Not in AddonManager allowed packages)
  • Warn: pytest (Not in AddonManager allowed packages)
  • Warn: pytest_xdist (Not in AddonManager allowed packages)
  • Warn: setuptools (Not in AddonManager allowed packages)
Static Analysis 147
HIGH 3
sqlalchemy/util/langhelpers.py1
  • line 31: Use of weak MD5 hash for security. Consider usedforsecurity=False
package.xml1
  • line 7: Missing license file 'LICENSE'
Layout1
  • Invalid __init__.py file in root. Change to Init.py
MEDIUM 86
PCBbrd.py1
  • line 79: Using xml.dom.minidom.parse to parse untrusted XML data is known to be vulnerable to XML attacks. Replace xml.dom.minidom.parse with its defusedxml equivalent function or make sure defusedxml.defuse_stdlib() is called
PCBdataBase.py8
  • line 345: Use of possibly insecure function - consider using safer ast.literal_eval.
  • line 346: Use of possibly insecure function - consider using safer ast.literal_eval.
  • line 347: Use of possibly insecure function - consider using safer ast.literal_eval.
  • line 369: Use of possibly insecure function - consider using safer ast.literal_eval.
  • line 833: Use of possibly insecure function - consider using safer ast.literal_eval.
  • line 839: Use of possibly insecure function - consider using safer ast.literal_eval.
  • line 856: Use of possibly insecure function - consider using safer ast.literal_eval.
  • line 864: Use of possibly insecure function - consider using safer ast.literal_eval.
PCBfunctions.py1
  • line 835: Use of possibly insecure function - consider using safer ast.literal_eval.
PCBpartManaging.py8
  • line 144: Use of possibly insecure function - consider using safer ast.literal_eval.
  • line 149: Use of possibly insecure function - consider using safer ast.literal_eval.
  • line 591: Use of possibly insecure function - consider using safer ast.literal_eval.
  • line 652: Use of possibly insecure function - consider using safer ast.literal_eval.
  • line 820: Use of possibly insecure function - consider using safer ast.literal_eval.
  • line 821: Use of possibly insecure function - consider using safer ast.literal_eval.
  • line 892: Use of possibly insecure function - consider using safer ast.literal_eval.
  • line 893: Use of possibly insecure function - consider using safer ast.literal_eval.
command/PCBassembly.py1
  • line 454: Use of possibly insecure function - consider using safer ast.literal_eval.
command/PCBassignModel.py3
  • line 448: Use of possibly insecure function - consider using safer ast.literal_eval.
  • line 455: Use of possibly insecure function - consider using safer ast.literal_eval.
  • line 918: Use of possibly insecure function - consider using safer ast.literal_eval.
command/PCBexport.py2
  • line 146: Use of possibly insecure function - consider using safer ast.literal_eval.
  • line 1241: Using xml.dom.minidom.parse to parse untrusted XML data is known to be vulnerable to XML attacks. Replace xml.dom.minidom.parse with its defusedxml equivalent function or make sure defusedxml.defuse_stdlib() is called
command/PCBexportBOM.py1
  • line 364: Use of possibly insecure function - consider using safer ast.literal_eval.
command/PCBexportDrillingMap.py36
  • line 146: Use of possibly insecure function - consider using safer ast.literal_eval.
  • line 280: Use of possibly insecure function - consider using safer ast.literal_eval.
  • line 281: Use of possibly insecure function - consider using safer ast.literal_eval.
  • line 294: Use of possibly insecure function - consider using safer ast.literal_eval.
  • line 295: Use of possibly insecure function - consider using safer ast.literal_eval.
  • line 303: Use of possibly insecure function - consider using safer ast.literal_eval.
  • line 304: Use of possibly insecure function - consider using safer ast.literal_eval.
  • line 305: Use of possibly insecure function - consider using safer ast.literal_eval.
  • line 319: Use of possibly insecure function - consider using safer ast.literal_eval.
  • line 320: Use of possibly insecure function - consider using safer ast.literal_eval.
  • line 321: Use of possibly insecure function - consider using safer ast.literal_eval.
  • line 473: Use of possibly insecure function - consider using safer ast.literal_eval.
  • line 481: Use of possibly insecure function - consider using safer ast.literal_eval.
  • line 491: Use of possibly insecure function - consider using safer ast.literal_eval.
  • line 503: Use of possibly insecure function - consider using safer ast.literal_eval.
  • line 508: Use of possibly insecure function - consider using safer ast.literal_eval.
  • line 515: Use of possibly insecure function - consider using safer ast.literal_eval.
  • line 535: Use of possibly insecure function - consider using safer ast.literal_eval.
  • line 536: Use of possibly insecure function - consider using safer ast.literal_eval.
  • line 544: Use of possibly insecure function - consider using safer ast.literal_eval.
  • … 16 more issues
command/PCBexportHoles.py1
  • line 376: Use of possibly insecure function - consider using safer ast.literal_eval.
command/PCBglue.py1
  • line 126: Use of possibly insecure function - consider using safer ast.literal_eval.
command/PCBsections.py3
  • line 141: Use of possibly insecure function - consider using safer ast.literal_eval.
  • line 739: Using xml.dom.minidom.parse to parse untrusted XML data is known to be vulnerable to XML attacks. Replace xml.dom.minidom.parse with its defusedxml equivalent function or make sure defusedxml.defuse_stdlib() is called
  • line 749: Using xml.dom.minidom.parse to parse untrusted XML data is known to be vulnerable to XML attacks. Replace xml.dom.minidom.parse with its defusedxml equivalent function or make sure defusedxml.defuse_stdlib() is called
formats/dialogMAIN_FORM.py1
  • line 306: Use of possibly insecure function - consider using safer ast.literal_eval.
formats/eagle.py2
  • line 59: Using xml.dom.minidom.parse to parse untrusted XML data is known to be vulnerable to XML attacks. Replace xml.dom.minidom.parse with its defusedxml equivalent function or make sure defusedxml.defuse_stdlib() is called
  • line 140: Using xml.dom.minidom.parse to parse untrusted XML data is known to be vulnerable to XML attacks. Replace xml.dom.minidom.parse with its defusedxml equivalent function or make sure defusedxml.defuse_stdlib() is called
sqlalchemy/dialects/firebird/base.py1
  • line 614: Possible SQL injection vector through string-based query construction.
sqlalchemy/dialects/mssql/base.py1
  • line 2405: Possible SQL injection vector through string-based query construction.
sqlalchemy/dialects/mysql/base.py1
  • line 1683: Possible SQL injection vector through string-based query construction.
sqlalchemy/dialects/oracle/base.py1
  • line 1246: Possible SQL injection vector through string-based query construction.
sqlalchemy/dialects/postgresql/base.py7
  • line 1975: Possible SQL injection vector through string-based query construction.
