Generated
2026-07-03 08:33:51 UTC
FreeCAD Project Association
160
Total Addons
92.27
Avg Score
8,326
Files Analyzed
207
High Issues
704
Medium Issues
729,546
Downloads (Year)
Showing 0 of 0 addons
# Addon Version Label Score High Med Low Updated 1yr 1mo Files Git Ref Tag License Created
1 CurvedShapes Create 3D shapes from 2D curves. ['Christi'] 1.00.15 master 100 0 0 0 1 mo 14,887 4,523 82 12 15 12 master LGPL-2.1 2019-06-11
2 ThreadProfile ThreadProfile object for creating internal/external threads ['TheMarkster'] 1.99 master 100 0 0 0 1 mo 10,594 2,807 73 28 15 4 master LGPL-2.1 2019-07-22
3 Silk NURBS Surface modeling tools focused on low degree and seam continuity ['edwardvmills'] 0.3.9 master 100 0 0 0 4 d 8,213 2,713 92 5 16 43 master GPL-3.0-or-later 2017-05-20
4 FusedFilamentDesign PartDesign addon for FFF/FDM 3D-printing design ['rahix'] 0.26.200 release 100 0 0 0 2 mo 10,278 1,296 227 16 5 10 release v0.26.200 LGPL-2.1-or-later 2025-05-11
5 ThreadWorkbench Thread Workbench is a FreeCAD workbench for generating metric and inch threads ['ThreadWorkbench'] 0.2.0 master 100 0 0 0 25 d 815 815 5 1 3 40 master 0.2.0 GPL-3.0-or-later 2026-05-30
6 dodo A set of commands and objects that help to speed-up the drawing of frames and pipelines. Py3/Qt5 port of flamingo. ['Riccardo Treu (oddtopus)'] 1.0.1 master 100 0 0 0 2 yr 2,843 617 32 20 25 18 master LGPLv3 2019-03-24
7 Marz Parametric Guitar design workbench ['Frank Martinez'] 0.1.21 master 100 0 0 0 16 d 2,807 554 128 7 26 67 master GPL-3.0-or-later, LGPL-2.1-or-later 2020-04-05
8 Behave-Dark-Colors A preference pack including GUI color information to extend the Behave Dark stylesheet ['Chrismettal'] 0.1.1 main 100 0 0 0 2 yr 3,174 517 11 2 5 0 main GPL-3.0-only 2022-01-30
9 Woods Collection of various wood materials. ['David Carter', 'Gregory Holmberg'] 1.1.0 master 100 0 0 0 6 mo 3,683 515 12 3 2 4 master v1.1.0 LGPL-2.1-or-later, CDLA-Sharing-1.0, CC-BY-SA-4.0 2025-06-26
10 Dracula Dracula dark theme for FreeCAD ['Eleanor Clifford'] 0.0.9 master 100 0 0 0 11 mo 3,152 500 38 9 5 0 master MIT 2021-03-07
11 StandardBeams Workbench to create standard beam profiles of varying shapes. ['Morten Vajhøj'] 1.0.0 Latest 100 0 0 0 5 mo 1,986 418 6 0 1 56 main LGPL-2.1-or-later, CC-BY-SA-4.0 2026-01-14
12 Beltrami Workbench for designing Turbomachine blades. ['Michel Sabourin'] 1.3.3 main 100 0 0 0 2 mo 2,807 388 41 0 13 5 main 1.3.3 LGPL-2.1-or-later 2021-05-10
13 Catppuccin Light / Dark theme and preference pack. ['cnvuls'] 1.0.0 Latest 100 0 0 0 2 mo 1,059 365 1 0 1 0 main MIT 2026-04-04
14 Templater A workbench to gather some drafting related tools ['FBXL5'] 0.0.6 main 100 0 0 0 13 d 274 274 0 0 0 10 main LGPL-3.0-or-later
15 FeedsAndSpeeds CAM addon to help generate basic feeds and speeds for machining. ['Daniel Wood'] 0.6 master 100 0 0 0 6 mo 1,989 198 47 17 11 4 master LGPL-2.1-or-later 2020-04-10
16 toSketch Tools to help recreate models from STEP files. ['Keith Sloan'] 1.0.1 main 100 0 0 0 6 mo 2,640 194 19 8 4 14 main GPL-2.0-or-later 2021-01-02
17 SvgWorkbench FreeCAD Svg Workbench ['Frank David Martínez Muñoz'] 1.0.0.dev14 main 100 0 0 0 3 mo 1,995 172 12 1 3 71 main v1.0.0.dev14 LGPL-3.0-or-later, LGPL-2.1-or-later 2025-02-07
18 Vars FreeCAD Vars ['Frank David Martínez Muñoz'] 0.0.2.beta7 main 100 0 0 0 8 d 164 164 16 2 2 42 main LGPL-3.0-or-later 2025-05-19
19 Channels FreeCAD Channels - Connector to Blender ['Frank David Martínez Muñoz'] 0.1.0.dev4 main 100 0 0 0 3 mo 0 0 67 0 4 41 main LGPL-3.0-or-later 2025-04-11
20 FileExplorerExt Integrated file system viewer. ['Frank David Martínez Muñoz'] 1.0.0-dev.7 main 100 0 0 0 4 mo 545 0 5 0 1 17 main v1.0.0.dev7 LGPL-3.0-or-later 2025-12-24
21 FoamCut Foamcut workbench provide functionality to prepare job and generate Gcode for 4 or 5 axis cnc hotwire cutter. ['Andrew Shkolik', 'Andrew Shkolik (https://github.com/Shkolik)'] 0.1.12 main 100 0 0 0 3 mo 0 0 23 4 3 21 main LGPL-2.1-or-later 2024-01-12
22 FreecadDiscordPresence Shows FreeCAD Status on discord. ['Tzur Soffer'] 1.0.3 main 100 0 0 0 9 mo 0 0 14 0 3 4 main Version1.0.3 LGPL-2.1-or-later 2024-12-09
23 ImportNURBS An external workbench for add importer for 3dm> ['Keith Sloan'] 1.1 Beta master 100 0 0 0 2 mo 0 0 13 4 6 4 master LGPL-2.1 2020-03-23
24 InstrumentInput Use Bluetooth-connected measurement instruments such as calipers as input devices ['Steffen Vogel (stv0g)'] 0.3.1 main 100 0 0 0 19 d 0 0 0 0 0 9 main Apache-2.0
25 Movie Workbench to create and animate the movie camera, create and play videos of animations ['F_Rosa'] 2025.01.04 master 100 0 0 0 12 mo 0 0 15 0 7 6 master LGPL-2.1-or-later 2022-12-12
26 Pyramids-and-Polyhedrons Create various polyhedrons in the Part workbench. ['PhoneDroid', 'Eddy Verlinden'] 0.2.2 Latest 100 0 0 0 3 mo 878 0 1 0 7 32 Latest GPL-3.0-or-later, CC-BY-SA-4.0, Unlicense 2025-09-14
27 Supplemental-Materials Materials database that supplements the core materials. ['DavesRocketShop'] 1.0.2 Latest 100 0 0 0 4 mo 467 0 3 1 4 2 Latest v1.0.2 LGPL-3.0-or-later, CC-BY-SA-4.0 2026-03-01
28 freecad-xr-workbench A Virtual Reality (OpenXR) workbench. View your models with VR goggles. ['Adrian Przekwas'] 1.0.1 main 100 0 0 0 2 mo 0 0 31 1 5 17 main LGPL-3.0-or-later 2023-07-29
29 yaml-workbench A FreeCAD addon that loads and manipulates objects via YAML files. ['MambiX Ltd.'] 0.1.4 FreeCAD ≥ v1.0 100 0 0 0 10 mo 0 0 12 2 3 23 master v0.1.4 LGPL-2.1-or-later 2017-11-26
30 MakerWorkbench A mechatronic components system + optic components system ['David Muñoz'] 1.0.1 master 99.9 0 0 1 2 yr 2,143 365 50 6 14 60 master LGPL-3 2020-07-24
31 Plot Tools to modify existing plots. ['hasecilu', 'PhoneDroid', 'Jose Luis Cercós Pita', 'looooo'] 2026.04.15 Latest 99.9 0 0 1 2 mo 2,025 0 15 0 11 20 Latest LGPL-2.1-or-later, CC-BY-SA-4.0 2018-09-22
32 Ratchet Workbench to quickly create ratchets. ['error on line 1'] 1.0.0 Latest 99.9 0 0 1 3 mo 0 0 5 0 1 27 main v1.0.0 LGPL-3.0-or-later 2022-08-13
33 Solar Workbench to manage solar analysis and configurations. ['Francisco Rosa'] 2026.06.04 Main 99.9 0 0 1 28 d 0 0 22 3 4 11 main LGPL-2.1-or-later 2025-07-13
34 taack-plm-freecad This workbench contains tools to interact with Taack Plm Intranet server app you can find under the https://github.com/Taack/plm ['Adrien GUICHARD'] 2025.11.12 main 99.9 0 0 1 8 mo 0 0 15 1 3 4 main GPL-2.0-or-later 2023-02-09
35 DFM Design for manufacturing workbench. Evaluate designs against manufacturing processes and associated rules. ['Ryan Kembrey'] 0.1.11 Latest 99.8 0 0 2 today 1,092 372 34 24 3 57 main LGPL-2.1-or-later 2025-08-03
36 CadbaseLibrary The workbench provides users with an easier way to work with components on the CADBase platform through the FreeCAD interface. Component modifications contain sets of files for various CAD systems. This workbench will work with data from the FreeCAD set, without the need to download documentation and data from other file sets. ['mnnxp'] 3.0.0 master 99.8 0 0 2 10 mo 1,491 246 6 0 2 13 master v3.0.0 LGPL-3.0-or-later 2023-02-10
37 HexFill Fill any sketch with a honeycomb pattern in one click. Pick a sketch, choose the cell size, and HexFill builds the whole hexagonal grid for you - ready to Pocket into a lightweight perforated panel or Pad into a honeycomb solid. Manual or automatic sizing, edge trimming and a live 3D preview. Several closed regions in one sketch are filled at once. ['Clientik'] 1.2.0 main 99.8 0 0 2 18 d 194 194 2 3 0 5 main v1.2.0 MIT 2026-06-11
38 CamScripts CamScripts ToolBit import or script creation and configure *every* step of FreeCAD CAM process. ['spanner888'] V0.0.5 2024/09/25 main 99.8 0 0 2 2 mo 156 156 3 4 2 14 main LGPL-2.1-or-later 2024-08-23
39 Assembly2MuJoCo An addon for exporting FreeCAD builtin Assemblies to MuJoCo. ['Anes Benmerzoug'] 0.4.0 main 99.8 0 0 2 2 mo 0 0 28 2 6 27 main v0.4.0 LGPL-2.1-or-later 2025-04-19
40 NikraDAP Multibody Planar Dynamics Workbench based on a DAP solver algorithm developed by P.E. Nikravesh. ['Lukas du Plessis'] 2.0-alpha main 99.8 0 0 2 3 yr 0 0 3 2 3 11 main GPL-3 2023-02-22
41 Design-Proof Proof-test your parametric CAD models by systematically varying dimensions and measuring regeneration success rates. ['Unai-Pz-de-A'] 0.1.3 Latest 99.7 0 0 3 2 mo 0 0 3 14 0 15 main v0.1.3 LGPL-2.1-or-later 2026-03-30
42 RotaryMoulder Design rotary cookie moulder drums. Wraps flat cookie outlines onto a cylindrical drum and cuts drafted cavities, with engraved or embossed text and shape details, roster (lattice) details, docker pins, cutting cups, and pattern replication around the drum. ['Mike Passchier'] 1.3.1 main 99.7 0 0 3 28 d 0 0 0 0 0 4 main LGPL-2.1-or-later 2026-05-20
43 Motion-Control Link motion controller to an assembly using OPC UA. ['heissgetraenk', 'PhoneDroid'] 1.1.0 Latest 99.6 0 0 4 2 mo 0 0 0 0 6 13 Latest GPL-3.0-or-later 2025-09-25
44 ShapeStrings Advanced tools for creating and manipulating ShapeStrings. ['Robert Massaioli'] 0.2.0 Main 99.6 0 0 4 5 mo 0 0 4 2 1 21 main LGPL-2.1-or-later 2025-12-21
45 sheetmetal A simple sheet metal tools workbench for FreeCAD. ['Shai Seger'] 0.8.20 master 99.3 0 0 7 24 d 69,950 12,838 322 108 83 34 master Last LGPL-2.1-or-later 2015-06-12
46 IDF Importer for IDF files. ['Milos Koutny', 'PhoneDroid'] 1.0.0 Latest 99 0 1 0 4 mo 0 0 0 2 0 12 Latest LGPL-2.1-or-later, CC-BY-SA-4.0 2026-03-07
47 Nodes Visual scripting workbench for FreeCAD ['Ronny Scharf-Wildenhain'] 0.1.36 main 99 0 1 0 2 yr 0 0 114 14 16 110 main LGPL-2.1-or-later 2022-08-10
48 Curves A collection of tools mainly dedicated to NURBS curves and surfaces modeling. ['Christophe Grellier'] 0.6.72 main 98.9 0 1 1 24 d 63,138 11,579 149 34 38 117 main LGPL-2.1-or-later, Apache-2.0 2016-08-06
49 free2ki Export your 3D models to VRML files, with correctly applied rotation and scaling, for use in KiCad as well as Blender. ['30350n'] 1.1.2 Latest 98.9 0 1 1 6 mo 0 0 58 0 5 6 freecad-addons v1.1.2 GPL-3.0-or-later 2022-01-09
50 Detessellate FreeCAD workbench of tools to reverse engineer meshes ['DesignWeaver3D'] 1.1.0 main 98.7 0 1 3 16 d 1,241 703 76 3 6 22 main LGPL-2.1-or-later 2025-11-22
51 fasteners Some common fasteners and fastener tools for FreeCAD. ['Shai Seger'] 0.5.62 master 98.6 0 1 4 3 d 111,006 27,979 396 84 105 94 master V0.5.62-beta GPL-2.0-or-later 2015-06-18
52 WB_Organizer A workbench organizer widget for FreeCAD. Allows you to group your long list of workbenches into smaller meaningful groups. Allows you to rename some workbenches for better understanding or translation. Allows to show the workbench selector as tabbar. ['Palmstroemen'] 2024.1.29 main 98.6 0 0 14 2 yr 2,039 436 5 4 3 3 main LGPL-2.1-or-later 2024-01-26
53 FreeCAD-Beginner-Assistant Best practices modeling assistant for the Part and Sketcher workbench. ['Aleksander Sadowski', 'Elizabeth Harasymiw', 'Aleksander Sadowski(https://github.com/alekssadowski95/FreeCAD-Beginner-Assistant)'] 1.0 main 98.5 0 1 5 2 yr 110 110 18 6 5 37 main LGPL-2.1-or-later 2023-12-12
54 HistoryWorkbench Easy version control for FreeCAD: track document history and review changes using 3D and tree comparisons. ['Ephi Blanshey'] 0.1.0 release 98 0 1 10 19 d 126 126 85 7 3 316 release LGPL-2.1-or-later 2026-05-05
55 frame A workbench for beams and frames ['looooo'] 0.1.1 master 97.9 0 2 1 12 d 2,696 1,174 26 9 6 25 master LGPL-2.1-or-later 2015-11-23
56 MOOC Learn FreeCAD ['Jonathan Wiedemann'] 2022.04.21 master 97.9 0 2 1 4 yr 0 0 5 6 7 18 master GPLv2.1 2019-07-12
57 MnesarcoUtils A collection of tools mainly dedicated to scripting and experiments. ['Frank Martinez'] 0.2.16 main 97.8 0 2 2 3 mo 0 0 19 1 7 65 main GPL-3.0 2021-01-18
58 pyOpToolsWorkbench An optics ray-tracing workbench based on pyOpTools ['Ricardo Amézquita Orozco'] 0.0.4 master 97.8 0 2 2 4 mo 0 0 25 3 6 81 master GPL-3.0-or-later 2017-07-06
59 cadquery_module Build CadQuery models withing FreeCAD. ['Jeremy Wright'] 2.2.0 master 97.7 0 0 23 today 0 0 148 5 44 11 master Apache-2.0 2014-11-22
60 freecad-wakatime A simple FreeCAD WakaTime extension. ['Pegoku'] 0.6.0 main 97.6 0 2 4 9 mo 0 0 4 2 6 5 main v0.6.0 LGPL-2.1-or-later 2025-01-05
61 Ship Naval ship design (architecture, seakeeping, and ship resistance) ['Jose Luis Cercós Pita'] 2024.11.26 master 97.4 0 2 6 1 yr 762 197 54 6 30 71 master LGPL-2.1-or-later 2018-11-08
62 Quetzal A set of commands and objects that help to speed-up the drawing of frames and pipelines. Dodo successor. ['microelly', 'Edgar Robles', 'looo', 'Edgar J Robles', 'triplus', 'Riccardo Treu (oddtopus)'] 1.8.9 master 97.3 0 2 7 9 d 5,712 831 32 21 25 28 master LGPL-3.0-or-later 2020-05-03
63 FrameForge FrameForge is dedicated for creating Frames and Beams, and apply operations (miter cuts, trim cuts) on these profiles. ['Vivien Henry'] 0.2.1 main 97 0 3 0 3 mo 8,281 1,071 34 31 11 25 main v0.2.1 LGPL-3.0-only 2024-10-07
64 AirPlaneDesign A FreeCAD workbench dedicated to Airplane Design. ['FredsFactory'] 0.4.1 master 97 1 0 0 7 mo 3,474 607 114 9 22 19 master LGPL-2.1 2018-06-11
65 ExplodedAssembly [] master 97 1 0 0 2 yr 2,646 554 135 24 26 4 master 2016-03-13
66 ProDarkThemePreferencePack ProDark preference pack including a stylesheet and othe GUI colour information for a complete ProDark experience ['turn211'] 1.0.0 main 97 1 0 0 2 yr 3,568 542 7 0 1 0 main GPL-2.0-or-later 2022-05-17
67 ArchTextures [] master 97 1 0 0 4 yr 1,848 382 34 23 15 23 master 2018-09-30
68 Pyramids-and-Polyhedrons Create various polyhedrons in the Part workbench. ['PhoneDroid', 'Eddy Verlinden'] 0.2.2 Stable 97 1 0 0 3 mo 781 173 1 0 7 32 Stable v0.2.2 GPL-3.0-or-later, CC-BY-SA-4.0, Unlicense 2025-09-14
69 CommandPanel [] master 97 1 0 0 7 yr 0 0 3 1 5 10 master 2017-06-30
70 CubeMenu [] master 97 1 0 0 6 yr 0 0 6 1 0 8 master 2020-02-08
71 IconThemes [] master 97 1 0 0 6 yr 0 0 21 8 5 3 master 2016-10-10
72 SelectorToolbar [] master 97 1 0 0 7 yr 0 0 8 3 4 2 master 2017-03-18
73 TabBar [] master 97 1 0 0 7 yr 0 0 9 1 3 2 master 2016-01-09
74 ToolbarStyle [] master 97 1 0 0 7 yr 0 0 3 0 0 3 master 2018-01-31
75 ose-piping [] master 97 1 0 0 4 yr 0 0 13 6 7 35 master 2018-02-17
76 pivy_trackers [] master 97 1 0 0 7 yr 0 0 23 6 6 61 master 2019-09-19
77 yaml-workbench A FreeCAD addon that loads and manipulates objects via YAML files. ['MambiX Ltd.'] 0.1.4 FreeCAD < v1.0 97 1 0 0 10 mo 0 0 12 2 3 23 v0.1.4 v0.1.4 LGPL-2.1-or-later 2017-11-26
78 Defeaturing A set of tools to edit a Shape or a STEP model. ['Maui'] 1.3.2 master 96.9 1 0 1 15 d 5,746 1,270 36 8 8 8 master AGPLv3.0 2018-07-02
79 MeshRemodel Workbench for remodeling and repairing mesh objects. ['Mark Ganson'] 1.11.0 master 96.9 0 3 1 4 mo 4,895 647 32 0 8 10 master LGPL-2.1-or-later 2019-08-18
80 Plot Tools to modify existing plots. ['hasecilu', 'PhoneDroid', 'Jose Luis Cercós Pita', 'looooo'] 2026.04.15 Stable 96.9 1 0 1 3 mo 1,124 395 15 0 11 20 Stable LGPL-2.1-or-later, CC-BY-SA-4.0 2018-09-22
81 dxf-library [] master 96.9 1 0 1 3 yr 1,460 299 73 4 38 4 master 2013-06-22
82 symbols_library [] master 96.9 1 0 1 2 mo 1,152 228 38 0 17 0 master 2015-04-21
83 Plot Tools to modify existing plots. ['hasecilu', 'PhoneDroid', 'Jose Luis Cercós Pita', 'looooo'] 2025.10.29 1.0.X 96.9 1 0 1 8 mo 0 0 15 0 11 23 2025.10.29 2025.10.29 LGPL-2.1-or-later, CC-BY-SA-4.0 2018-09-22
84 addFC Additional tools for FreeCAD. ['Golodnikov Sergey'] 3.7.2 main 96.8 0 2 12 9 d 8,220 1,600 43 0 5 21 main LGPL-2.1-or-later 2024-05-12
85 ConstraintDesign This addon adds a design workbench that is specially designed to be as flexible and stable as possible. ['drwho495'] beta-0.1 main 96.8 1 0 2 3 mo 1,977 212 15 16 2 47 main LGPL-2.1-only 2025-04-13
86 Cubinets Visualize cabinet assemblies using parametric templates and generate cut lists. ['Vytautas Rimkevicius'] 0.1.0-demo Stable 96.8 1 0 2 3 mo 0 0 1 0 1 28 stable GPL-3.0-or-later 2026-02-20
87 Cubinets Visualize cabinet assemblies using parametric templates and generate cut lists. ['Vytautas Rimkevicius'] 0.1.0-demo Latest 96.8 1 0 2 3 mo 0 0 1 0 1 28 latest GPL-3.0-or-later 2026-02-20
88 Lithophane [] master 96.8 1 0 2 5 yr 0 0 36 15 10 37 master 2018-06-05
89 lattice2 Tools and arrays of all sorts and kinds, and local coordinate systems ['DeepSOIC'] 1.1 master 96.7 1 0 3 2 mo 9,116 1,103 79 34 15 73 master LGPL-2.0-or-later 2015-11-26
90 Motion-Control Link motion controller to an assembly using OPC UA. ['heissgetraenk', 'PhoneDroid'] 1.1.0 Stable 96.6 1 0 4 2 mo 0 0 0 0 6 13 Stable v1.1.0 GPL-3.0-or-later 2025-09-25
91 Telemetry Help improve FreeCAD by sending basic metrics to the development team. ['The FreeCAD project association AISBL'] 1.0.6 main 96.6 0 3 4 1 d 1,707 0 12 5 5 9 main LGPL-2.1-or-later, CC-BY-4.0 2025-02-16
92 EM This project is dedicated to building an ElectroMagnetic workbench for FreeCAD, with support for inductance and capacitance solvers. ['Enrico Di Lorenzo'] 2.1.1 master 96.4 1 0 6 2 yr 953 173 68 6 18 24 master LGPLv2.1 2016-10-03
93 slic3r-tools [] master 96.3 1 0 7 6 yr 0 0 17 8 4 9 master 2019-05-08
94 LCInterlocking Create interlocking parts for laser cutting or CNC milling ['execuc'] 1.5.1 master 96 1 1 0 7 mo 2,938 471 188 34 37 32 master 1.5.1 LGPL-2.1-or-later 2016-06-20
95 Plot Some tools to manipulate the FreeCAD plots ['Jose Luis Cercós Pita'] 2024.11.26 FreeCAD < 1.0 95.9 1 1 1 2 yr 0 0 15 0 11 16 2024.11.26 2024.11.26 LGPL-2.1-or-later 2018-09-22
96 InventorLoader This plugin enables FreeCAD to import Inventor part files (*.IPT), ACIS files (*.SAT, *.SAB), 3D-Solids from DXF files and Fusion360 (*.f3d) files. ['jmplonka'] 1.5.1 master 95.6 1 1 4 2 yr 3,213 653 164 58 22 39 master LGPL-3.0-or-later 2017-02-09
97 Road Road is the Transportation and Geomatics Engineering workbench for FreeCAD. ['Hakan Seven'] 2026.04.11 main 95.5 0 3 15 3 mo 2,565 185 42 7 8 128 main LGPL-2.1-or-later, CC-BY-SA-4.0 2025-01-01
98 btl A FreeCAD Path Addon to manage your tool library. ['Samuel Abels'] 0.9.9 main 95.5 1 1 5 10 mo 0 0 42 17 16 49 main MIT 2023-07-15
99 BillOfMaterials A workbench to create Bill of Materials (BoM) independent of the assembly workbench of your choice. ['Paul Ebbers'] 1.2.0.4 main 95.3 1 1 7 22 d 4,517 1,248 31 4 4 35 main LGPL-3.0-or-later 2023-11-05
100 DynamicData Container object for holding custom properties, alternative to spreadsheet ['TheMarkster'] 2.78 master 94.9 1 2 1 3 mo 2,806 315 51 24 10 4 master LGPL-2.1-or-later 2018-09-22
101 3D_Printing_Tools [] master 94.6 1 2 4 7 yr 4,514 898 53 7 22 5 master 2019-01-30
102 Assembly3 Assembly3 workbench an attempt to bring assembly capability to FreeCAD using SolveSpace constraint solver ['RealThunder'] 0.12.3 master 94.6 1 2 4 8 mo 3,182 506 904 333 76 18 master GPL-3.0-only 2017-09-10
103 DesignSPHysics DesignSPHysics is a macro/addon for FreeCAD that provides a Graphical User Interface for fluid and multi-physics solver DualSPHysics ['Iván Martínez Estévez'] 0.8.2 (29-05-2026) master 94.4 0 4 16 22 d 1,138 365 150 31 46 315 master GPL-3.0-or-later 2018-07-31
104 SimplyPrint Send your FreeCAD models, meshes and assemblies directly to the SimplyPrint cloud for slicing, storage and 3D printing. Adapts to the active workbench, lets you choose the mesh quality when exporting parametric solids, and shows the real size of what you're about to send. ['SimplyPrint'] 1.0.0 main 94.4 0 5 6 5 d 0 0 0 0 1 17 main MIT 2026-06-01
105 OpenTheme An accessible and coordinated set of Light and Dark themes for FreeCAD ['Obelisk79'] 2025.05.20 main 94 2 0 0 1 mo 38,977 7,971 110 59 15 0 main LGPL-2.1-or-later 2024-01-24
106 Color-Palette-Theme Choose your colors with the "ColorPalette" Theme and increase the focus on objects and texts(FreeCAD v1.1.0 ≥) ['altangarts'] 2.2.7 main 94 2 0 0 today 4,965 736 11 1 2 4 main LGPL-2.1-or-later 2024-12-25
107 OpticsWorkbench Geometrical optics for FreeCAD. Performs simple raytracing through your FreeCAD objects. ['Christi'] 1.3.7 main 94 2 0 0 26 d 2,597 659 161 12 38 16 main LGPL-2.1 2021-07-03
108 NordicFC Nordic themes and preference pack. ['error on line 1'] 1.0.1 main 94 2 0 0 2 mo 1,191 648 23 2 2 0 main LGPL-2.1-or-later 2025-09-20
109 Estimate A FreeCAD workbench to estimate material quantity by volume or weight for selected parts ['error on line 1'] 0.1.5 master 94 2 0 0 2 mo 2,259 262 13 1 5 6 master LGPL-3.0-or-later 2022-03-04
110 SlopedPlanesMacro [] master 94 2 0 0 7 yr 0 0 4 0 4 14 master 2017-11-14
111 Smooth-Toolsync Synchronize FreeCAD's CAM tool libraries with a Smooth tool data server. Adds "Smooth" to the CAM workbench toolbar (a modeless Sync / Machines / Audit log window) and a preference page for server configuration. Current capabilities (v2): - Two-way sync of tool bits and tool libraries: a plan/apply preview shows what changed on each side; upload local edits or download server changes, losslessly and without ever duplicating - Synced files carry their server identity; unknown keys (e.g. F&S presets) survive round trips untouched - Machines view: browse each machine's tool table and confirm which physical tool is bound to each entry Requirements: - FreeCAD 1.1 or later with the CAM workbench - A Smooth server (self-hosted or hosted) - see https://loobric.com - Standard library only: no extra Python packages ['Brad Collette'] 0.3.2 master 94 2 0 0 2 d 0 0 4 0 0 21 master MIT 2025-10-27
112 freecad.gears A gear workbench for FreeCAD ['looooo'] 1.3 master 93.9 2 0 1 3 mo 40,024 6,330 342 80 113 31 master GPL-3.0-or-later 2014-04-08
113 CfdOF Computational Fluid Dynamics (CFD) based on OpenFOAM. ['Oliver Oxtoby'] 1.37.3 master 93.9 0 4 21 1 mo 16,742 2,959 682 23 129 74 master v1.37.3 LGPL-3.0-or-later 2016-12-02
114 PieMenu The PieMenu module is a tool to accelerate and simplify your workflow in usage of FreeCAD. ['Grubuntu'] 1.13 master 93.9 2 0 1 13 d 6,993 1,775 33 3 8 7 master LGPL-2.1-or-later 2024-01-13
115 FreeCAD-themes Additional themes for FreeCAD ['The FreeCAD Team'] 2025.11.25 main 93.9 2 0 1 3 mo 9,675 1,355 9 4 3 0 main LGPL-2.1-or-later 2024-06-24
116 Freecad-Built-in-themes-beta Beta versions of the preference Packs included with the FreeCAD distribution ['MisterMaker'] 1.2.2 main 93.9 2 0 1 2 yr 1,963 300 4 1 5 0 main LGPL-2.0-or-later 2023-06-11
117 Machines Collection of Community Maintained Machines ['Sliptonic'] 1.0.0 Latest 93.9 2 0 1 2 mo 0 0 4 1 4 0 Latest CC-BY-SA-4.0 2026-03-13
118 STEMFIE A simple workbench for generating STEMFIE system components. ['Bilbao Makers', 'hasecilu'] 0.3.1 main 93.9 2 0 1 1 yr 0 0 24 5 5 15 main 0.3.1 GPL-2.0-or-later 2021-07-06
119 SteelColumn [] master 93.9 2 0 1 1 yr 0 0 9 0 4 16 master 2020-08-28
120 Alternate_OpenSCAD An alternate OpenSCAD importer with some experimental features. ['Keith Sloan'] 1.0.0 master 93.7 0 4 23 5 mo 2,931 453 17 10 8 19 master LGPL-2.1-or-later 2020-02-04
121 nurbs [] master 93.4 1 2 16 7 yr 0 0 26 6 12 110 master 2016-08-01
122 Design456 Direct Modeling Workbench for FreeCAD ['Mariwan Jalal'] 0.00.1 main 93.1 2 0 9 2 mo 1,930 413 64 4 6 80 main GPL-3.0-or-later 2021-01-29
123 workfeature [] master 93 2 1 0 1 yr 0 0 13 6 5 35 master 2018-01-29
124 BillOfMaterials A workbench to create Bill of Materials (BoM) independent of the assembly workbench of your choice. ['Paul Ebbers'] 1.3.0.dev Develop 92.3 2 1 7 1 d 0 0 31 4 4 37 Develop LGPL-3.0-or-later 2023-11-05
125 Assembly4.1 This assembly workbench use lets you put FreeCAD Part and Body together inside a standard Assembly container. ['leoheck'] 0.61.0-0.2 main 92 1 5 0 1 mo 7,686 2,292 22 3 7 33 main LGPL-2.1-only 2025-06-23
126 AddonManager Tool to install workbenches, macros, themes, etc. ['Jonathan Wiedemann', 'Yorik van Havre', 'Kurt Kremitzki', 'Chris Hennes'] 2026.6.27 main 91.4 0 4 46 5 d 16,587 2,172 11 40 22 101 main LGPL-2.1-or-later 2025-04-06
127 AddonManager Development branch of a tool to install workbenches, macros, themes, etc. ['Jonathan Wiedemann', 'Yorik van Havre', 'Kurt Kremitzki', 'Chris Hennes'] 2026.6.27dev development 91.4 0 4 46 5 d 763 169 11 40 22 101 dev LGPL-2.1-or-later 2025-04-06
128 OSAFE This is a workbench for FreeCAD that creates foundation model from CSI ETABS model results. ['Raeyat Roknabadi Ebrahim'] 2022.05.29 master 91.3 0 7 17 5 mo 0 0 49 3 11 83 master LGPL-2.1-or-later 2018-11-08
129 Assembly4 This assembly workbench allows you to assemble various native FreeCAD parts (of type Part or Body) into a standard assembly container through links, and place them relative to the assembly and to each other using LCS connectors. ['Zolko'] 0.61.1 main 91 1 5 10 7 d 15,446 2,998 0 0 0 40 main LGPL-2.1-only
130 Cables Electrical cables drawing tools workbench for FreeCAD. ['SargoDevel'] 0.3.6 master 91 2 3 0 1 mo 9,732 2,294 80 6 8 33 master v0.3.6 LGPL-3.0-or-later 2025-01-21
131 Gridfinity This Workbench will generate several variations of parametric Gridfinity bins and baseplates that can be easily customized. ['Stuart'] 0.12.4 master 91 3 0 0 4 mo 10,542 1,456 510 38 50 17 master v0.12.4 lgpl-2.1-or-later 2024-03-18
132 QuickMeasure Measures selected features. [] 2022.10.28 main 91 3 0 0 11 mo 4,168 606 11 4 7 3 main 2022-10-04
133 BulletDesigner Parametric bullet design workbench with ballistic and trajectory tools. ['Bullet Designer Team'] 1.0.0 main 91 3 0 0 2 mo 0 0 5 0 0 19 main MIT 2026-02-20
134 Launcher Search for commands and run them. ['PhoneDroid', 'Triplus'] 0.1.0 Latest 91 3 0 0 3 mo 0 0 0 0 4 7 Latest LGPL-2.1-or-later, CC-BY-SA-4.0 2026-03-28
135 Machines Collection of Community Maintained Machines ['Sliptonic'] 1.0.0 Stable 90.9 3 0 1 3 mo 0 0 4 1 4 0 Stable v1.0.0 CC-BY-SA-4.0 2026-03-13
136 CADExchanger [] master 90.7 3 0 3 2 yr 1,605 324 77 6 12 3 master 2017-03-25
137 SearchBar Adds a search bar widget for tools, document objects, and preferences ['Paul Ebbers'] 1.8.1.1 main 90.6 2 3 4 1 mo 5,245 1,529 6 7 9 28 main CCOv1 2024-11-07
138 pyrate [] master 90.4 2 3 6 2 yr 0 0 0 0 0 123 master
139 Render (UNMAINTAINED) A workbench to produce high-quality rendered images from your FreeCAD document, using open-source external rendering engines. Designed as a modern replacement for deprecated internal Raytracing Workbench. ['howetuft', 'No current maintainer', 'Yorik Van Havre'] 2024.12.15 master 90.3 1 5 17 2 mo 10,312 2,100 229 17 42 53 master LGPL-2.1-or-later 2017-12-17
140 woodworking Woodworking workbench was designed primarily for creating simple cabinets for your home or garage. However, it includes many features that will make everyday carpentry and other CAD projects easier and faster. I hope you will find something you enjoy here. ['Darek L'] 3.2.20260702 master 90.2 0 8 18 today 20,457 3,232 521 0 48 159 master MIT 2022-02-25
141 EasyProfileFrame Simplifies the creation of frames using profiles, such as aluminum profiles. It also includes support for exporting Bill of Materials (BOM). ['ovo-Tim'] 0.0.1 main 89.9 3 1 1 1 yr 3,477 682 20 7 4 10 main LGPL-3.0-or-later 2025-01-19
142 POV-Ray-Rendering [] master 89.2 3 1 8 3 yr 694 259 4 6 2 8 master 2020-11-30
143 osh-autodoc-workbench A workbench that support the creation of assembly manuals of open source hardware. ['Pieter Hijma', 'J.C. Mariscal-Melgar'] 0.2.3 main 89 1 8 0 5 mo 0 0 0 0 0 23 main LGPL-3.0-or-later
144 SaveAndRestore A simple addon to save and restore your settings ['Paul Ebbers'] 1.1 main 88.6 2 3 24 17 d 6,067 2,154 7 1 1 11 main MIT 2025-04-23
145 TitleBlock An extension for the TechDraw workbench to fill a TitleBlock with the aid of the Spreadsheet workbench. ['Paul Ebbers'] 0.5.2.2 main 88.3 3 2 7 10 mo 0 0 5 2 0 18 main LGPL-2.1-or-later 2023-10-07
146 Launcher Search for commands and run them. ['PhoneDroid', 'Triplus'] 0.1.0 Stable 88 4 0 0 3 mo 0 0 0 0 4 2 Stable v0.1.0 LGPL-2.1-or-later, CC-BY-SA-4.0 2026-03-28
147 SearchBar Adds a search bar widget for tools, document objects, and preferences ['Paul Ebbers'] 1.8.0 Develop 87.6 3 3 4 9 mo 0 0 6 7 9 28 Develop CCOv1 2024-11-07
148 kicadStepUpMod A bidirectional ECAD/MCAD collaboration between KiCAD and FreeCAD. ['Maui'] 11.08.5 master 85.9 3 4 11 7 d 11,012 3,338 663 39 82 34 master AGPLv3.0 2017-09-12
149 fcVM Finite element collapse analysis based on the von Mises plasticity model for use with FreeCAD ['HarryvL'] 2024.9.5 main 85.9 4 2 1 11 mo 0 0 11 3 3 4 main 2024-01-17
150 SaveAndRestore A simple addon to save and restore your settings ['Paul Ebbers'] 1.1 Develop 85.6 3 3 24 20 d 0 0 7 1 1 11 Develop MIT 2025-04-23
151 FreeCAD-Ribbon A Ribbon interface for FreeCAD ['Paul Ebbers'] 1.11.1 main 85.5 2 5 35 3 d 6,082 1,450 123 7 12 50 main GPL-3.0-or-later 2024-09-28
152 FreeGrid A simple tools workbench for generating FreeGrid storage system components. ['Alan Langford', 'Michael K Johnson', 'hasecilu'] 2.2.0 main 85.4 4 2 6 1 yr 1,082 163 50 2 4 9 main AGPL-3.0-or-later 2022-07-25
153 freecad_streamdeck_addon FreeCAD addon to use an Elgato Stream Deck macropad as an input device. ['Giraut'] 0.1.7 main 85 5 0 0 2 yr 0 0 20 7 5 6 main GPL-3.0-or-later 2024-02-25
154 FEMbyGEN Parametric Finite Element Analysis(FEM) ['Serdar T. Ince'] 2.5.5 master 84.9 2 9 1 2 mo 2,423 347 49 7 25 28 master LGPL-2.1-only 2022-07-27
155 drawing_dimensioning [] < 0.20 84.5 3 6 5 8 mo 0 0 0 0 48 59 v0.19.4 0.19.4 2025-11-03
156 Manipulator A handy way to Move and Align objects in FreeCAD. ['Maui'] 1.6.4 master 83.6 3 7 4 3 mo 10,245 1,470 76 24 14 10 master GPLv3.0 2017-10-02
157 Part-o-magic Experiment on FreeCAD-wide automation of Part container management ['DeepSOIC'] 1.1.0 master 83.5 0 16 5 2 mo 0 0 15 28 5 62 master LGPL-2.0-or-later 2016-05-20
158 A2plus Another assembly workbench for FreeCAD, following and extending Hamish's Assembly 2 workbench hence Assembly2plus. The main goal of A2plus is to create a very simple, easy to use, and not over-featured workbench for FreeCAD assemblies. Using the KISS principle: KEEP IT SIMPLE, STUPID ['kbwbe'] 0.4.68 master 83 4 1 40 5 mo 18,160 3,156 205 49 74 38 master LGPL-2.1-or-later 2018-06-28
159 FEM_FrontISTR A FreeCAD addon that enables a parallel nonliner FEM solver FrontISTR. ['FrontISTR-Commons'] 0.2.0 master 82.9 5 1 11 11 mo 0 0 36 0 9 29 master LGPL-2.1-or-later 2021-04-03
160 Reinforcement A workbench that provides tools for Reinforcement Generation and its Detailing. ['Amritpal Singh (amrit3701)'] v0.6 master 82.7 1 12 23 4 mo 1,830 266 65 61 23 66 master LGPL-2.1-or-later 2017-04-09
161 FreeCAD-Ribbon A Ribbon interface for FreeCAD ['Paul Ebbers'] 1.12.0dev Develop 82.5 3 5 35 1 d 0 0 123 7 12 50 Develop GPL-3.0-or-later 2024-09-28
162 Rocket A workbench for designing model rockets. ['David Carter'] 3.3.0 Pre-1.0 Compatible 81.5 4 6 5 2 yr 0 0 76 10 16 266 v3.3.0 v3.3.0 LGPLv2.1 2021-02-01
163 freecad.optics_design_workbench Physically accurate forward ray tracing for optics simulation and optimization with FreeCAD workbench frontend. ['Philipp Bredol'] 1.0.2 master 79.7 3 7 43 6 d 938 341 12 1 2 43 master LGPL-3.0-or-later 2024-07-17
164 Corridor-Road FreeCAD workbench for parametric road corridor design, review, and output preparation. ['Kcod'] 1.0.8 Latest 77.7 1 2 173 today 0 0 6 1 1 535 main LGPL-2.1-or-later 2026-02-23
165 Cfd [] master 77.3 5 4 37 5 yr 0 0 214 4 41 66 master 2016-09-29
166 WebTools A collection of tools to work with web services ['Yorik van Havre'] 1.0.0 master 76.3 1 20 7 10 mo 0 0 28 10 18 10 master LGPL-2.1-or-later 2017-04-08
167 GDML An external workbench for creating GDML models for Geant4 and Root ['Keith Sloan'] 2.0.2 Beta Main 75.3 0 22 27 1 mo 126 126 71 53 19 72 Main LGPL-2.1 2019-11-21
168 boltsfc Installable FreeCAD package of BOLTS, an Open Library for Technical Specifications. ['Bernd Hahnebach'] 2022.11.5 main 69.8 3 21 2 4 yr 5,254 1,016 41 3 15 51 main LGPLv2.1 2017-07-02
169 Ondsel-Lens Workspace manager for Ondsel Lens workspaces ['Pieter Hijma'] 2025.12.22.01 main 68.4 6 13 6 6 mo 0 0 4 9 14 66 main LGPL-2.0-or-later, Apache-2.0, CC0-1.0, CC-BY-SA-2.0, CC-BY-SA-4... 2025-06-22
170 Rocket Workbench for designing model rockets. ['David Carter'] 5.1.1 master 67.8 5 14 32 5 mo 724 186 76 10 16 311 master LGPL-2.1-or-later, MIT 2021-02-01
171 BCFPlugin Integrate collaboration in the BIM space through support of the BCF (BIM Collaboration Format). ['Patrick Podest (podestplatz)'] 1.0.0 master 65.2 8 9 18 4 yr 0 0 9 6 8 52 master LGPLv2.1 2019-05-11
172 AnimationFreeCAD The FreeCAD Animation workbench allows users to animate any object easily through visual scripting Nodes thanks to PyFlow. ['Andréas Cottet', 'Quentin Tournier'] 1.0-beta main 44.1 2 44 59 1 yr 1,965 371 35 10 10 630 main Apache-2.0 2022-01-29
173 workfeature-macro [] master 17.9 1 79 1 2 yr 0 0 28 3 9 34 master 2015-02-15
174 AIGenFurniture Parametric furniture cabinet design workbench. Generate cabinets from simple boxes, apply features (fronts, shelves, drawers), and export manufacturing files. ['Bogdan'] 0.1.6 Latest 0 7 156 199 19 d 1,882 816 5 0 2 871 main LGPL-2.1-or-later 2025-08-27
175 pcb Printed Circuit Board (PCB) Workbench for FreeCAD ['marmni'] 6.2023.1 master 0 3 101 43 4 mo 3,843 687 119 7 27 280 master AGPLv3.0 2016-01-06