  • line 2883: Possible SQL injection vector through string-based query construction.
  • line 2964: Possible SQL injection vector through string-based query construction.
  • line 3000: Possible SQL injection vector through string-based query construction.
  • line 3238: Possible SQL injection vector through string-based query construction.
  • line 3416: Possible SQL injection vector through string-based query construction.
  • line 3454: Possible SQL injection vector through string-based query construction.
sqlalchemy/dialects/sqlite/base.py6
  • line 1091: Possible SQL injection vector through string-based query construction.
  • line 1638: Possible SQL injection vector through string-based query construction.
  • line 1677: Possible SQL injection vector through string-based query construction.
  • line 1689: Possible SQL injection vector through string-based query construction.
  • line 2150: Possible SQL injection vector through string-based query construction.
  • line 2159: Possible SQL injection vector through string-based query construction.
sqlalchemy/ext/declarative/clsregistry.py1
  • line 326: Use of possibly insecure function - consider using safer ast.literal_eval.
sqlalchemy/orm/instrumentation.py1
  • line 565: Use of exec detected.
sqlalchemy/orm/persistence.py1
  • line 833: Possible SQL injection vector through string-based query construction.
sqlalchemy/sql/selectable.py1
  • line 3253: Possible SQL injection vector through string-based query construction.
sqlalchemy/testing/plugin/pytestplugin.py1
  • line 321: Use of exec detected.
sqlalchemy/testing/suite/test_reflection.py2
  • line 150: Possible SQL injection vector through string-based query construction.
  • line 431: Possible SQL injection vector through string-based query construction.
sqlalchemy/testing/suite/test_sequence.py1
  • line 85: Possible SQL injection vector through string-based query construction.
sqlalchemy/util/_preloaded.py1
  • line 144: Use of possibly insecure function - consider using safer ast.literal_eval.
sqlalchemy/util/compat.py3
  • line 244: Use of exec detected.
  • line 246: Use of exec detected.
  • line 293: Use of exec detected.
sqlalchemy/util/langhelpers.py3
  • line 162: Use of exec detected.
  • line 207: Use of exec detected.
  • line 1455: Use of exec detected.
LOW 43
PCBbrd.py1
  • line 35: Using minidom to parse untrusted XML data is known to be vulnerable to XML attacks. Replace minidom with the equivalent defusedxml package, or make sure defusedxml.defuse_stdlib() is called.
PCBfunctions.py2
  • line 327: Standard pseudo-random generators are not suitable for security/cryptographic purposes.
  • line 330: Standard pseudo-random generators are not suitable for security/cryptographic purposes.
PCBobjects.py3
  • line 868: Standard pseudo-random generators are not suitable for security/cryptographic purposes.
  • line 868: Standard pseudo-random generators are not suitable for security/cryptographic purposes.
  • line 868: Standard pseudo-random generators are not suitable for security/cryptographic purposes.
PCBtoolBar.py2
  • line 250: Starting a process without a shell.
  • line 832: Try, Except, Continue detected.
command/PCBassembly.py1
  • line 299: Standard pseudo-random generators are not suitable for security/cryptographic purposes.
command/PCBexplode.py2
  • line 518: Try, Except, Continue detected.
  • line 533: Try, Except, Continue detected.
command/PCBexport.py1
  • line 34: Using minidom to parse untrusted XML data is known to be vulnerable to XML attacks. Replace minidom with the equivalent defusedxml package, or make sure defusedxml.defuse_stdlib() is called.
command/PCBexportDrillingMap.py1
  • line 164: Standard pseudo-random generators are not suitable for security/cryptographic purposes.
command/PCBexportKerkythea.py3
  • line 169: Standard pseudo-random generators are not suitable for security/cryptographic purposes.
  • line 172: Standard pseudo-random generators are not suitable for security/cryptographic purposes.
  • line 346: Try, Except, Continue detected.
command/PCBexportPovRay.py1
  • line 72: Try, Except, Continue detected.
command/PCBsections.py1
  • line 37: Using minidom to parse untrusted XML data is known to be vulnerable to XML attacks. Replace minidom with the equivalent defusedxml package, or make sure defusedxml.defuse_stdlib() is called.
formats/eagle.py1
  • line 30: Using minidom to parse untrusted XML data is known to be vulnerable to XML attacks. Replace minidom with the equivalent defusedxml package, or make sure defusedxml.defuse_stdlib() is called.
formats/fidocadj.py3
  • line 611: Try, Except, Continue detected.
  • line 863: Try, Except, Continue detected.
  • line 1078: Try, Except, Continue detected.
formats/kicad_v3.py1
  • line 855: Try, Except, Continue detected.
formats/librepcb.py1
  • line 600: Try, Except, Continue detected.
formats/razen.py1
  • line 78: Try, Except, Continue detected.
sqlalchemy/dialects/mssql/base.py3
  • line 2261: Possible hardcoded password: '['
  • line 2264: Possible hardcoded password: ']'
  • line 2266: Possible hardcoded password: '.'
sqlalchemy/dialects/mysql/mysqldb.py1
  • line 184: Possible hardcoded password: 'passwd'
sqlalchemy/dialects/mysql/oursql.py1
  • line 204: Possible hardcoded password: 'passwd'
sqlalchemy/dialects/oracle/cx_oracle.py1
  • line 1176: Standard pseudo-random generators are not suitable for security/cryptographic purposes.
sqlalchemy/dialects/oracle/provision.py1
  • line 101: Possible hardcoded password: 'xe'
sqlalchemy/dialects/sybase/pysybase.py1
  • line 74: Possible hardcoded password: 'passwd'
sqlalchemy/engine/default.py1
  • line 578: Standard pseudo-random generators are not suitable for security/cryptographic purposes.
sqlalchemy/orm/path_registry.py2
  • line 27: Possible hardcoded password: '*'
  • line 28: Possible hardcoded password: '_sa_default'
sqlalchemy/testing/util.py3
  • line 54: Consider possible security implications associated with cPickle module.
  • line 60: Consider possible security implications associated with pickle module.
  • line 87: Standard pseudo-random generators are not suitable for security/cryptographic purposes.
sqlalchemy/util/compat.py3
  • line 108: Consider possible security implications associated with pickle module.
  • line 218: Consider possible security implications associated with cPickle module.
  • line 220: Consider possible security implications associated with pickle module.
license.*1
  • File not found.
INFO 2
package.xml1
  • Missing author information in package.xml
Layout1
  • Uses exec based layout
Authors/Maintainers 1
marmni

AIGenFurniture main

0.1.5· Parametric furniture cabinet design workbench. Generate cabinets from simple boxes, apply features (fronts, shelves, drawers), and export ma...

0 / 100

Repository

https://github.com/yelloish6/AIGenFurniture-freecad-workbench
main · Created: 2025-08-27 · Updated: 8 d · 871 python files

Statistics

722
DL(Yr)
722
DL(Mo)
3
Stars
0
Issues
Manifest
Branch
main
Version
0.1.5
License
LGPL-2.1-or-later
Dependencies 35
  • Internal: Draft
  • Internal: PySide
  • Warn: Cython (Not in AddonManager allowed packages)
  • Warn: Image (Not in AddonManager allowed packages)
  • Warn: Pillow (Not in AddonManager allowed packages)
  • Warn: PyInstaller (Not in AddonManager allowed packages)
  • Warn: Pygments (Not in AddonManager allowed packages)
  • Warn: Pyphen (Not in AddonManager allowed packages)
  • Warn: blessings (Not in AddonManager allowed packages)
  • Warn: checks (Not in AddonManager allowed packages)
  • Warn: cppyy (Not in AddonManager allowed packages)
  • Warn: defusedxml (Not in AddonManager allowed packages)
  • Warn: fontTools (Not in AddonManager allowed packages)
  • Warn: freetype_py (Not in AddonManager allowed packages)
  • Warn: hypothesis (Not in AddonManager allowed packages)
  • Warn: ipykernel (Not in AddonManager allowed packages)
  • Warn: ipython (Not in AddonManager allowed packages)
  • Warn: lxml (Not in AddonManager allowed packages)
  • Warn: mtrand (Not in AddonManager allowed packages)
  • Warn: mypy (Not in AddonManager allowed packages)
  • Warn: new (Not in AddonManager allowed packages)
  • Warn: pandas (Not in AddonManager allowed packages)
  • Warn: psutil (Not in AddonManager allowed packages)
  • Warn: pyaes (Not in AddonManager allowed packages)
  • Warn: pylibdmtx (Not in AddonManager allowed packages)
  • Warn: pymupdf_fonts (Not in AddonManager allowed packages)
  • Warn: pytest (Not in AddonManager allowed packages)
  • Warn: pytz (Not in AddonManager allowed packages)
  • Warn: rlPyCairo (Not in AddonManager allowed packages)
  • Warn: rlextra (Not in AddonManager allowed packages)
  • Warn: scipy_doctest (Not in AddonManager allowed packages)
  • Warn: sets (Not in AddonManager allowed packages)
  • Warn: setuptools (Not in AddonManager allowed packages)
  • Warn: threadpoolctl (Not in AddonManager allowed packages)
  • Warn: uharfbuzz (Not in AddonManager allowed packages)
Static Analysis 361
HIGH 7
freecad/AIGenFurniture/vendor/pymupdf/__init__.py1
  • line 17841: subprocess call with shell=True identified, security issue.
freecad/AIGenFurniture/vendor/reportlab/lib/pdfencrypt.py6
  • line 344: Use of weak MD5 hash for security. Consider usedforsecurity=False
  • line 355: Use of weak MD5 hash for security. Consider usedforsecurity=False
  • line 373: Use of weak MD5 hash for security. Consider usedforsecurity=False
  • line 379: Use of weak MD5 hash for security. Consider usedforsecurity=False
  • line 395: Use of weak MD5 hash for security. Consider usedforsecurity=False
  • line 432: Use of weak MD5 hash for security. Consider usedforsecurity=False
MEDIUM 156
freecad/AIGenFurniture/vendor/numpy/__config__.py1
  • line 96: Probable insecure usage of temp file/directory.
freecad/AIGenFurniture/vendor/numpy/_core/tests/test__exceptions.py2
  • line 19: Pickle and modules that wrap it can be unsafe when used to deserialize untrusted data, possible security issue.
  • line 84: Pickle and modules that wrap it can be unsafe when used to deserialize untrusted data, possible security issue.
freecad/AIGenFurniture/vendor/numpy/_core/tests/test_arrayprint.py2
  • line 340: Use of possibly insecure function - consider using safer ast.literal_eval.
  • line 341: Use of possibly insecure function - consider using safer ast.literal_eval.
freecad/AIGenFurniture/vendor/numpy/_core/tests/test_custom_dtypes.py1
  • line 308: Pickle and modules that wrap it can be unsafe when used to deserialize untrusted data, possible security issue.
freecad/AIGenFurniture/vendor/numpy/_core/tests/test_datetime.py7
  • line 851: Pickle and modules that wrap it can be unsafe when used to deserialize untrusted data, possible security issue.
  • line 853: Pickle and modules that wrap it can be unsafe when used to deserialize untrusted data, possible security issue.
  • line 855: Pickle and modules that wrap it can be unsafe when used to deserialize untrusted data, possible security issue.
  • line 858: Pickle and modules that wrap it can be unsafe when used to deserialize untrusted data, possible security issue.
  • line 865: Pickle and modules that wrap it can be unsafe when used to deserialize untrusted data, possible security issue.
  • line 869: Pickle and modules that wrap it can be unsafe when used to deserialize untrusted data, possible security issue.
  • line 873: Pickle and modules that wrap it can be unsafe when used to deserialize untrusted data, possible security issue.
freecad/AIGenFurniture/vendor/numpy/_core/tests/test_dtype.py4
  • line 1065: Use of possibly insecure function - consider using safer ast.literal_eval.
  • line 1366: Pickle and modules that wrap it can be unsafe when used to deserialize untrusted data, possible security issue.
  • line 1428: Pickle and modules that wrap it can be unsafe when used to deserialize untrusted data, possible security issue.
  • line 1439: Pickle and modules that wrap it can be unsafe when used to deserialize untrusted data, possible security issue.
freecad/AIGenFurniture/vendor/numpy/_core/tests/test_multiarray.py21
  • line 189: Pickle and modules that wrap it can be unsafe when used to deserialize untrusted data, possible security issue.
  • line 1549: Use of possibly insecure function - consider using safer ast.literal_eval.
  • line 1701: Pickle and modules that wrap it can be unsafe when used to deserialize untrusted data, possible security issue.
  • line 1855: Pickle and modules that wrap it can be unsafe when used to deserialize untrusted data, possible security issue.
  • line 1862: Pickle and modules that wrap it can be unsafe when used to deserialize untrusted data, possible security issue.
  • line 1871: Pickle and modules that wrap it can be unsafe when used to deserialize untrusted data, possible security issue.
  • line 1882: Pickle and modules that wrap it can be unsafe when used to deserialize untrusted data, possible security issue.
  • line 3939: Use of possibly insecure function - consider using safer ast.literal_eval.
  • line 4404: Pickle and modules that wrap it can be unsafe when used to deserialize untrusted data, possible security issue.
  • line 4406: Pickle and modules that wrap it can be unsafe when used to deserialize untrusted data, possible security issue.