Addon Details

CurvedShapes master

1.00.15· Create 3D shapes from 2D curves.

100 / 100

Repository

https://github.com/chbergmann/CurvedShapesWorkbench
master · Created: 2019-06-11 · Updated: 1 mo · 12 python files

Statistics

14,887
DL(Yr)
4,523
DL(Mo)
82
Stars
12
Issues
Manifest
Branch
master
Version
1.00.15
License
LGPL-2.1
Dependencies 4
  • Internal: BOPTools
  • Internal: Draft
  • Internal: PySide
  • Internal: Sketcher
Static Analysis 0
INFO 2
package.xml1
  • Missing author information in package.xml
Layout1
  • Uses exec based layout
Authors/Maintainers 1
Christi

ThreadProfile master

1.99· ThreadProfile object for creating internal/external threads

100 / 100

Repository

https://github.com/mwganson/ThreadProfile
master · Created: 2019-07-22 · Updated: 1 mo · 4 python files

Statistics

10,594
DL(Yr)
2,807
DL(Mo)
73
Stars
28
Issues
Manifest
Branch
master
Version
1.99
License
LGPL-2.1
Dependencies 2
  • Internal: Draft
  • Internal: PySide
Static Analysis 0
INFO 2
package.xml1
  • Missing author information in package.xml
Layout1
  • Uses exec based layout
Authors/Maintainers 1
TheMarkster

Silk master

0.3.9· NURBS Surface modeling tools focused on low degree and seam continuity

100 / 100

Repository

https://github.com/edwardvmills/Silk
master · Created: 2017-05-20 · Updated: 4 d · 43 python files

Statistics

8,213
DL(Yr)
2,713
DL(Mo)
92
Stars
5
Issues
Manifest
Branch
master
Version
0.3.9
License
GPL-3.0-or-later
Dependencies 2
  • Internal: PySide
  • Pip: numpy
Static Analysis 0
INFO 1
Layout1
  • Uses exec based layout
Authors/Maintainers 1
edwardvmills

FusedFilamentDesign release

0.26.200· PartDesign addon for FFF/FDM 3D-printing design

100 / 100

Repository

https://github.com/rahix/FusedFilamentDesign.git
release · v0.26.200 · Created: 2025-05-11 · Updated: 2 mo · 10 python files

Statistics

10,278
DL(Yr)
1,296
DL(Mo)
227
Stars
16
Issues
Manifest
Branch
release
Version
0.26.200
License
LGPL-2.1-or-later
Dependencies 2
  • Internal: PySide
  • Internal: Sketcher
Static Analysis 0
INFO 2
package.xml1
  • Missing author information in package.xml
Layout1
  • Uses exec based layout
Authors/Maintainers 1
rahix

ThreadWorkbench master

0.2.0· Thread Workbench is a FreeCAD workbench for generating metric and inch threads

100 / 100

Repository

https://github.com/krwork3d/freecad_thread_workbench
master · 0.2.0 · Created: 2026-05-30 · Updated: 25 d · 40 python files

Statistics

815
DL(Yr)
815
DL(Mo)
5
Stars
1
Issues
Manifest
Branch
master
Version
0.2.0
License
GPL-3.0-or-later
Dependencies 2
  • Internal: PySide
  • Internal: pivy
Static Analysis 0
INFO 2
package.xml1
  • Missing author information in package.xml
Layout1
  • Uses extension based layout
Authors/Maintainers 1
ThreadWorkbench

dodo master

1.0.1· A set of commands and objects that help to speed-up the drawing of frames and pipelines. Py3/Qt5 port of flamingo.

100 / 100

Repository

https://github.com/oddtopus/dodo
master · Created: 2019-03-24 · Updated: 2 yr · 18 python files

Statistics

2,843
DL(Yr)
617
DL(Mo)
32
Stars
20
Issues
Manifest
Branch
master
Version
1.0.1
License
LGPLv3
Dependencies 6
  • Internal: Arch
  • Internal: BOPTools
  • Internal: Draft
  • Internal: PySide
  • Internal: pivy
  • Pip: numpy
Static Analysis 0
INFO 2
package.xml1
  • Missing author information in package.xml
Layout1
  • Uses exec based layout
Authors/Maintainers 1
Riccardo Treu (oddtopus)

Marz master

0.1.21· Parametric Guitar design workbench

100 / 100

Repository

https://github.com/mnesarco/MarzWorkbench
master · Created: 2020-04-05 · Updated: 16 d · 67 python files

Statistics

2,807
DL(Yr)
554
DL(Mo)
128
Stars
7
Issues
Manifest
Branch
master
Version
0.1.21
License
GPL-3.0-or-later, LGPL-2.1-or-later
Dependencies 11
  • Compat: PySide2
  • Compat: PySide6
  • Internal: BOPTools
  • Internal: PySide
  • Internal: TechDraw
  • Internal: pivy
  • Pip: defusedxml
  • Pip: numpy
  • Warn: gi (Not in AddonManager allowed packages)
  • Warn: inkex (Not in AddonManager allowed packages)
  • Warn: setuptools (Not in AddonManager allowed packages)
Static Analysis 0
INFO 1
Layout1
  • Uses extension based layout
Authors/Maintainers 1
Frank Martinez

Behave-Dark-Colors main

0.1.1· A preference pack including GUI color information to extend the Behave Dark stylesheet

100 / 100

Repository

https://github.com/Chrismettal/FreeCAD-Behave-Dark-Preference-Pack
main · Created: 2022-01-30 · Updated: 2 yr · 0 python files

Statistics

3,174
DL(Yr)
517
DL(Mo)
11
Stars
2
Issues
Manifest
Branch
main
Version
0.1.1
License
GPL-3.0-only
Static Analysis 0
INFO 2
package.xml1
  • Missing author information in package.xml
Layout1
  • No Mod init scripts found
Authors/Maintainers 1
Chrismettal

Woods master

1.1.0· Collection of various wood materials.

100 / 100

Repository

https://github.com/davesrocketshop/Woods
master · v1.1.0 · Created: 2025-06-26 · Updated: 6 mo · 4 python files

Statistics

3,683
DL(Yr)
515
DL(Mo)
12
Stars
3
Issues
Manifest
Branch
master
Version
1.1.0
License
LGPL-2.1-or-later, CDLA-Sharing-1.0, CC-BY-SA-4.0
Dependencies 3
  • Pip: Pillow
  • Pip: openpyxl
  • Warn: opencv-python (Not in AddonManager allowed packages)
Static Analysis 0
INFO 1
Layout1
  • Uses extension based layout
Authors/Maintainers 2
David Carter Gregory Holmberg

Dracula master

0.0.9· Dracula dark theme for FreeCAD

100 / 100

Repository

https://github.com/dracula/freecad
master · Created: 2021-03-07 · Updated: 11 mo · 0 python files

Statistics

3,152
DL(Yr)
500
DL(Mo)
38
Stars
9
Issues
Manifest
Branch
master
Version
0.0.9
License
MIT
Static Analysis 0
INFO 2
package.xml1
  • Missing author information in package.xml
Layout1
  • No Mod init scripts found
Authors/Maintainers 1
Eleanor Clifford

StandardBeams main

1.0.0· Workbench to create standard beam profiles of varying shapes.

100 / 100

Repository

https://github.com/MortenVajhoj/StandardBeams
main · Created: 2026-01-14 · Updated: 5 mo · 56 python files

Statistics

1,986
DL(Yr)
418
DL(Mo)
6
Stars
0
Issues
Manifest
Branch
main
Version
1.0.0
License
LGPL-2.1-or-later, CC-BY-SA-4.0
Dependencies 2
  • Compat: PySide6
  • Internal: PySide
Static Analysis 0
INFO 1
Layout1
  • Uses extension based layout
Authors/Maintainers 1
Morten Vajhøj

Beltrami main

1.3.3· Workbench for designing Turbomachine blades.

100 / 100

Repository

https://github.com/Simturb/Beltrami
main · 1.3.3 · Created: 2021-05-10 · Updated: 2 mo · 5 python files

Statistics

2,807
DL(Yr)
388
DL(Mo)
41
Stars
0
Issues
Manifest
Branch
main
Version
1.3.3
License
LGPL-2.1-or-later
Dependencies 4
  • Internal: Sketcher
  • Internal: Spreadsheet
  • Pip: numpy
  • Pip: scipy
Static Analysis 0
INFO 1
Layout1
  • Uses extension based layout
Authors/Maintainers 1
Michel Sabourin

Catppuccin main

1.0.0· Light / Dark theme and preference pack.

100 / 100

Repository

https://github.com/cnvuls/CatppuccinTheme
main · Created: 2026-04-04 · Updated: 2 mo · 0 python files

Statistics

1,059
DL(Yr)
365
DL(Mo)
1
Stars
0
Issues
Manifest
Branch
main
Version
1.0.0
License
MIT
Static Analysis 0
INFO 1
Layout1
  • No Mod init scripts found
Authors/Maintainers 1
cnvuls

Templater main

0.0.6· A workbench to gather some drafting related tools

100 / 100

Repository

https://codeberg.org/FBXL5/Templater
main · Updated: 13 d · 10 python files

Statistics

274
DL(Yr)
274
DL(Mo)
0
Stars
0
Issues
Manifest
Branch
main
Version
0.0.6
License
LGPL-3.0-or-later
Dependencies 1
  • Internal: PySide
Static Analysis 0
INFO 2
package.xml1
  • Missing author information in package.xml
Layout1
  • Uses extension based layout
Authors/Maintainers 1
FBXL5

FeedsAndSpeeds master

0.6· CAM addon to help generate basic feeds and speeds for machining.

100 / 100

Repository

https://github.com/dubstar-04/FeedsAndSpeeds
master · Created: 2020-04-10 · Updated: 6 mo · 4 python files

Statistics

1,989
DL(Yr)
198
DL(Mo)
47
Stars
17
Issues
Manifest
Branch
master
Version
0.6
License
LGPL-2.1-or-later
Dependencies 2
  • Internal: PySide
  • Pip: Path
Static Analysis 0
INFO 1
Layout1
  • Uses exec based layout
Authors/Maintainers 1
Daniel Wood

toSketch main

1.0.1· Tools to help recreate models from STEP files.

100 / 100

Repository

https://github.com/KeithSloan/toSketch
main · Created: 2021-01-02 · Updated: 6 mo · 14 python files

Statistics

2,640
DL(Yr)
194
DL(Mo)
19
Stars
8
Issues
Manifest
Branch
main
Version
1.0.1
License
GPL-2.0-or-later
Dependencies 9
  • Compat: PySide2
  • Internal: Draft
  • Internal: PySide
  • Internal: Sketcher
  • Pip: geomdl
  • Pip: matplotlib
  • Pip: numpy
  • Pip: scipy
  • Warn: Show (Not in AddonManager allowed packages)
Static Analysis 0
INFO 1
Layout1
  • Uses extension based layout
Authors/Maintainers 1
Keith Sloan

SvgWorkbench main

1.0.0.dev14· FreeCAD Svg Workbench

100 / 100

Repository

https://github.com/mnesarco/SvgWorkbench
main · v1.0.0.dev14 · Created: 2025-02-07 · Updated: 3 mo · 71 python files

Statistics

1,995
DL(Yr)
172
DL(Mo)
12
Stars
1
Issues
Manifest
Branch
main
Version
1.0.0.dev14
License
LGPL-3.0-or-later, LGPL-2.1-or-later
Dependencies 12
  • Compat: PySide6
  • Compat: shiboken2
  • Compat: shiboken6
  • Internal: Draft
  • Internal: PySide
  • Internal: TechDraw
  • Internal: pivy
  • Pip: defusedxml
  • Pip: packaging
  • Pip: rich
  • Warn: toml (Not in AddonManager allowed packages)
  • Warn: typer (Not in AddonManager allowed packages)
Static Analysis 0
INFO 1
Layout1
  • Uses extension based layout
Authors/Maintainers 1
Frank David Martínez Muñoz

Vars main

0.0.2.beta7· FreeCAD Vars

100 / 100

Repository

https://github.com/mnesarco/Vars
main · Created: 2025-05-19 · Updated: 8 d · 42 python files

Statistics

164
DL(Yr)
164
DL(Mo)
16
Stars
2
Issues
Manifest
Branch
main
Version
0.0.2.beta7
License
LGPL-3.0-or-later
Dependencies 11
  • Compat: PySide6
  • Compat: shiboken2
  • Compat: shiboken6
  • Internal: PySide
  • Internal: pivy
  • Pip: defusedxml
  • Pip: packaging
  • Pip: rich
  • Warn: scour (Not in AddonManager allowed packages)
  • Warn: toml (Not in AddonManager allowed packages)
  • Warn: typer (Not in AddonManager allowed packages)
Static Analysis 0
INFO 1
Layout1
  • Uses extension based layout
Authors/Maintainers 1
Frank David Martínez Muñoz

Channels main

0.1.0.dev4· FreeCAD Channels - Connector to Blender

100 / 100

Repository

https://github.com/mnesarco/Channels
main · Created: 2025-04-11 · Updated: 3 mo · 41 python files

Statistics

0
DL(Yr)
0
DL(Mo)
67
Stars
0
Issues
Manifest
Branch
main
Version
0.1.0.dev4
License
LGPL-3.0-or-later
Dependencies 13
  • Compat: PySide2
  • Compat: PySide6
  • Compat: shiboken2
  • Compat: shiboken6
  • Internal: PySide
  • Internal: pivy
  • Pip: defusedxml
  • Pip: packaging
  • Pip: rich
  • Warn: bpy (Not in AddonManager allowed packages)
  • Warn: importers (Not in AddonManager allowed packages)
  • Warn: toml (Not in AddonManager allowed packages)
  • Warn: typer (Not in AddonManager allowed packages)
Static Analysis 0
INFO 1
Layout1
  • Uses extension based layout
Authors/Maintainers 1
Frank David Martínez Muñoz

FileExplorerExt main

1.0.0-dev.7· Integrated file system viewer.

100 / 100

Repository

https://github.com/mnesarco/FileExplorerExt
main · v1.0.0.dev7 · Created: 2025-12-24 · Updated: 4 mo · 17 python files

Statistics

545
DL(Yr)
0
DL(Mo)
5
Stars
0
Issues
Manifest
Branch
main
Version
1.0.0-dev.7
License
LGPL-3.0-or-later
Dependencies 2
  • Compat: PySide6
  • Internal: PySide
Static Analysis 0
INFO 1
Layout1
  • Uses extension based layout
Authors/Maintainers 1
Frank David Martínez Muñoz

FoamCut main

0.1.12· Foamcut workbench provide functionality to prepare job and generate Gcode for 4 or 5 axis cnc hotwire cutter.

100 / 100

Repository

https://github.com/Shkolik/Foamcut
main · Created: 2024-01-12 · Updated: 3 mo · 21 python files

Statistics

0
DL(Yr)
0
DL(Mo)
23
Stars
4
Issues
Manifest
Branch
main
Version
0.1.12
License
LGPL-2.1-or-later
Dependencies 2
  • Internal: PySide
  • Internal: pivy
Static Analysis 0
INFO 1
Layout1
  • Uses exec based layout
Authors/Maintainers 2
Andrew Shkolik Andrew Shkolik (https://github.com/Shkolik)

FreecadDiscordPresence main

1.0.3· Shows FreeCAD Status on discord.

100 / 100

Repository

https://github.com/TzurSoffer/FreecadDiscordPresence
main · Version1.0.3 · Created: 2024-12-09 · Updated: 9 mo · 4 python files

Statistics

0
DL(Yr)
0
DL(Mo)
14
Stars
0
Issues
Manifest
Branch
main
Version
1.0.3
License
LGPL-2.1-or-later
Dependencies 3
  • Compat: PySide2
  • Internal: PySide
  • Pip: pypresence
Static Analysis 0
INFO 2
package.xml1
  • Missing author information in package.xml
Layout1
  • Uses extension based layout
Authors/Maintainers 1
Tzur Soffer

ImportNURBS master

1.1 Beta· An external workbench for add importer for 3dm>

100 / 100

Repository

https://github.com/KeithSloan/ImportNURBS
master · Created: 2020-03-23 · Updated: 2 mo · 4 python files

Statistics

0
DL(Yr)
0
DL(Mo)
13
Stars
4
Issues
Manifest
Branch
master
Version
1.1 Beta
License
LGPL-2.1
Dependencies 4
  • Internal: Draft
  • Internal: Mesh
  • Pip: rhino3dm
  • Warn: setuptools (Not in AddonManager allowed packages)
Static Analysis 0
INFO 2
package.xml1
  • Missing author information in package.xml
Layout1
  • Uses extension based layout
Authors/Maintainers 1
Keith Sloan

InstrumentInput main

0.3.1· Use Bluetooth-connected measurement instruments such as calipers as input devices

100 / 100

Repository

https://codeberg.org/stv0g/freecad-instrumentinput
main · Updated: 19 d · 9 python files

Statistics

0
DL(Yr)
0
DL(Mo)
0
Stars
0
Issues
Manifest
Branch
main
Version
0.3.1
License
Apache-2.0
Dependencies 2
  • Compat: PySide6
  • Warn: sylvac (Not in AddonManager allowed packages)
Static Analysis 0
INFO 1
Layout1
  • Uses extension based layout
Authors/Maintainers 1
Steffen Vogel (stv0g)

Movie master

2025.01.04· Workbench to create and animate the movie camera, create and play videos of animations

100 / 100

Repository

https://github.com/Francisco-Rosa/FreeCAD-Movie
master · Created: 2022-12-12 · Updated: 12 mo · 6 python files

Statistics

0
DL(Yr)
0
DL(Mo)
15
Stars
0
Issues
Manifest
Branch
master
Version
2025.01.04
License
LGPL-2.1-or-later
Dependencies 4
  • Internal: PySide
  • Internal: pivy
  • Mod: Render
  • Warn: opencv-python (Not in AddonManager allowed packages)
Static Analysis 0
INFO 1
Layout1
  • Uses exec based layout
Authors/Maintainers 1
F_Rosa

Pyramids-and-Polyhedrons Latest

0.2.2· Create various polyhedrons in the Part workbench.

100 / 100

Repository

https://github.com/Addon-Shelter/Polyhedra
Latest · Created: 2025-09-14 · Updated: 3 mo · 32 python files

Statistics

878
DL(Yr)
0
DL(Mo)
1
Stars
0
Issues
Manifest
Branch
Latest
Version
0.2.2
License
GPL-3.0-or-later, CC-BY-SA-4.0, Unlicense
Dependencies 1
  • Compat: PySide6
Static Analysis 0
INFO 1
Layout1
  • Uses extension based layout
Authors/Maintainers 2
PhoneDroid Eddy Verlinden

Supplemental-Materials Latest

1.0.2· Materials database that supplements the core materials.

100 / 100

Repository

https://github.com/FreeCAD/Supplemental-Materials
Latest · v1.0.2 · Created: 2026-03-01 · Updated: 4 mo · 2 python files

Statistics

467
DL(Yr)
0
DL(Mo)
3
Stars
1
Issues
Manifest
Branch
Latest
Version
1.0.2
License
LGPL-3.0-or-later, CC-BY-SA-4.0
Static Analysis 0
INFO 1
Layout1
  • Uses extension based layout
Authors/Maintainers 1
DavesRocketShop

freecad-xr-workbench main

1.0.1· A Virtual Reality (OpenXR) workbench. View your models with VR goggles.

100 / 100

Repository

https://github.com/kwahoo2/freecad-xr-workbench
main · Created: 2023-07-29 · Updated: 2 mo · 17 python files

Statistics

0
DL(Yr)
0
DL(Mo)
31
Stars
1
Issues
Manifest
Branch
main
Version
1.0.1
License
LGPL-3.0-or-later
Dependencies 10
  • Compat: PySide2
  • Compat: PySide6
  • Compat: shiboken2
  • Compat: shiboken6
  • Internal: Draft
  • Internal: PySide
  • Internal: pivy
  • Pip: PyOpenGL
  • Pip: numpy
  • Warn: xr (Not in AddonManager allowed packages)
Static Analysis 0
INFO 2
package.xml1
  • Missing author information in package.xml
Layout1
  • Uses extension based layout
Authors/Maintainers 1
Adrian Przekwas

yaml-workbench master

0.1.4· A FreeCAD addon that loads and manipulates objects via YAML files.

100 / 100

Repository

https://github.com/Mambix/FreeCAD-yaml-workbench
master · v0.1.4 · Created: 2017-11-26 · Updated: 10 mo · 23 python files

Statistics

0
DL(Yr)
0
DL(Mo)
12
Stars
2
Issues
Manifest
Branch
master
Version
0.1.4
License
LGPL-2.1-or-later
Dependencies 3
  • Internal: Mesh
  • Pip: PyYAML
  • Pip: Requests
Static Analysis 0
INFO 2
package.xml1
  • Missing author information in package.xml
Layout1
  • Uses extension based layout
Authors/Maintainers 1
MambiX Ltd.

MakerWorkbench master

1.0.1· A mechatronic components system + optic components system

99.9 / 100

Repository

https://github.com/URJCMakerGroup/MakerWorkbench
master · Created: 2020-07-24 · Updated: 2 yr · 60 python files

Statistics

2,143
DL(Yr)
365
DL(Mo)
50
Stars
6
Issues
Manifest
Branch
master
Version
1.0.1
License
LGPL-3
Dependencies 4
  • Internal: Draft
  • Internal: Mesh
  • Internal: PySide
  • Internal: pivy
Static Analysis 1
LOW 1
package.xml1
  • line 11: Icon file 'Resources/icons/Maker_workbench_icon.svg' is too big (>16kB)
INFO 2
package.xml1
  • Missing author information in package.xml
Layout1
  • Uses exec based layout
Authors/Maintainers 1
David Muñoz

Plot Latest

2026.04.15· Tools to modify existing plots.

99.9 / 100

Repository

https://github.com/FreeCAD/Plot
Latest · Created: 2018-09-22 · Updated: 2 mo · 20 python files

Statistics

2,025
DL(Yr)
0
DL(Mo)
15
Stars
0
Issues
Manifest
Branch
Latest
Version
2026.04.15
License
LGPL-2.1-or-later, CC-BY-SA-4.0
Dependencies 2
  • Compat: PySide6
  • Pip: matplotlib
Static Analysis 1
LOW 1
package.xml1
  • line 68: Icon file 'freecad/plot/Resources/Icons/Addon.svg' is too big (>16kB)
INFO 1
Layout1
  • Uses extension based layout
Authors/Maintainers 4
hasecilu PhoneDroid Jose Luis Cercós Pita looooo

Ratchet main

1.0.0· Workbench to quickly create ratchets.

99.9 / 100

Repository

https://github.com/erroronline1/ratchetWB
main · v1.0.0 · Created: 2022-08-13 · Updated: 3 mo · 27 python files

Statistics

0
DL(Yr)
0
DL(Mo)
5
Stars
0
Issues
Manifest
Branch
main
Version
1.0.0
License
LGPL-3.0-or-later
Dependencies 1
  • Compat: PySide6
Static Analysis 1
LOW 1
package.xml1
  • line 55: Missing icon file 'freecad/Ratchet/Resources/Addon.svg'
INFO 1
Layout1
  • Uses extension based layout
Authors/Maintainers 1
error on line 1

Solar main

2026.06.04· Workbench to manage solar analysis and configurations.

99.9 / 100

Repository

https://github.com/Francisco-Rosa/Solar
main · Created: 2025-07-13 · Updated: 28 d · 11 python files

Statistics

0
DL(Yr)
0
DL(Mo)
22
Stars
3
Issues
Manifest
Branch
main
Version
2026.06.04
License
LGPL-2.1-or-later
Dependencies 5
  • Internal: Draft
  • Internal: PySide
  • Warn: ladybug (Not in AddonManager allowed packages)
  • Warn: ladybug_geometry (Not in AddonManager allowed packages)
  • Warn: ladybug_radiance (Not in AddonManager allowed packages)
Static Analysis 1
LOW 1
package.xml1
  • line 85: Icon file 'freecad/Solar/icons/Logo.svg' is too big (>16kB)
INFO 1
Layout1
  • Uses extension based layout
Authors/Maintainers 1
Francisco Rosa

taack-plm-freecad main

2025.11.12· This workbench contains tools to interact with Taack Plm Intranet server app you can find under the https://github.com/Taack/plm

99.9 / 100

Repository

https://github.com/Taack/taack-plm-freecad
main · Created: 2023-02-09 · Updated: 8 mo · 4 python files

Statistics

0
DL(Yr)
0
DL(Mo)
15
Stars
1
Issues
Manifest
Branch
main
Version
2025.11.12
License
GPL-2.0-or-later
Dependencies 3
  • Internal: PySide
  • Pip: Requests
  • Pip: protobuf
Static Analysis 1
LOW 1
Intranet.py1
  • line 28: Possible hardcoded password: ''
INFO 2
package.xml1
  • Missing author information in package.xml
Layout1
  • Uses exec based layout
Authors/Maintainers 1
Adrien GUICHARD

DFM main

0.1.11· Design for manufacturing workbench. Evaluate designs against manufacturing processes and associated rules.

99.8 / 100

Repository

https://github.com/ryankembrey/FreeCAD-DFM-Workbench
main · Created: 2025-08-03 · Updated: today · 57 python files

Statistics

1,092
DL(Yr)
372
DL(Mo)
34
Stars
24
Issues
Manifest
Branch
main
Version
0.1.11
License
LGPL-2.1-or-later
Dependencies 4
  • Compat: PySide6
  • Internal: pivy
  • Pip: OCP
  • Pip: PyYAML
Static Analysis 2
LOW 2
freecad/DFM/gui/results/bridge.py1
  • line 228: Try, Except, Continue detected.
package.xml1
  • line 31: Icon file 'resources/icons/logo.svg' is too big (>16kB)
INFO 1
Layout1
  • Uses extension based layout
Authors/Maintainers 1
Ryan Kembrey

CadbaseLibrary master

3.0.0· The workbench provides users with an easier way to work with components on the CADBase platform through the FreeCAD interface. Component mod...