  • line 4427: Pickle and modules that wrap it can be unsafe when used to deserialize untrusted data, possible security issue.
  • line 4446: Pickle and modules that wrap it can be unsafe when used to deserialize untrusted data, possible security issue.
  • line 4459: Pickle and modules that wrap it can be unsafe when used to deserialize untrusted data, possible security issue.
  • line 4461: Pickle and modules that wrap it can be unsafe when used to deserialize untrusted data, possible security issue.
  • line 4463: Pickle and modules that wrap it can be unsafe when used to deserialize untrusted data, possible security issue.
  • line 4465: Pickle and modules that wrap it can be unsafe when used to deserialize untrusted data, possible security issue.
  • line 4476: Pickle and modules that wrap it can be unsafe when used to deserialize untrusted data, possible security issue.
  • line 4496: Pickle and modules that wrap it can be unsafe when used to deserialize untrusted data, possible security issue.
  • line 4505: Pickle and modules that wrap it can be unsafe when used to deserialize untrusted data, possible security issue.
  • line 4559: Pickle and modules that wrap it can be unsafe when used to deserialize untrusted data, possible security issue.
  • … 1 more issues
freecad/AIGenFurniture/vendor/numpy/_core/tests/test_overrides.py1
  • line 221: Pickle and modules that wrap it can be unsafe when used to deserialize untrusted data, possible security issue.
freecad/AIGenFurniture/vendor/numpy/_core/tests/test_records.py9
  • line 170: Use of possibly insecure function - consider using safer ast.literal_eval.
  • line 171: Use of possibly insecure function - consider using safer ast.literal_eval.
  • line 173: Use of possibly insecure function - consider using safer ast.literal_eval.
  • line 414: Pickle and modules that wrap it can be unsafe when used to deserialize untrusted data, possible security issue.
  • line 415: Pickle and modules that wrap it can be unsafe when used to deserialize untrusted data, possible security issue.
  • line 421: Pickle and modules that wrap it can be unsafe when used to deserialize untrusted data, possible security issue.
  • line 422: Pickle and modules that wrap it can be unsafe when used to deserialize untrusted data, possible security issue.
  • line 429: Pickle and modules that wrap it can be unsafe when used to deserialize untrusted data, possible security issue.
  • line 453: Pickle and modules that wrap it can be unsafe when used to deserialize untrusted data, possible security issue.
freecad/AIGenFurniture/vendor/numpy/_core/tests/test_regression.py16
  • line 52: Pickle and modules that wrap it can be unsafe when used to deserialize untrusted data, possible security issue.
  • line 363: Pickle and modules that wrap it can be unsafe when used to deserialize untrusted data, possible security issue.
  • line 489: Pickle and modules that wrap it can be unsafe when used to deserialize untrusted data, possible security issue.
  • line 833: Pickle and modules that wrap it can be unsafe when used to deserialize untrusted data, possible security issue.
  • line 1069: Pickle and modules that wrap it can be unsafe when used to deserialize untrusted data, possible security issue.
  • line 1082: Pickle and modules that wrap it can be unsafe when used to deserialize untrusted data, possible security issue.
  • line 1275: Pickle and modules that wrap it can be unsafe when used to deserialize untrusted data, possible security issue.
  • line 1277: Pickle and modules that wrap it can be unsafe when used to deserialize untrusted data, possible security issue.
  • line 1907: Pickle and modules that wrap it can be unsafe when used to deserialize untrusted data, possible security issue.
  • line 1919: Pickle and modules that wrap it can be unsafe when used to deserialize untrusted data, possible security issue.
  • line 1931: Pickle and modules that wrap it can be unsafe when used to deserialize untrusted data, possible security issue.
  • line 1957: Pickle and modules that wrap it can be unsafe when used to deserialize untrusted data, possible security issue.
  • line 1966: Pickle and modules that wrap it can be unsafe when used to deserialize untrusted data, possible security issue.
  • line 2212: Pickle and modules that wrap it can be unsafe when used to deserialize untrusted data, possible security issue.
  • line 2436: Pickle and modules that wrap it can be unsafe when used to deserialize untrusted data, possible security issue.
  • line 2567: Pickle and modules that wrap it can be unsafe when used to deserialize untrusted data, possible security issue.
freecad/AIGenFurniture/vendor/numpy/_core/tests/test_scalarmath.py1
  • line 654: Use of possibly insecure function - consider using safer ast.literal_eval.
freecad/AIGenFurniture/vendor/numpy/_core/tests/test_simd.py11
  • line 244: Use of possibly insecure function - consider using safer ast.literal_eval.
  • line 510: Use of possibly insecure function - consider using safer ast.literal_eval.
  • line 640: Use of possibly insecure function - consider using safer ast.literal_eval.
  • line 701: Use of possibly insecure function - consider using safer ast.literal_eval.
  • line 721: Use of possibly insecure function - consider using safer ast.literal_eval.
  • line 741: Use of possibly insecure function - consider using safer ast.literal_eval.
  • line 767: Use of possibly insecure function - consider using safer ast.literal_eval.
  • line 804: Use of possibly insecure function - consider using safer ast.literal_eval.
  • line 843: Use of possibly insecure function - consider using safer ast.literal_eval.
  • line 895: Use of possibly insecure function - consider using safer ast.literal_eval.
  • line 1102: Use of possibly insecure function - consider using safer ast.literal_eval.
freecad/AIGenFurniture/vendor/numpy/_core/tests/test_stringdtype.py1
  • line 366: Pickle and modules that wrap it can be unsafe when used to deserialize untrusted data, possible security issue.
freecad/AIGenFurniture/vendor/numpy/_core/tests/test_ufunc.py5
  • line 204: Pickle and modules that wrap it can be unsafe when used to deserialize untrusted data, possible security issue.
  • line 209: Pickle and modules that wrap it can be unsafe when used to deserialize untrusted data, possible security issue.
  • line 216: Pickle and modules that wrap it can be unsafe when used to deserialize untrusted data, possible security issue.
  • line 226: Pickle and modules that wrap it can be unsafe when used to deserialize untrusted data, possible security issue.
  • line 501: Pickle and modules that wrap it can be unsafe when used to deserialize untrusted data, possible security issue.
freecad/AIGenFurniture/vendor/numpy/_core/tests/test_umath.py2
  • line 513: Use of possibly insecure function - consider using safer ast.literal_eval.
  • line 577: Use of possibly insecure function - consider using safer ast.literal_eval.
freecad/AIGenFurniture/vendor/numpy/_core/tests/test_umath_accuracy.py2
  • line 71: Use of possibly insecure function - consider using safer ast.literal_eval.
  • line 72: Use of possibly insecure function - consider using safer ast.literal_eval.
freecad/AIGenFurniture/vendor/numpy/f2py/auxfuncs.py3
  • line 632: Use of possibly insecure function - consider using safer ast.literal_eval.
  • line 640: Use of possibly insecure function - consider using safer ast.literal_eval.
  • line 644: Use of possibly insecure function - consider using safer ast.literal_eval.
freecad/AIGenFurniture/vendor/numpy/f2py/capi_maps.py3
  • line 159: Use of possibly insecure function - consider using safer ast.literal_eval.
  • line 296: Use of possibly insecure function - consider using safer ast.literal_eval.
  • line 449: Use of possibly insecure function - consider using safer ast.literal_eval.
freecad/AIGenFurniture/vendor/numpy/f2py/crackfortran.py9
  • line 1329: Use of possibly insecure function - consider using safer ast.literal_eval.
  • line 2271: Use of possibly insecure function - consider using safer ast.literal_eval.
  • line 2559: Use of possibly insecure function - consider using safer ast.literal_eval.
  • line 2637: Use of possibly insecure function - consider using safer ast.literal_eval.
  • line 2646: Use of possibly insecure function - consider using safer ast.literal_eval.
  • line 2914: Use of possibly insecure function - consider using safer ast.literal_eval.
  • line 2985: Use of possibly insecure function - consider using safer ast.literal_eval.
  • line 3016: Use of possibly insecure function - consider using safer ast.literal_eval.
  • line 3468: Use of possibly insecure function - consider using safer ast.literal_eval.
freecad/AIGenFurniture/vendor/numpy/lib/_datasource.py2
  • line 333: Audit url open for permitted schemes. Allowing use of file:/ or custom schemes is often unexpected.
  • line 475: Audit url open for permitted schemes. Allowing use of file:/ or custom schemes is often unexpected.
freecad/AIGenFurniture/vendor/numpy/lib/_format_impl.py1
  • line 838: Pickle and modules that wrap it can be unsafe when used to deserialize untrusted data, possible security issue.
freecad/AIGenFurniture/vendor/numpy/lib/_npyio_impl.py1
  • line 494: Pickle and modules that wrap it can be unsafe when used to deserialize untrusted data, possible security issue.
freecad/AIGenFurniture/vendor/numpy/ma/tests/test_core.py6
  • line 733: Pickle and modules that wrap it can be unsafe when used to deserialize untrusted data, possible security issue.
  • line 748: Pickle and modules that wrap it can be unsafe when used to deserialize untrusted data, possible security issue.
  • line 757: Pickle and modules that wrap it can be unsafe when used to deserialize untrusted data, possible security issue.
  • line 767: Pickle and modules that wrap it can be unsafe when used to deserialize untrusted data, possible security issue.
  • line 777: Pickle and modules that wrap it can be unsafe when used to deserialize untrusted data, possible security issue.
  • line 5547: Pickle and modules that wrap it can be unsafe when used to deserialize untrusted data, possible security issue.
freecad/AIGenFurniture/vendor/numpy/ma/tests/test_mrecords.py1
  • line 293: Pickle and modules that wrap it can be unsafe when used to deserialize untrusted data, possible security issue.
freecad/AIGenFurniture/vendor/numpy/ma/tests/test_old_ma.py1
  • line 621: Pickle and modules that wrap it can be unsafe when used to deserialize untrusted data, possible security issue.
freecad/AIGenFurniture/vendor/numpy/matrixlib/tests/test_masked_matrix.py1
  • line 89: Pickle and modules that wrap it can be unsafe when used to deserialize untrusted data, possible security issue.
freecad/AIGenFurniture/vendor/numpy/polynomial/tests/test_polynomial.py1
  • line 62: Pickle and modules that wrap it can be unsafe when used to deserialize untrusted data, possible security issue.
freecad/AIGenFurniture/vendor/numpy/random/tests/test_direct.py5
  • line 303: Pickle and modules that wrap it can be unsafe when used to deserialize untrusted data, possible security issue.
  • line 311: Pickle and modules that wrap it can be unsafe when used to deserialize untrusted data, possible security issue.
  • line 321: Pickle and modules that wrap it can be unsafe when used to deserialize untrusted data, possible security issue.
  • line 327: Pickle and modules that wrap it can be unsafe when used to deserialize untrusted data, possible security issue.
  • line 555: Pickle and modules that wrap it can be unsafe when used to deserialize untrusted data, possible security issue.
freecad/AIGenFurniture/vendor/numpy/random/tests/test_generator_mt19937.py3
  • line 2776: Pickle and modules that wrap it can be unsafe when used to deserialize untrusted data, possible security issue.
  • line 2782: Pickle and modules that wrap it can be unsafe when used to deserialize untrusted data, possible security issue.
  • line 2798: Pickle and modules that wrap it can be unsafe when used to deserialize untrusted data, possible security issue.
freecad/AIGenFurniture/vendor/numpy/random/tests/test_randomstate.py1
  • line 268: Pickle and modules that wrap it can be unsafe when used to deserialize untrusted data, possible security issue.
freecad/AIGenFurniture/vendor/numpy/random/tests/test_smoke.py2
  • line 437: Pickle and modules that wrap it can be unsafe when used to deserialize untrusted data, possible security issue.
  • line 443: Pickle and modules that wrap it can be unsafe when used to deserialize untrusted data, possible security issue.
freecad/AIGenFurniture/vendor/numpy/testing/_private/utils.py2
  • line 1297: Use of exec detected.
  • line 1583: Use of exec detected.
freecad/AIGenFurniture/vendor/numpy/tests/test_public_api.py1
  • line 407: Use of possibly insecure function - consider using safer ast.literal_eval.
freecad/AIGenFurniture/vendor/numpy/tests/test_reloading.py1
  • line 45: Pickle and modules that wrap it can be unsafe when used to deserialize untrusted data, possible security issue.
freecad/AIGenFurniture/vendor/reportlab/graphics/widgets/grids.py1
  • line 517: Probable insecure usage of temp file/directory.
freecad/AIGenFurniture/vendor/reportlab/graphics/widgets/markers.py1
  • line 245: Probable insecure usage of temp file/directory.
freecad/AIGenFurniture/vendor/reportlab/lib/extformat.py1
  • line 48: Use of possibly insecure function - consider using safer ast.literal_eval.
freecad/AIGenFurniture/vendor/reportlab/lib/fontfinder.py1
  • line 231: Pickle and modules that wrap it can be unsafe when used to deserialize untrusted data, possible security issue.
freecad/AIGenFurniture/vendor/reportlab/lib/pdfencrypt.py2
  • line 723: Use of exec detected.