99.8 / 100

Repository

https://github.com/mnnxp/cadbaselibrary-freecad
master · v3.0.0 · Created: 2023-02-10 · Updated: 10 mo · 13 python files

Statistics

1,491
DL(Yr)
246
DL(Mo)
6
Stars
0
Issues
Manifest
Branch
master
Version
3.0.0
License
LGPL-3.0-or-later
Dependencies 1
  • Internal: PySide
Static Analysis 2
LOW 2
CadbaseMacro.py2
  • line 26: Consider possible security implications associated with the subprocess module.
  • line 222: subprocess call - check for execution of untrusted input.
INFO 2
package.xml1
  • Missing author information in package.xml
Layout1
  • Uses exec based layout
Authors/Maintainers 1
mnnxp

HexFill main

1.2.0· Fill any sketch with a honeycomb pattern in one click. Pick a sketch, choose the cell size, and HexFill builds the whole hexagonal grid ...

99.8 / 100

Repository

https://github.com/Clientik/FreeCAD-HexFill
main · v1.2.0 · Created: 2026-06-11 · Updated: 18 d · 5 python files

Statistics

194
DL(Yr)
194
DL(Mo)
2
Stars
3
Issues
Manifest
Branch
main
Version
1.2.0
License
MIT
Dependencies 4
  • Compat: PySide2
  • Compat: PySide6
  • Internal: PySide
  • Internal: pivy
Static Analysis 2
LOW 2
freecad/hexfill/HexFillCommands.py1
  • line 570: Try, Except, Continue detected.
freecad/hexfill/HexFillCore.py1
  • line 401: Try, Except, Continue detected.
INFO 1
Layout1
  • Uses extension based layout
Authors/Maintainers 1
Clientik

CamScripts main

V0.0.5 2024/09/25· CamScripts ToolBit import or script creation and configure *every* step of FreeCAD CAM process.

99.8 / 100

Repository

https://github.com/spanner888/CamScripts
main · Created: 2024-08-23 · Updated: 2 mo · 14 python files

Statistics

156
DL(Yr)
156
DL(Mo)
3
Stars
4
Issues
Manifest
Branch
main
Version
V0.0.5 2024/09/25
License
LGPL-2.1-or-later
Dependencies 5
  • Internal: Draft
  • Internal: PySide
  • Pip: Path
  • Pip: numpy
  • Warn: Materials (Not in AddonManager allowed packages)
Static Analysis 2
LOW 2
freecad/cam_scripts/utils.py1
  • line 10: Consider possible security implications associated with the subprocess module.
package.xml1
  • Missing icon declaration
INFO 1
Layout1
  • Uses extension based layout
Authors/Maintainers 1
spanner888

Assembly2MuJoCo main

0.4.0· An addon for exporting FreeCAD builtin Assemblies to MuJoCo.

99.8 / 100

Repository

https://github.com/AnesBenmerzoug/FreeCAD-Assembly2MuJoCo
main · v0.4.0 · Created: 2025-04-19 · Updated: 2 mo · 27 python files

Statistics

0
DL(Yr)
0
DL(Mo)
28
Stars
2
Issues
Manifest
Branch
main
Version
0.4.0
License
LGPL-2.1-or-later
Dependencies 3
  • Internal: Mesh
  • Internal: PySide
  • Warn: pytest (Not in AddonManager allowed packages)
Static Analysis 2
LOW 2
freecad/assembly2mujoco/core/mujoco.py1
  • line 2: Using xml.etree.ElementTree to parse untrusted XML data is known to be vulnerable to XML attacks. Replace xml.etree.ElementTree with the equivalent defusedxml package, or make sure defusedxml.defuse_stdlib() is called.
package.xml1
  • line 17: Icon file 'resources/icons/assembly2mujoco-icon.svg' is too big (>16kB)
INFO 1
Layout1
  • Uses extension based layout
Authors/Maintainers 1
Anes Benmerzoug

NikraDAP main

2.0-alpha· Multibody Planar Dynamics Workbench based on a DAP solver algorithm developed by P.E. Nikravesh.

99.8 / 100

Repository

https://github.com/NikraDAP/FreeCAD-NikraDAP
main · Created: 2023-02-22 · Updated: 3 yr · 11 python files

Statistics

0
DL(Yr)
0
DL(Mo)
3
Stars
2
Issues
Manifest
Branch
main
Version
2.0-alpha
License
GPL-3
Dependencies 4
  • Internal: PySide
  • Internal: pivy
  • Pip: numpy
  • Pip: scipy
Static Analysis 2
LOW 2
package.xml2
  • line 11: Icon file 'icons/Icon1n.png' is too big (>16kB)
  • line 11: Icon file 'icons/Icon1n.png' is not scalable (svg)
INFO 2
package.xml1
  • Missing author information in package.xml
Layout1
  • Uses exec based layout
Authors/Maintainers 1
Lukas du Plessis

Design-Proof main

0.1.3· Proof-test your parametric CAD models by systematically varying dimensions and measuring regeneration success rates.

99.7 / 100

Repository

https://github.com/Unai-Pz-de-A/FreeCAD-DesignProof
main · v0.1.3 · Created: 2026-03-30 · Updated: 2 mo · 15 python files

Statistics

0
DL(Yr)
0
DL(Mo)
3
Stars
14
Issues
Manifest
Branch
main
Version
0.1.3
License
LGPL-2.1-or-later
Dependencies 1
  • Compat: PySide6
Static Analysis 3
LOW 3
freecad/DesignProof/core/parameter_detector.py1
  • line 149: Try, Except, Continue detected.
freecad/DesignProof/core/variation_engine.py1
  • line 124: Standard pseudo-random generators are not suitable for security/cryptographic purposes.
freecad/DesignProof/ui/analysis_dialog.py1
  • line 293: Starting a process without a shell.
INFO 1
Layout1
  • Uses extension based layout
Authors/Maintainers 1
Unai-Pz-de-A

RotaryMoulder main

1.3.1· Design rotary cookie moulder drums. Wraps flat cookie outlines onto a cylindrical drum and cuts drafted cavities, with engraved or embossed ...

99.7 / 100

Repository

https://github.com/mepasschier/FreeCAD-RotaryMoulder
main · Created: 2026-05-20 · Updated: 28 d · 4 python files

Statistics

0
DL(Yr)
0
DL(Mo)
0
Stars
0
Issues
Manifest
Branch
main
Version
1.3.1
License
LGPL-2.1-or-later
Dependencies 2
  • Internal: Draft
  • Internal: PySide
Static Analysis 3
LOW 3
freecad/rotary_moulder/geometry.py3
  • line 2124: Try, Except, Continue detected.
  • line 2586: Try, Except, Continue detected.
  • line 2635: Try, Except, Continue detected.
INFO 2
Layout2
  • Uses exec based layout
  • Uses extension based layout
Authors/Maintainers 1
Mike Passchier

Motion-Control Latest

1.1.0· Link motion controller to an assembly using OPC UA.

99.6 / 100

Repository

https://github.com/Addon-Shelter/Motion-Control
Latest · Created: 2025-09-25 · Updated: 2 mo · 13 python files

Statistics

0
DL(Yr)
0
DL(Mo)
0
Stars
0
Issues
Manifest
Branch
Latest
Version
1.1.0
License
GPL-3.0-or-later
Dependencies 3
  • Compat: PySide6
  • Pip: asyncua
  • Warn: aioconsole (Not in AddonManager allowed packages)
Static Analysis 4
LOW 4
Demo/Demo_Cnc/DemoServer/opcserver.py4
  • line 147: Starting a process with a shell: Seems safe, but may be changed in the future, consider rewriting without shell
  • line 147: Starting a process with a partial executable path
  • line 190: Starting a process with a shell: Seems safe, but may be changed in the future, consider rewriting without shell
  • line 190: Starting a process with a partial executable path
INFO 1
Layout1
  • Uses extension based layout
Authors/Maintainers 2
heissgetraenk PhoneDroid

ShapeStrings main

0.2.0· Advanced tools for creating and manipulating ShapeStrings.

99.6 / 100

Repository

https://github.com/robertmassaioli/shapestrings
main · Created: 2025-12-21 · Updated: 5 mo · 21 python files

Statistics

0
DL(Yr)
0
DL(Mo)
4
Stars
2
Issues
Manifest
Branch
main
Version
0.2.0
License
LGPL-2.1-or-later
Dependencies 1
  • Internal: PySide
Static Analysis 4
LOW 4
bump_version.py4
  • line 20: Consider possible security implications associated with the subprocess module.
  • line 104: subprocess call - check for execution of untrusted input.
  • line 105: Starting a process with a partial executable path
  • line 105: subprocess call - check for execution of untrusted input.
INFO 1
Layout1
  • Uses extension based layout
Authors/Maintainers 1
Robert Massaioli

sheetmetal master

0.8.20· A simple sheet metal tools workbench for FreeCAD.

99.3 / 100

Repository

https://github.com/shaise/FreeCAD_SheetMetal
master · Last · Created: 2015-06-12 · Updated: 24 d · 34 python files

Statistics

69,950
DL(Yr)
12,838
DL(Mo)
322
Stars
108
Issues
Manifest
Branch
master
Version
0.8.20
License
LGPL-2.1-or-later
Dependencies 7
  • Internal: BOPTools
  • Internal: Draft
  • Internal: PySide
  • Internal: TechDraw
  • Internal: TestApp
  • Pip: networkx
  • Warn: Drawing (Not in AddonManager allowed packages)
Static Analysis 7
LOW 7
ExtrudedCutout.py1
  • line 198: Try, Except, Continue detected.
Resources/translations/compile_translations.py2
  • line 27: Consider possible security implications associated with the subprocess module.
  • line 87: subprocess call - check for execution of untrusted input.
Resources/translations/update_translations.py2
  • line 27: Consider possible security implications associated with the subprocess module.
  • line 43: subprocess call - check for execution of untrusted input.
SheetMetalCmd.py1
  • line 178: Try, Except, Continue detected.
package.xml1
  • line 11: Icon file 'Resources/icons/SMLogo.svg' is too big (>16kB)
INFO 2
package.xml1
  • Missing author information in package.xml
Layout1
  • Uses exec based layout
Authors/Maintainers 1
Shai Seger

IDF Latest

1.0.0· Importer for IDF files.

99 / 100

Repository

https://github.com/FreeCAD/IDF
Latest · Created: 2026-03-07 · Updated: 4 mo · 12 python files

Statistics

0
DL(Yr)
0
DL(Mo)
0
Stars
2
Issues
Manifest
Branch
Latest
Version
1.0.0
License
LGPL-2.1-or-later, CC-BY-SA-4.0
Static Analysis 1
MEDIUM 1
freecad/IDF/Constants.py1
  • line 20: Probable insecure usage of temp file/directory.
INFO 1
Layout1
  • Uses extension based layout
Authors/Maintainers 2
Milos Koutny PhoneDroid

Nodes main

0.1.36· Visual scripting workbench for FreeCAD

99 / 100

Repository

https://github.com/j8sr0230/Nodes
main · Created: 2022-08-10 · Updated: 2 yr · 110 python files

Statistics

0
DL(Yr)
0
DL(Mo)
114
Stars
14
Issues
Manifest
Branch
main
Version
0.1.36
License
LGPL-2.1-or-later
Dependencies 6
  • Internal: Mesh
  • Pip: awkward
  • Pip: blinker
  • Pip: numpy
  • Pip: qtpy
  • Pip: scipy
Static Analysis 1
MEDIUM 1
nodes/script/script_py_script.py1
  • line 105: Use of exec detected.
INFO 2
package.xml1
  • Missing author information in package.xml
Layout1
  • Uses exec based layout
Authors/Maintainers 1
Ronny Scharf-Wildenhain

Curves main

0.6.72· A collection of tools mainly dedicated to NURBS curves and surfaces modeling.

98.9 / 100

Repository

https://github.com/tomate44/CurvesWB
main · Created: 2016-08-06 · Updated: 24 d · 117 python files

Statistics

63,138
DL(Yr)
11,579
DL(Mo)
149
Stars
34
Issues
Manifest
Branch
main
Version
0.6.72
License
LGPL-2.1-or-later, Apache-2.0
Dependencies 7
  • Internal: BOPTools
  • Internal: PySide
  • Internal: Sketcher
  • Internal: pivy
  • Pip: numpy
  • Pip: scipy
  • Warn: splipy (Not in AddonManager allowed packages)
Static Analysis 2
MEDIUM 1
freecad/Curves/pasteSVG.py1
  • line 33: Using xml.sax.parseString to parse untrusted XML data is known to be vulnerable to XML attacks. Replace xml.sax.parseString with its defusedxml equivalent function or make sure defusedxml.defuse_stdlib() is called
LOW 1
freecad/Curves/pasteSVG.py1
  • line 11: Using xml.sax to parse untrusted XML data is known to be vulnerable to XML attacks. Replace xml.sax with the equivalent defusedxml package, or make sure defusedxml.defuse_stdlib() is called.
INFO 2
package.xml1
  • Missing author information in package.xml
Layout1
  • Uses extension based layout
Authors/Maintainers 1
Christophe Grellier

free2ki freecad-addons

1.1.2· Export your 3D models to VRML files, with correctly applied rotation and scaling, for use in KiCad as well as Blender.

98.9 / 100

Repository

https://github.com/30350n/free2ki
freecad-addons · v1.1.2 · Created: 2022-01-09 · Updated: 6 mo · 6 python files

Statistics

0
DL(Yr)
0
DL(Mo)
58
Stars
0
Issues
Manifest
Branch
freecad-addons
Version
1.1.2
License
GPL-3.0-or-later
Dependencies 4
  • Compat: PySide6
  • Internal: PySide
  • Pip: Pillow
  • Pip: numpy
Static Analysis 2
MEDIUM 1
.github/workflows/build_freecad_package.py1
  • line 23: Using xml.etree.ElementTree.fromstring to parse untrusted XML data is known to be vulnerable to XML attacks. Replace xml.etree.ElementTree.fromstring with its defusedxml equivalent function or make sure defusedxml.defuse_stdlib() is called
LOW 1
.github/workflows/build_freecad_package.py1
  • line 7: Using ElementTree to parse untrusted XML data is known to be vulnerable to XML attacks. Replace ElementTree with the equivalent defusedxml package, or make sure defusedxml.defuse_stdlib() is called.
INFO 2
package.xml1
  • Missing author information in package.xml
Layout1
  • Uses extension based layout
Authors/Maintainers 1
30350n

Detessellate main

1.1.0· FreeCAD workbench of tools to reverse engineer meshes

98.7 / 100

Repository

https://github.com/DesignWeaver3D/Detessellate
main · Created: 2025-11-22 · Updated: 16 d · 22 python files

Statistics

1,241
DL(Yr)
703
DL(Mo)
76
Stars
3
Issues
Manifest
Branch
main
Version
1.1.0
License
LGPL-2.1-or-later
Dependencies 6
  • Internal: Draft
  • Internal: Mesh
  • Internal: PySide
  • Internal: Sketcher
  • Internal: pivy
  • Pip: numpy
Static Analysis 4
MEDIUM 1
freecad/Detessellate/PointPlaneSketch.py1
  • line 980: Possible SQL injection vector through string-based query construction.
LOW 3
freecad/Detessellate/CoplanarSketch.py1
  • line 353: Standard pseudo-random generators are not suitable for security/cryptographic purposes.
freecad/Detessellate/SketcherWireDoctor_Main.py1
  • line 234: Try, Except, Continue detected.
package.xml1
  • line 38: Icon file 'freecad/Detessellate/Resources/Icons/Detessellate.svg' is too big (>16kB)
INFO 2
package.xml1
  • Missing author information in package.xml
Layout1
  • Uses extension based layout
Authors/Maintainers 1
DesignWeaver3D

fasteners master

0.5.62· Some common fasteners and fastener tools for FreeCAD.

98.6 / 100

Repository

https://github.com/shaise/FreeCAD_FastenersWB
master · V0.5.62-beta · Created: 2015-06-18 · Updated: 3 d · 94 python files

Statistics

111,006
DL(Yr)
27,979
DL(Mo)
396
Stars
84
Issues
Manifest
Branch
master
Version
0.5.62
License
GPL-2.0-or-later
Dependencies 5
  • Compat: PySide2
  • Internal: Draft
  • Internal: PySide
  • Warn: pytest (Not in AddonManager allowed packages)
  • Warn: utils (Not in AddonManager allowed packages)
Static Analysis 5
MEDIUM 1
screw_maker.py1
  • line 163: Use of possibly insecure function - consider using safer ast.literal_eval.
LOW 4
Resources/translations/compile_translations.py2
  • line 27: Consider possible security implications associated with the subprocess module.
  • line 87: subprocess call - check for execution of untrusted input.
Resources/translations/update_translations.py2
  • line 27: Consider possible security implications associated with the subprocess module.
  • line 39: subprocess call - check for execution of untrusted input.
INFO 2
package.xml1
  • Missing author information in package.xml
Layout1
  • Uses exec based layout
Authors/Maintainers 1
Shai Seger

WB_Organizer main

2024.1.29· A workbench organizer widget for FreeCAD. Allows you to group your long list of workbenches into smaller meaningful groups. Allows you to re...

98.6 / 100

Repository

https://github.com/Palmstroemen/WB_Organizer
main · Created: 2024-01-26 · Updated: 2 yr · 3 python files

Statistics

2,039
DL(Yr)
436
DL(Mo)
5
Stars
4
Issues
Manifest
Branch
main
Version
2024.1.29
License
LGPL-2.1-or-later
Dependencies 1
  • Compat: PySide2
Static Analysis 14
LOW 14
WBO_Gui.py7
  • line 516: Consider possible security implications associated with the subprocess module.
  • line 523: Starting a process with a partial executable path
  • line 523: subprocess call - check for execution of untrusted input.
  • line 525: Starting a process with a partial executable path
  • line 525: subprocess call - check for execution of untrusted input.
  • line 527: Starting a process with a partial executable path
  • line 527: subprocess call - check for execution of untrusted input.
WBO_Preferences.py7
  • line 23: Consider possible security implications associated with the subprocess module.
  • line 30: Starting a process with a partial executable path
  • line 30: subprocess call - check for execution of untrusted input.
  • line 32: Starting a process with a partial executable path
  • line 32: subprocess call - check for execution of untrusted input.
  • line 34: Starting a process with a partial executable path
  • line 34: subprocess call - check for execution of untrusted input.
INFO 2
package.xml1
  • Missing author information in package.xml
Layout1
  • Uses exec based layout
Authors/Maintainers 1
Palmstroemen

FreeCAD-Beginner-Assistant main

1.0· Best practices modeling assistant for the Part and Sketcher workbench.

98.5 / 100

Repository

https://github.com/alekssadowski95/FreeCAD-Beginner-Assistant
main · Created: 2023-12-12 · Updated: 2 yr · 37 python files

Statistics

110
DL(Yr)
110
DL(Mo)
18
Stars
6
Issues
Manifest
Branch
main
Version
1.0
License
LGPL-2.1-or-later
Dependencies 9
  • Internal: Sketcher
  • Pip: Pillow
  • Pip: cryptography
  • Pip: defusedxml
  • Pip: fontTools
  • Warn: endesive (Not in AddonManager allowed packages)
  • Warn: pymemtrace (Not in AddonManager allowed packages)
  • Warn: pympler (Not in AddonManager allowed packages)
  • Warn: uharfbuzz (Not in AddonManager allowed packages)
Static Analysis 6
MEDIUM 1
fpdf/encryption.py1
  • line 526: Use of insecure cipher mode cryptography.hazmat.primitives.ciphers.modes.ECB.
LOW 5
pdfgen.py4
  • line 4: Consider possible security implications associated with the subprocess module.
  • line 191: subprocess call - check for execution of untrusted input.
  • line 193: Starting a process without a shell.
  • line 195: subprocess call - check for execution of untrusted input.
package.xml1
  • line 13: Missing icon file 'Icons/FreeCAD-Beginner-Assistant.svg'
INFO 1
Layout1
  • Uses exec based layout
Authors/Maintainers 3
Aleksander Sadowski Elizabeth Harasymiw Aleksander Sadowski(https://github.com/alekssadowski95/FreeCAD-Beginner-Assistant)

HistoryWorkbench release

0.1.0· Easy version control for FreeCAD: track document history and review changes using 3D and tree comparisons.

98 / 100

Repository

https://github.com/eblanshey/HistoryWorkbench
release · Created: 2026-05-05 · Updated: 19 d · 316 python files

Statistics

126
DL(Yr)
126
DL(Mo)
85
Stars
7
Issues
Manifest
Branch
release
Version
0.1.0
License
LGPL-2.1-or-later
Dependencies 5
  • Compat: PySide6
  • Internal: PySide
  • Internal: Sketcher
  • Pip: PyYAML
  • Warn: pytest (Not in AddonManager allowed packages)
Static Analysis 11
MEDIUM 1
freecad/history_wb/infrastructure/persistence/snapshot_yaml.py1
  • line 21: Use of unsafe yaml load. Allows instantiation of arbitrary objects. Consider yaml.safe_load().
LOW 10
freecad/history_wb/infrastructure/git/git_port_adapter.py3
  • line 9: Consider possible security implications associated with the subprocess module.
  • line 87: subprocess call - check for execution of untrusted input.
  • line 728: subprocess call - check for execution of untrusted input.
scripts/dev-metrics.py2
  • line 19: Consider possible security implications associated with the subprocess module.
  • line 43: subprocess call - check for execution of untrusted input.
tests/unit/infrastructure/git/test_get_committed_files.py1
  • line 6: Consider possible security implications associated with the subprocess module.
tests/unit/infrastructure/git/test_get_dirty_files.py1
  • line 6: Consider possible security implications associated with the subprocess module.
tests/unit/infrastructure/git/test_git_port_adapter.py1
  • line 7: Consider possible security implications associated with the subprocess module.
tests/unit/infrastructure/git/test_git_port_adapter_commit.py1
  • line 6: Consider possible security implications associated with the subprocess module.
tests/unit/infrastructure/git/test_git_port_adapter_restore.py1
  • line 4: Consider possible security implications associated with the subprocess module.
INFO 1
Layout1
  • Uses extension based layout
Authors/Maintainers 1
Ephi Blanshey

frame master

0.1.1· A workbench for beams and frames

97.9 / 100

Repository

https://github.com/looooo/freecad_frame
master · Created: 2015-11-23 · Updated: 12 d · 25 python files

Statistics

2,696
DL(Yr)
1,174
DL(Mo)
26
Stars
9
Issues
Manifest
Branch
master
Version
0.1.1
License
LGPL-2.1-or-later
Dependencies 7
  • Internal: PySide
  • Internal: pivy
  • Pip: PyYAML
  • Pip: matplotlib
  • Pip: numpy
  • Pip: scipy
  • Warn: setuptools (Not in AddonManager allowed packages)
Static Analysis 3
MEDIUM 2
freecad/frametools/fem2d.py1
  • line 31: Use of unsafe yaml load. Allows instantiation of arbitrary objects. Consider yaml.safe_load().
setup.py1
  • line 7: Use of exec detected.
LOW 1
freecad/frametools/image_tools.py1
  • line 964: Try, Except, Continue detected.
INFO 2
package.xml1
  • Missing author information in package.xml
Layout1
  • Uses extension based layout
Authors/Maintainers 1
looooo

MOOC master

2022.04.21· Learn FreeCAD

97.9 / 100

Repository

https://github.com/j-wiedemann/mooc-workbench
master · Created: 2019-07-12 · Updated: 4 yr · 18 python files

Statistics

0
DL(Yr)
0
DL(Mo)
5
Stars
6
Issues
Manifest
Branch
master
Version
2022.04.21
License
GPLv2.1
Dependencies 2
  • Compat: PySide2
  • Internal: PySide
Static Analysis 3
MEDIUM 2
MoocInformations.py1
  • line 37: Audit url open for permitted schemes. Allowing use of file:/ or custom schemes is often unexpected.
MoocPlayer.py1
  • line 251: Use of possibly insecure function - consider using safer ast.literal_eval.
LOW 1
package.xml1
  • line 10: Icon file 'medias/icons/mooc-workbench.svg' is too big (>16kB)
INFO 2
package.xml1
  • Missing author information in package.xml
Layout1
  • Uses exec based layout
Authors/Maintainers 1
Jonathan Wiedemann

MnesarcoUtils main

0.2.16· A collection of tools mainly dedicated to scripting and experiments.

97.8 / 100

Repository

https://github.com/mnesarco/FreeCAD_Utils
main · Created: 2021-01-18 · Updated: 3 mo · 65 python files

Statistics

0
DL(Yr)
0
DL(Mo)
19
Stars
1
Issues
Manifest
Branch
main
Version
0.2.16
License
GPL-3.0
Dependencies 4
  • Internal: Draft
  • Internal: PySide
  • Internal: pivy
  • Warn: pyserial (Not in AddonManager allowed packages)
Static Analysis 4
MEDIUM 2
freecad/mnesarco/scripts/script.py1
  • line 109: Use of exec detected.
freecad/mnesarco/svg/parser.py1
  • line 76: Using xml.sax.make_parser to parse untrusted XML data is known to be vulnerable to XML attacks. Replace xml.sax.make_parser with its defusedxml equivalent function or make sure defusedxml.defuse_stdlib() is called
LOW 2
freecad/mnesarco/svg/parser.py2
  • line 22: Using ContentHandler to parse untrusted XML data is known to be vulnerable to XML attacks. Replace ContentHandler with the equivalent defusedxml package, or make sure defusedxml.defuse_stdlib() is called.
  • line 23: Using xml.sax to parse untrusted XML data is known to be vulnerable to XML attacks. Replace xml.sax with the equivalent defusedxml package, or make sure defusedxml.defuse_stdlib() is called.
INFO 1
Layout1
  • Uses extension based layout
Authors/Maintainers 1
Frank Martinez

pyOpToolsWorkbench master

0.0.4· An optics ray-tracing workbench based on pyOpTools

97.8 / 100

Repository

https://github.com/cihologramas/freecad-pyoptools
master · Created: 2017-07-06 · Updated: 4 mo · 81 python files

Statistics

0
DL(Yr)
0
DL(Mo)
25
Stars
3
Issues
Manifest
Branch
master
Version
0.0.4
License
GPL-3.0-or-later
Dependencies 7
  • Compat: PySide2
  • Internal: PySide
  • Internal: pivy
  • Pip: matplotlib
  • Pip: numpy
  • Pip: scipy
  • Warn: setuptools (Not in AddonManager allowed packages)
Static Analysis 4
MEDIUM 2
setup.py1
  • line 10: Use of exec detected.
version.py1
  • line 7: Using xml.etree.ElementTree.parse to parse untrusted XML data is known to be vulnerable to XML attacks. Replace xml.etree.ElementTree.parse with its defusedxml equivalent function or make sure defusedxml.defuse_stdlib() is called
LOW 2
version.py1
  • line 2: Using xml.etree.ElementTree to parse untrusted XML data is known to be vulnerable to XML attacks. Replace xml.etree.ElementTree with the equivalent defusedxml package, or make sure defusedxml.defuse_stdlib() is called.
package.xml1
  • line 12: Icon file 'freecad/pyoptools/resources/pyoptools.png' is not scalable (svg)
INFO 2
package.xml1
  • Missing author information in package.xml
Layout1
  • Uses extension based layout
Authors/Maintainers 1
Ricardo Amézquita Orozco

cadquery_module master

2.2.0· Build CadQuery models withing FreeCAD.

97.7 / 100

Repository

https://github.com/CadQuery/cadquery-freecad-workbench
master · Created: 2014-11-22 · Updated: today · 11 python files

Statistics

0
DL(Yr)
0
DL(Mo)
148
Stars
5
Issues
Manifest
Branch
master
Version
2.2.0
License
Apache-2.0
Dependencies 4
  • Compat: PySide6
  • Internal: PySide
  • Pip: build123d
  • Pip: cadquery
Static Analysis 23
LOW 21
freecad/CadQuery/Command.py23
  • line 27: Consider possible security implications associated with the subprocess module.
  • line 29: Starting a process with a partial executable path
  • line 29: subprocess call - check for execution of untrusted input.
  • line 30: Starting a process with a partial executable path
  • line 30: subprocess call - check for execution of untrusted input.
  • line 50: Consider possible security implications associated with the subprocess module.
  • line 51: Starting a process with a partial executable path
  • line 51: subprocess call - check for execution of untrusted input.
  • line 52: Starting a process with a partial executable path
  • line 52: subprocess call - check for execution of untrusted input.
  • line 53: Starting a process with a partial executable path
  • line 53: subprocess call - check for execution of untrusted input.
  • line 54: Starting a process with a partial executable path
  • line 54: subprocess call - check for execution of untrusted input.
  • line 55: Starting a process with a partial executable path
  • line 55: subprocess call - check for execution of untrusted input.
  • line 56: Starting a process with a partial executable path
  • line 56: subprocess call - check for execution of untrusted input.
  • line 75: Consider possible security implications associated with the subprocess module.
  • line 77: Starting a process with a partial executable path
  • … 3 more issues
INFO 1
Layout1
  • Uses extension based layout
Authors/Maintainers 1
Jeremy Wright

freecad-wakatime main

0.6.0· A simple FreeCAD WakaTime extension.

97.6 / 100

Repository

https://github.com/Pegoku/freecad-wakatime
main · v0.6.0 · Created: 2025-01-05 · Updated: 9 mo · 5 python files

Statistics

0
DL(Yr)
0
DL(Mo)
4
Stars
2
Issues
Manifest
Branch
main
Version
0.6.0
License
LGPL-2.1-or-later
Static Analysis 6
MEDIUM 2
freecad/Wakatime/scripts/logWaka.py2
  • line 129: Audit url open for permitted schemes. Allowing use of file:/ or custom schemes is often unexpected.
  • line 138: Chmod setting a permissive mask 0o755 on file (dst).
LOW 4
freecad/Wakatime/scripts/logWaka.py4
  • line 2: Consider possible security implications associated with the subprocess module.
  • line 87: subprocess call - check for execution of untrusted input.
  • line 104: Consider possible security implications associated with the subprocess module.
  • line 147: subprocess call - check for execution of untrusted input.
INFO 1
Layout1
  • Uses extension based layout
Authors/Maintainers 1
Pegoku

Ship master

2024.11.26· Naval ship design (architecture, seakeeping, and ship resistance)

97.4 / 100

Repository

https://github.com/FreeCAD/freecad.ship
master · Created: 2018-11-08 · Updated: 1 yr · 71 python files

Statistics

762
DL(Yr)
197
DL(Mo)
54
Stars
6
Issues
Manifest
Branch
master
Version
2024.11.26
License
LGPL-2.1-or-later
Dependencies 8
  • Internal: PySide
  • Internal: Spreadsheet
  • Pip: capytaine
  • Pip: matplotlib
  • Pip: numpy
  • Pip: scipy
  • Pip: xarray
  • Warn: setuptools (Not in AddonManager allowed packages)
Static Analysis 8
MEDIUM 2
freecad/ship/shipUtils/Serialize.py1
  • line 46: Pickle and modules that wrap it can be unsafe when used to deserialize untrusted data, possible security issue.
setup.py1
  • line 8: Use of exec detected.
LOW 6
freecad/ship/Instance.py1
  • line 330: Try, Except, Continue detected.
freecad/ship/TankInstance.py1
  • line 140: Standard pseudo-random generators are not suitable for security/cryptographic purposes.
freecad/ship/shipHydrostatics/TaskPanel.py1
  • line 384: Try, Except, Continue detected.
freecad/ship/shipHydrostatics/Tools.py1
  • line 146: Standard pseudo-random generators are not suitable for security/cryptographic purposes.
freecad/ship/shipUtils/Serialize.py1
  • line 1: Consider possible security implications associated with pickle module.
package.xml1
  • line 13: Icon file 'freecad/ship/resources/icons/Ship_Logo.svg' is too big (>16kB)
INFO 2
package.xml1
  • Missing author information in package.xml
Layout1
  • Uses extension based layout
Authors/Maintainers 1
Jose Luis Cercós Pita

Quetzal master

1.8.9· A set of commands and objects that help to speed-up the drawing of frames and pipelines. Dodo successor.

97.3 / 100

Repository

https://github.com/EdgarJRobles/quetzal
master · Created: 2020-05-03 · Updated: 9 d · 28 python files

Statistics

5,712
DL(Yr)
831
DL(Mo)
32
Stars
21
Issues
Manifest
Branch
master
Version
1.8.9
License
LGPL-3.0-or-later
Dependencies 8
  • Compat: PySide2
  • Internal: Arch
  • Internal: BOPTools
  • Internal: Draft
  • Internal: PySide
  • Internal: pivy
  • Pip: numpy
  • Pip: typing_extensions
Static Analysis 9
MEDIUM 2
translationz/update_crowdin.py2
  • line 173: Audit url open for permitted schemes. Allowing use of file:/ or custom schemes is often unexpected.
  • line 254: Audit url open for permitted schemes. Allowing use of file:/ or custom schemes is often unexpected.
LOW 7
pCmd.py1
  • line 461: Try, Except, Continue detected.
pFeatures.py1
  • line 1031: Try, Except, Continue detected.
translationz/update_crowdin.py5
  • line 75: Consider possible security implications associated with the subprocess module.
  • line 408: subprocess call - check for execution of untrusted input.
  • line 409: subprocess call - check for execution of untrusted input.
  • line 410: subprocess call - check for execution of untrusted input.
  • line 414: subprocess call - check for execution of untrusted input.
INFO 1
Layout1
  • Uses exec based layout
Authors/Maintainers 6
microelly Edgar Robles looo Edgar J Robles triplus Riccardo Treu (oddtopus)

FrameForge main

0.2.1· FrameForge is dedicated for creating Frames and Beams, and apply operations (miter cuts, trim cuts) on these profiles.

97 / 100

Repository

https://github.com/lukh/frameforge
main · v0.2.1 · Created: 2024-10-07 · Updated: 3 mo · 25 python files

Statistics

8,281
DL(Yr)
1,071
DL(Mo)
34
Stars
31
Issues
Manifest
Branch
main
Version
0.2.1
License
LGPL-3.0-only
Dependencies 5
  • Internal: Assembly
  • Internal: BOPTools
  • Internal: PySide
  • Internal: pivy
  • Warn: setuptools (Not in AddonManager allowed packages)
Static Analysis 3
MEDIUM 3
freecad/frameforge/_utils.py2
  • line 43: Use of possibly insecure function - consider using safer ast.literal_eval.
  • line 63: Use of possibly insecure function - consider using safer ast.literal_eval.
setup.py1
  • line 7: Use of exec detected.
INFO 2
package.xml1
  • Missing author information in package.xml
Layout1
  • Uses extension based layout
Authors/Maintainers 1
Vivien Henry

AirPlaneDesign master

0.4.1· A FreeCAD workbench dedicated to Airplane Design.