  • line 725: Use of exec detected.
freecad/AIGenFurniture/vendor/reportlab/lib/rl_accel.py1
  • line 26: Use of exec detected.
freecad/AIGenFurniture/vendor/reportlab/lib/rl_safe_eval.py2
  • line 1203: Use of possibly insecure function - consider using safer ast.literal_eval.
  • line 1291: Use of possibly insecure function - consider using safer ast.literal_eval.
freecad/AIGenFurniture/vendor/reportlab/lib/rltempfile.py1
  • line 37: Use of insecure and deprecated function (mktemp).
freecad/AIGenFurniture/vendor/reportlab/lib/testutils.py2
  • line 110: Audit url open for permitted schemes. Allowing use of file:/ or custom schemes is often unexpected.
  • line 184: Use of possibly insecure function - consider using safer ast.literal_eval.
freecad/AIGenFurniture/vendor/reportlab/lib/utils.py4
  • line 122: Pickle and modules that wrap it can be unsafe when used to deserialize untrusted data, possible security issue.
  • line 476: Audit url open for permitted schemes. Allowing use of file:/ or custom schemes is often unexpected.
  • line 806: Deserialization with the marshal module is possibly dangerous.
  • line 907: Pickle and modules that wrap it can be unsafe when used to deserialize untrusted data, possible security issue.
freecad/AIGenFurniture/vendor/reportlab/pdfbase/cidfonts.py4
  • line 205: Deserialization with the marshal module is possibly dangerous.
  • line 206: Deserialization with the marshal module is possibly dangerous.
  • line 207: Deserialization with the marshal module is possibly dangerous.
  • line 208: Deserialization with the marshal module is possibly dangerous.
freecad/AIGenFurniture/vendor/reportlab/pdfgen/textobject.py2
  • line 56: Use of exec detected.
  • line 79: Use of exec detected.
freecad/AIGenFurniture/vendor/stl/stl.py2
  • line 496: Using xml.etree.ElementTree.parse to parse untrusted XML data is known to be vulnerable to XML attacks. Replace xml.etree.ElementTree.parse with its defusedxml equivalent function or make sure defusedxml.defuse_stdlib() is called
  • line 505: Using xml.etree.ElementTree.parse to parse untrusted XML data is known to be vulnerable to XML attacks. Replace xml.etree.ElementTree.parse with its defusedxml equivalent function or make sure defusedxml.defuse_stdlib() is called
freecad/AIGenFurniture/vendor/typing_extensions.py2
  • line 4034: Use of possibly insecure function - consider using safer ast.literal_eval.
  • line 4116: Use of possibly insecure function - consider using safer ast.literal_eval.
LOW 166
freecad/AIGenFurniture/furniture_design/cabinets/features/__init__.py1
  • line 4: Consider possible security implications associated with ShelvesMixin module.
freecad/AIGenFurniture/vendor/et_xmlfile/incremental_tree.py1
  • line 44: Using xml.etree.ElementTree to parse untrusted XML data is known to be vulnerable to XML attacks. Replace xml.etree.ElementTree with the equivalent defusedxml package, or make sure defusedxml.defuse_stdlib() is called.
freecad/AIGenFurniture/vendor/et_xmlfile/xmlfile.py1
  • line 9: Using Element to parse untrusted XML data is known to be vulnerable to XML attacks. Replace Element with the equivalent defusedxml package, or make sure defusedxml.defuse_stdlib() is called.
freecad/AIGenFurniture/vendor/numpy/_core/_methods.py1
  • line 7: Consider possible security implications associated with pickle module.
freecad/AIGenFurniture/vendor/numpy/_core/tests/test__exceptions.py1
  • line 5: Consider possible security implications associated with pickle module.
freecad/AIGenFurniture/vendor/numpy/_core/tests/test_casting_unittests.py1
  • line 168: Standard pseudo-random generators are not suitable for security/cryptographic purposes.
freecad/AIGenFurniture/vendor/numpy/_core/tests/test_cpu_features.py5
  • line 5: Consider possible security implications associated with the subprocess module.
  • line 29: Consider possible security implications associated with the subprocess module.
  • line 30: subprocess call - check for execution of untrusted input.
  • line 109: subprocess call - check for execution of untrusted input.
  • line 162: subprocess call - check for execution of untrusted input.
freecad/AIGenFurniture/vendor/numpy/_core/tests/test_custom_dtypes.py1
  • line 303: Consider possible security implications associated with pickle module.
freecad/AIGenFurniture/vendor/numpy/_core/tests/test_cython.py9
  • line 2: Consider possible security implications associated with the subprocess module.
  • line 55: Starting a process with a partial executable path
  • line 55: subprocess call - check for execution of untrusted input.
  • line 61: Starting a process with a partial executable path
  • line 61: subprocess call - check for execution of untrusted input.
  • line 68: Starting a process with a partial executable path
  • line 68: subprocess call - check for execution of untrusted input.
  • line 73: Starting a process with a partial executable path
  • line 73: subprocess call - check for execution of untrusted input.
freecad/AIGenFurniture/vendor/numpy/_core/tests/test_datetime.py1
  • line 2: Consider possible security implications associated with pickle module.
freecad/AIGenFurniture/vendor/numpy/_core/tests/test_dtype.py2
  • line 4: Consider possible security implications associated with pickle module.
  • line 1334: Standard pseudo-random generators are not suitable for security/cryptographic purposes.
freecad/AIGenFurniture/vendor/numpy/_core/tests/test_hashtable.py3
  • line 14: Standard pseudo-random generators are not suitable for security/cryptographic purposes.
  • line 15: Standard pseudo-random generators are not suitable for security/cryptographic purposes.
  • line 20: Standard pseudo-random generators are not suitable for security/cryptographic purposes.
freecad/AIGenFurniture/vendor/numpy/_core/tests/test_limited_api.py9
  • line 2: Consider possible security implications associated with the subprocess module.
  • line 53: Starting a process with a partial executable path
  • line 53: subprocess call - check for execution of untrusted input.
  • line 59: Starting a process with a partial executable path
  • line 59: subprocess call - check for execution of untrusted input.
  • line 67: Starting a process with a partial executable path
  • line 67: subprocess call - check for execution of untrusted input.
  • line 72: Starting a process with a partial executable path
  • line 72: subprocess call - check for execution of untrusted input.
freecad/AIGenFurniture/vendor/numpy/_core/tests/test_multiarray.py2
  • line 12: Consider possible security implications associated with pickle module.
  • line 183: Consider possible security implications associated with pickle module.
freecad/AIGenFurniture/vendor/numpy/_core/tests/test_nditer.py2
  • line 1: Consider possible security implications associated with the subprocess module.
  • line 2094: subprocess call - check for execution of untrusted input.
freecad/AIGenFurniture/vendor/numpy/_core/tests/test_overrides.py1
  • line 3: Consider possible security implications associated with pickle module.
freecad/AIGenFurniture/vendor/numpy/_core/tests/test_records.py1
  • line 2: Consider possible security implications associated with pickle module.
freecad/AIGenFurniture/vendor/numpy/_core/tests/test_regression.py1
  • line 3: Consider possible security implications associated with pickle module.
freecad/AIGenFurniture/vendor/numpy/_core/tests/test_stringdtype.py1
  • line 4: Consider possible security implications associated with pickle module.
freecad/AIGenFurniture/vendor/numpy/_core/tests/test_ufunc.py1
  • line 3: Consider possible security implications associated with pickle module.
freecad/AIGenFurniture/vendor/numpy/_pyinstaller/tests/test_pyinstaller.py2
  • line 1: Consider possible security implications associated with the subprocess module.
  • line 34: subprocess call - check for execution of untrusted input.
freecad/AIGenFurniture/vendor/numpy/f2py/__init__.py1
  • line 13: Consider possible security implications associated with the subprocess module.
freecad/AIGenFurniture/vendor/numpy/f2py/_backends/_meson.py2
  • line 5: Consider possible security implications associated with the subprocess module.
  • line 179: subprocess call - check for execution of untrusted input.
freecad/AIGenFurniture/vendor/numpy/f2py/tests/test_f2py2e.py5
  • line 4: Consider possible security implications associated with the subprocess module.
  • line 597: subprocess call - check for execution of untrusted input.
  • line 766: subprocess call - check for execution of untrusted input.
  • line 788: subprocess call - check for execution of untrusted input.
  • line 813: subprocess call - check for execution of untrusted input.
freecad/AIGenFurniture/vendor/numpy/f2py/tests/util.py5
  • line 15: Consider possible security implications associated with the subprocess module.
  • line 50: Starting a process with a partial executable path
  • line 50: subprocess call - check for execution of untrusted input.
  • line 246: subprocess call - check for execution of untrusted input.
  • line 267: subprocess call - check for execution of untrusted input.
freecad/AIGenFurniture/vendor/numpy/lib/_format_impl.py2
  • line 166: Consider possible security implications associated with pickle module.
  • line 613: Possible hardcoded password: 'L'
freecad/AIGenFurniture/vendor/numpy/lib/_npyio_impl.py1
  • line 9: Consider possible security implications associated with pickle module.
freecad/AIGenFurniture/vendor/numpy/lib/tests/test_format.py4
  • line 409: Standard pseudo-random generators are not suitable for security/cryptographic purposes.
  • line 941: Consider possible security implications associated with the subprocess module.
  • line 942: Starting a process with a partial executable path
  • line 942: subprocess call - check for execution of untrusted input.
freecad/AIGenFurniture/vendor/numpy/linalg/tests/test_linalg.py3
  • line 6: Consider possible security implications associated with the subprocess module.
  • line 2053: subprocess call - check for execution of untrusted input.
  • line 2058: subprocess call - check for execution of untrusted input.
freecad/AIGenFurniture/vendor/numpy/ma/tests/test_core.py1
  • line 11: Consider possible security implications associated with pickle module.
freecad/AIGenFurniture/vendor/numpy/ma/tests/test_mrecords.py1
  • line 7: Consider possible security implications associated with pickle module.
freecad/AIGenFurniture/vendor/numpy/ma/tests/test_old_ma.py1
  • line 1: Consider possible security implications associated with pickle module.
freecad/AIGenFurniture/vendor/numpy/matrixlib/tests/test_masked_matrix.py1
  • line 1: Consider possible security implications associated with pickle module.
freecad/AIGenFurniture/vendor/numpy/polynomial/tests/test_polynomial.py1
  • line 4: Consider possible security implications associated with pickle module.
freecad/AIGenFurniture/vendor/numpy/random/tests/test_direct.py3
  • line 298: Consider possible security implications associated with pickle module.
  • line 317: Consider possible security implications associated with pickle module.
  • line 540: Consider possible security implications associated with pickle module.
freecad/AIGenFurniture/vendor/numpy/random/tests/test_extending.py7
  • line 3: Consider possible security implications associated with the subprocess module.
  • line 76: Starting a process with a partial executable path
  • line 76: subprocess call - check for execution of untrusted input.
  • line 83: Starting a process with a partial executable path
  • line 83: subprocess call - check for execution of untrusted input.
  • line 87: Starting a process with a partial executable path
  • line 87: subprocess call - check for execution of untrusted input.
freecad/AIGenFurniture/vendor/numpy/random/tests/test_generator_mt19937.py53
  • line 760: Standard pseudo-random generators are not suitable for security/cryptographic purposes.
  • line 767: Standard pseudo-random generators are not suitable for security/cryptographic purposes.
  • line 772: Standard pseudo-random generators are not suitable for security/cryptographic purposes.
  • line 780: Standard pseudo-random generators are not suitable for security/cryptographic purposes.
  • line 789: Standard pseudo-random generators are not suitable for security/cryptographic purposes.
  • line 801: Standard pseudo-random generators are not suitable for security/cryptographic purposes.
  • line 807: Standard pseudo-random generators are not suitable for security/cryptographic purposes.
  • line 813: Standard pseudo-random generators are not suitable for security/cryptographic purposes.
  • line 816: Standard pseudo-random generators are not suitable for security/cryptographic purposes.
  • line 822: Standard pseudo-random generators are not suitable for security/cryptographic purposes.
  • line 828: Standard pseudo-random generators are not suitable for security/cryptographic purposes.
  • line 834: Standard pseudo-random generators are not suitable for security/cryptographic purposes.
  • line 840: Standard pseudo-random generators are not suitable for security/cryptographic purposes.
  • line 865: Standard pseudo-random generators are not suitable for security/cryptographic purposes.
  • line 866: Standard pseudo-random generators are not suitable for security/cryptographic purposes.
  • line 867: Standard pseudo-random generators are not suitable for security/cryptographic purposes.
  • line 868: Standard pseudo-random generators are not suitable for security/cryptographic purposes.
  • line 869: Standard pseudo-random generators are not suitable for security/cryptographic purposes.
  • line 870: Standard pseudo-random generators are not suitable for security/cryptographic purposes.
  • line 874: Standard pseudo-random generators are not suitable for security/cryptographic purposes.
  • … 33 more issues
freecad/AIGenFurniture/vendor/numpy/random/tests/test_randomstate.py1
  • line 2: Consider possible security implications associated with pickle module.
freecad/AIGenFurniture/vendor/numpy/random/tests/test_smoke.py1
  • line 1: Consider possible security implications associated with pickle module.
freecad/AIGenFurniture/vendor/numpy/testing/_private/extbuild.py7
  • line 9: Consider possible security implications associated with the subprocess module.