97 / 100

Repository

https://github.com/FredsFactory/FreeCAD_AirPlaneDesign
master · Created: 2018-06-11 · Updated: 7 mo · 19 python files

Statistics

3,474
DL(Yr)
607
DL(Mo)
114
Stars
9
Issues
Manifest
Branch
master
Version
0.4.1
License
LGPL-2.1
Dependencies 3
  • Internal: Draft
  • Internal: PySide
  • Pip: numpy
Static Analysis 1
HIGH 1
package.xml1
  • line 2: Expecting a namespace for element package
INFO 2
package.xml1
  • Missing author information in package.xml
Layout1
  • Uses exec based layout
Authors/Maintainers 1
FredsFactory

ExplodedAssembly

No description

97 / 100

Repository

https://github.com/JMG1/ExplodedAssembly
master · Created: 2016-03-13 · Updated: 2 yr · 4 python files

Statistics

2,646
DL(Yr)
554
DL(Mo)
135
Stars
24
Issues
Dependencies 1
  • Internal: pivy
Static Analysis 1
HIGH 1
package.xml1
  • File not found.
INFO 1
Layout1
  • Uses exec based layout
Authors/Maintainers 0

ProDarkThemePreferencePack main

1.0.0· ProDark preference pack including a stylesheet and othe GUI colour information for a complete ProDark experience

97 / 100

Repository

https://github.com/turn211/ProDarkThemePreferencePack
main · Created: 2022-05-17 · Updated: 2 yr · 0 python files

Statistics

3,568
DL(Yr)
542
DL(Mo)
7
Stars
0
Issues
Manifest
Branch
main
Version
1.0.0
License
GPL-2.0-or-later
Static Analysis 1
HIGH 1
package.xml1
  • line 7: Element maintainer failed to validate attributes
INFO 2
package.xml1
  • Missing author information in package.xml
Layout1
  • No Mod init scripts found
Authors/Maintainers 1
turn211

ArchTextures

No description

97 / 100

Repository

https://github.com/furti/FreeCAD-ArchTextures
master · Created: 2018-09-30 · Updated: 4 yr · 23 python files

Statistics

1,848
DL(Yr)
382
DL(Mo)
34
Stars
23
Issues
Dependencies 3
  • Compat: PySide2
  • Internal: PySide
  • Internal: pivy
Static Analysis 1
HIGH 1
package.xml1
  • File not found.
INFO 1
Layout1
  • Uses exec based layout
Authors/Maintainers 0

Pyramids-and-Polyhedrons Latest

0.2.2· Create various polyhedrons in the Part workbench.

97 / 100

Repository

https://github.com/Addon-Shelter/Polyhedra
Stable · v0.2.2 · Created: 2025-09-14 · Updated: 3 mo · 32 python files

Statistics

781
DL(Yr)
173
DL(Mo)
1
Stars
0
Issues
Manifest
Branch
Latest
Version
0.2.2
License
GPL-3.0-or-later, CC-BY-SA-4.0, Unlicense
Dependencies 1
  • Compat: PySide6
Static Analysis 1
HIGH 1
package.xml1
  • Declared branch 'Latest' does not match git branch 'Stable'
INFO 1
Layout1
  • Uses extension based layout
Authors/Maintainers 2
PhoneDroid Eddy Verlinden

CommandPanel

No description

97 / 100

Repository

https://github.com/triplus/CommandPanel
master · Created: 2017-06-30 · Updated: 7 yr · 10 python files

Statistics

0
DL(Yr)
0
DL(Mo)
3
Stars
1
Issues
Dependencies 1
  • Internal: PySide
Static Analysis 1
HIGH 1
package.xml1
  • File not found.
INFO 1
Layout1
  • Uses exec based layout
Authors/Maintainers 0

CubeMenu

No description

97 / 100

Repository

https://github.com/triplus/CubeMenu
master · Created: 2020-02-08 · Updated: 6 yr · 8 python files

Statistics

0
DL(Yr)
0
DL(Mo)
6
Stars
1
Issues
Dependencies 1
  • Internal: PySide
Static Analysis 1
HIGH 1
package.xml1
  • File not found.
INFO 1
Layout1
  • Uses exec based layout
Authors/Maintainers 0

IconThemes

No description

97 / 100

Repository

https://github.com/triplus/IconThemes
master · Created: 2016-10-10 · Updated: 6 yr · 3 python files

Statistics

0
DL(Yr)
0
DL(Mo)
21
Stars
8
Issues
Dependencies 1
  • Internal: PySide
Static Analysis 1
HIGH 1
package.xml1
  • File not found.
INFO 1
Layout1
  • Uses exec based layout
Authors/Maintainers 0

SelectorToolbar

No description

97 / 100

Repository

https://github.com/triplus/SelectorToolbar
master · Created: 2017-03-18 · Updated: 7 yr · 2 python files

Statistics

0
DL(Yr)
0
DL(Mo)
8
Stars
3
Issues
Dependencies 1
  • Internal: PySide
Static Analysis 1
HIGH 1
package.xml1
  • File not found.
INFO 1
Layout1
  • Uses exec based layout
Authors/Maintainers 0

TabBar

No description

97 / 100

Repository

https://github.com/triplus/TabBar
master · Created: 2016-01-09 · Updated: 7 yr · 2 python files

Statistics

0
DL(Yr)
0
DL(Mo)
9
Stars
1
Issues
Dependencies 1
  • Internal: PySide
Static Analysis 1
HIGH 1
package.xml1
  • File not found.
INFO 1
Layout1
  • Uses exec based layout
Authors/Maintainers 0

ToolbarStyle

No description

97 / 100

Repository

https://github.com/triplus/ToolbarStyle
master · Created: 2018-01-31 · Updated: 7 yr · 3 python files

Statistics

0
DL(Yr)
0
DL(Mo)
3
Stars
0
Issues
Dependencies 1
  • Internal: PySide
Static Analysis 1
HIGH 1
package.xml1
  • File not found.
INFO 1
Layout1
  • Uses exec based layout
Authors/Maintainers 0

ose-piping

No description

97 / 100

Repository

https://github.com/rkrenzler/ose-piping-workbench
master · Created: 2018-02-17 · Updated: 4 yr · 35 python files

Statistics

0
DL(Yr)
0
DL(Mo)
13
Stars
6
Issues
Dependencies 2
  • Internal: PySide
  • Warn: pCmd (Not in AddonManager allowed packages)
Static Analysis 1
HIGH 1
package.xml1
  • File not found.
INFO 1
Layout1
  • Uses exec based layout
Authors/Maintainers 0

pivy_trackers

No description

97 / 100

Repository

https://github.com/joelgraff/pivy_trackers
master · Created: 2019-09-19 · Updated: 7 yr · 61 python files

Statistics

0
DL(Yr)
0
DL(Mo)
23
Stars
6
Issues
Dependencies 2
  • Internal: PySide
  • Internal: pivy
Static Analysis 1
HIGH 1
package.xml1
  • File not found.
INFO 1
Layout1
  • No Mod init scripts found
Authors/Maintainers 0

yaml-workbench master

0.1.4· A FreeCAD addon that loads and manipulates objects via YAML files.

97 / 100

Repository

https://github.com/Mambix/FreeCAD-yaml-workbench
v0.1.4 · v0.1.4 · Created: 2017-11-26 · Updated: 10 mo · 23 python files

Statistics

0
DL(Yr)
0
DL(Mo)
12
Stars
2
Issues
Manifest
Branch
master
Version
0.1.4
License
LGPL-2.1-or-later
Dependencies 3
  • Internal: Mesh
  • Pip: PyYAML
  • Pip: Requests
Static Analysis 1
HIGH 1
package.xml1
  • Declared branch 'master' does not match git branch 'v0.1.4'
INFO 2
package.xml1
  • Missing author information in package.xml
Layout1
  • Uses extension based layout
Authors/Maintainers 1
MambiX Ltd.

Defeaturing master

1.3.2· A set of tools to edit a Shape or a STEP model.

96.9 / 100

Repository

https://github.com/easyw/Defeaturing_WB
master · Created: 2018-07-02 · Updated: 15 d · 8 python files

Statistics

5,746
DL(Yr)
1,270
DL(Mo)
36
Stars
8
Issues
Manifest
Branch
master
Version
1.3.2
License
AGPLv3.0
Dependencies 3
  • Internal: Draft
  • Internal: PySide
  • Pip: Path
Static Analysis 2
HIGH 1
package.xml1
  • line 7: Missing license file 'LICENSE'
LOW 1
license.*1
  • File not found.
INFO 2
package.xml1
  • Missing author information in package.xml
Layout1
  • Uses exec based layout
Authors/Maintainers 1
Maui

MeshRemodel master

1.11.0· Workbench for remodeling and repairing mesh objects.

96.9 / 100

Repository

https://github.com/mwganson/MeshRemodel
master · Created: 2019-08-18 · Updated: 4 mo · 10 python files

Statistics

4,895
DL(Yr)
647
DL(Mo)
32
Stars
0
Issues
Manifest
Branch
master
Version
1.11.0
License
LGPL-2.1-or-later
Dependencies 7
  • Compat: PySide6
  • Compat: shiboken6
  • Internal: Draft
  • Internal: Mesh
  • Internal: PySide
  • Pip: Requests
  • Pip: numpy
Static Analysis 4
MEDIUM 3
freecad/Mesh_Remodel/MeshRemodelCmd.py1
  • line 1312: Possible SQL injection vector through string-based query construction.
freecad/Mesh_Remodel/Workbench.py2
  • line 101: Call to requests without timeout
  • line 105: Using xml.etree.ElementTree.fromstring to parse untrusted XML data is known to be vulnerable to XML attacks. Replace xml.etree.ElementTree.fromstring with its defusedxml equivalent function or make sure defusedxml.defuse_stdlib() is called
LOW 1
freecad/Mesh_Remodel/Workbench.py1
  • line 95: Using xml.etree.ElementTree to parse untrusted XML data is known to be vulnerable to XML attacks. Replace xml.etree.ElementTree with the equivalent defusedxml package, or make sure defusedxml.defuse_stdlib() is called.
INFO 1
Layout1
  • Uses extension based layout
Authors/Maintainers 1
Mark Ganson

Plot Latest

2026.04.15· Tools to modify existing plots.

96.9 / 100

Repository

https://github.com/FreeCAD/Plot
Stable · Created: 2018-09-22 · Updated: 3 mo · 20 python files

Statistics

1,124
DL(Yr)
395
DL(Mo)
15
Stars
0
Issues
Manifest
Branch
Latest
Version
2026.04.15
License
LGPL-2.1-or-later, CC-BY-SA-4.0
Dependencies 2
  • Compat: PySide6
  • Pip: matplotlib
Static Analysis 2
HIGH 1
package.xml1
  • Declared branch 'Latest' does not match git branch 'Stable'
LOW 1
package.xml1
  • line 68: Icon file 'freecad/plot/Resources/Icons/Addon.svg' is too big (>16kB)
INFO 1
Layout1
  • Uses extension based layout
Authors/Maintainers 4
hasecilu PhoneDroid Jose Luis Cercós Pita looooo

dxf-library

No description

96.9 / 100

Repository

https://github.com/yorikvanhavre/Draft-dxf-importer
master · Created: 2013-06-22 · Updated: 3 yr · 4 python files

Statistics

1,460
DL(Yr)
299
DL(Mo)
73
Stars
4
Issues
Static Analysis 2
HIGH 1
package.xml1
  • File not found.
LOW 1
license.*1
  • File not found.
INFO 1
Layout1
  • No Mod init scripts found
Authors/Maintainers 0

symbols_library

No description

96.9 / 100

Repository

https://github.com/FreeCAD/FreeCAD-symbols
master · Created: 2015-04-21 · Updated: 2 mo · 0 python files

Statistics

1,152
DL(Yr)
228
DL(Mo)
38
Stars
0
Issues
Static Analysis 2
HIGH 1
package.xml1
  • File not found.
LOW 1
license.*1
  • File not found.
INFO 1
Layout1
  • No Mod init scripts found
Authors/Maintainers 0

Plot Latest

2025.10.29· Tools to modify existing plots.

96.9 / 100

Repository

https://github.com/FreeCAD/Plot
2025.10.29 · 2025.10.29 · Created: 2018-09-22 · Updated: 8 mo · 23 python files

Statistics

0
DL(Yr)
0
DL(Mo)
15
Stars
0
Issues
Manifest
Branch
Latest
Version
2025.10.29
License
LGPL-2.1-or-later, CC-BY-SA-4.0
Dependencies 2
  • Compat: PySide6
  • Pip: matplotlib
Static Analysis 2
HIGH 1
package.xml1
  • Declared branch 'Latest' does not match git branch '2025.10.29'
LOW 1
package.xml1
  • line 65: Icon file 'freecad/plot/Resources/Icons/Addon.svg' is too big (>16kB)
INFO 1
Layout1
  • Uses extension based layout
Authors/Maintainers 4
hasecilu PhoneDroid Jose Luis Cercós Pita looooo

addFC main

3.7.2· Additional tools for FreeCAD.

96.8 / 100

Repository

https://github.com/GS90/addFC
main · Created: 2024-05-12 · Updated: 9 d · 21 python files

Statistics

8,220
DL(Yr)
1,600
DL(Mo)
43
Stars
0
Issues
Manifest
Branch
main
Version
3.7.2
License
LGPL-2.1-or-later
Dependencies 7
  • Internal: Arch
  • Internal: Draft
  • Internal: Mesh
  • Internal: PySide
  • Pip: ezdxf
  • Pip: numpy
  • Warn: stepZ (Not in AddonManager allowed packages)
Static Analysis 14
MEDIUM 2
addon/addFC/Preference.py1
  • line 101: Using xml.etree.ElementTree.parse to parse untrusted XML data is known to be vulnerable to XML attacks. Replace xml.etree.ElementTree.parse with its defusedxml equivalent function or make sure defusedxml.defuse_stdlib() is called
addon/addFC/toolkit/Library.py1
  • line 401: Use of extra potential SQL attack vector.
LOW 12
addon/addFC/Other.py9
  • line 26: Consider possible security implications associated with the subprocess module.
  • line 64: Starting a process with a partial executable path
  • line 64: subprocess call - check for execution of untrusted input.
  • line 65: Starting a process with a partial executable path
  • line 65: subprocess call - check for execution of untrusted input.
  • line 66: Starting a process with a partial executable path
  • line 66: subprocess call - check for execution of untrusted input.
  • line 144: Starting a process with a partial executable path
  • line 144: subprocess call - check for execution of untrusted input.
addon/addFC/Preference.py3
  • line 30: Consider possible security implications associated with the subprocess module.
  • line 32: Using xml.etree.ElementTree to parse untrusted XML data is known to be vulnerable to XML attacks. Replace xml.etree.ElementTree with the equivalent defusedxml package, or make sure defusedxml.defuse_stdlib() is called.
  • line 123: subprocess call - check for execution of untrusted input.
INFO 1
Layout1
  • No Mod init scripts found
Authors/Maintainers 1
Golodnikov Sergey

ConstraintDesign main

beta-0.1· This addon adds a design workbench that is specially designed to be as flexible and stable as possible.

96.8 / 100

Repository

https://github.com/drwho495/ConstraintDesign-wb
main · Created: 2025-04-13 · Updated: 3 mo · 47 python files

Statistics

1,977
DL(Yr)
212
DL(Mo)
15
Stars
16
Issues
Manifest
Branch
main
Version
beta-0.1
License
LGPL-2.1-only
Dependencies 2
  • Internal: PySide
  • Internal: pivy
Static Analysis 3
HIGH 1
Layout1
  • Invalid __init__.py file in root. Change to Init.py
LOW 2
Entities/Extrusion.py1
  • line 659: Try, Except, Continue detected.
Utils/Utils.py1
  • line 254: Standard pseudo-random generators are not suitable for security/cryptographic purposes.
INFO 2
package.xml1
  • Missing author information in package.xml
Layout1
  • Uses exec based layout
Authors/Maintainers 1
drwho495

Cubinets main

0.1.0-demo· Visualize cabinet assemblies using parametric templates and generate cut lists.

96.8 / 100

Repository

https://github.com/foreachidea/Cubinets
stable · Created: 2026-02-20 · Updated: 3 mo · 28 python files

Statistics

0
DL(Yr)
0
DL(Mo)
1
Stars
0
Issues
Manifest
Branch
main
Version
0.1.0-demo
License
GPL-3.0-or-later
Dependencies 2
  • Compat: PySide6
  • Internal: PySide
Static Analysis 3
HIGH 1
package.xml1
  • Declared branch 'main' does not match git branch 'stable'
LOW 2
freecad/Cubinets/File.py1
  • line 68: Standard pseudo-random generators are not suitable for security/cryptographic purposes.
package.xml1
  • line 65: Icon file 'freecad/Cubinets/Resources/Icons/Addon.svg' is too big (>16kB)
INFO 1
Layout1
  • Uses extension based layout
Authors/Maintainers 1
Vytautas Rimkevicius

Cubinets main

0.1.0-demo· Visualize cabinet assemblies using parametric templates and generate cut lists.

96.8 / 100

Repository

https://github.com/foreachidea/Cubinets
latest · Created: 2026-02-20 · Updated: 3 mo · 28 python files

Statistics

0
DL(Yr)
0
DL(Mo)
1
Stars
0
Issues
Manifest
Branch
main
Version
0.1.0-demo
License
GPL-3.0-or-later
Dependencies 2
  • Compat: PySide6
  • Internal: PySide
Static Analysis 3
HIGH 1
package.xml1
  • Declared branch 'main' does not match git branch 'latest'
LOW 2
freecad/Cubinets/File.py1
  • line 68: Standard pseudo-random generators are not suitable for security/cryptographic purposes.
package.xml1
  • line 65: Icon file 'freecad/Cubinets/Resources/Icons/Addon.svg' is too big (>16kB)
INFO 1
Layout1
  • Uses extension based layout
Authors/Maintainers 1
Vytautas Rimkevicius

Lithophane

No description

96.8 / 100

Repository

https://github.com/furti/FreeCAD-Lithophane
master · Created: 2018-06-05 · Updated: 5 yr · 37 python files

Statistics

0
DL(Yr)
0
DL(Mo)
36
Stars
15
Issues
Dependencies 7
  • Compat: PySide2
  • Internal: Draft
  • Internal: Mesh
  • Internal: Points
  • Internal: PySide
  • Internal: pivy
  • Warn: bpy (Not in AddonManager allowed packages)
Static Analysis 3
HIGH 1
package.xml1
  • File not found.
LOW 2
blender/blender_processor.py2
  • line 4: Consider possible security implications associated with the subprocess module.
  • line 100: subprocess call - check for execution of untrusted input.
INFO 1
Layout1
  • Uses exec based layout
Authors/Maintainers 0

lattice2 master

1.1· Tools and arrays of all sorts and kinds, and local coordinate systems

96.7 / 100

Repository

https://github.com/DeepSOIC/Lattice2
master · Created: 2015-11-26 · Updated: 2 mo · 73 python files

Statistics

9,116
DL(Yr)
1,103
DL(Mo)
79
Stars
34
Issues
Manifest
Branch
master
Version
1.1
License
LGPL-2.0-or-later
Dependencies 5
  • Internal: Draft
  • Internal: PySide
  • Internal: Sketcher
  • Internal: pivy
  • Warn: Show (Not in AddonManager allowed packages)
Static Analysis 4
HIGH 1
package.xml1
  • line 8: Missing license file 'LICENSE'
LOW 3
lattice2ShapeInfoFeature.py1
  • line 155: Try, Except, Continue detected.
lattice2ValueSeriesGenerator.py1
  • line 204: Standard pseudo-random generators are not suitable for security/cryptographic purposes.
license.*1
  • File not found.
INFO 2
package.xml1
  • Missing author information in package.xml
Layout1
  • Uses exec based layout
Authors/Maintainers 1
DeepSOIC

Motion-Control Latest

1.1.0· Link motion controller to an assembly using OPC UA.

96.6 / 100

Repository

https://github.com/Addon-Shelter/Motion-Control
Stable · v1.1.0 · Created: 2025-09-25 · Updated: 2 mo · 13 python files

Statistics

0
DL(Yr)
0
DL(Mo)
0
Stars
0
Issues
Manifest
Branch
Latest
Version
1.1.0
License
GPL-3.0-or-later
Dependencies 3
  • Compat: PySide6
  • Pip: asyncua
  • Warn: aioconsole (Not in AddonManager allowed packages)
Static Analysis 5
HIGH 1
package.xml1
  • Declared branch 'Latest' does not match git branch 'Stable'
LOW 4
Demo/Demo_Cnc/DemoServer/opcserver.py4
  • line 147: Starting a process with a shell: Seems safe, but may be changed in the future, consider rewriting without shell
  • line 147: Starting a process with a partial executable path
  • line 190: Starting a process with a shell: Seems safe, but may be changed in the future, consider rewriting without shell
  • line 190: Starting a process with a partial executable path
INFO 1
Layout1
  • Uses extension based layout
Authors/Maintainers 2
heissgetraenk PhoneDroid

Telemetry main

1.0.6· Help improve FreeCAD by sending basic metrics to the development team.

96.6 / 100

Repository

https://github.com/FreeCAD/FreeCAD-Telemetry
main · Created: 2025-02-16 · Updated: 1 d · 9 python files

Statistics

1,707
DL(Yr)
0
DL(Mo)
12
Stars
5
Issues
Manifest
Branch
main
Version
1.0.6
License
LGPL-2.1-or-later, CC-BY-4.0
Dependencies 3
  • Internal: PySide
  • Pip: posthog
  • Warn: sentry_sdk (Not in AddonManager allowed packages)
Static Analysis 7
MEDIUM 3
Resources/translations/run_translation_cycle.py2
  • line 88: Audit url open for permitted schemes. Allowing use of file:/ or custom schemes is often unexpected.
  • line 138: Audit url open for permitted schemes. Allowing use of file:/ or custom schemes is often unexpected.
TelemetryPreferences.py1
  • line 159: Audit url open for permitted schemes. Allowing use of file:/ or custom schemes is often unexpected.
LOW 4
Resources/translations/run_translation_cycle.py4
  • line 37: Consider possible security implications associated with the subprocess module.
  • line 188: Starting a process with a partial executable path
  • line 188: subprocess call - check for execution of untrusted input.
  • line 351: subprocess call - check for execution of untrusted input.
INFO 2
package.xml1
  • Missing author information in package.xml
Layout1
  • Uses exec based layout
Authors/Maintainers 1
The FreeCAD project association AISBL

EM master

2.1.1· This project is dedicated to building an ElectroMagnetic workbench for FreeCAD, with support for inductance and capacitance solvers.

96.4 / 100

Repository

https://github.com/ediloren/EM-Workbench-for-FreeCAD
master · Created: 2016-10-03 · Updated: 2 yr · 24 python files

Statistics

953
DL(Yr)
173
DL(Mo)
68
Stars
6
Issues
Manifest
Branch
master
Version
2.1.1
License
LGPLv2.1
Dependencies 6
  • Internal: Draft
  • Internal: Mesh
  • Internal: PySide
  • Internal: pivy
  • Pip: numpy
  • Pip: scipy
Static Analysis 7
HIGH 1
package.xml1
  • line 8: Missing license file 'LICENSE'
LOW 6
launch_fastercap.py2
  • line 25: Consider possible security implications associated with the subprocess module.
  • line 32: subprocess call - check for execution of untrusted input.
launch_fasthenry.py2
  • line 27: Consider possible security implications associated with the subprocess module.
  • line 34: subprocess call - check for execution of untrusted input.
license.*1
  • File not found.
package.xml1
  • line 12: Icon file 'Resources/EMWorkbench.svg' is too big (>16kB)
INFO 2
package.xml1
  • Missing author information in package.xml
Layout1
  • Uses exec based layout
Authors/Maintainers 1
Enrico Di Lorenzo

slic3r-tools

No description

96.3 / 100

Repository

https://github.com/limikael/freecad-slic3r-tools
master · Created: 2019-05-08 · Updated: 6 yr · 9 python files

Statistics

0
DL(Yr)
0
DL(Mo)
17
Stars
8
Issues
Dependencies 2
  • Internal: Mesh
  • Internal: PySide
Static Analysis 8
HIGH 1
package.xml1
  • File not found.
LOW 7
Slcr.py2
  • line 1: Consider possible security implications associated with the subprocess module.
  • line 39: subprocess call - check for execution of untrusted input.
SlcrDoc.py2
  • line 1: Consider possible security implications associated with the subprocess module.
  • line 109: subprocess call - check for execution of untrusted input.
build.py2
  • line 4: Starting a process with a shell: Seems safe, but may be changed in the future, consider rewriting without shell
  • line 4: Starting a process with a partial executable path
license.*1
  • File not found.
INFO 1
Layout1
  • Uses exec based layout
Authors/Maintainers 0

LCInterlocking master

1.5.1· Create interlocking parts for laser cutting or CNC milling

96 / 100

Repository

https://github.com/execuc/LCInterlocking
master · 1.5.1 · Created: 2016-06-20 · Updated: 7 mo · 32 python files

Statistics

2,938
DL(Yr)
471
DL(Mo)
188
Stars
34
Issues
Manifest
Branch
master
Version
1.5.1
License
LGPL-2.1-or-later
Dependencies 2
  • Internal: Draft
  • Internal: PySide
Static Analysis 2
HIGH 1
package.xml1
  • line 7: Element maintainer failed to validate attributes
MEDIUM 1
panel/propertieslist.py1
  • line 37: Use of possibly insecure function - consider using safer ast.literal_eval.
INFO 1
Layout1
  • Uses exec based layout
Authors/Maintainers 1
execuc

Plot master

2024.11.26· Some tools to manipulate the FreeCAD plots

95.9 / 100

Repository

https://github.com/FreeCAD/Plot
2024.11.26 · 2024.11.26 · Created: 2018-09-22 · Updated: 2 yr · 16 python files

Statistics

0
DL(Yr)
0
DL(Mo)
15
Stars
0
Issues
Manifest
Branch
master
Version
2024.11.26
License
LGPL-2.1-or-later
Dependencies 4
  • Internal: PySide
  • Pip: matplotlib
  • Warn: PyQt5 (Not in AddonManager allowed packages)
  • Warn: setuptools (Not in AddonManager allowed packages)
Static Analysis 3
HIGH 1
package.xml1
  • Declared branch 'master' does not match git branch '2024.11.26'
MEDIUM 1
setup.py1
  • line 8: Use of exec detected.
LOW 1
package.xml1
  • line 13: Icon file 'freecad/plot/resources/icons/Plot_Icon.svg' is too big (>16kB)
INFO 2
package.xml1
  • Missing author information in package.xml
Layout1
  • Uses extension based layout
Authors/Maintainers 1
Jose Luis Cercós Pita

InventorLoader master

1.5.1· This plugin enables FreeCAD to import Inventor part files (*.IPT), ACIS files (*.SAT, *.SAB), 3D-Solids from DXF files and Fusion360 (*.f3d)...

95.6 / 100

Repository

https://github.com/jmplonka/InventorLoader
master · Created: 2017-02-09 · Updated: 2 yr · 39 python files

Statistics

3,213
DL(Yr)
653
DL(Mo)
164
Stars
58
Issues
Manifest
Branch
master
Version
1.5.1
License
LGPL-3.0-or-later
Dependencies 10
  • Internal: Draft
  • Internal: Mesh
  • Internal: PySide
  • Internal: Sketcher
  • Internal: pivy
  • Pip: ezdxf
  • Pip: olefile
  • Pip: xlrd
  • Pip: xlutils
  • Pip: xlwt
Static Analysis 6
HIGH 1
package.xml1
  • line 6: Missing license file 'None'
MEDIUM 1
Acis.py1
  • line 276: Use of possibly insecure function - consider using safer ast.literal_eval.
LOW 4
Acis.py1
  • line 5051: Possible hardcoded password: '('
InitGui.py2
  • line 15: subprocess call - check for execution of untrusted input.
  • line 17: Consider possible security implications associated with the subprocess module.
package.xml1
  • line 8: Icon file 'Icon.png' is not scalable (svg)
INFO 2
package.xml1
  • Missing author information in package.xml
Layout1
  • Uses exec based layout
Authors/Maintainers 1
jmplonka

Road main

2026.04.11· Road is the Transportation and Geomatics Engineering workbench for FreeCAD.

95.5 / 100

Repository

https://github.com/HakanSeven12/Road
main · Created: 2025-01-01 · Updated: 3 mo · 128 python files

Statistics

2,565
DL(Yr)
185
DL(Mo)
42
Stars
7
Issues
Manifest
Branch
main
Version
2026.04.11
License
LGPL-2.1-or-later, CC-BY-SA-4.0
Dependencies 7
  • Internal: Mesh
  • Internal: Points
  • Internal: PySide
  • Internal: pivy
  • Pip: numpy
  • Pip: pyproj
  • Pip: scipy
Static Analysis 18
MEDIUM 3
freecad/road/tasks/task_selection.py2
  • line 40: Possible SQL injection vector through string-based query construction.
  • line 102: Possible SQL injection vector through string-based query construction.
modules/landxml/landxml_reader.py1
  • line 166: Using xml.etree.ElementTree.parse to parse untrusted XML data is known to be vulnerable to XML attacks. Replace xml.etree.ElementTree.parse with its defusedxml equivalent function or make sure defusedxml.defuse_stdlib() is called
LOW 15
freecad/road/geometry/alignment/alignment.py2
  • line 371: Try, Except, Continue detected.
  • line 645: Try, Except, Continue detected.
freecad/road/objects/road.py1
  • line 78: Try, Except, Continue detected.
freecad/road/viewproviders/view_terrain.py3
  • line 24: Standard pseudo-random generators are not suitable for security/cryptographic purposes.
  • line 24: Standard pseudo-random generators are not suitable for security/cryptographic purposes.
  • line 24: Standard pseudo-random generators are not suitable for security/cryptographic purposes.
freecad/road/viewproviders/view_volume.py3
  • line 20: Standard pseudo-random generators are not suitable for security/cryptographic purposes.
  • line 20: Standard pseudo-random generators are not suitable for security/cryptographic purposes.
  • line 20: Standard pseudo-random generators are not suitable for security/cryptographic purposes.
modules/landxml/alignment_parser.py1
  • line 9: Using xml.etree.ElementTree to parse untrusted XML data is known to be vulnerable to XML attacks. Replace xml.etree.ElementTree with the equivalent defusedxml package, or make sure defusedxml.defuse_stdlib() is called.
modules/landxml/cgpoint_parser.py1
  • line 9: Using xml.etree.ElementTree to parse untrusted XML data is known to be vulnerable to XML attacks. Replace xml.etree.ElementTree with the equivalent defusedxml package, or make sure defusedxml.defuse_stdlib() is called.
modules/landxml/landxml_reader.py1
  • line 4: Using xml.etree.ElementTree to parse untrusted XML data is known to be vulnerable to XML attacks. Replace xml.etree.ElementTree with the equivalent defusedxml package, or make sure defusedxml.defuse_stdlib() is called.
modules/landxml/profile_parser.py1
  • line 9: Using xml.etree.ElementTree to parse untrusted XML data is known to be vulnerable to XML attacks. Replace xml.etree.ElementTree with the equivalent defusedxml package, or make sure defusedxml.defuse_stdlib() is called.
modules/landxml/surface_parser.py1
  • line 9: Using xml.etree.ElementTree to parse untrusted XML data is known to be vulnerable to XML attacks. Replace xml.etree.ElementTree with the equivalent defusedxml package, or make sure defusedxml.defuse_stdlib() is called.
package.xml1
  • line 12: Icon file 'freecad/road/resources/RoadWorkbench.svg' is too big (>16kB)
INFO 2
package.xml1
  • Missing author information in package.xml
Layout1
  • Uses extension based layout
Authors/Maintainers 1
Hakan Seven

btl main

0.9.9· A FreeCAD Path Addon to manage your tool library.

95.5 / 100

Repository

https://github.com/knipknap/better-tool-library
main · Created: 2023-07-15 · Updated: 10 mo · 49 python files

Statistics

0
DL(Yr)
0
DL(Mo)
42
Stars
17
Issues
Manifest
Branch
main
Version
0.9.9
License
MIT
Dependencies 7
  • Internal: PySide
  • Pip: Path
  • Pip: matplotlib
  • Pip: numpy
  • Pip: scipy
  • Warn: PyQt5 (Not in AddonManager allowed packages)
  • Warn: pip (Not in AddonManager allowed packages)
Static Analysis 7
HIGH 1
package.xml1
  • line 2: Expecting a namespace for element package
MEDIUM 1
btl/util.py1
  • line 21: Using xml.etree.ElementTree.fromstring to parse untrusted XML data is known to be vulnerable to XML attacks. Replace xml.etree.ElementTree.fromstring with its defusedxml equivalent function or make sure defusedxml.defuse_stdlib() is called
LOW 5
btl/params.py1
  • line 154: Standard pseudo-random generators are not suitable for security/cryptographic purposes.
btl/util.py1
  • line 3: Using xml.etree.ElementTree to parse untrusted XML data is known to be vulnerable to XML attacks. Replace xml.etree.ElementTree with the equivalent defusedxml package, or make sure defusedxml.defuse_stdlib() is called.
btl/version.py3
  • line 2: Consider possible security implications associated with the subprocess module.
  • line 8: Starting a process with a partial executable path
  • line 8: subprocess call - check for execution of untrusted input.
INFO 2
package.xml1
  • Missing author information in package.xml
Layout1
  • Uses exec based layout
Authors/Maintainers 1
Samuel Abels

BillOfMaterials main

1.2.0.4· A workbench to create Bill of Materials (BoM) independent of the assembly workbench of your choice.

95.3 / 100

Repository

https://github.com/APEbbers/BillOfMaterials-WB
main · Created: 2023-11-05 · Updated: 22 d · 35 python files

Statistics

4,517
DL(Yr)
1,248
DL(Mo)
31
Stars
4
Issues
Manifest
Branch
main
Version
1.2.0.4
License
LGPL-3.0-or-later
Dependencies 3
  • Internal: PySide
  • Pip: matplotlib
  • Pip: openpyxl
Static Analysis 9
HIGH 1
Layout1
  • Invalid __init__.py file in root. Change to Init.py
MEDIUM 1
StyleMapping_BOM_WB.py1
  • line 86: Using xml.etree.ElementTree.parse to parse untrusted XML data is known to be vulnerable to XML attacks. Replace xml.etree.ElementTree.parse with its defusedxml equivalent function or make sure defusedxml.defuse_stdlib() is called
LOW 7
Standard_Functions_BOM_WB.py5
  • line 287: Consider possible security implications associated with the subprocess module.
  • line 294: subprocess call - check for execution of untrusted input.
  • line 296: Starting a process without a shell.
  • line 300: Starting a process with a partial executable path
  • line 300: subprocess call - check for execution of untrusted input.
StyleMapping_BOM_WB.py1
  • line 46: Using xml.etree.ElementTree to parse untrusted XML data is known to be vulnerable to XML attacks. Replace xml.etree.ElementTree with the equivalent defusedxml package, or make sure defusedxml.defuse_stdlib() is called.
package.xml1
  • line 24: Icon file 'Resources/Icons/BillOfMaterialsWB.svg' is too big (>16kB)
INFO 2
package.xml1
  • Missing author information in package.xml
Layout1
  • Uses exec based layout
Authors/Maintainers 1
Paul Ebbers

DynamicData master

2.78· Container object for holding custom properties, alternative to spreadsheet

94.9 / 100

Repository

https://github.com/mwganson/DynamicData
master · Created: 2018-09-22 · Updated: 3 mo · 4 python files

Statistics

2,806
DL(Yr)
315
DL(Mo)
51
Stars
24
Issues
Manifest
Branch
master
Version
2.78
License
LGPL-2.1-or-later
Dependencies 2
  • Internal: PySide
  • Pip: Requests
Static Analysis 4
HIGH 1
package.xml1
  • line 2: Expecting a namespace for element package
MEDIUM 2
freecad/Dynamic_Data/init_gui.py2
  • line 113: Call to requests without timeout
  • line 117: Using xml.etree.ElementTree.fromstring to parse untrusted XML data is known to be vulnerable to XML attacks. Replace xml.etree.ElementTree.fromstring with its defusedxml equivalent function or make sure defusedxml.defuse_stdlib() is called
LOW 1
freecad/Dynamic_Data/init_gui.py1
  • line 98: Using xml.etree.ElementTree to parse untrusted XML data is known to be vulnerable to XML attacks. Replace xml.etree.ElementTree with the equivalent defusedxml package, or make sure defusedxml.defuse_stdlib() is called.
INFO 2
package.xml1
  • Missing author information in package.xml
Layout1
  • Uses extension based layout
Authors/Maintainers 1
TheMarkster

3D_Printing_Tools

No description

94.6 / 100

Repository

https://github.com/mark1791/3D_Printing_Tools
master · Created: 2019-01-30 · Updated: 7 yr · 5 python files

Statistics

4,514
DL(Yr)
898
DL(Mo)
53
Stars
7
Issues
Dependencies 2
  • Internal: Mesh
  • Internal: PySide
Static Analysis 7
HIGH 1
package.xml1
  • File not found.
MEDIUM 2
_SMutils.py2
  • line 53: Use of possibly insecure function - consider using safer ast.literal_eval.
  • line 63: Use of possibly insecure function - consider using safer ast.literal_eval.
LOW 4
SM_Graphic_Properties.py3
  • line 42: Standard pseudo-random generators are not suitable for security/cryptographic purposes.
  • line 43: Standard pseudo-random generators are not suitable for security/cryptographic purposes.
  • line 44: Standard pseudo-random generators are not suitable for security/cryptographic purposes.
SM_Mesh_Solid.py1
  • line 43: Standard pseudo-random generators are not suitable for security/cryptographic purposes.
INFO 1
Layout1
  • Uses exec based layout
Authors/Maintainers 0

Assembly3 master

0.12.3· Assembly3 workbench an attempt to bring assembly capability to FreeCAD using SolveSpace constraint solver

94.6 / 100

Repository

https://github.com/realthunder/FreeCAD_assembly3
master · Created: 2017-09-10 · Updated: 8 mo · 18 python files

Statistics

3,182
DL(Yr)
506
DL(Mo)
904
Stars
333
Issues
Manifest
Branch
master
Version
0.12.3
License
GPL-3.0-only
Dependencies 10
  • Compat: PySide2
  • Internal: Draft
  • Internal: PySide
  • Internal: pivy
  • Pip: numpy
  • Pip: scipy
  • Pip: sympy
  • Warn: py_slvs (Not in AddonManager allowed packages)
  • Warn: setuptools (Not in AddonManager allowed packages)
  • Warn: slvs (Not in AddonManager allowed packages)
Static Analysis 7
HIGH 1
Layout1
  • Invalid __init__.py file in root.
MEDIUM 2
freecad/asm3/deps/six.py1
  • line 709: Use of exec detected.
setup.py1
  • line 7: Use of exec detected.
LOW 4
freecad/asm3/install_prompt.py3
  • line 5: Consider possible security implications associated with the subprocess module.
  • line 68: subprocess call - check for execution of untrusted input.
  • line 71: subprocess call - check for execution of untrusted input.
package.xml1
  • line 12: Icon file 'freecad/asm3/Gui/Resources/icons/AssemblyWorkbench.svg' is too big (>16kB)
INFO 2
package.xml1
  • Missing author information in package.xml
Layout1
  • Uses extension based layout
Authors/Maintainers 1
RealThunder

DesignSPHysics master

0.8.2 (29-05-2026)· DesignSPHysics is a macro/addon for FreeCAD that provides a Graphical User Interface for fluid and multi-physics solver DualSPHysics

94.4 / 100

Repository

https://github.com/DualSPHysics/DesignSPHysics
master · Created: 2018-07-31 · Updated: 22 d · 315 python files

Statistics

1,138
DL(Yr)
365
DL(Mo)
150
Stars
31
Issues
Manifest
Branch
master
Version
0.8.2 (29-05-2026)
License
GPL-3.0-or-later
Dependencies 6
  • Compat: PySide6
  • Internal: Draft
  • Internal: Fem
  • Internal: Mesh
  • Warn: defusedexpat (Not in AddonManager allowed packages)
  • Warn: ordereddict (Not in AddonManager allowed packages)
Static Analysis 20
MEDIUM 4
mod/dataobjects/configuration/executable_paths.py1
  • line 114: Pickle and modules that wrap it can be unsafe when used to deserialize untrusted data, possible security issue.
mod/main.py1
  • line 95: Audit url open for permitted schemes. Allowing use of file:/ or custom schemes is often unexpected.
mod/tools/stdout_tools.py1
  • line 46: Probable insecure usage of temp file/directory.
mod/xml/importer.py1
  • line 144: Using xml.etree.ElementTree.fromstring to parse untrusted XML data is known to be vulnerable to XML attacks. Replace xml.etree.ElementTree.fromstring with its defusedxml equivalent function or make sure defusedxml.defuse_stdlib() is called
LOW 16
mod/dataobjects/configuration/executable_paths.py1
  • line 9: Consider possible security implications associated with pickle module.
mod/dataobjects/motion/focused_piston_wave_gen.py1
  • line 34: Standard pseudo-random generators are not suitable for security/cryptographic purposes.
mod/dataobjects/motion/irregular_flap_wave_gen.py1
  • line 30: Standard pseudo-random generators are not suitable for security/cryptographic purposes.
mod/dataobjects/motion/irregular_piston_wave_gen.py1
  • line 29: Standard pseudo-random generators are not suitable for security/cryptographic purposes.
mod/dataobjects/relaxation_zone/relaxation_zone_irregular.py1
  • line 16: Standard pseudo-random generators are not suitable for security/cryptographic purposes.
mod/tools/file_tools.py2
  • line 16: Consider possible security implications associated with pickle module.
  • line 23: Consider possible security implications associated with UnpicklingError module.
mod/tools/pickle_tool.py1
  • line 2: Consider possible security implications associated with pickle module.
mod/tools/post_processing_tools.py3
  • line 5: Consider possible security implications associated with the subprocess module.
  • line 73: subprocess call - check for execution of untrusted input.
  • line 378: subprocess call - check for execution of untrusted input.
mod/widgets/dock/dock_widgets/gencase_completed_dialog.py2
  • line 5: Consider possible security implications associated with the subprocess module.
  • line 116: subprocess call - check for execution of untrusted input.
mod/xml/importer.py1
  • line 12: Using xml.etree.ElementTree to parse untrusted XML data is known to be vulnerable to XML attacks. Replace xml.etree.ElementTree with the equivalent defusedxml package, or make sure defusedxml.defuse_stdlib() is called.
mod/xml/xmltodict.py2
  • line 9: Using XMLGenerator to parse untrusted XML data is known to be vulnerable to XML attacks. Replace XMLGenerator with the equivalent defusedxml package, or make sure defusedxml.defuse_stdlib() is called.
  • line 10: Using AttributesImpl to parse untrusted XML data is known to be vulnerable to XML attacks. Replace AttributesImpl with the equivalent defusedxml package, or make sure defusedxml.defuse_stdlib() is called.
INFO 2
package.xml1
  • Missing author information in package.xml
Layout1
  • No Mod init scripts found
Authors/Maintainers 1
Iván Martínez Estévez

SimplyPrint main

1.0.0· Send your FreeCAD models, meshes and assemblies directly to the SimplyPrint cloud for slicing, storage and 3D printing. Adapts to the active...

94.4 / 100

Repository

https://github.com/SimplyPrint/freecad-integration
main · Created: 2026-06-01 · Updated: 5 d · 17 python files

Statistics

0
DL(Yr)
0
DL(Mo)
0
Stars
0
Issues
Manifest
Branch
main
Version
1.0.0
License
MIT
Dependencies 2
  • Internal: Mesh
  • Internal: PySide
Static Analysis 11
MEDIUM 5
build.py1
  • line 32: Using xml.etree.ElementTree.parse to parse untrusted XML data is known to be vulnerable to XML attacks. Replace xml.etree.ElementTree.parse with its defusedxml equivalent function or make sure defusedxml.defuse_stdlib() is called
freecad/simplyprint/__init__.py1
  • line 33: Using xml.etree.ElementTree.parse to parse untrusted XML data is known to be vulnerable to XML attacks. Replace xml.etree.ElementTree.parse with its defusedxml equivalent function or make sure defusedxml.defuse_stdlib() is called
freecad/simplyprint/api.py1
  • line 47: Audit url open for permitted schemes. Allowing use of file:/ or custom schemes is often unexpected.
freecad/simplyprint/oauth.py2
  • line 108: Audit url open for permitted schemes. Allowing use of file:/ or custom schemes is often unexpected.
  • line 141: Audit url open for permitted schemes. Allowing use of file:/ or custom schemes is often unexpected.
LOW 6
build.py1
  • line 16: Using xml.etree.ElementTree to parse untrusted XML data is known to be vulnerable to XML attacks. Replace xml.etree.ElementTree with the equivalent defusedxml package, or make sure defusedxml.defuse_stdlib() is called.
freecad/simplyprint/__init__.py1
  • line 31: Using xml.etree.ElementTree to parse untrusted XML data is known to be vulnerable to XML attacks. Replace xml.etree.ElementTree with the equivalent defusedxml package, or make sure defusedxml.defuse_stdlib() is called.
freecad/simplyprint/state.py1
  • line 23: Possible hardcoded password: 'oauth_freecad.json'
scripts/bump_version.py3
  • line 24: Consider possible security implications associated with the subprocess module.
  • line 87: Starting a process with a partial executable path
  • line 87: subprocess call - check for execution of untrusted input.
INFO 1
Layout1
  • Uses extension based layout
Authors/Maintainers 1
SimplyPrint

OpenTheme main

2025.05.20· An accessible and coordinated set of Light and Dark themes for FreeCAD

94 / 100

Repository

https://github.com/obelisk79/OpenTheme
main · Created: 2024-01-24 · Updated: 1 mo · 0 python files

Statistics

38,977
DL(Yr)
7,971
DL(Mo)
110
Stars
59
Issues
Manifest
Branch
main
Version
2025.05.20
License
LGPL-2.1-or-later
Static Analysis 2
HIGH 2
package.xml2
  • line 17: Element preferencepack has extra content: type
  • line 13: Element content has extra content: preferencepack
INFO 2
package.xml1
  • Missing author information in package.xml
Layout1
  • No Mod init scripts found
Authors/Maintainers 1
Obelisk79

Color-Palette-Theme main

2.2.7· Choose your colors with the "ColorPalette" Theme and increase the focus on objects and texts(FreeCAD v1.1.0 ≥)

94 / 100

Repository

https://github.com/altangarts/FreeCAD-Themes-ColorPalette
main · Created: 2024-12-25 · Updated: today · 4 python files

Statistics

4,965
DL(Yr)
736
DL(Mo)
11
Stars
1
Issues
Manifest
Branch
main
Version
2.2.7
License
LGPL-2.1-or-later
Dependencies 2
  • Compat: PySide2
  • Compat: PySide6
Static Analysis 2
HIGH 2
package.xml2
  • line 20: Element preferencepack has extra content: type
  • line 12: Element content has extra content: workbench
INFO 2
package.xml1
  • Missing author information in package.xml
Layout1
  • Uses exec based layout
Authors/Maintainers 1
altangarts

OpticsWorkbench main

1.3.7· Geometrical optics for FreeCAD. Performs simple raytracing through your FreeCAD objects.

94 / 100

Repository

https://github.com/chbergmann/OpticsWorkbench
main · Created: 2021-07-03 · Updated: 26 d · 16 python files

Statistics

2,597
DL(Yr)
659
DL(Mo)
161
Stars
12
Issues
Manifest
Branch
main
Version
1.3.7
License
LGPL-2.1
Dependencies 6
  • Internal: BOPTools
  • Internal: PySide
  • Internal: Sketcher
  • Pip: matplotlib
  • Pip: numpy
  • Pip: scipy
Static Analysis 2
HIGH 2
package.xml2
  • line 20: Did not expect element depend there
  • line 14: Element content has extra content: workbench
INFO 2
package.xml1
  • Missing author information in package.xml
Layout1
  • Uses exec based layout
Authors/Maintainers 1
Christi

NordicFC main

1.0.1· Nordic themes and preference pack.

94 / 100

Repository

https://github.com/erroronline1/NordicFC
main · Created: 2025-09-20 · Updated: 2 mo · 0 python files

Statistics

1,191
DL(Yr)
648
DL(Mo)
23
Stars
2
Issues
Manifest
Branch
main
Version
1.0.1
License
LGPL-2.1-or-later
Static Analysis 2
HIGH 2
package.xml2
  • line 90: Element preferencepack has extra content: type
  • line 83: Element content has extra content: preferencepack
INFO 1
Layout1
  • No Mod init scripts found
Authors/Maintainers 1
error on line 1

Estimate main

0.1.5· A FreeCAD workbench to estimate material quantity by volume or weight for selected parts

94 / 100

Repository

https://github.com/erroronline1/estimateWB
master · Created: 2022-03-04 · Updated: 2 mo · 6 python files

Statistics

2,259
DL(Yr)
262
DL(Mo)
13
Stars
1
Issues
Manifest
Branch
main
Version
0.1.5
License
LGPL-3.0-or-later
Dependencies 1
  • Internal: PySide
Static Analysis 2
HIGH 2
package.xml2
  • line 44: Missing license file 'LICENSE'
  • Declared branch 'main' does not match git branch 'master'
INFO 1
Layout1
  • Uses extension based layout
Authors/Maintainers 1
error on line 1

SlopedPlanesMacro

No description

94 / 100

Repository

https://github.com/luzpaz/SlopedPlanesMacro
master · Created: 2017-11-14 · Updated: 7 yr · 14 python files

Statistics

0
DL(Yr)
0
DL(Mo)
4
Stars
0
Issues
Dependencies 2
  • Internal: PySide
  • Internal: Sketcher
Static Analysis 2
HIGH 2
package.xml1
  • File not found.
Layout1
  • Invalid __init__.py file in root.
INFO 1
Layout1
  • No Mod init scripts found
Authors/Maintainers 0

Smooth-Toolsync master

0.3.2· Synchronize FreeCAD's CAM tool libraries with a Smooth tool data server. Adds "Smooth" to the CAM workbench toolbar (a modeless Sync / Mach...

94 / 100

Repository

https://github.com/loobric/smooth-freecad.git
master · Created: 2025-10-27 · Updated: 2 d · 21 python files

Statistics

0
DL(Yr)
0
DL(Mo)
4
Stars
0
Issues
Manifest
Branch
master
Version
0.3.2
License
MIT
Dependencies 4
  • Internal: PySide
  • Pip: Path
  • Warn: argcomplete (Not in AddonManager allowed packages)
  • Warn: pytest (Not in AddonManager allowed packages)
Static Analysis 2
HIGH 2
package.xml1
  • line 39: Element package has extra content: tags
Layout1
  • Invalid __init__.py file in freecad package root.
INFO 2
package.xml1
  • Missing author information in package.xml
Layout1
  • Uses extension based layout
Authors/Maintainers 1
Brad Collette

freecad.gears master

1.3· A gear workbench for FreeCAD

93.9 / 100

Repository

https://github.com/looooo/freecad.gears
master · Created: 2014-04-08 · Updated: 3 mo · 31 python files

Statistics

40,024
DL(Yr)
6,330
DL(Mo)
342
Stars
80
Issues
Manifest
Branch
master
Version
1.3
License
GPL-3.0-or-later
Dependencies 5
  • Internal: PySide
  • Pip: numpy
  • Pip: scipy
  • Pip: sympy
  • Warn: pytest (Not in AddonManager allowed packages)
Static Analysis 3
HIGH 2
package.xml2
  • line 22: Did not expect element depend there
  • line 15: Element content has extra content: workbench
LOW 1
package.xml1
  • line 12: Icon file 'freecad/gears/icons/gearworkbench.svg' is too big (>16kB)
INFO 2
package.xml1
  • Missing author information in package.xml
Layout1
  • Uses extension based layout
Authors/Maintainers 1
looooo

CfdOF master

1.37.3· Computational Fluid Dynamics (CFD) based on OpenFOAM.

93.9 / 100

Repository

https://github.com/jaheyns/CfdOF
master · v1.37.3 · Created: 2016-12-02 · Updated: 1 mo · 74 python files

Statistics

16,742
DL(Yr)
2,959
DL(Mo)
682
Stars
23
Issues
Manifest
Branch
master
Version
1.37.3
License
LGPL-3.0-or-later
Dependencies 8
  • Internal: BOPTools
  • Internal: Fem
  • Internal: PySide
  • Internal: pivy
  • Pip: certifi
  • Pip: matplotlib
  • Pip: numpy
  • Warn: PyQt5 (Not in AddonManager allowed packages)
Static Analysis 25
MEDIUM 4
CfdOF/CfdPreferencePage.py1
  • line 549: Audit url open for permitted schemes. Allowing use of file:/ or custom schemes is often unexpected.
CfdOF/CfdTools.py2
  • line 828: Probable insecure usage of temp file/directory.
  • line 1758: Use of exec detected.
CfdOF/Solve/CfdCaseWriterFoam.py1
  • line 168: Probable insecure usage of temp file/directory.
LOW 21
CfdOF/CfdPreferencePage.py1
  • line 41: Using escape to parse untrusted XML data is known to be vulnerable to XML attacks. Replace escape with the equivalent defusedxml package, or make sure defusedxml.defuse_stdlib() is called.
CfdOF/CfdTools.py15
  • line 37: Consider possible security implications associated with the subprocess module.
  • line 576: subprocess call - check for execution of untrusted input.
  • line 1690: Starting a process with a partial executable path
  • line 1690: subprocess call - check for execution of untrusted input.
  • line 1692: Starting a process with a partial executable path
  • line 1692: subprocess call - check for execution of untrusted input.
  • line 1694: Starting a process with a partial executable path
  • line 1694: subprocess call - check for execution of untrusted input.
  • line 1822: Consider possible security implications associated with the subprocess module.
  • line 1827: Starting a process with a partial executable path
  • line 1827: subprocess call - check for execution of untrusted input.
  • line 1831: Starting a process with a partial executable path
  • line 1831: subprocess call - check for execution of untrusted input.
  • line 1895: subprocess call - check for execution of untrusted input.
  • line 1917: subprocess call - check for execution of untrusted input.
CfdOF/Mesh/CfdMeshTools.py3
  • line 547: Standard pseudo-random generators are not suitable for security/cryptographic purposes.
  • line 548: Standard pseudo-random generators are not suitable for security/cryptographic purposes.
  • line 549: Standard pseudo-random generators are not suitable for security/cryptographic purposes.
CfdOF/WindowsRunWrapper.py2
  • line 30: Consider possible security implications associated with the subprocess module.
  • line 69: subprocess call - check for execution of untrusted input.
INFO 1
Layout1
  • Uses exec based layout
Authors/Maintainers 1
Oliver Oxtoby

PieMenu master

1.13· The PieMenu module is a tool to accelerate and simplify your workflow in usage of FreeCAD.

93.9 / 100

Repository

https://github.com/Grubuntu/PieMenu
master · Created: 2024-01-13 · Updated: 13 d · 7 python files

Statistics

6,993
DL(Yr)
1,775
DL(Mo)
33
Stars
3
Issues
Manifest
Branch
master
Version
1.13
License
LGPL-2.1-or-later
Dependencies 1
  • Internal: PySide
Static Analysis 3
HIGH 2
package.xml2
  • line 7: Element maintainer failed to validate attributes
  • line 8: Missing license file 'LICENSE'
LOW 1
package.xml1
  • line 12: Icon file 'Resources/icons/PieMenu_Logo.svg' is too big (>16kB)
INFO 2
package.xml1
  • Missing author information in package.xml
Layout1
  • Uses exec based layout
Authors/Maintainers 1
Grubuntu

FreeCAD-themes main

2025.11.25· Additional themes for FreeCAD

93.9 / 100

Repository

https://github.com/FreeCAD/FreeCAD-themes
main · Created: 2024-06-24 · Updated: 3 mo · 0 python files

Statistics

9,675
DL(Yr)
1,355
DL(Mo)
9
Stars
4
Issues
Manifest
Branch
main
Version
2025.11.25
License
LGPL-2.1-or-later
Static Analysis 3
HIGH 2
package.xml2
  • line 15: Element preferencepack has extra content: type
  • line 13: Element content has extra content: preferencepack
LOW 1
package.xml1
  • line 10: Missing icon file 'resources/icons/themes.svg'
INFO 2
package.xml1
  • Missing author information in package.xml
Layout1
  • No Mod init scripts found
Authors/Maintainers 1
The FreeCAD Team

Freecad-Built-in-themes-beta main

1.2.2· Beta versions of the preference Packs included with the FreeCAD distribution

93.9 / 100

Repository

https://github.com/MisterMakerNL/Freecad-Built-in-themes-beta
main · Created: 2023-06-11 · Updated: 2 yr · 0 python files

Statistics

1,963
DL(Yr)
300
DL(Mo)
4
Stars
1
Issues
Manifest
Branch
main
Version
1.2.2
License
LGPL-2.0-or-later
Static Analysis 3
HIGH 2
package.xml2
  • line 2: Expecting a namespace for element package
  • line 7: Missing license file '../../LICENSE'
LOW 1
package.xml1
  • line 9: Icon file 'resources/icons/Freecad-Built-in-themes-beta.svg' is too big (>16kB)
INFO 2
package.xml1
  • Missing author information in package.xml
Layout1
  • No Mod init scripts found
Authors/Maintainers 1
MisterMaker

Machines Latest

1.0.0· Collection of Community Maintained Machines

93.9 / 100

Repository

https://github.com/FreeCAD/Machines
Latest · Created: 2026-03-13 · Updated: 2 mo · 0 python files

Statistics

0
DL(Yr)
0
DL(Mo)
4
Stars
1
Issues
Manifest
Branch
Latest
Version
1.0.0
License
CC-BY-SA-4.0
Static Analysis 3
HIGH 2
package.xml2
  • line 82: Did not expect element machine there
  • line 83: Element content has extra content: machine
LOW 1
package.xml1
  • line 58: Icon file 'Resources/Icons/Logo.svg' is too big (>16kB)
INFO 1
Layout1
  • No Mod init scripts found
Authors/Maintainers 1
Sliptonic

STEMFIE main

0.3.1· A simple workbench for generating STEMFIE system components.

93.9 / 100

Repository

https://github.com/bilbaomakers/StemfieWB
main · 0.3.1 · Created: 2021-07-06 · Updated: 1 yr · 15 python files

Statistics

0
DL(Yr)
0
DL(Mo)
24
Stars
5
Issues
Manifest
Branch
main
Version
0.3.1
License
GPL-2.0-or-later
Dependencies 2
  • Pip: numpy
  • Warn: pygears (Not in AddonManager allowed packages)
Static Analysis 3
HIGH 2
package.xml2
  • line 45: Element workbench has extra content: text
  • line 45: Element content has extra content: workbench
LOW 1
freecad/stemfie/Stemfie.py1
  • line 79: Standard pseudo-random generators are not suitable for security/cryptographic purposes.
INFO 1
Layout1
  • Uses extension based layout
Authors/Maintainers 2
Bilbao Makers hasecilu

SteelColumn

No description

93.9 / 100

Repository

https://github.com/ebrahimraeyat/momen
master · Created: 2020-08-28 · Updated: 1 yr · 16 python files

Statistics

0
DL(Yr)
0
DL(Mo)
9
Stars
0
Issues
Dependencies 8
  • Compat: PySide2
  • Internal: Arch
  • Internal: Draft
  • Internal: PySide
  • Pip: ezdxf
  • Warn: GitPython (Not in AddonManager allowed packages)
  • Warn: PyQt5 (Not in AddonManager allowed packages)
  • Warn: sec (Not in AddonManager allowed packages)
Static Analysis 3
HIGH 2
package.xml1
  • File not found.
Layout1
  • Invalid __init__.py file in root. Change to Init.py
LOW 1
techdraw.py1
  • line 296: Standard pseudo-random generators are not suitable for security/cryptographic purposes.
INFO 1
Layout1
  • Uses exec based layout
Authors/Maintainers 0

Alternate_OpenSCAD master

1.0.0· An alternate OpenSCAD importer with some experimental features.

93.7 / 100

Repository

https://github.com/KeithSloan/OpenSCAD_Alt_Import
master · Created: 2020-02-04 · Updated: 5 mo · 19 python files

Statistics

2,931
DL(Yr)
453
DL(Mo)
17
Stars
10
Issues
Manifest
Branch
master
Version
1.0.0
License
LGPL-2.1-or-later
Dependencies 8
  • Internal: Draft
  • Internal: Mesh
  • Internal: PySide
  • Internal: pivy
  • Pip: ezdxf
  • Pip: numpy
  • Pip: ply
  • Warn: scadParser (Not in AddonManager allowed packages)
Static Analysis 27
MEDIUM 4
OpenSCADHull.py3
  • line 206: Probable insecure usage of temp file/directory.
  • line 207: Probable insecure usage of temp file/directory.
  • line 208: Probable insecure usage of temp file/directory.
importAltCSG.py1
  • line 981: Using xml.sax.make_parser to parse untrusted XML data is known to be vulnerable to XML attacks. Replace xml.sax.make_parser with its defusedxml equivalent function or make sure defusedxml.defuse_stdlib() is called
LOW 23
DXFObjects.py2
  • line 134: Consider possible security implications associated with the subprocess module.
  • line 140: subprocess call - check for execution of untrusted input.
OpenSCADCommands.py3
  • line 77: Standard pseudo-random generators are not suitable for security/cryptographic purposes.
  • line 77: Standard pseudo-random generators are not suitable for security/cryptographic purposes.
  • line 77: Standard pseudo-random generators are not suitable for security/cryptographic purposes.
OpenSCADObjects.py2
  • line 349: Consider possible security implications associated with the subprocess module.
  • line 355: subprocess call - check for execution of untrusted input.
OpenSCADUtils.py11
  • line 61: Consider possible security implications associated with the subprocess module.
  • line 72: Consider possible security implications associated with the subprocess module.
  • line 87: Starting a process with a partial executable path
  • line 87: subprocess call - check for execution of untrusted input.
  • line 99: Starting a process with a partial executable path
  • line 99: subprocess call - check for execution of untrusted input.
  • line 127: Consider possible security implications associated with the subprocess module.
  • line 134: subprocess call - check for execution of untrusted input.
  • line 165: Consider possible security implications associated with the subprocess module.
  • line 166: Consider possible security implications associated with the subprocess module.
  • line 170: subprocess call - check for execution of untrusted input.
importAltCSG.py4
  • line 33: Using xml.sax to parse untrusted XML data is known to be vulnerable to XML attacks. Replace xml.sax with the equivalent defusedxml package, or make sure defusedxml.defuse_stdlib() is called.
  • line 521: Standard pseudo-random generators are not suitable for security/cryptographic purposes.
  • line 521: Standard pseudo-random generators are not suitable for security/cryptographic purposes.
  • line 521: Standard pseudo-random generators are not suitable for security/cryptographic purposes.
package.xml1
  • line 72: Icon file 'freecad/OpenSCAD_Alt_Import/Resources/icons/OpenSCAD_Alternate.png' is not scalable (svg)
INFO 1
Layout1
  • Uses extension based layout
Authors/Maintainers 1
Keith Sloan

nurbs

No description

93.4 / 100

Repository

https://github.com/microelly2/freecad-nurbs
master · Created: 2016-08-01 · Updated: 7 yr · 110 python files

Statistics

0
DL(Yr)
0
DL(Mo)
26
Stars
6
Issues
Dependencies 8
  • Internal: Draft
  • Internal: Mesh
  • Internal: Points
  • Internal: PySide
  • Internal: pivy
  • Pip: matplotlib
  • Pip: numpy
  • Pip: scipy
Static Analysis 19
HIGH 1
package.xml1
  • File not found.
MEDIUM 2
nurbswb/needle_models.py1
  • line 913: Use of possibly insecure function - consider using safer ast.literal_eval.
nurbswb/sole_models.py1
  • line 99: Use of possibly insecure function - consider using safer ast.literal_eval.
LOW 16
examples/example_create_random_nurbs_with_grids.py6
  • line 27: Standard pseudo-random generators are not suitable for security/cryptographic purposes.
  • line 28: Standard pseudo-random generators are not suitable for security/cryptographic purposes.
  • line 31: Standard pseudo-random generators are not suitable for security/cryptographic purposes.
  • line 37: Standard pseudo-random generators are not suitable for security/cryptographic purposes.
  • line 38: Standard pseudo-random generators are not suitable for security/cryptographic purposes.
  • line 42: Standard pseudo-random generators are not suitable for security/cryptographic purposes.
nurbswb/mesh_generator.py9
  • line 110: Standard pseudo-random generators are not suitable for security/cryptographic purposes.
  • line 110: Standard pseudo-random generators are not suitable for security/cryptographic purposes.
  • line 110: Standard pseudo-random generators are not suitable for security/cryptographic purposes.
  • line 137: Standard pseudo-random generators are not suitable for security/cryptographic purposes.
  • line 137: Standard pseudo-random generators are not suitable for security/cryptographic purposes.
  • line 137: Standard pseudo-random generators are not suitable for security/cryptographic purposes.
  • line 153: Standard pseudo-random generators are not suitable for security/cryptographic purposes.
  • line 153: Standard pseudo-random generators are not suitable for security/cryptographic purposes.
  • line 153: Standard pseudo-random generators are not suitable for security/cryptographic purposes.
license.*1
  • File not found.
INFO 1
Layout1
  • Uses exec based layout
Authors/Maintainers 0

Design456 main

0.00.1· Direct Modeling Workbench for FreeCAD

93.1 / 100

Repository

https://github.com/MariwanJ/Design456
main · Created: 2021-01-29 · Updated: 2 mo · 80 python files

Statistics

1,930
DL(Yr)
413
DL(Mo)
64
Stars
4
Issues
Manifest
Branch
main
Version
0.00.1
License
GPL-3.0-or-later
Dependencies 6
  • Internal: BOPTools
  • Internal: Draft
  • Internal: Mesh
  • Internal: PySide
  • Internal: pivy
  • Warn: PyQt5 (Not in AddonManager allowed packages)
Static Analysis 11
HIGH 2
package.xml2
  • line 2: Expecting a namespace for element package
  • line 8: Missing license file 'LICENSE'
LOW 9
freecad/Design456/Design456Parts1.py6
  • line 466: Standard pseudo-random generators are not suitable for security/cryptographic purposes.
  • line 467: Standard pseudo-random generators are not suitable for security/cryptographic purposes.
  • line 468: Standard pseudo-random generators are not suitable for security/cryptographic purposes.
  • line 469: Standard pseudo-random generators are not suitable for security/cryptographic purposes.
  • line 470: Standard pseudo-random generators are not suitable for security/cryptographic purposes.
  • line 471: Standard pseudo-random generators are not suitable for security/cryptographic purposes.
freecad/Design456/FACE_D.py3
  • line 168: Standard pseudo-random generators are not suitable for security/cryptographic purposes.
  • line 169: Standard pseudo-random generators are not suitable for security/cryptographic purposes.
  • line 170: Standard pseudo-random generators are not suitable for security/cryptographic purposes.
INFO 2
package.xml1
  • Missing author information in package.xml
Layout1
  • Uses extension based layout
Authors/Maintainers 1
Mariwan Jalal

workfeature

No description

93 / 100

Repository

https://github.com/Rentlau/WorkFeature-WB
master · Created: 2018-01-29 · Updated: 1 yr · 35 python files

Statistics

0
DL(Yr)
0
DL(Mo)
13
Stars
6
Issues
Dependencies 3
  • Internal: PySide
  • Pip: numpy
  • Warn: opencv-python (Not in AddonManager allowed packages)
Static Analysis 3
HIGH 2
package.xml1
  • File not found.
Layout1
  • Invalid __init__.py file in root. Change to Init.py
MEDIUM 1
WF_centerFacePoint.py1
  • line 192: Use of possibly insecure function - consider using safer ast.literal_eval.
INFO 1
Layout1
  • Uses exec based layout
Authors/Maintainers 0

BillOfMaterials main

1.3.0.dev· A workbench to create Bill of Materials (BoM) independent of the assembly workbench of your choice.

92.3 / 100

Repository

https://github.com/APEbbers/BillOfMaterials-WB
Develop · Created: 2023-11-05 · Updated: 1 d · 37 python files

Statistics

0
DL(Yr)
0
DL(Mo)
31
Stars
4
Issues
Manifest
Branch
main
Version
1.3.0.dev
License
LGPL-3.0-or-later
Dependencies 3
  • Internal: PySide
  • Pip: matplotlib
  • Pip: openpyxl
Static Analysis 10
HIGH 2
package.xml1
  • Declared branch 'main' does not match git branch 'Develop'
Layout1
  • Invalid __init__.py file in root. Change to Init.py
MEDIUM 1
StyleMapping_BOM_WB.py1
  • line 86: Using xml.etree.ElementTree.parse to parse untrusted XML data is known to be vulnerable to XML attacks. Replace xml.etree.ElementTree.parse with its defusedxml equivalent function or make sure defusedxml.defuse_stdlib() is called
LOW 7
Standard_Functions_BOM_WB.py5
  • line 287: Consider possible security implications associated with the subprocess module.
  • line 294: subprocess call - check for execution of untrusted input.
  • line 296: Starting a process without a shell.
  • line 300: Starting a process with a partial executable path
  • line 300: subprocess call - check for execution of untrusted input.
StyleMapping_BOM_WB.py1
  • line 46: Using xml.etree.ElementTree to parse untrusted XML data is known to be vulnerable to XML attacks. Replace xml.etree.ElementTree with the equivalent defusedxml package, or make sure defusedxml.defuse_stdlib() is called.
package.xml1
  • line 24: Icon file 'Resources/Icons/BillOfMaterialsWB.svg' is too big (>16kB)
INFO 2
package.xml1
  • Missing author information in package.xml
Layout1
  • Uses exec based layout
Authors/Maintainers 1
Paul Ebbers

Assembly4.1 main

0.61.0-0.2· This assembly workbench use lets you put FreeCAD Part and Body together inside a standard Assembly container.