  • line 230: Starting a process with a partial executable path
  • line 230: subprocess call - check for execution of untrusted input.
  • line 236: Starting a process with a partial executable path
  • line 236: subprocess call - check for execution of untrusted input.
  • line 242: Starting a process with a partial executable path
  • line 242: subprocess call - check for execution of untrusted input.
freecad/AIGenFurniture/vendor/numpy/testing/_private/utils.py2
  • line 1426: Consider possible security implications associated with the subprocess module.
  • line 1429: subprocess call - check for execution of untrusted input.
freecad/AIGenFurniture/vendor/numpy/tests/test_configtool.py3
  • line 5: Consider possible security implications associated with the subprocess module.
  • line 22: Starting a process with a partial executable path
  • line 22: subprocess call - check for execution of untrusted input.
freecad/AIGenFurniture/vendor/numpy/tests/test_public_api.py2
  • line 5: Consider possible security implications associated with the subprocess module.
  • line 65: subprocess call - check for execution of untrusted input.
freecad/AIGenFurniture/vendor/numpy/tests/test_reloading.py3
  • line 1: Consider possible security implications associated with pickle module.
  • line 2: Consider possible security implications associated with the subprocess module.
  • line 70: subprocess call - check for execution of untrusted input.
freecad/AIGenFurniture/vendor/numpy/tests/test_scripts.py3
  • line 6: Consider possible security implications associated with the subprocess module.
  • line 42: subprocess call - check for execution of untrusted input.
  • line 48: subprocess call - check for execution of untrusted input.
freecad/AIGenFurniture/vendor/openpyxl/formula/tokenizer.py1
  • line 43: Possible hardcoded password: ',;}) +-*/^&=><%'
freecad/AIGenFurniture/vendor/openpyxl/utils/protection.py1
  • line 4: Possible hardcoded password: ''
freecad/AIGenFurniture/vendor/openpyxl/xml/functions.py2
  • line 28: Using Element to parse untrusted XML data is known to be vulnerable to XML attacks. Replace Element with the equivalent defusedxml package, or make sure defusedxml.defuse_stdlib() is called.
  • line 40: Using iterparse to parse untrusted XML data is known to be vulnerable to XML attacks. Replace iterparse with the equivalent defusedxml package, or make sure defusedxml.defuse_stdlib() is called.
freecad/AIGenFurniture/vendor/pymupdf/__init__.py5
  • line 17816: Consider possible security implications associated with the subprocess module.
  • line 17818: Starting a process with a partial executable path
  • line 17818: subprocess call with shell=True seems safe, but may be changed in the future, consider rewriting without shell
  • line 17827: Starting a process with a partial executable path
  • line 17827: subprocess call with shell=True seems safe, but may be changed in the future, consider rewriting without shell
freecad/AIGenFurniture/vendor/pymupdf/utils.py1
  • line 5417: Standard pseudo-random generators are not suitable for security/cryptographic purposes.
freecad/AIGenFurniture/vendor/python_utils/decorators.py1
  • line 170: Standard pseudo-random generators are not suitable for security/cryptographic purposes.
freecad/AIGenFurniture/vendor/python_utils/terminal.py5
  • line 129: Consider possible security implications associated with the subprocess module.
  • line 131: Starting a process with a partial executable path
  • line 131: subprocess call - check for execution of untrusted input.
  • line 139: Starting a process with a partial executable path
  • line 139: subprocess call - check for execution of untrusted input.
freecad/AIGenFurniture/vendor/reportlab/graphics/renderPM.py1
  • line 786: Using escape to parse untrusted XML data is known to be vulnerable to XML attacks. Replace escape with the equivalent defusedxml package, or make sure defusedxml.defuse_stdlib() is called.
freecad/AIGenFurniture/vendor/reportlab/lib/extformat.py2
  • line 44: Possible hardcoded password: '('
  • line 45: Possible hardcoded password: ')'
freecad/AIGenFurniture/vendor/reportlab/lib/fontfinder.py3
  • line 61: Consider possible security implications associated with pickle module.
  • line 63: Using quoteattr to parse untrusted XML data is known to be vulnerable to XML attacks. Replace quoteattr with the equivalent defusedxml package, or make sure defusedxml.defuse_stdlib() is called.
  • line 255: Try, Except, Continue detected.
freecad/AIGenFurniture/vendor/reportlab/lib/randomtext.py5
  • line 311: Standard pseudo-random generators are not suitable for security/cryptographic purposes.
  • line 416: Standard pseudo-random generators are not suitable for security/cryptographic purposes.
  • line 418: Standard pseudo-random generators are not suitable for security/cryptographic purposes.
  • line 419: Standard pseudo-random generators are not suitable for security/cryptographic purposes.
  • line 420: Standard pseudo-random generators are not suitable for security/cryptographic purposes.
freecad/AIGenFurniture/vendor/reportlab/lib/rl_accel.py2
  • line 333: Consider possible security implications associated with the subprocess module.
  • line 361: subprocess call - check for execution of untrusted input.
freecad/AIGenFurniture/vendor/reportlab/lib/testutils.py2
  • line 364: Consider possible security implications associated with the subprocess module.
  • line 365: subprocess call - check for execution of untrusted input.
freecad/AIGenFurniture/vendor/reportlab/lib/utils.py2
  • line 7: Consider possible security implications associated with pickle module.
  • line 1067: Using escape to parse untrusted XML data is known to be vulnerable to XML attacks. Replace escape with the equivalent defusedxml package, or make sure defusedxml.defuse_stdlib() is called.
freecad/AIGenFurniture/vendor/reportlab/platypus/doctemplate.py1
  • line 1399: Standard pseudo-random generators are not suitable for security/cryptographic purposes.
freecad/AIGenFurniture/vendor/reportlab/platypus/flowables.py1
  • line 2587: Using escape to parse untrusted XML data is known to be vulnerable to XML attacks. Replace escape with the equivalent defusedxml package, or make sure defusedxml.defuse_stdlib() is called.
freecad/AIGenFurniture/vendor/reportlab/platypus/tableofcontents.py1
  • line 61: Using unescape to parse untrusted XML data is known to be vulnerable to XML attacks. Replace unescape with the equivalent defusedxml package, or make sure defusedxml.defuse_stdlib() is called.
freecad/AIGenFurniture/vendor/stl/main.py1
  • line 52: Standard pseudo-random generators are not suitable for security/cryptographic purposes.
freecad/AIGenFurniture/vendor/stl/stl.py1
  • line 8: Using ElementTree to parse untrusted XML data is known to be vulnerable to XML attacks. Replace ElementTree with the equivalent defusedxml package, or make sure defusedxml.defuse_stdlib() is called.
INFO 1
Layout1
  • Uses extension based layout
Authors/Maintainers 1
Bogdan