92 / 100

Repository

https://github.com/leoheck/FreeCAD_Assembly4.1
main · Created: 2025-06-23 · Updated: 1 mo · 33 python files

Statistics

7,686
DL(Yr)
2,292
DL(Mo)
22
Stars
3
Issues
Manifest
Branch
main
Version
0.61.0-0.2
License
LGPL-2.1-only
Dependencies 5
  • Internal: PySide
  • Internal: pivy
  • Pip: Pillow
  • Pip: numpy
  • Warn: opencv-python (Not in AddonManager allowed packages)
Static Analysis 6
HIGH 1
package.xml1
  • line 2: Expecting a namespace for element package
MEDIUM 5
freecad/Asm4p1/asm4_objects.py5
  • line 577: Use of possibly insecure function - consider using safer ast.literal_eval.
  • line 579: Use of possibly insecure function - consider using safer ast.literal_eval.
  • line 584: Use of possibly insecure function - consider using safer ast.literal_eval.
  • line 586: Use of exec detected.
  • line 588: Use of exec detected.
INFO 2
package.xml1
  • Missing author information in package.xml
Layout1
  • Uses extension based layout
Authors/Maintainers 1
leoheck

AddonManager main

2026.6.27· Tool to install workbenches, macros, themes, etc.

91.4 / 100

Repository

https://github.com/FreeCAD/AddonManager
main · Created: 2025-04-06 · Updated: 5 d · 101 python files

Statistics

16,587
DL(Yr)
2,172
DL(Mo)
11
Stars
40
Issues
Manifest
Branch
main
Version
2026.6.27
License
LGPL-2.1-or-later
Dependencies 11
  • Compat: PySide2
  • Compat: PySide6
  • Internal: PySide
  • Pip: Markdown
  • Pip: Requests
  • Pip: defusedxml
  • Pip: importlib_metadata
  • Pip: pyfakefs
  • Warn: freecad_addon_analyzer (Not in AddonManager allowed packages)
  • Warn: freecad_addon_analyzer.egg (Not in AddonManager allowed packages)
  • Warn: scour (Not in AddonManager allowed packages)
Static Analysis 50
MEDIUM 4
Resources/translations/run_translation_cycle.py2
  • line 91: Audit url open for permitted schemes. Allowing use of file:/ or custom schemes is often unexpected.
  • line 146: Audit url open for permitted schemes. Allowing use of file:/ or custom schemes is often unexpected.
addonmanager_uninstaller.py1
  • line 151: Use of exec detected.
addonmanager_utilities.py1
  • line 450: Audit url open for permitted schemes. Allowing use of file:/ or custom schemes is often unexpected.
LOW 42
Addon.py1
  • line 32: Using ParseError to parse untrusted XML data is known to be vulnerable to XML attacks. Replace ParseError with the equivalent defusedxml package, or make sure defusedxml.defuse_stdlib() is called.
AddonCatalog.py1
  • line 28: Using ParseError to parse untrusted XML data is known to be vulnerable to XML attacks. Replace ParseError with the equivalent defusedxml package, or make sure defusedxml.defuse_stdlib() is called.
AddonCatalogCacheCreator.py25
  • line 39: Consider possible security implications associated with the subprocess module.
  • line 40: Using ParseError to parse untrusted XML data is known to be vulnerable to XML attacks. Replace ParseError with the equivalent defusedxml package, or make sure defusedxml.defuse_stdlib() is called.
  • line 252: subprocess call - check for execution of untrusted input.
  • line 500: subprocess call - check for execution of untrusted input.
  • line 516: subprocess call - check for execution of untrusted input.
  • line 521: subprocess call - check for execution of untrusted input.
  • line 527: subprocess call - check for execution of untrusted input.
  • line 558: Starting a process with a partial executable path
  • line 558: subprocess call - check for execution of untrusted input.
  • line 559: Starting a process with a partial executable path
  • line 559: subprocess call - check for execution of untrusted input.
  • line 560: Starting a process with a partial executable path
  • line 560: subprocess call - check for execution of untrusted input.
  • line 564: Starting a process with a partial executable path
  • line 564: subprocess call - check for execution of untrusted input.
  • line 569: Starting a process with a partial executable path
  • line 569: subprocess call - check for execution of untrusted input.
  • line 579: Starting a process with a partial executable path
  • line 579: subprocess call - check for execution of untrusted input.
  • line 593: Starting a process with a partial executable path
  • … 5 more issues
AddonManagerTest/app/test_cmake_file_lists.py4
  • line 31: Consider possible security implications associated with the subprocess module.
  • line 82: Possible hardcoded password: 'LICENSE'
  • line 94: Starting a process with a partial executable path
  • line 94: subprocess call - check for execution of untrusted input.
AddonManagerTest/app/test_dependency_installer.py1
  • line 24: Consider possible security implications associated with the subprocess module.
AddonManagerTest/app/test_python_deps.py1
  • line 23: Consider possible security implications associated with the subprocess module.
AddonManagerTest/app/test_utilities.py1
  • line 26: Consider possible security implications associated with the subprocess module.
Resources/translations/run_translation_cycle.py4
  • line 32: Consider possible security implications associated with the subprocess module.
  • line 196: Starting a process with a partial executable path
  • line 196: subprocess call - check for execution of untrusted input.
  • line 359: subprocess call - check for execution of untrusted input.
addonmanager_dependency_installer.py1
  • line 25: Consider possible security implications associated with the subprocess module.
addonmanager_git.py4
  • line 29: Consider possible security implications associated with the subprocess module.
  • line 438: Starting a process with a partial executable path
  • line 438: subprocess call - check for execution of untrusted input.
  • line 446: subprocess call - check for execution of untrusted input.
addonmanager_python_deps.py1
  • line 30: Consider possible security implications associated with the subprocess module.
addonmanager_utilities.py2
  • line 33: Consider possible security implications associated with the subprocess module.
  • line 462: subprocess call - check for execution of untrusted input.
INFO 1
Layout1
  • Uses exec based layout
Authors/Maintainers 4
Jonathan Wiedemann Yorik van Havre Kurt Kremitzki Chris Hennes

AddonManager dev

2026.6.27dev· Development branch of a tool to install workbenches, macros, themes, etc.

91.4 / 100

Repository

https://github.com/FreeCAD/AddonManager
dev · Created: 2025-04-06 · Updated: 5 d · 101 python files

Statistics

763
DL(Yr)
169
DL(Mo)
11
Stars
40
Issues
Manifest
Branch
dev
Version
2026.6.27dev
License
LGPL-2.1-or-later
Dependencies 11
  • Compat: PySide2
  • Compat: PySide6
  • Internal: PySide
  • Pip: Markdown
  • Pip: Requests
  • Pip: defusedxml
  • Pip: importlib_metadata
  • Pip: pyfakefs
  • Warn: freecad_addon_analyzer (Not in AddonManager allowed packages)
  • Warn: freecad_addon_analyzer.egg (Not in AddonManager allowed packages)
  • Warn: scour (Not in AddonManager allowed packages)
Static Analysis 50
MEDIUM 4
Resources/translations/run_translation_cycle.py2
  • line 92: Audit url open for permitted schemes. Allowing use of file:/ or custom schemes is often unexpected.
  • line 147: Audit url open for permitted schemes. Allowing use of file:/ or custom schemes is often unexpected.
addonmanager_uninstaller.py1
  • line 152: Use of exec detected.
addonmanager_utilities.py1
  • line 449: Audit url open for permitted schemes. Allowing use of file:/ or custom schemes is often unexpected.
LOW 42
Addon.py1
  • line 32: Using ParseError to parse untrusted XML data is known to be vulnerable to XML attacks. Replace ParseError with the equivalent defusedxml package, or make sure defusedxml.defuse_stdlib() is called.
AddonCatalog.py1
  • line 28: Using ParseError to parse untrusted XML data is known to be vulnerable to XML attacks. Replace ParseError with the equivalent defusedxml package, or make sure defusedxml.defuse_stdlib() is called.
AddonCatalogCacheCreator.py25
  • line 40: Consider possible security implications associated with the subprocess module.
  • line 42: Using ParseError to parse untrusted XML data is known to be vulnerable to XML attacks. Replace ParseError with the equivalent defusedxml package, or make sure defusedxml.defuse_stdlib() is called.
  • line 254: subprocess call - check for execution of untrusted input.
  • line 502: subprocess call - check for execution of untrusted input.
  • line 518: subprocess call - check for execution of untrusted input.
  • line 523: subprocess call - check for execution of untrusted input.
  • line 529: subprocess call - check for execution of untrusted input.
  • line 560: Starting a process with a partial executable path
  • line 560: subprocess call - check for execution of untrusted input.
  • line 561: Starting a process with a partial executable path
  • line 561: subprocess call - check for execution of untrusted input.
  • line 562: Starting a process with a partial executable path
  • line 562: subprocess call - check for execution of untrusted input.
  • line 566: Starting a process with a partial executable path
  • line 566: subprocess call - check for execution of untrusted input.
  • line 571: Starting a process with a partial executable path
  • line 571: subprocess call - check for execution of untrusted input.
  • line 581: Starting a process with a partial executable path
  • line 581: subprocess call - check for execution of untrusted input.
  • line 595: Starting a process with a partial executable path
  • … 5 more issues
AddonManagerTest/app/test_cmake_file_lists.py4
  • line 31: Consider possible security implications associated with the subprocess module.
  • line 82: Possible hardcoded password: 'LICENSE'
  • line 94: Starting a process with a partial executable path
  • line 94: subprocess call - check for execution of untrusted input.
AddonManagerTest/app/test_dependency_installer.py1
  • line 24: Consider possible security implications associated with the subprocess module.
AddonManagerTest/app/test_python_deps.py1
  • line 23: Consider possible security implications associated with the subprocess module.
AddonManagerTest/app/test_utilities.py1
  • line 26: Consider possible security implications associated with the subprocess module.
Resources/translations/run_translation_cycle.py4
  • line 33: Consider possible security implications associated with the subprocess module.
  • line 197: Starting a process with a partial executable path
  • line 197: subprocess call - check for execution of untrusted input.
  • line 360: subprocess call - check for execution of untrusted input.
addonmanager_dependency_installer.py1
  • line 25: Consider possible security implications associated with the subprocess module.
addonmanager_git.py4
  • line 29: Consider possible security implications associated with the subprocess module.
  • line 438: Starting a process with a partial executable path
  • line 438: subprocess call - check for execution of untrusted input.
  • line 446: subprocess call - check for execution of untrusted input.
addonmanager_python_deps.py1
  • line 30: Consider possible security implications associated with the subprocess module.
addonmanager_utilities.py2
  • line 33: Consider possible security implications associated with the subprocess module.
  • line 461: subprocess call - check for execution of untrusted input.
INFO 1
Layout1
  • Uses exec based layout
Authors/Maintainers 4
Jonathan Wiedemann Yorik van Havre Kurt Kremitzki Chris Hennes

OSAFE master

2022.05.29· This is a workbench for FreeCAD that creates foundation model from CSI ETABS model results.

91.3 / 100

Repository

https://github.com/ebrahimraeyat/OSAFE
master · Created: 2018-11-08 · Updated: 5 mo · 83 python files

Statistics

0
DL(Yr)
0
DL(Mo)
49
Stars
3
Issues
Manifest
Branch
master
Version
2022.05.29
License
LGPL-2.1-or-later
Dependencies 14
  • Internal: Arch
  • Internal: BOPTools
  • Internal: Draft
  • Internal: PySide
  • Internal: Sketcher
  • Internal: pivy
  • Pip: ezdxf
  • Pip: matplotlib
  • Pip: numpy
  • Pip: pandas
  • Warn: GitPython (Not in AddonManager allowed packages)
  • Warn: docx (Not in AddonManager allowed packages)
  • Warn: pytest (Not in AddonManager allowed packages)
  • Warn: wmi (Not in AddonManager allowed packages)
Static Analysis 24
MEDIUM 7
check_legal.py1
  • line 109: Audit url open for permitted schemes. Allowing use of file:/ or custom schemes is often unexpected.
osafe_funcs/osafe_funcs.py4
  • line 474: Use of possibly insecure function - consider using safer ast.literal_eval.
  • line 482: Use of possibly insecure function - consider using safer ast.literal_eval.
  • line 486: Use of possibly insecure function - consider using safer ast.literal_eval.
  • line 489: Use of possibly insecure function - consider using safer ast.literal_eval.
osafe_objects/punch.py2
  • line 672: Use of possibly insecure function - consider using safer ast.literal_eval.
  • line 673: Use of possibly insecure function - consider using safer ast.literal_eval.
LOW 17
check_legal.py3
  • line 4: Consider possible security implications associated with the subprocess module.
  • line 31: Starting a process with a partial executable path
  • line 31: subprocess call - check for execution of untrusted input.
old_punch/foundraw/safe.py1
  • line 100: Try, Except, Continue detected.
old_punch/safe.py1
  • line 126: Try, Except, Continue detected.
osafe_funcs/osafe_funcs.py1
  • line 1836: Try, Except, Continue detected.
osafe_import_export/export.py4
  • line 118: Starting a process without a shell.
  • line 131: Starting a process without a shell.
  • line 154: Standard pseudo-random generators are not suitable for security/cryptographic purposes.
  • line 216: Starting a process without a shell.
osafe_import_export/report.py4
  • line 13: Consider possible security implications associated with the subprocess module.
  • line 16: Starting a process with a partial executable path
  • line 16: subprocess call - check for execution of untrusted input.
  • line 343: Starting a process without a shell.
osafe_import_export/safe_read_write_f2k.py1
  • line 103: Try, Except, Continue detected.
test/osafe_import_export/test_safe_read_write_f2k.py1
  • line 76: Try, Except, Continue detected.
package.xml1
  • line 9: Icon file 'osafe_images/safe.png' is not scalable (svg)
INFO 2
package.xml1
  • Missing author information in package.xml
Layout1
  • Uses exec based layout
Authors/Maintainers 1
Raeyat Roknabadi Ebrahim

Assembly4 main

0.61.1· This assembly workbench allows you to assemble various native FreeCAD parts (of type Part or Body) into a standard assembly container throug...

91 / 100

Repository

https://codeberg.org/Zolko/Assembly4
main · Updated: 7 d · 40 python files

Statistics

15,446
DL(Yr)
2,998
DL(Mo)
0
Stars
0
Issues
Manifest
Branch
main
Version
0.61.1
License
LGPL-2.1-only
Dependencies 5
  • Internal: PySide
  • Internal: pivy
  • Pip: Pillow
  • Pip: numpy
  • Warn: opencv-python (Not in AddonManager allowed packages)
Static Analysis 16
HIGH 1
package.xml1
  • line 2: Expecting a namespace for element package
MEDIUM 5
Code/Asm4_objects.py5
  • line 577: Use of possibly insecure function - consider using safer ast.literal_eval.
  • line 579: Use of possibly insecure function - consider using safer ast.literal_eval.
  • line 584: Use of possibly insecure function - consider using safer ast.literal_eval.
  • line 586: Use of exec detected.
  • line 588: Use of exec detected.
LOW 10
Code/checkInterference.py3
  • line 269: Standard pseudo-random generators are not suitable for security/cryptographic purposes.
  • line 270: Standard pseudo-random generators are not suitable for security/cryptographic purposes.
  • line 271: Standard pseudo-random generators are not suitable for security/cryptographic purposes.
Code/checkInterference_OK.py3
  • line 269: Standard pseudo-random generators are not suitable for security/cryptographic purposes.
  • line 270: Standard pseudo-random generators are not suitable for security/cryptographic purposes.
  • line 271: Standard pseudo-random generators are not suitable for security/cryptographic purposes.
Code/checkInterference_zh.py3
  • line 97: Standard pseudo-random generators are not suitable for security/cryptographic purposes.
  • line 98: Standard pseudo-random generators are not suitable for security/cryptographic purposes.
  • line 99: Standard pseudo-random generators are not suitable for security/cryptographic purposes.
package.xml1
  • line 16: Missing icon file '../Resources/icons/Assembly4.svg'
INFO 2
package.xml1
  • Missing author information in package.xml
Layout1
  • No Mod init scripts found
Authors/Maintainers 1
Zolko

Cables master

0.3.6· Electrical cables drawing tools workbench for FreeCAD.

91 / 100

Repository

https://github.com/sargo-devel/Cables
master · v0.3.6 · Created: 2025-01-21 · Updated: 1 mo · 33 python files

Statistics

9,732
DL(Yr)
2,294
DL(Mo)
80
Stars
6
Issues
Manifest
Branch
master
Version
0.3.6
License
LGPL-3.0-or-later
Dependencies 7
  • Internal: Arch
  • Internal: Draft
  • Internal: PySide
  • Internal: Sketcher
  • Internal: pivy
  • Warn: Show (Not in AddonManager allowed packages)
  • Warn: setuptools (Not in AddonManager allowed packages)
Static Analysis 5
HIGH 2
freecad/cables/resources/translations/updateTranslations.py2
  • line 288: Starting a process with a shell, possible injection detected, security issue.
  • line 351: Starting a process with a shell, possible injection detected, security issue.
MEDIUM 3
freecad/cables/resources/translations/updateTranslations.py2
  • line 170: Audit url open for permitted schemes. Allowing use of file:/ or custom schemes is often unexpected.
  • line 222: Audit url open for permitted schemes. Allowing use of file:/ or custom schemes is often unexpected.
setup.py1
  • line 7: Use of exec detected.
INFO 2
package.xml1
  • Missing author information in package.xml
Layout1
  • Uses extension based layout
Authors/Maintainers 1
SargoDevel

Gridfinity master

0.12.4· This Workbench will generate several variations of parametric Gridfinity bins and baseplates that can be easily customized.

91 / 100

Repository

https://github.com/Stu142/FreeCAD-Gridfinity-Workbench
master · v0.12.4 · Created: 2024-03-18 · Updated: 4 mo · 17 python files

Statistics

10,542
DL(Yr)
1,456
DL(Mo)
510
Stars
38
Issues
Manifest
Branch
master
Version
0.12.4
License
lgpl-2.1-or-later
Dependencies 1
  • Internal: PySide
Static Analysis 3
HIGH 3
package.xml3
  • line 2: Expecting an element maintainer, got nothing
  • line 2: Invalid sequence in interleave
  • line 2: Element package failed to validate content
INFO 2
package.xml1
  • Missing maintainers information in package.xml
Layout1
  • Uses extension based layout
Authors/Maintainers 1
Stuart

QuickMeasure main

2022.10.28· Measures selected features.

91 / 100

Repository

https://github.com/DanMiel/QuickMeasure
main · Created: 2022-10-04 · Updated: 11 mo · 3 python files

Statistics

4,168
DL(Yr)
606
DL(Mo)
11
Stars
4
Issues
Manifest
Branch
main
Version
2022.10.28
License
Dependencies 3
  • Internal: Draft
  • Internal: PySide
  • Pip: numpy
Static Analysis 3
HIGH 3
package.xml3
  • line 2: Expecting an element maintainer, got nothing
  • line 2: Invalid sequence in interleave
  • line 2: Element package failed to validate content
INFO 3
package.xml2
  • Missing author information in package.xml
  • Missing maintainers information in package.xml
Layout1
  • Uses exec based layout
Authors/Maintainers 0

BulletDesigner

1.0.0· Parametric bullet design workbench with ballistic and trajectory tools.

91 / 100

Repository

https://github.com/Supermagnum/BulletDesigner
main · Created: 2026-02-20 · Updated: 2 mo · 19 python files

Statistics

0
DL(Yr)
0
DL(Mo)
5
Stars
0
Issues
Manifest
Branch
Version
1.0.0
License
MIT
Dependencies 2
  • Internal: Mesh
  • Internal: PySide
Static Analysis 3
HIGH 3
package.xml3
  • line 22: Element package has extra content: category
  • Missing repository branch information (&lt;url type="repository" branch="..."&gt;...&lt;url&gt;)
  • Declared branch '' does not match git branch 'main'
INFO 1
Layout1
  • Uses extension based layout
Authors/Maintainers 1
Bullet Designer Team

Launcher Latest

0.1.0· Search for commands and run them.

91 / 100

Repository

https://github.com/Addon-Shelter/Runner
Latest · Created: 2026-03-28 · Updated: 3 mo · 7 python files

Statistics

0
DL(Yr)
0
DL(Mo)
0
Stars
0
Issues
Manifest
Branch
Latest
Version
0.1.0
License
LGPL-2.1-or-later, CC-BY-SA-4.0
Dependencies 1
  • Compat: PySide6
Static Analysis 3
HIGH 3
package.xml3
  • line 15: Invalid attribute type for element replace
  • Extra element replace in interleave
  • line 15: Element package failed to validate content
INFO 1
Layout1
  • Uses extension based layout
Authors/Maintainers 2
PhoneDroid Triplus

Machines Latest

1.0.0· Collection of Community Maintained Machines

90.9 / 100

Repository

https://github.com/FreeCAD/Machines
Stable · v1.0.0 · Created: 2026-03-13 · Updated: 3 mo · 0 python files

Statistics

0
DL(Yr)
0
DL(Mo)
4
Stars
1
Issues
Manifest
Branch
Latest
Version
1.0.0
License
CC-BY-SA-4.0
Static Analysis 4
HIGH 3
package.xml3
  • line 82: Did not expect element Machine there
  • line 83: Element content has extra content: Machine
  • Declared branch 'Latest' does not match git branch 'Stable'
LOW 1
package.xml1
  • line 58: Icon file 'Resources/Icons/Logo.svg' is too big (>16kB)
INFO 1
Layout1
  • No Mod init scripts found
Authors/Maintainers 1
Sliptonic

CADExchanger

No description

90.7 / 100

Repository

https://github.com/yorikvanhavre/CADExchanger
master · Created: 2017-03-25 · Updated: 2 yr · 3 python files

Statistics

1,605
DL(Yr)
324
DL(Mo)
77
Stars
6
Issues
Dependencies 1
  • Internal: PySide
Static Analysis 6
HIGH 3
CADExchangerIO.py2
  • line 188: subprocess call with shell=True identified, security issue.
  • line 220: subprocess call with shell=True identified, security issue.
package.xml1
  • File not found.
LOW 3
CADExchangerIO.py3
  • line 31: Consider possible security implications associated with the subprocess module.
  • line 74: subprocess call - check for execution of untrusted input.
  • line 99: subprocess call - check for execution of untrusted input.
INFO 1
Layout1
  • Uses exec based layout
Authors/Maintainers 0

SearchBar main

1.8.1.1· Adds a search bar widget for tools, document objects, and preferences

90.6 / 100

Repository

https://github.com/APEbbers/SearchBar
main · Created: 2024-11-07 · Updated: 1 mo · 28 python files

Statistics

5,245
DL(Yr)
1,529
DL(Mo)
6
Stars
7
Issues
Manifest
Branch
main
Version
1.8.1.1
License
CCOv1
Dependencies 4
  • Internal: PySide
  • Internal: pivy
  • Pip: lxml
  • Warn: GitPython (Not in AddonManager allowed packages)
Static Analysis 9
HIGH 2
package.xml1
  • line 12: Element maintainer failed to validate attributes
Layout1
  • Invalid __init__.py file in root. Change to Init.py
MEDIUM 3
StandardFunctions_SearchBar.py2
  • line 11: Using xml.etree.ElementTree.parse to parse untrusted XML data is known to be vulnerable to XML attacks. Replace xml.etree.ElementTree.parse with its defusedxml equivalent function or make sure defusedxml.defuse_stdlib() is called
  • line 52: Using xml.etree.ElementTree.fromstring to parse untrusted XML data is known to be vulnerable to XML attacks. Replace xml.etree.ElementTree.fromstring with its defusedxml equivalent function or make sure defusedxml.defuse_stdlib() is called
StyleMapping_SearchBar.py1
  • line 89: Using xml.etree.ElementTree.parse to parse untrusted XML data is known to be vulnerable to XML attacks. Replace xml.etree.ElementTree.parse with its defusedxml equivalent function or make sure defusedxml.defuse_stdlib() is called
LOW 4
ResultsToolbar.py1
  • line 117: Try, Except, Continue detected.
StandardFunctions_SearchBar.py2
  • line 4: Using xml.etree.ElementTree to parse untrusted XML data is known to be vulnerable to XML attacks. Replace xml.etree.ElementTree with the equivalent defusedxml package, or make sure defusedxml.defuse_stdlib() is called.
  • line 39: Using xml.etree.ElementTree to parse untrusted XML data is known to be vulnerable to XML attacks. Replace xml.etree.ElementTree with the equivalent defusedxml package, or make sure defusedxml.defuse_stdlib() is called.
StyleMapping_SearchBar.py1
  • line 43: Using xml.etree.ElementTree to parse untrusted XML data is known to be vulnerable to XML attacks. Replace xml.etree.ElementTree with the equivalent defusedxml package, or make sure defusedxml.defuse_stdlib() is called.
INFO 2
package.xml1
  • Missing author information in package.xml
Layout1
  • Uses exec based layout
Authors/Maintainers 1
Paul Ebbers

pyrate

No description

90.4 / 100

Repository

https://salsa.debian.org/mess42/pyrate
master · Updated: 2 yr · 123 python files

Statistics

0
DL(Yr)
0
DL(Mo)
0
Stars
0
Issues
Dependencies 10
  • Internal: Points
  • Internal: PySide
  • Pip: PyYAML
  • Pip: matplotlib
  • Pip: numpy
  • Pip: scipy
  • Pip: sympy
  • Warn: hypothesis (Not in AddonManager allowed packages)
  • Warn: nltk (Not in AddonManager allowed packages)
  • Warn: setuptools (Not in AddonManager allowed packages)
Static Analysis 11
HIGH 2
package.xml1
  • File not found.
Layout1
  • Invalid __init__.py file in freecad package root.
MEDIUM 3
demos/demo_loadsave.py1
  • line 269: Use of possibly insecure function - consider using safer ast.literal_eval.
pyrateoptics/core/functionobject.py1
  • line 119: Use of exec detected.
pyrateoptics/core/serializer.py1
  • line 457: Use of unsafe yaml load. Allows instantiation of arbitrary objects. Consider yaml.safe_load().
LOW 6
pyrateoptics/core/log.py2
  • line 114: Standard pseudo-random generators are not suitable for security/cryptographic purposes.
  • line 115: Standard pseudo-random generators are not suitable for security/cryptographic purposes.
pyrateoptics/core/names/nltk_list_generator.py1
  • line 82: Standard pseudo-random generators are not suitable for security/cryptographic purposes.
pyrateoptics/raytracer/localcoordinates.py3
  • line 487: Standard pseudo-random generators are not suitable for security/cryptographic purposes.
  • line 488: Standard pseudo-random generators are not suitable for security/cryptographic purposes.
  • line 489: Standard pseudo-random generators are not suitable for security/cryptographic purposes.
INFO 1
Layout1
  • Uses extension based layout
Authors/Maintainers 0

Render master

2024.12.15· (UNMAINTAINED) A workbench to produce high-quality rendered images from your FreeCAD document, using open-source external rendering engines....

90.3 / 100

Repository

https://github.com/FreeCAD/FreeCAD-render
master · Created: 2017-12-17 · Updated: 2 mo · 53 python files

Statistics

10,312
DL(Yr)
2,100
DL(Mo)
229
Stars
17
Issues
Manifest
Branch
master
Version
2024.12.15
License
LGPL-2.1-or-later
Dependencies 9
  • Internal: Mesh
  • Internal: PySide
  • Internal: pivy
  • Pip: numpy
  • Pip: qtpy
  • Warn: MaterialX (Not in AddonManager allowed packages)
  • Warn: PyQt6 (Not in AddonManager allowed packages)
  • Warn: freecad_addon_analyzer (Not in AddonManager allowed packages)
  • Warn: freecad_addon_analyzer.egg (Not in AddonManager allowed packages)
Static Analysis 23
HIGH 1
Render/plugins/materialx/importer/converter/materialx_baker.py1
  • line 497: Use of weak SHA1 hash for security. Consider usedforsecurity=False
MEDIUM 5
Render/renderers/Appleseed.py2
  • line 1439: Using xml.etree.ElementTree.fromstring to parse untrusted XML data is known to be vulnerable to XML attacks. Replace xml.etree.ElementTree.fromstring with its defusedxml equivalent function or make sure defusedxml.defuse_stdlib() is called
  • line 1484: Using xml.dom.minidom.parseString to parse untrusted XML data is known to be vulnerable to XML attacks. Replace xml.dom.minidom.parseString with its defusedxml equivalent function or make sure defusedxml.defuse_stdlib() is called
Render/renderers/Cycles.py1
  • line 1025: Using xml.etree.ElementTree.parse to parse untrusted XML data is known to be vulnerable to XML attacks. Replace xml.etree.ElementTree.parse with its defusedxml equivalent function or make sure defusedxml.defuse_stdlib() is called
Render/virtualenv.py2
  • line 386: Audit url open for permitted schemes. Allowing use of file:/ or custom schemes is often unexpected.
  • line 418: Audit url open for permitted schemes. Allowing use of file:/ or custom schemes is often unexpected.
LOW 17
Render/plugins/materialx/importer/materialx_importer.py2
  • line 25: Consider possible security implications associated with the subprocess module.
  • line 77: subprocess call - check for execution of untrusted input.
Render/prefpage.py2
  • line 32: Consider possible security implications associated with the subprocess module.
  • line 305: subprocess call - check for execution of untrusted input.
Render/rdrexecutor.py2
  • line 34: Consider possible security implications associated with the subprocess module.
  • line 94: subprocess call - check for execution of untrusted input.
Render/renderers/Appleseed.py2
  • line 48: Using xml.etree.ElementTree to parse untrusted XML data is known to be vulnerable to XML attacks. Replace xml.etree.ElementTree with the equivalent defusedxml package, or make sure defusedxml.defuse_stdlib() is called.
  • line 49: Using xml.dom.minidom to parse untrusted XML data is known to be vulnerable to XML attacks. Replace xml.dom.minidom with the equivalent defusedxml package, or make sure defusedxml.defuse_stdlib() is called.
Render/renderers/Cycles.py1
  • line 74: Using xml.etree.ElementTree to parse untrusted XML data is known to be vulnerable to XML attacks. Replace xml.etree.ElementTree with the equivalent defusedxml package, or make sure defusedxml.defuse_stdlib() is called.
Render/virtualenv.py8
  • line 47: Consider possible security implications associated with the subprocess module.
  • line 240: subprocess call - check for execution of untrusted input.
  • line 275: subprocess call - check for execution of untrusted input.
  • line 299: subprocess call - check for execution of untrusted input.
  • line 367: subprocess call - check for execution of untrusted input.
  • line 396: subprocess call - check for execution of untrusted input.
  • line 420: subprocess call - check for execution of untrusted input.
  • line 520: subprocess call - check for execution of untrusted input.
INFO 1
Layout1
  • Uses exec based layout
Authors/Maintainers 3
howetuft No current maintainer Yorik Van Havre

woodworking master

3.2.20260702· Woodworking workbench was designed primarily for creating simple cabinets for your home or garage. However, it includes many features that w...

90.2 / 100

Repository

https://github.com/dprojects/Woodworking
master · Created: 2022-02-25 · Updated: today · 159 python files

Statistics

20,457
DL(Yr)
3,232
DL(Mo)
521
Stars
0
Issues
Manifest
Branch
master
Version
3.2.20260702
License
MIT
Dependencies 9
  • Internal: BOPTools
  • Internal: Draft
  • Internal: PySide
  • Internal: Sketcher
  • Internal: Spreadsheet
  • Internal: TechDraw
  • Internal: pivy
  • Pip: Path
  • Warn: deep_translator (Not in AddonManager allowed packages)
Static Analysis 26
MEDIUM 8
Tools/debugInfo.py2
  • line 240: Audit url open for permitted schemes. Allowing use of file:/ or custom schemes is often unexpected.
  • line 857: Audit url open for permitted schemes. Allowing use of file:/ or custom schemes is often unexpected.
Tools/scanObjects.py1
  • line 1330: Use of possibly insecure function - consider using safer ast.literal_eval.
Tools/setTextures.py1
  • line 517: Audit url open for permitted schemes. Allowing use of file:/ or custom schemes is often unexpected.
Tools/sheet2export.py1
  • line 877: Using xml.etree.ElementTree.fromstring to parse untrusted XML data is known to be vulnerable to XML attacks. Replace xml.etree.ElementTree.fromstring with its defusedxml equivalent function or make sure defusedxml.defuse_stdlib() is called
loadMenu.py2
  • line 217: Audit url open for permitted schemes. Allowing use of file:/ or custom schemes is often unexpected.
  • line 285: Audit url open for permitted schemes. Allowing use of file:/ or custom schemes is often unexpected.
translations/make_AI_translation.py1
  • line 167: Using xml.etree.ElementTree.parse to parse untrusted XML data is known to be vulnerable to XML attacks. Replace xml.etree.ElementTree.parse with its defusedxml equivalent function or make sure defusedxml.defuse_stdlib() is called
LOW 18
Tools/MagicPanels.py4
  • line 2451: Try, Except, Continue detected.
  • line 2572: Try, Except, Continue detected.
  • line 3224: Try, Except, Continue detected.
  • line 4029: Try, Except, Continue detected.
Tools/align2Curve.py1
  • line 138: Try, Except, Continue detected.
Tools/debugInfo.py1
  • line 1014: Try, Except, Continue detected.
Tools/magicView.py2
  • line 350: Try, Except, Continue detected.
  • line 421: Try, Except, Continue detected.
Tools/makeBeautiful.py1
  • line 32: Try, Except, Continue detected.
Tools/selected2Outside.py1
  • line 27: Try, Except, Continue detected.
Tools/sheet2export.py2
  • line 875: Using xml.etree.ElementTree to parse untrusted XML data is known to be vulnerable to XML attacks. Replace xml.etree.ElementTree with the equivalent defusedxml package, or make sure defusedxml.defuse_stdlib() is called.
  • line 886: Try, Except, Continue detected.
Tools/showConstraints.py1
  • line 23: Try, Except, Continue detected.
Tools/showPlacement.py1
  • line 27: Try, Except, Continue detected.
Tools/showVertex.py1
  • line 35: Try, Except, Continue detected.
translations/make_AI_translation.py1
  • line 1: Using xml.etree.ElementTree to parse untrusted XML data is known to be vulnerable to XML attacks. Replace xml.etree.ElementTree with the equivalent defusedxml package, or make sure defusedxml.defuse_stdlib() is called.
package.xml2
  • line 24: Icon file 'Icons/Woodworking.png' is too big (>16kB)
  • line 24: Icon file 'Icons/Woodworking.png' is not scalable (svg)
INFO 1
Layout1
  • Uses exec based layout
Authors/Maintainers 1
Darek L

EasyProfileFrame main

0.0.1· Simplifies the creation of frames using profiles, such as aluminum profiles. It also includes support for exporting Bill of Materials (BOM).

89.9 / 100

Repository

https://github.com/ovo-Tim/EasyProfileFrame
main · Created: 2025-01-19 · Updated: 1 yr · 10 python files

Statistics

3,477
DL(Yr)
682
DL(Mo)
20
Stars
7
Issues
Manifest
Branch
main
Version
0.0.1
License
LGPL-3.0-or-later
Dependencies 3
  • Internal: PySide
  • Internal: Sketcher
  • Warn: setuptools (Not in AddonManager allowed packages)
Static Analysis 5
HIGH 3
package.xml3
  • line 2: Expecting an element maintainer, got nothing
  • line 2: Invalid sequence in interleave
  • line 2: Element package failed to validate content
MEDIUM 1
setup.py1
  • line 11: Use of exec detected.
LOW 1
package.xml1
  • line 20: Icon file 'freecad/easy_profile_frame/resources/icons/MakerWorkbench_Aluproft_Cmd.svg' is too big (>16kB)
INFO 2
package.xml1
  • Missing maintainers information in package.xml
Layout1
  • Uses extension based layout
Authors/Maintainers 1
ovo-Tim

POV-Ray-Rendering

No description

89.2 / 100

Repository

https://github.com/TheRaytracers/freecad-povray-render
master · Created: 2020-11-30 · Updated: 3 yr · 8 python files

Statistics

694
DL(Yr)
259
DL(Mo)
4
Stars
6
Issues
Dependencies 2
  • Internal: PySide
  • Internal: pivy
Static Analysis 12
HIGH 3
Dialog.py1
  • line 1609: Use of weak MD5 hash for security. Consider usedforsecurity=False
package.xml1
  • File not found.
Layout1
  • Invalid __init__.py file in root. Change to Init.py
MEDIUM 1
Dialog.py1
  • line 667: Using xml.etree.ElementTree.parse to parse untrusted XML data is known to be vulnerable to XML attacks. Replace xml.etree.ElementTree.parse with its defusedxml equivalent function or make sure defusedxml.defuse_stdlib() is called
LOW 8
Dialog.py5
  • line 27: Consider possible security implications associated with the subprocess module.
  • line 28: Using xml.etree.ElementTree to parse untrusted XML data is known to be vulnerable to XML attacks. Replace xml.etree.ElementTree with the equivalent defusedxml package, or make sure defusedxml.defuse_stdlib() is called.
  • line 1434: subprocess call - check for execution of untrusted input.
  • line 1445: subprocess call - check for execution of untrusted input.
  • line 1737: subprocess call - check for execution of untrusted input.
Exporter.py3
  • line 31: Consider possible security implications associated with the subprocess module.
  • line 1931: subprocess call - check for execution of untrusted input.
  • line 1934: subprocess call - check for execution of untrusted input.
INFO 1
Layout1
  • Uses exec based layout
Authors/Maintainers 0

osh-autodoc-workbench main

0.2.3· A workbench that support the creation of assembly manuals of open source hardware.

89 / 100

Repository

https://codeberg.org/osh-autodoc/osh-autodoc-workbench
main · Updated: 5 mo · 23 python files

Statistics

0
DL(Yr)
0
DL(Mo)
0
Stars
0
Issues
Manifest
Branch
main
Version
0.2.3
License
LGPL-3.0-or-later
Dependencies 6
  • Compat: PySide6
  • Internal: Draft
  • Internal: PySide
  • Internal: TechDraw
  • Internal: pivy
  • Warn: setuptools (Not in AddonManager allowed packages)
Static Analysis 9
HIGH 1
package.xml1
  • line 19: Missing license file 'None'
MEDIUM 8
freecad/OSHAutoDocWorkbench/layer_state_manager.py6
  • line 663: Use of possibly insecure function - consider using safer ast.literal_eval.
  • line 665: Use of possibly insecure function - consider using safer ast.literal_eval.
  • line 667: Use of possibly insecure function - consider using safer ast.literal_eval.
  • line 669: Use of possibly insecure function - consider using safer ast.literal_eval.
  • line 673: Use of possibly insecure function - consider using safer ast.literal_eval.
  • line 675: Use of possibly insecure function - consider using safer ast.literal_eval.
freecad/OSHAutoDocWorkbench/util/util.py1
  • line 50: Use of possibly insecure function - consider using safer ast.literal_eval.
setup.py1
  • line 13: Use of exec detected.
INFO 1
Layout1
  • Uses extension based layout
Authors/Maintainers 2
Pieter Hijma J.C. Mariscal-Melgar

SaveAndRestore main

1.1· A simple addon to save and restore your settings

88.6 / 100

Repository

https://github.com/APEbbers/SaveAndRestore
main · Created: 2025-04-23 · Updated: 17 d · 11 python files

Statistics

6,067
DL(Yr)
2,154
DL(Mo)
7
Stars
1
Issues
Manifest
Branch
main
Version
1.1
License
MIT
Dependencies 3
  • Internal: PySide
  • Pip: matplotlib
  • Warn: GitPython (Not in AddonManager allowed packages)
Static Analysis 29
HIGH 2
Standard_Functions_SaveAndRestore.py1
  • line 963: subprocess call with shell=True identified, security issue.
package.xml1
  • line 12: Element maintainer failed to validate attributes
MEDIUM 3
Standard_Functions_SaveAndRestore.py2
  • line 497: Using xml.etree.ElementTree.parse to parse untrusted XML data is known to be vulnerable to XML attacks. Replace xml.etree.ElementTree.parse with its defusedxml equivalent function or make sure defusedxml.defuse_stdlib() is called
  • line 534: Using xml.etree.ElementTree.fromstring to parse untrusted XML data is known to be vulnerable to XML attacks. Replace xml.etree.ElementTree.fromstring with its defusedxml equivalent function or make sure defusedxml.defuse_stdlib() is called
StyleMapping_SaveAndRestore.py1
  • line 101: Using xml.etree.ElementTree.parse to parse untrusted XML data is known to be vulnerable to XML attacks. Replace xml.etree.ElementTree.parse with its defusedxml equivalent function or make sure defusedxml.defuse_stdlib() is called
LOW 24
LoadDialog_SaveAndRestore.py12
  • line 41: Consider possible security implications associated with the subprocess module.
  • line 300: subprocess call - check for execution of untrusted input.
  • line 313: Starting a process with a partial executable path
  • line 313: subprocess call - check for execution of untrusted input.
  • line 362: Starting a process with a partial executable path
  • line 362: subprocess call - check for execution of untrusted input.
  • line 461: subprocess call - check for execution of untrusted input.
  • line 467: Starting a process with a partial executable path
  • line 467: subprocess call - check for execution of untrusted input.
  • line 755: Starting a process with a partial executable path
  • line 755: subprocess call - check for execution of untrusted input.
  • line 757: Starting a process without a shell.
Standard_Functions_SaveAndRestore.py11
  • line 318: Consider possible security implications associated with the subprocess module.
  • line 325: subprocess call - check for execution of untrusted input.
  • line 327: Starting a process without a shell.
  • line 331: Starting a process with a partial executable path
  • line 331: subprocess call - check for execution of untrusted input.
  • line 490: Using xml.etree.ElementTree to parse untrusted XML data is known to be vulnerable to XML attacks. Replace xml.etree.ElementTree with the equivalent defusedxml package, or make sure defusedxml.defuse_stdlib() is called.
  • line 524: Using xml.etree.ElementTree to parse untrusted XML data is known to be vulnerable to XML attacks. Replace xml.etree.ElementTree with the equivalent defusedxml package, or make sure defusedxml.defuse_stdlib() is called.
  • line 946: Try, Except, Continue detected.
  • line 959: Consider possible security implications associated with the subprocess module.
  • line 967: Consider possible security implications associated with the subprocess module.
  • line 975: subprocess call - check for execution of untrusted input.
StyleMapping_SaveAndRestore.py1
  • line 61: Using xml.etree.ElementTree to parse untrusted XML data is known to be vulnerable to XML attacks. Replace xml.etree.ElementTree with the equivalent defusedxml package, or make sure defusedxml.defuse_stdlib() is called.
INFO 2
package.xml1
  • Missing author information in package.xml
Layout1
  • Uses exec based layout
Authors/Maintainers 1
Paul Ebbers

TitleBlock main

0.5.2.2· An extension for the TechDraw workbench to fill a TitleBlock with the aid of the Spreadsheet workbench.

88.3 / 100

Repository

https://github.com/APEbbers/TitleBlock-WB
main · Created: 2023-10-07 · Updated: 10 mo · 18 python files

Statistics

0
DL(Yr)
0
DL(Mo)
5
Stars
2
Issues
Manifest
Branch
main
Version
0.5.2.2
License
LGPL-2.1-or-later
Dependencies 4
  • Internal: PySide
  • Pip: matplotlib
  • Pip: openpyxl
  • Warn: pycurl (Not in AddonManager allowed packages)
Static Analysis 12
HIGH 3
utils/updateTranslations.py3
  • line 137: Starting a process with a shell, possible injection detected, security issue.
  • line 179: Starting a process with a shell, possible injection detected, security issue.
  • line 200: Starting a process with a shell, possible injection detected, security issue.
MEDIUM 2
utils/updateTranslations.py2
  • line 194: Using xml.sax.parseString to parse untrusted XML data is known to be vulnerable to XML attacks. Replace xml.sax.parseString with its defusedxml equivalent function or make sure defusedxml.defuse_stdlib() is called
  • line 218: Using xml.sax.parseString to parse untrusted XML data is known to be vulnerable to XML attacks. Replace xml.sax.parseString with its defusedxml equivalent function or make sure defusedxml.defuse_stdlib() is called
LOW 7
Standard_Functions_TB.py5
  • line 316: Consider possible security implications associated with the subprocess module.
  • line 323: subprocess call - check for execution of untrusted input.
  • line 325: Starting a process without a shell.
  • line 329: Starting a process with a partial executable path
  • line 329: subprocess call - check for execution of untrusted input.
utils/updateTranslations.py1
  • line 55: Using xml.sax to parse untrusted XML data is known to be vulnerable to XML attacks. Replace xml.sax with the equivalent defusedxml package, or make sure defusedxml.defuse_stdlib() is called.
package.xml1
  • line 24: Icon file 'Resources/Icons/TitleBlockWB.svg' is too big (>16kB)
INFO 2
package.xml1
  • Missing author information in package.xml
Layout1
  • Uses exec based layout
Authors/Maintainers 1
Paul Ebbers

Launcher Latest

0.1.0· Search for commands and run them.

88 / 100

Repository

https://github.com/Addon-Shelter/Runner
Stable · v0.1.0 · Created: 2026-03-28 · Updated: 3 mo · 2 python files

Statistics

0
DL(Yr)
0
DL(Mo)
0
Stars
0
Issues
Manifest
Branch
Latest
Version
0.1.0
License
LGPL-2.1-or-later, CC-BY-SA-4.0
Dependencies 1
  • Compat: PySide6
Static Analysis 4
HIGH 4
package.xml4
  • line 15: Invalid attribute type for element replace
  • Extra element replace in interleave
  • line 15: Element package failed to validate content
  • Declared branch 'Latest' does not match git branch 'Stable'
INFO 1
Layout1
  • Uses extension based layout
Authors/Maintainers 2
PhoneDroid Triplus

SearchBar main

1.8.0· Adds a search bar widget for tools, document objects, and preferences

87.6 / 100

Repository

https://github.com/APEbbers/SearchBar
Develop · Created: 2024-11-07 · Updated: 9 mo · 28 python files

Statistics

0
DL(Yr)
0
DL(Mo)
6
Stars
7
Issues
Manifest
Branch
main
Version
1.8.0
License
CCOv1
Dependencies 4
  • Internal: PySide
  • Internal: pivy
  • Pip: lxml
  • Warn: GitPython (Not in AddonManager allowed packages)
Static Analysis 10
HIGH 3
package.xml2
  • line 12: Element maintainer failed to validate attributes
  • Declared branch 'main' does not match git branch 'Develop'
Layout1
  • Invalid __init__.py file in root. Change to Init.py
MEDIUM 3
StandardFunctions_SearchBar.py2
  • line 11: Using xml.etree.ElementTree.parse to parse untrusted XML data is known to be vulnerable to XML attacks. Replace xml.etree.ElementTree.parse with its defusedxml equivalent function or make sure defusedxml.defuse_stdlib() is called
  • line 52: Using xml.etree.ElementTree.fromstring to parse untrusted XML data is known to be vulnerable to XML attacks. Replace xml.etree.ElementTree.fromstring with its defusedxml equivalent function or make sure defusedxml.defuse_stdlib() is called
StyleMapping_SearchBar.py1
  • line 83: Using xml.etree.ElementTree.parse to parse untrusted XML data is known to be vulnerable to XML attacks. Replace xml.etree.ElementTree.parse with its defusedxml equivalent function or make sure defusedxml.defuse_stdlib() is called
LOW 4
ResultsToolbar.py1
  • line 117: Try, Except, Continue detected.
StandardFunctions_SearchBar.py2
  • line 4: Using xml.etree.ElementTree to parse untrusted XML data is known to be vulnerable to XML attacks. Replace xml.etree.ElementTree with the equivalent defusedxml package, or make sure defusedxml.defuse_stdlib() is called.
  • line 39: Using xml.etree.ElementTree to parse untrusted XML data is known to be vulnerable to XML attacks. Replace xml.etree.ElementTree with the equivalent defusedxml package, or make sure defusedxml.defuse_stdlib() is called.
StyleMapping_SearchBar.py1
  • line 43: Using xml.etree.ElementTree to parse untrusted XML data is known to be vulnerable to XML attacks. Replace xml.etree.ElementTree with the equivalent defusedxml package, or make sure defusedxml.defuse_stdlib() is called.
INFO 2
package.xml1
  • Missing author information in package.xml
Layout1
  • Uses exec based layout
Authors/Maintainers 1
Paul Ebbers

kicadStepUpMod master

11.08.5· A bidirectional ECAD/MCAD collaboration between KiCAD and FreeCAD.

85.9 / 100

Repository

https://github.com/easyw/kicadStepUpMod
master · Created: 2017-09-12 · Updated: 7 d · 34 python files

Statistics

11,012
DL(Yr)
3,338
DL(Mo)
663
Stars
39
Issues
Manifest
Branch
master
Version
11.08.5
License
AGPLv3.0
Dependencies 17
  • Internal: BOPTools
  • Internal: Draft
  • Internal: Mesh
  • Internal: PySide
  • Internal: Sketcher
  • Internal: TechDraw
  • Internal: pivy
  • Pip: Path
  • Pip: Requests
  • Pip: ezdxf
  • Pip: numpy
  • Warn: Aligner (Not in AddonManager allowed packages)
  • Warn: Caliper (Not in AddonManager allowed packages)
  • Warn: Mover (Not in AddonManager allowed packages)
  • Warn: freecad_addon_analyzer (Not in AddonManager allowed packages)
  • Warn: freecad_addon_analyzer.egg (Not in AddonManager allowed packages)
  • Warn: stepZ (Not in AddonManager allowed packages)
Static Analysis 18
HIGH 3
kicadStepUpCMD.py2
  • line 4680: Starting a process with a shell, possible injection detected, security issue.
  • line 4683: subprocess call with shell=True identified, security issue.
package.xml1
  • line 7: Missing license file 'LICENSE'
MEDIUM 4
InitGui.py1
  • line 433: Possible SQL injection vector through string-based query construction.
commits_num.py3
  • line 11: Call to requests without timeout
  • line 22: Audit url open for permitted schemes. Allowing use of file:/ or custom schemes is often unexpected.
  • line 52: Call to requests without timeout
LOW 11
fps.py2
  • line 195: Standard pseudo-random generators are not suitable for security/cryptographic purposes.
  • line 216: Standard pseudo-random generators are not suitable for security/cryptographic purposes.
kicadStepUpCMD.py5
  • line 4667: Consider possible security implications associated with the subprocess module.
  • line 4674: Starting a process with a partial executable path
  • line 4674: subprocess call - check for execution of untrusted input.
  • line 4676: Starting a process with a partial executable path
  • line 4676: subprocess call - check for execution of untrusted input.
kicad_parser.py1
  • line 1294: Try, Except, Continue detected.
tracks.py2
  • line 206: Standard pseudo-random generators are not suitable for security/cryptographic purposes.
  • line 236: Standard pseudo-random generators are not suitable for security/cryptographic purposes.
license.*1
  • File not found.
INFO 2
package.xml1
  • Missing author information in package.xml
Layout1
  • Uses exec based layout
Authors/Maintainers 1
Maui

fcVM main

2024.9.5· Finite element collapse analysis based on the von Mises plasticity model for use with FreeCAD

85.9 / 100

Repository

https://github.com/HarryvL/fcVM-workbench
main · Created: 2024-01-17 · Updated: 11 mo · 4 python files

Statistics

0
DL(Yr)
0
DL(Mo)
11
Stars
3
Issues
Manifest
Branch
main
Version
2024.9.5
License
Dependencies 9
  • Internal: PySide
  • Pip: matplotlib
  • Pip: numba
  • Pip: numpy
  • Pip: pyvista
  • Pip: scipy
  • Warn: cholespy (Not in AddonManager allowed packages)
  • Warn: femtools (Not in AddonManager allowed packages)
  • Warn: sksparse_minimal (Not in AddonManager allowed packages)
Static Analysis 7
HIGH 4
package.xml4
  • line 2: Expecting an element maintainer, got nothing
  • line 2: Expecting an element license, got nothing
  • line 2: Invalid sequence in interleave
  • line 2: Element package failed to validate content
MEDIUM 2
InitGui.py2
  • line 233: Use of exec detected.
  • line 280: Use of exec detected.
LOW 1
license.*1
  • File not found.
INFO 2
package.xml1
  • Missing author information in package.xml
Layout1
  • Uses exec based layout
Authors/Maintainers 1
HarryvL

SaveAndRestore main

1.1· A simple addon to save and restore your settings

85.6 / 100

Repository

https://github.com/APEbbers/SaveAndRestore
Develop · Created: 2025-04-23 · Updated: 20 d · 11 python files

Statistics

0
DL(Yr)
0
DL(Mo)
7
Stars
1
Issues
Manifest
Branch
main
Version
1.1
License
MIT
Dependencies 3
  • Internal: PySide
  • Pip: matplotlib
  • Warn: GitPython (Not in AddonManager allowed packages)
Static Analysis 30
HIGH 3
Standard_Functions_SaveAndRestore.py1
  • line 963: subprocess call with shell=True identified, security issue.
package.xml2
  • line 12: Element maintainer failed to validate attributes
  • Declared branch 'main' does not match git branch 'Develop'
MEDIUM 3
Standard_Functions_SaveAndRestore.py2
  • line 497: Using xml.etree.ElementTree.parse to parse untrusted XML data is known to be vulnerable to XML attacks. Replace xml.etree.ElementTree.parse with its defusedxml equivalent function or make sure defusedxml.defuse_stdlib() is called
  • line 534: Using xml.etree.ElementTree.fromstring to parse untrusted XML data is known to be vulnerable to XML attacks. Replace xml.etree.ElementTree.fromstring with its defusedxml equivalent function or make sure defusedxml.defuse_stdlib() is called
StyleMapping_SaveAndRestore.py1
  • line 101: Using xml.etree.ElementTree.parse to parse untrusted XML data is known to be vulnerable to XML attacks. Replace xml.etree.ElementTree.parse with its defusedxml equivalent function or make sure defusedxml.defuse_stdlib() is called
LOW 24
LoadDialog_SaveAndRestore.py12
  • line 41: Consider possible security implications associated with the subprocess module.
  • line 300: subprocess call - check for execution of untrusted input.
  • line 313: Starting a process with a partial executable path
  • line 313: subprocess call - check for execution of untrusted input.
  • line 362: Starting a process with a partial executable path
  • line 362: subprocess call - check for execution of untrusted input.
  • line 461: subprocess call - check for execution of untrusted input.
  • line 467: Starting a process with a partial executable path
  • line 467: subprocess call - check for execution of untrusted input.
  • line 755: Starting a process with a partial executable path
  • line 755: subprocess call - check for execution of untrusted input.
  • line 757: Starting a process without a shell.
Standard_Functions_SaveAndRestore.py11
  • line 318: Consider possible security implications associated with the subprocess module.
  • line 325: subprocess call - check for execution of untrusted input.
  • line 327: Starting a process without a shell.
  • line 331: Starting a process with a partial executable path
  • line 331: subprocess call - check for execution of untrusted input.
  • line 490: Using xml.etree.ElementTree to parse untrusted XML data is known to be vulnerable to XML attacks. Replace xml.etree.ElementTree with the equivalent defusedxml package, or make sure defusedxml.defuse_stdlib() is called.
  • line 524: Using xml.etree.ElementTree to parse untrusted XML data is known to be vulnerable to XML attacks. Replace xml.etree.ElementTree with the equivalent defusedxml package, or make sure defusedxml.defuse_stdlib() is called.
  • line 946: Try, Except, Continue detected.
  • line 959: Consider possible security implications associated with the subprocess module.
  • line 967: Consider possible security implications associated with the subprocess module.
  • line 975: subprocess call - check for execution of untrusted input.
StyleMapping_SaveAndRestore.py1
  • line 61: Using xml.etree.ElementTree to parse untrusted XML data is known to be vulnerable to XML attacks. Replace xml.etree.ElementTree with the equivalent defusedxml package, or make sure defusedxml.defuse_stdlib() is called.
INFO 2
package.xml1
  • Missing author information in package.xml
Layout1
  • Uses exec based layout
Authors/Maintainers 1
Paul Ebbers

FreeCAD-Ribbon main

1.11.1· A Ribbon interface for FreeCAD

85.5 / 100

Repository

https://github.com/APEbbers/FreeCAD-Ribbon
main · Created: 2024-09-28 · Updated: 3 d · 50 python files

Statistics

6,082
DL(Yr)
1,450
DL(Mo)
123
Stars
7
Issues
Manifest
Branch
main
Version
1.11.1
License
GPL-3.0-or-later
Dependencies 8
  • Compat: PySide2
  • Compat: PySide6
  • Internal: PySide
  • Pip: Requests
  • Pip: matplotlib
  • Pip: numpy
  • Warn: GitPython (Not in AddonManager allowed packages)
  • Warn: setuptools_scm (Not in AddonManager allowed packages)
Static Analysis 42
HIGH 2
package.xml1
  • line 12: Element maintainer failed to validate attributes
Layout1
  • Invalid __init__.py file in root. Change to Init.py
MEDIUM 5
CacheFunctions.py1
  • line 802: Call to requests without timeout
Standard_Functions_Ribbon.py3
  • line 499: Using xml.etree.ElementTree.parse to parse untrusted XML data is known to be vulnerable to XML attacks. Replace xml.etree.ElementTree.parse with its defusedxml equivalent function or make sure defusedxml.defuse_stdlib() is called
  • line 541: Audit url open for permitted schemes. Allowing use of file:/ or custom schemes is often unexpected.
  • line 543: Using xml.etree.ElementTree.fromstring to parse untrusted XML data is known to be vulnerable to XML attacks. Replace xml.etree.ElementTree.fromstring with its defusedxml equivalent function or make sure defusedxml.defuse_stdlib() is called
StyleMapping_Ribbon.py1
  • line 127: Using xml.etree.ElementTree.parse to parse untrusted XML data is known to be vulnerable to XML attacks. Replace xml.etree.ElementTree.parse with its defusedxml equivalent function or make sure defusedxml.defuse_stdlib() is called
LOW 35
CacheFunctions.py3
  • line 583: Try, Except, Continue detected.
  • line 628: Try, Except, Continue detected.
  • line 676: Try, Except, Continue detected.
FCBinding.py5
  • line 1811: Try, Except, Continue detected.
  • line 1854: Try, Except, Continue detected.
  • line 1897: Try, Except, Continue detected.
  • line 2045: Try, Except, Continue detected.
  • line 4403: Try, Except, Continue detected.
LoadAddCommands.py4
  • line 1743: Try, Except, Continue detected.
  • line 2225: Try, Except, Continue detected.
  • line 2270: Try, Except, Continue detected.
  • line 2318: Try, Except, Continue detected.
LoadDesign_Ribbon.py5
  • line 2972: Try, Except, Continue detected.
  • line 4422: Try, Except, Continue detected.
  • line 4467: Try, Except, Continue detected.
  • line 4515: Try, Except, Continue detected.
  • line 5122: Try, Except, Continue detected.
Standard_Functions_Ribbon.py17
  • line 23: Using Element to parse untrusted XML data is known to be vulnerable to XML attacks. Replace Element with the equivalent defusedxml package, or make sure defusedxml.defuse_stdlib() is called.
  • line 257: Consider possible security implications associated with the subprocess module.
  • line 265: Starting a process with a partial executable path
  • line 265: subprocess call - check for execution of untrusted input.
  • line 267: Starting a process without a shell.
  • line 271: Starting a process with a partial executable path
  • line 271: subprocess call - check for execution of untrusted input.
  • line 273: Starting a process with a partial executable path
  • line 273: subprocess call - check for execution of untrusted input.
  • line 320: Consider possible security implications associated with the subprocess module.
  • line 327: subprocess call - check for execution of untrusted input.
  • line 329: Starting a process without a shell.
  • line 333: Starting a process with a partial executable path
  • line 333: subprocess call - check for execution of untrusted input.
  • line 492: Using xml.etree.ElementTree to parse untrusted XML data is known to be vulnerable to XML attacks. Replace xml.etree.ElementTree with the equivalent defusedxml package, or make sure defusedxml.defuse_stdlib() is called.
  • line 527: Using xml.etree.ElementTree to parse untrusted XML data is known to be vulnerable to XML attacks. Replace xml.etree.ElementTree with the equivalent defusedxml package, or make sure defusedxml.defuse_stdlib() is called.
  • line 1000: Try, Except, Continue detected.
StyleMapping_Ribbon.py1
  • line 81: Using xml.etree.ElementTree to parse untrusted XML data is known to be vulnerable to XML attacks. Replace xml.etree.ElementTree with the equivalent defusedxml package, or make sure defusedxml.defuse_stdlib() is called.
INFO 2
package.xml1
  • Missing author information in package.xml
Layout1
  • Uses exec based layout
Authors/Maintainers 1
Paul Ebbers

FreeGrid main

2.2.0· A simple tools workbench for generating FreeGrid storage system components.

85.4 / 100

Repository

https://github.com/instancezero/in3dca-freegrid.git
main · Created: 2022-07-25 · Updated: 1 yr · 9 python files

Statistics

1,082
DL(Yr)
163
DL(Mo)
50
Stars
2
Issues
Manifest
Branch
main
Version
2.2.0
License
AGPL-3.0-or-later
Dependencies 3
  • Internal: PySide
  • Internal: Sketcher
  • Warn: setuptools (Not in AddonManager allowed packages)
Static Analysis 12
HIGH 4
package.xml4
  • line 12: Element maintainer failed to validate attributes
  • line 14: Element maintainer failed to validate attributes
  • Extra element maintainer in interleave
  • line 14: Element package failed to validate content
MEDIUM 2
freecad/freegrid/resources/translations/update_crowdin.py2
  • line 173: Audit url open for permitted schemes. Allowing use of file:/ or custom schemes is often unexpected.
  • line 254: Audit url open for permitted schemes. Allowing use of file:/ or custom schemes is often unexpected.
LOW 6
freecad/freegrid/commands.py1
  • line 141: Standard pseudo-random generators are not suitable for security/cryptographic purposes.
freecad/freegrid/resources/translations/update_crowdin.py4
  • line 75: Consider possible security implications associated with the subprocess module.
  • line 408: subprocess call - check for execution of untrusted input.
  • line 409: subprocess call - check for execution of untrusted input.
  • line 413: subprocess call - check for execution of untrusted input.
package.xml1
  • line 42: Icon file 'freecad/freegrid/resources/icons/FreeGrid.svg' is too big (>16kB)
INFO 1
Layout1
  • Uses extension based layout
Authors/Maintainers 3
Alan Langford Michael K Johnson hasecilu

freecad_streamdeck_addon main

0.1.7· FreeCAD addon to use an Elgato Stream Deck macropad as an input device.

85 / 100

Repository

https://github.com/Giraut/freecad_streamdeck_addon
main · Created: 2024-02-25 · Updated: 2 yr · 6 python files

Statistics

0
DL(Yr)
0
DL(Mo)
20
Stars
7
Issues
Manifest
Branch
main
Version
0.1.7
License
GPL-3.0-or-later
Dependencies 3
  • Internal: PySide
  • Pip: Pillow
  • Pip: StreamDeck
Static Analysis 5
HIGH 5
streamdeck_addon.py2
  • line 102: Starting a process with a shell, possible injection detected, security issue.
  • line 493: Starting a process with a shell, possible injection detected, security issue.
package.xml3
  • line 2: Expecting an element maintainer, got nothing
  • line 2: Invalid sequence in interleave
  • line 2: Element package failed to validate content
INFO 2
package.xml1
  • Missing maintainers information in package.xml
Layout1
  • Uses exec based layout
Authors/Maintainers 1
Giraut

FEMbyGEN master

2.5.5· Parametric Finite Element Analysis(FEM)

84.9 / 100

Repository

https://github.com/Serince/FEMbyGEN
master · Created: 2022-07-27 · Updated: 2 mo · 28 python files

Statistics

2,423
DL(Yr)
347
DL(Mo)
49
Stars
7
Issues
Manifest
Branch
master
Version
2.5.5
License
LGPL-2.1-only
Dependencies 11
  • Compat: PySide2
  • Compat: PySide6
  • Internal: Fem
  • Internal: Mesh
  • Internal: PySide
  • Pip: matplotlib
  • Pip: numpy
  • Pip: scipy
  • Warn: femtools (Not in AddonManager allowed packages)
  • Warn: freecad_addon_analyzer (Not in AddonManager allowed packages)
  • Warn: freecad_addon_analyzer.egg (Not in AddonManager allowed packages)
Static Analysis 12
HIGH 2
package.xml2
  • line 20: Did not expect element depend there
  • line 11: Element content has extra content: workbench
MEDIUM 9
fembygen/design/pydoe2/build_regression_matrix.py2
  • line 88: Use of possibly insecure function - consider using safer ast.literal_eval.
  • line 93: Use of possibly insecure function - consider using safer ast.literal_eval.
fembygen/topology/beso_lib.py6
  • line 701: Use of possibly insecure function - consider using safer ast.literal_eval.
  • line 871: Use of possibly insecure function - consider using safer ast.literal_eval.
  • line 979: Use of possibly insecure function - consider using safer ast.literal_eval.
  • line 1040: Use of possibly insecure function - consider using safer ast.literal_eval.
  • line 1077: Use of possibly insecure function - consider using safer ast.literal_eval.
  • line 1125: Use of possibly insecure function - consider using safer ast.literal_eval.
fembygen/topology/beso_main.py1
  • line 442: Function call with shell=True parameter identified, possible security issue.
LOW 1
fembygen/topology/beso_main.py1
  • line 9: Consider possible security implications associated with the subprocess module.
INFO 2
package.xml1
  • Missing author information in package.xml
Layout1
  • Uses exec based layout
Authors/Maintainers 1
Serdar T. Ince

drawing_dimensioning

No description

84.5 / 100

Repository

https://github.com/Addon-Shelter/Drawing-Dimensioning
v0.19.4 · 0.19.4 · Created: 2025-11-03 · Updated: 8 mo · 59 python files

Statistics

0
DL(Yr)
0
DL(Mo)
0
Stars
0
Issues
Dependencies 4
  • Internal: PySide
  • Pip: matplotlib
  • Pip: numpy
  • Warn: dxfwrite (Not in AddonManager allowed packages)
Static Analysis 14
HIGH 3
Gui/Resources/compile_resources_pack.py1
  • line 20: Starting a process with a shell, possible injection detected, security issue.
drawingDimensioning/unfold/export_to_dxf.py1
  • line 36: subprocess call with shell=True identified, security issue.
package.xml1
  • File not found.
MEDIUM 6
drawingDimensioning/proxies.py2
  • line 36: Pickle and modules that wrap it can be unsafe when used to deserialize untrusted data, possible security issue.
  • line 37: Pickle and modules that wrap it can be unsafe when used to deserialize untrusted data, possible security issue.
test/test_linear_dimension.py4
  • line 11: Using xml.dom.minidom.parseString to parse untrusted XML data is known to be vulnerable to XML attacks. Replace xml.dom.minidom.parseString with its defusedxml equivalent function or make sure defusedxml.defuse_stdlib() is called
  • line 22: Using xml.etree.ElementTree.fromstring to parse untrusted XML data is known to be vulnerable to XML attacks. Replace xml.etree.ElementTree.fromstring with its defusedxml equivalent function or make sure defusedxml.defuse_stdlib() is called
  • line 28: Using xml.etree.ElementTree.fromstring to parse untrusted XML data is known to be vulnerable to XML attacks. Replace xml.etree.ElementTree.fromstring with its defusedxml equivalent function or make sure defusedxml.defuse_stdlib() is called
  • line 34: Using xml.etree.ElementTree.fromstring to parse untrusted XML data is known to be vulnerable to XML attacks. Replace xml.etree.ElementTree.fromstring with its defusedxml equivalent function or make sure defusedxml.defuse_stdlib() is called
LOW 5
drawingDimensioning/proxies.py1
  • line 1: Consider possible security implications associated with pickle module.
drawingDimensioning/selectionOverlay/__init__.py1
  • line 10: Consider possible security implications associated with pickle module.
drawingDimensioning/unfold/export_to_dxf.py1
  • line 4: Consider possible security implications associated with the subprocess module.
test/test_linear_dimension.py2
  • line 8: Using xml.etree.ElementTree to parse untrusted XML data is known to be vulnerable to XML attacks. Replace xml.etree.ElementTree with the equivalent defusedxml package, or make sure defusedxml.defuse_stdlib() is called.
  • line 10: Using xml.dom.minidom to parse untrusted XML data is known to be vulnerable to XML attacks. Replace xml.dom.minidom with the equivalent defusedxml package, or make sure defusedxml.defuse_stdlib() is called.
INFO 1
Layout1
  • Uses exec based layout
Authors/Maintainers 0

Manipulator master

1.6.4· A handy way to Move and Align objects in FreeCAD.

83.6 / 100

Repository

https://github.com/easyw/Manipulator
master · Created: 2017-10-02 · Updated: 3 mo · 10 python files

Statistics

10,245
DL(Yr)
1,470
DL(Mo)
76
Stars
24
Issues
Manifest
Branch
master
Version
1.6.4
License
GPLv3.0
Dependencies 9
  • Internal: Arch
  • Internal: Draft
  • Internal: PySide
  • Internal: Sketcher
  • Internal: pivy
  • Pip: Requests
  • Pip: numpy
  • Warn: Drawing (Not in AddonManager allowed packages)
  • Warn: Show (Not in AddonManager allowed packages)
Static Analysis 14
HIGH 3
ManipulatorCMD.py2
  • line 182: Starting a process with a shell, possible injection detected, security issue.
  • line 185: subprocess call with shell=True identified, security issue.
package.xml1
  • line 7: Missing license file 'LICENSE'
MEDIUM 7
Aligner.py1
  • line 1706: Possible SQL injection vector through string-based query construction.
InitGui.py1
  • line 144: Possible SQL injection vector through string-based query construction.
commits_num_.py3
  • line 11: Call to requests without timeout
  • line 22: Audit url open for permitted schemes. Allowing use of file:/ or custom schemes is often unexpected.
  • line 52: Call to requests without timeout
oDraft.py2
  • line 3402: Use of possibly insecure function - consider using safer ast.literal_eval.
  • line 3643: Use of possibly insecure function - consider using safer ast.literal_eval.
LOW 4
ManipulatorCMD.py3
  • line 175: Consider possible security implications associated with the subprocess module.
  • line 178: Starting a process with a partial executable path
  • line 178: subprocess call - check for execution of untrusted input.
license.*1
  • File not found.
INFO 2
package.xml1
  • Missing author information in package.xml
Layout1
  • Uses exec based layout
Authors/Maintainers 1
Maui

Part-o-magic master

1.1.0· Experiment on FreeCAD-wide automation of Part container management

83.5 / 100

Repository

https://github.com/DeepSOIC/Part-o-magic
master · Created: 2016-05-20 · Updated: 2 mo · 62 python files

Statistics

0
DL(Yr)
0
DL(Mo)
15
Stars
28
Issues
Manifest
Branch
master
Version
1.1.0
License
LGPL-2.0-or-later
Dependencies 4
  • Internal: BOPTools
  • Internal: PySide
  • Internal: pivy
  • Warn: Show (Not in AddonManager allowed packages)
Static Analysis 21
MEDIUM 16
PartOMagic/Base/FilePlant/FCObject.py1
  • line 99: Using xml.etree.ElementTree.fromstring to parse untrusted XML data is known to be vulnerable to XML attacks. Replace xml.etree.ElementTree.fromstring with its defusedxml equivalent function or make sure defusedxml.defuse_stdlib() is called
PartOMagic/Base/FilePlant/FCProject.py9
  • line 73: Using xml.etree.ElementTree.fromstring to parse untrusted XML data is known to be vulnerable to XML attacks. Replace xml.etree.ElementTree.fromstring with its defusedxml equivalent function or make sure defusedxml.defuse_stdlib() is called
  • line 78: Using xml.etree.ElementTree.fromstring to parse untrusted XML data is known to be vulnerable to XML attacks. Replace xml.etree.ElementTree.fromstring with its defusedxml equivalent function or make sure defusedxml.defuse_stdlib() is called
  • line 97: Using xml.etree.ElementTree.parse to parse untrusted XML data is known to be vulnerable to XML attacks. Replace xml.etree.ElementTree.parse with its defusedxml equivalent function or make sure defusedxml.defuse_stdlib() is called
  • line 99: Using xml.etree.ElementTree.parse to parse untrusted XML data is known to be vulnerable to XML attacks. Replace xml.etree.ElementTree.parse with its defusedxml equivalent function or make sure defusedxml.defuse_stdlib() is called
  • line 128: Using xml.etree.ElementTree.fromstring to parse untrusted XML data is known to be vulnerable to XML attacks. Replace xml.etree.ElementTree.fromstring with its defusedxml equivalent function or make sure defusedxml.defuse_stdlib() is called
  • line 133: Using xml.etree.ElementTree.parse to parse untrusted XML data is known to be vulnerable to XML attacks. Replace xml.etree.ElementTree.parse with its defusedxml equivalent function or make sure defusedxml.defuse_stdlib() is called
  • line 141: Using xml.etree.ElementTree.fromstring to parse untrusted XML data is known to be vulnerable to XML attacks. Replace xml.etree.ElementTree.fromstring with its defusedxml equivalent function or make sure defusedxml.defuse_stdlib() is called
  • line 144: Using xml.etree.ElementTree.parse to parse untrusted XML data is known to be vulnerable to XML attacks. Replace xml.etree.ElementTree.parse with its defusedxml equivalent function or make sure defusedxml.defuse_stdlib() is called
  • line 153: Using xml.etree.ElementTree.fromstring to parse untrusted XML data is known to be vulnerable to XML attacks. Replace xml.etree.ElementTree.fromstring with its defusedxml equivalent function or make sure defusedxml.defuse_stdlib() is called
PartOMagic/Base/FilePlant/FCProperty.py4
  • line 19: Using xml.etree.ElementTree.fromstring to parse untrusted XML data is known to be vulnerable to XML attacks. Replace xml.etree.ElementTree.fromstring with its defusedxml equivalent function or make sure defusedxml.defuse_stdlib() is called
  • line 171: Using xml.etree.ElementTree.fromstring to parse untrusted XML data is known to be vulnerable to XML attacks. Replace xml.etree.ElementTree.fromstring with its defusedxml equivalent function or make sure defusedxml.defuse_stdlib() is called
  • line 220: Using xml.etree.ElementTree.fromstring to parse untrusted XML data is known to be vulnerable to XML attacks. Replace xml.etree.ElementTree.fromstring with its defusedxml equivalent function or make sure defusedxml.defuse_stdlib() is called
  • line 269: Using xml.etree.ElementTree.fromstring to parse untrusted XML data is known to be vulnerable to XML attacks. Replace xml.etree.ElementTree.fromstring with its defusedxml equivalent function or make sure defusedxml.defuse_stdlib() is called
PartOMagic/Base/FilePlant/PropertyExpressionEngine.py2
  • line 81: Using xml.etree.ElementTree.fromstring to parse untrusted XML data is known to be vulnerable to XML attacks. Replace xml.etree.ElementTree.fromstring with its defusedxml equivalent function or make sure defusedxml.defuse_stdlib() is called
  • line 113: Using xml.etree.ElementTree.fromstring to parse untrusted XML data is known to be vulnerable to XML attacks. Replace xml.etree.ElementTree.fromstring with its defusedxml equivalent function or make sure defusedxml.defuse_stdlib() is called
LOW 5
PartOMagic/Base/FilePlant/FCObject.py1
  • line 2: Using ElementTree to parse untrusted XML data is known to be vulnerable to XML attacks. Replace ElementTree with the equivalent defusedxml package, or make sure defusedxml.defuse_stdlib() is called.
PartOMagic/Base/FilePlant/FCProject.py1
  • line 2: Using ElementTree to parse untrusted XML data is known to be vulnerable to XML attacks. Replace ElementTree with the equivalent defusedxml package, or make sure defusedxml.defuse_stdlib() is called.
PartOMagic/Base/FilePlant/FCProperty.py1
  • line 1: Using ElementTree to parse untrusted XML data is known to be vulnerable to XML attacks. Replace ElementTree with the equivalent defusedxml package, or make sure defusedxml.defuse_stdlib() is called.
PartOMagic/Base/FilePlant/PropertyExpressionEngine.py1
  • line 1: Using ElementTree to parse untrusted XML data is known to be vulnerable to XML attacks. Replace ElementTree with the equivalent defusedxml package, or make sure defusedxml.defuse_stdlib() is called.
PartOMagic/Gui/Tools/SelectionTools.py1
  • line 120: Try, Except, Continue detected.
INFO 2
package.xml1
  • Missing author information in package.xml
Layout1
  • Uses exec based layout
Authors/Maintainers 1
DeepSOIC

A2plus master

0.4.68· Another assembly workbench for FreeCAD, following and extending Hamish's Assembly 2 workbench hence Assembly2plus. The main goal of A2plus i...

83 / 100

Repository

https://github.com/kbwbe/A2plus
master · Created: 2018-06-28 · Updated: 5 mo · 38 python files

Statistics

18,160
DL(Yr)
3,156
DL(Mo)
205
Stars
49
Issues
Manifest
Branch
master
Version
0.4.68
License
LGPL-2.1-or-later
Dependencies 6
  • Compat: PySide2
  • Compat: PySide6
  • Internal: PySide
  • Internal: Spreadsheet
  • Internal: pivy
  • Pip: numpy
Static Analysis 45
HIGH 4
CD_ConstraintViewer.py1
  • line 258: subprocess call with shell=True identified, security issue.
GuiA2p/Resources/compile_resources_pack.py1
  • line 20: Starting a process with a shell, possible injection detected, security issue.
compileA2pResources.py1
  • line 57: Starting a process with a shell, possible injection detected, security issue.
Layout1
  • Invalid __init__.py file in root. Change to Init.py
MEDIUM 1
a2p_fcdocumentreader.py1
  • line 228: Using xml.etree.ElementTree.fromstring to parse untrusted XML data is known to be vulnerable to XML attacks. Replace xml.etree.ElementTree.fromstring with its defusedxml equivalent function or make sure defusedxml.defuse_stdlib() is called
LOW 40
CD_ConstraintViewer.py2
  • line 27: Consider possible security implications associated with the subprocess module.
  • line 298: Try, Except, Continue detected.
a2p_dependencies.py12
  • line 431: Standard pseudo-random generators are not suitable for security/cryptographic purposes.
  • line 432: Standard pseudo-random generators are not suitable for security/cryptographic purposes.
  • line 433: Standard pseudo-random generators are not suitable for security/cryptographic purposes.
  • line 665: Standard pseudo-random generators are not suitable for security/cryptographic purposes.
  • line 666: Standard pseudo-random generators are not suitable for security/cryptographic purposes.
  • line 667: Standard pseudo-random generators are not suitable for security/cryptographic purposes.
  • line 807: Standard pseudo-random generators are not suitable for security/cryptographic purposes.
  • line 808: Standard pseudo-random generators are not suitable for security/cryptographic purposes.
  • line 809: Standard pseudo-random generators are not suitable for security/cryptographic purposes.
  • line 847: Standard pseudo-random generators are not suitable for security/cryptographic purposes.
  • line 848: Standard pseudo-random generators are not suitable for security/cryptographic purposes.
  • line 849: Standard pseudo-random generators are not suitable for security/cryptographic purposes.
a2p_fcdocumentreader.py2
  • line 28: Using xml.etree.cElementTree to parse untrusted XML data is known to be vulnerable to XML attacks. Replace xml.etree.cElementTree with the equivalent defusedxml package, or make sure defusedxml.defuse_stdlib() is called.
  • line 30: Using xml.etree.ElementTree to parse untrusted XML data is known to be vulnerable to XML attacks. Replace xml.etree.ElementTree with the equivalent defusedxml package, or make sure defusedxml.defuse_stdlib() is called.
a2p_simpleXMLreader.py1
  • line 36: Using xml.sax.saxutils to parse untrusted XML data is known to be vulnerable to XML attacks. Replace xml.sax.saxutils with the equivalent defusedxml package, or make sure defusedxml.defuse_stdlib() is called.
compileA2pResources.py4
  • line 66: Starting a process with a shell: Seems safe, but may be changed in the future, consider rewriting without shell
  • line 66: Starting a process with a partial executable path
  • line 70: Starting a process with a shell: Seems safe, but may be changed in the future, consider rewriting without shell
  • line 70: Starting a process with a partial executable path
translations/update_ts.py19
  • line 29: Consider possible security implications associated with the subprocess module.
  • line 40: Starting a process with a shell: Seems safe, but may be changed in the future, consider rewriting without shell
  • line 40: Starting a process with a partial executable path
  • line 43: Starting a process with a shell: Seems safe, but may be changed in the future, consider rewriting without shell
  • line 43: Starting a process with a partial executable path
  • line 50: Starting a process with a shell: Seems safe, but may be changed in the future, consider rewriting without shell
  • line 50: Starting a process with a partial executable path
  • line 53: Starting a process with a shell: Seems safe, but may be changed in the future, consider rewriting without shell
  • line 53: Starting a process with a partial executable path
  • line 59: Starting a process with a shell: Seems safe, but may be changed in the future, consider rewriting without shell
  • line 59: Starting a process with a partial executable path
  • line 61: Starting a process with a shell: Seems safe, but may be changed in the future, consider rewriting without shell
  • line 61: Starting a process with a partial executable path
  • line 73: Starting a process with a shell: Seems safe, but may be changed in the future, consider rewriting without shell
  • line 73: Starting a process with a partial executable path
  • line 84: Starting a process with a shell: Seems safe, but may be changed in the future, consider rewriting without shell
  • line 84: Starting a process with a partial executable path
  • line 91: Starting a process with a shell: Seems safe, but may be changed in the future, consider rewriting without shell
  • line 91: Starting a process with a partial executable path
INFO 2
package.xml1
  • Missing author information in package.xml
Layout1
  • Uses exec based layout
Authors/Maintainers 1
kbwbe

FEM_FrontISTR master

0.2.0· A FreeCAD addon that enables a parallel nonliner FEM solver FrontISTR.

82.9 / 100

Repository

https://github.com/FrontISTR/FEM_FrontISTR
master · Created: 2021-04-03 · Updated: 11 mo · 29 python files

Statistics

0
DL(Yr)
0
DL(Mo)
36
Stars
0
Issues
Manifest
Branch
master
Version
0.2.0
License
LGPL-2.1-or-later
Dependencies 8
  • Internal: Draft
  • Internal: Fem
  • Internal: Mesh
  • Internal: PySide
  • Internal: Sketcher
  • Pip: numpy
  • Pip: six
  • Warn: femtools (Not in AddonManager allowed packages)
Static Analysis 17
HIGH 5
fistrtools.py4
  • line 456: subprocess call with shell=True identified, security issue.
  • line 609: subprocess call with shell=True identified, security issue.
  • line 735: subprocess call with shell=True identified, security issue.
  • line 788: subprocess call with shell=True identified, security issue.
task_solver_fistrtools.py1
  • line 369: subprocess call with shell=True identified, security issue.
MEDIUM 1
fistrtools.py1
  • line 645: Audit url open for permitted schemes. Allowing use of file:/ or custom schemes is often unexpected.
LOW 11
femsolver_FrontISTR/tasks.py2
  • line 35: Consider possible security implications associated with the subprocess module.
  • line 88: subprocess call - check for execution of untrusted input.
fistrtools.py8
  • line 35: Consider possible security implications associated with the subprocess module.
  • line 430: Consider possible security implications associated with the subprocess module.
  • line 513: Starting a process with a partial executable path
  • line 513: subprocess call with shell=True seems safe, but may be changed in the future, consider rewriting without shell
  • line 531: Starting a process with a partial executable path
  • line 531: subprocess call with shell=True seems safe, but may be changed in the future, consider rewriting without shell
  • line 547: Starting a process with a partial executable path
  • line 547: subprocess call with shell=True seems safe, but may be changed in the future, consider rewriting without shell
task_solver_fistrtools.py1
  • line 343: Consider possible security implications associated with the subprocess module.
INFO 2
package.xml1
  • Missing author information in package.xml
Layout1
  • Uses exec based layout
Authors/Maintainers 1
FrontISTR-Commons

Reinforcement master

v0.6· A workbench that provides tools for Reinforcement Generation and its Detailing.

82.7 / 100

Repository

https://github.com/amrit3701/FreeCAD-Reinforcement
master · Created: 2017-04-09 · Updated: 4 mo · 66 python files

Statistics

1,830
DL(Yr)
266
DL(Mo)
65
Stars
61
Issues
Manifest
Branch
master
Version
v0.6
License
LGPL-2.1-or-later
Dependencies 5
  • Compat: PySide6
  • Internal: Arch
  • Internal: Draft
  • Internal: PySide
  • Pip: Pillow
Static Analysis 36
HIGH 1
package.xml1
  • line 7: Missing license file 'None'
MEDIUM 12
BarBendingSchedule/BBSfunc.py1
  • line 337: Using xml.dom.minidom.parseString to parse untrusted XML data is known to be vulnerable to XML attacks. Replace xml.dom.minidom.parseString with its defusedxml equivalent function or make sure defusedxml.defuse_stdlib() is called
BillOfMaterial/BillOfMaterialContent.py3
  • line 308: Using xml.etree.ElementTree.fromstring to parse untrusted XML data is known to be vulnerable to XML attacks. Replace xml.etree.ElementTree.fromstring with its defusedxml equivalent function or make sure defusedxml.defuse_stdlib() is called
  • line 355: Using xml.etree.ElementTree.fromstring to parse untrusted XML data is known to be vulnerable to XML attacks. Replace xml.etree.ElementTree.fromstring with its defusedxml equivalent function or make sure defusedxml.defuse_stdlib() is called
  • line 449: Using xml.etree.ElementTree.fromstring to parse untrusted XML data is known to be vulnerable to XML attacks. Replace xml.etree.ElementTree.fromstring with its defusedxml equivalent function or make sure defusedxml.defuse_stdlib() is called
BillOfMaterial/BillOfMaterial_SVG.py3
  • line 998: Using xml.dom.minidom.parseString to parse untrusted XML data is known to be vulnerable to XML attacks. Replace xml.dom.minidom.parseString with its defusedxml equivalent function or make sure defusedxml.defuse_stdlib() is called
  • line 1052: Using xml.dom.minidom.parseString to parse untrusted XML data is known to be vulnerable to XML attacks. Replace xml.dom.minidom.parseString with its defusedxml equivalent function or make sure defusedxml.defuse_stdlib() is called
  • line 1063: Using xml.dom.minidom.parseString to parse untrusted XML data is known to be vulnerable to XML attacks. Replace xml.dom.minidom.parseString with its defusedxml equivalent function or make sure defusedxml.defuse_stdlib() is called
RebarShapeCutList/RebarShapeCutListfunc.py2
  • line 806: Using xml.etree.ElementTree.fromstring to parse untrusted XML data is known to be vulnerable to XML attacks. Replace xml.etree.ElementTree.fromstring with its defusedxml equivalent function or make sure defusedxml.defuse_stdlib() is called
  • line 1282: Using xml.dom.minidom.parseString to parse untrusted XML data is known to be vulnerable to XML attacks. Replace xml.dom.minidom.parseString with its defusedxml equivalent function or make sure defusedxml.defuse_stdlib() is called
ReinforcementDrawing/ReinforcementDrawingfunc.py3
  • line 802: Using xml.etree.ElementTree.fromstring to parse untrusted XML data is known to be vulnerable to XML attacks. Replace xml.etree.ElementTree.fromstring with its defusedxml equivalent function or make sure defusedxml.defuse_stdlib() is called
  • line 818: Using xml.etree.ElementTree.fromstring to parse untrusted XML data is known to be vulnerable to XML attacks. Replace xml.etree.ElementTree.fromstring with its defusedxml equivalent function or make sure defusedxml.defuse_stdlib() is called
  • line 845: Using xml.etree.ElementTree.fromstring to parse untrusted XML data is known to be vulnerable to XML attacks. Replace xml.etree.ElementTree.fromstring with its defusedxml equivalent function or make sure defusedxml.defuse_stdlib() is called
LOW 23
BarBendingSchedule/BBSfunc.py2
  • line 36: Using minidom to parse untrusted XML data is known to be vulnerable to XML attacks. Replace minidom with the equivalent defusedxml package, or make sure defusedxml.defuse_stdlib() is called.
  • line 37: Using ElementTree to parse untrusted XML data is known to be vulnerable to XML attacks. Replace ElementTree with the equivalent defusedxml package, or make sure defusedxml.defuse_stdlib() is called.
BillOfMaterial/BillOfMaterialContent.py1
  • line 30: Using ElementTree to parse untrusted XML data is known to be vulnerable to XML attacks. Replace ElementTree with the equivalent defusedxml package, or make sure defusedxml.defuse_stdlib() is called.
BillOfMaterial/BillOfMaterial_SVG.py2
  • line 35: Using minidom to parse untrusted XML data is known to be vulnerable to XML attacks. Replace minidom with the equivalent defusedxml package, or make sure defusedxml.defuse_stdlib() is called.
  • line 36: Using ElementTree to parse untrusted XML data is known to be vulnerable to XML attacks. Replace ElementTree with the equivalent defusedxml package, or make sure defusedxml.defuse_stdlib() is called.
RebarShapeCutList/RebarShapeCutListfunc.py2
  • line 31: Using minidom to parse untrusted XML data is known to be vulnerable to XML attacks. Replace minidom with the equivalent defusedxml package, or make sure defusedxml.defuse_stdlib() is called.
  • line 32: Using ElementTree to parse untrusted XML data is known to be vulnerable to XML attacks. Replace ElementTree with the equivalent defusedxml package, or make sure defusedxml.defuse_stdlib() is called.
ReinforcementDrawing/ReinforcementDimensioning.py1
  • line 29: Using ElementTree to parse untrusted XML data is known to be vulnerable to XML attacks. Replace ElementTree with the equivalent defusedxml package, or make sure defusedxml.defuse_stdlib() is called.
ReinforcementDrawing/ReinforcementDimensioningfunc.py10
  • line 30: Using ElementTree to parse untrusted XML data is known to be vulnerable to XML attacks. Replace ElementTree with the equivalent defusedxml package, or make sure defusedxml.defuse_stdlib() is called.
  • line 652: Standard pseudo-random generators are not suitable for security/cryptographic purposes.
  • line 680: Standard pseudo-random generators are not suitable for security/cryptographic purposes.
  • line 1026: Standard pseudo-random generators are not suitable for security/cryptographic purposes.
  • line 1054: Standard pseudo-random generators are not suitable for security/cryptographic purposes.
  • line 1441: Standard pseudo-random generators are not suitable for security/cryptographic purposes.
  • line 1469: Standard pseudo-random generators are not suitable for security/cryptographic purposes.
  • line 1860: Standard pseudo-random generators are not suitable for security/cryptographic purposes.
  • line 1888: Standard pseudo-random generators are not suitable for security/cryptographic purposes.
  • line 2284: Standard pseudo-random generators are not suitable for security/cryptographic purposes.
ReinforcementDrawing/ReinforcementDrawingView.py1
  • line 29: Using ElementTree to parse untrusted XML data is known to be vulnerable to XML attacks. Replace ElementTree with the equivalent defusedxml package, or make sure defusedxml.defuse_stdlib() is called.
ReinforcementDrawing/ReinforcementDrawingfunc.py1
  • line 30: Using ElementTree to parse untrusted XML data is known to be vulnerable to XML attacks. Replace ElementTree with the equivalent defusedxml package, or make sure defusedxml.defuse_stdlib() is called.
SVGfunc.py1
  • line 31: Using ElementTree to parse untrusted XML data is known to be vulnerable to XML attacks. Replace ElementTree with the equivalent defusedxml package, or make sure defusedxml.defuse_stdlib() is called.
license.*1
  • File not found.
package.xml1
  • line 9: Icon file 'icons/Reinforcement.svg' is too big (>16kB)
INFO 2
package.xml1
  • Missing author information in package.xml
Layout1
  • Uses exec based layout
Authors/Maintainers 1
Amritpal Singh (amrit3701)

FreeCAD-Ribbon main

1.12.0dev· A Ribbon interface for FreeCAD

82.5 / 100

Repository

https://github.com/APEbbers/FreeCAD-Ribbon
Develop · Created: 2024-09-28 · Updated: 1 d · 50 python files

Statistics

0
DL(Yr)
0
DL(Mo)
123
Stars
7
Issues
Manifest
Branch
main
Version
1.12.0dev
License
GPL-3.0-or-later
Dependencies 8
  • Compat: PySide2
  • Compat: PySide6
  • Internal: PySide
  • Pip: Requests
  • Pip: matplotlib
  • Pip: numpy
  • Warn: GitPython (Not in AddonManager allowed packages)
  • Warn: setuptools_scm (Not in AddonManager allowed packages)
Static Analysis 43
HIGH 3
package.xml2
  • line 12: Element maintainer failed to validate attributes
  • Declared branch 'main' does not match git branch 'Develop'
Layout1
  • Invalid __init__.py file in root. Change to Init.py
MEDIUM 5
CacheFunctions.py1
  • line 802: Call to requests without timeout
Standard_Functions_Ribbon.py3
  • line 499: Using xml.etree.ElementTree.parse to parse untrusted XML data is known to be vulnerable to XML attacks. Replace xml.etree.ElementTree.parse with its defusedxml equivalent function or make sure defusedxml.defuse_stdlib() is called
  • line 541: Audit url open for permitted schemes. Allowing use of file:/ or custom schemes is often unexpected.
  • line 543: Using xml.etree.ElementTree.fromstring to parse untrusted XML data is known to be vulnerable to XML attacks. Replace xml.etree.ElementTree.fromstring with its defusedxml equivalent function or make sure defusedxml.defuse_stdlib() is called
StyleMapping_Ribbon.py1
  • line 127: Using xml.etree.ElementTree.parse to parse untrusted XML data is known to be vulnerable to XML attacks. Replace xml.etree.ElementTree.parse with its defusedxml equivalent function or make sure defusedxml.defuse_stdlib() is called
LOW 35
CacheFunctions.py3
  • line 583: Try, Except, Continue detected.
  • line 628: Try, Except, Continue detected.
  • line 676: Try, Except, Continue detected.
FCBinding.py5
  • line 1821: Try, Except, Continue detected.
  • line 1864: Try, Except, Continue detected.
  • line 1907: Try, Except, Continue detected.
  • line 2060: Try, Except, Continue detected.
  • line 4455: Try, Except, Continue detected.
LoadAddCommands.py4
  • line 1743: Try, Except, Continue detected.
  • line 2225: Try, Except, Continue detected.
  • line 2270: Try, Except, Continue detected.
  • line 2318: Try, Except, Continue detected.
LoadDesign_Ribbon.py5
  • line 2972: Try, Except, Continue detected.
  • line 4422: Try, Except, Continue detected.
  • line 4467: Try, Except, Continue detected.
  • line 4515: Try, Except, Continue detected.
  • line 5122: Try, Except, Continue detected.
Standard_Functions_Ribbon.py17
  • line 23: Using Element to parse untrusted XML data is known to be vulnerable to XML attacks. Replace Element with the equivalent defusedxml package, or make sure defusedxml.defuse_stdlib() is called.
  • line 257: Consider possible security implications associated with the subprocess module.
  • line 265: Starting a process with a partial executable path
  • line 265: subprocess call - check for execution of untrusted input.
  • line 267: Starting a process without a shell.
  • line 271: Starting a process with a partial executable path
  • line 271: subprocess call - check for execution of untrusted input.
  • line 273: Starting a process with a partial executable path
  • line 273: subprocess call - check for execution of untrusted input.
  • line 320: Consider possible security implications associated with the subprocess module.
  • line 327: subprocess call - check for execution of untrusted input.
  • line 329: Starting a process without a shell.
  • line 333: Starting a process with a partial executable path
  • line 333: subprocess call - check for execution of untrusted input.
  • line 492: Using xml.etree.ElementTree to parse untrusted XML data is known to be vulnerable to XML attacks. Replace xml.etree.ElementTree with the equivalent defusedxml package, or make sure defusedxml.defuse_stdlib() is called.
  • line 527: Using xml.etree.ElementTree to parse untrusted XML data is known to be vulnerable to XML attacks. Replace xml.etree.ElementTree with the equivalent defusedxml package, or make sure defusedxml.defuse_stdlib() is called.
  • line 1000: Try, Except, Continue detected.
StyleMapping_Ribbon.py1
  • line 81: Using xml.etree.ElementTree to parse untrusted XML data is known to be vulnerable to XML attacks. Replace xml.etree.ElementTree with the equivalent defusedxml package, or make sure defusedxml.defuse_stdlib() is called.
INFO 2
package.xml1
  • Missing author information in package.xml
Layout1
  • Uses exec based layout
Authors/Maintainers 1
Paul Ebbers

Rocket master

3.3.0· A workbench for designing model rockets.

81.5 / 100

Repository

https://github.com/davesrocketshop/Rocket
v3.3.0 · v3.3.0 · Created: 2021-02-01 · Updated: 2 yr · 266 python files

Statistics

0
DL(Yr)
0
DL(Mo)
76
Stars
10
Issues
Manifest
Branch
master
Version
3.3.0
License
LGPLv2.1
Dependencies 8
  • Compat: PySide2
  • Internal: Fem
  • Internal: PySide
  • Internal: Sketcher
  • Internal: pivy
  • Pip: matplotlib
  • Pip: numpy
  • Warn: pycurl (Not in AddonManager allowed packages)
Static Analysis 15
HIGH 4
util/updateTranslations.py3
  • line 141: Starting a process with a shell, possible injection detected, security issue.
  • line 181: Starting a process with a shell, possible injection detected, security issue.
  • line 201: Starting a process with a shell, possible injection detected, security issue.
package.xml1
  • Declared branch 'master' does not match git branch 'v3.3.0'
MEDIUM 6
Rocket/Importer/OpenRocket/OpenRocket.py1
  • line 157: Using xml.sax.make_parser to parse untrusted XML data is known to be vulnerable to XML attacks. Replace xml.sax.make_parser with its defusedxml equivalent function or make sure defusedxml.defuse_stdlib() is called
Rocket/Importer/RASAero/RASAero.py1
  • line 182: Using xml.sax.make_parser to parse untrusted XML data is known to be vulnerable to XML attacks. Replace xml.sax.make_parser with its defusedxml equivalent function or make sure defusedxml.defuse_stdlib() is called
Rocket/Parts/Material.py1
  • line 161: Possible SQL injection vector through string-based query construction.
Rocket/Parts/PartDatabase.py1
  • line 142: Using xml.sax.make_parser to parse untrusted XML data is known to be vulnerable to XML attacks. Replace xml.sax.make_parser with its defusedxml equivalent function or make sure defusedxml.defuse_stdlib() is called
util/updateTranslations.py2
  • line 194: Using xml.sax.parseString to parse untrusted XML data is known to be vulnerable to XML attacks. Replace xml.sax.parseString with its defusedxml equivalent function or make sure defusedxml.defuse_stdlib() is called
  • line 215: Using xml.sax.parseString to parse untrusted XML data is known to be vulnerable to XML attacks. Replace xml.sax.parseString with its defusedxml equivalent function or make sure defusedxml.defuse_stdlib() is called
LOW 5
Rocket/Importer/OpenRocket/OpenRocket.py1
  • line 33: Using xml.sax to parse untrusted XML data is known to be vulnerable to XML attacks. Replace xml.sax with the equivalent defusedxml package, or make sure defusedxml.defuse_stdlib() is called.
Rocket/Importer/RASAero/RASAero.py1
  • line 33: Using xml.sax to parse untrusted XML data is known to be vulnerable to XML attacks. Replace xml.sax with the equivalent defusedxml package, or make sure defusedxml.defuse_stdlib() is called.
Rocket/Parts/PartDatabase.py1
  • line 31: Using xml.sax to parse untrusted XML data is known to be vulnerable to XML attacks. Replace xml.sax with the equivalent defusedxml package, or make sure defusedxml.defuse_stdlib() is called.
Rocket/Parts/PartDatabaseOrcImporter.py1
  • line 29: Using xml.sax to parse untrusted XML data is known to be vulnerable to XML attacks. Replace xml.sax with the equivalent defusedxml package, or make sure defusedxml.defuse_stdlib() is called.
util/updateTranslations.py1
  • line 54: Using xml.sax to parse untrusted XML data is known to be vulnerable to XML attacks. Replace xml.sax with the equivalent defusedxml package, or make sure defusedxml.defuse_stdlib() is called.
INFO 2
package.xml1
  • Missing author information in package.xml
Layout1
  • Uses exec based layout
Authors/Maintainers 1
David Carter

freecad.optics_design_workbench master

1.0.2· Physically accurate forward ray tracing for optics simulation and optimization with FreeCAD workbench frontend.

79.7 / 100

Repository

https://github.com/zaphB/freecad.optics_design_workbench
master · Created: 2024-07-17 · Updated: 6 d · 43 python files

Statistics

938
DL(Yr)
341
DL(Mo)
12
Stars
1
Issues
Manifest
Branch
master
Version
1.0.2
License
LGPL-3.0-or-later
Dependencies 13
  • Compat: PySide2
  • Compat: PySide6
  • Internal: PySide
  • Pip: atomicwrites
  • Pip: ipython
  • Pip: matplotlib
  • Pip: numpy
  • Pip: pandas
  • Pip: scipy
  • Pip: sympy
  • Warn: cloudpickle (Not in AddonManager allowed packages)
  • Warn: pytest (Not in AddonManager allowed packages)
  • Warn: seaborn (Not in AddonManager allowed packages)
Static Analysis 53
HIGH 3
test/0-python/z-notebooks.py1
  • line 32: subprocess call with shell=True identified, security issue.
test/1-freecad/run-simulations.py1
  • line 246: subprocess call with shell=True identified, security issue.
package.xml1
  • line 13: Missing license file 'LICENSE'
MEDIUM 7
freecad/optics_design_workbench/freecad_elements/point_source.py2
  • line 225: Use of possibly insecure function - consider using safer ast.literal_eval.
  • line 235: Use of possibly insecure function - consider using safer ast.literal_eval.
freecad/optics_design_workbench/jupyter_utils/freecad_document.py3
  • line 314: Use of possibly insecure function - consider using safer ast.literal_eval.
  • line 562: Use of possibly insecure function - consider using safer ast.literal_eval.
  • line 563: Use of possibly insecure function - consider using safer ast.literal_eval.
freecad/optics_design_workbench/jupyter_utils/parameter_sweeper.py2
  • line 57: Pickle and modules that wrap it can be unsafe when used to deserialize untrusted data, possible security issue.
  • line 72: Probable insecure usage of temp file/directory.
LOW 43
dev/update-packagexml.py3
  • line 3: Consider possible security implications associated with the subprocess module.
  • line 11: subprocess call - check for execution of untrusted input.
  • line 21: subprocess call - check for execution of untrusted input.
freecad/optics_design_workbench/detect_pyside.py3
  • line 8: Consider possible security implications associated with the subprocess module.
  • line 16: Starting a process with a partial executable path
  • line 16: subprocess call - check for execution of untrusted input.
freecad/optics_design_workbench/distributions/random_number_generator.py1
  • line 626: Standard pseudo-random generators are not suitable for security/cryptographic purposes.
freecad/optics_design_workbench/freecad_elements/ray.py2
  • line 377: Standard pseudo-random generators are not suitable for security/cryptographic purposes.
  • line 377: Standard pseudo-random generators are not suitable for security/cryptographic purposes.
freecad/optics_design_workbench/freecad_elements/surface_source.py1
  • line 472: Standard pseudo-random generators are not suitable for security/cryptographic purposes.
freecad/optics_design_workbench/io.py2
  • line 13: Consider possible security implications associated with pickle module.
  • line 145: Standard pseudo-random generators are not suitable for security/cryptographic purposes.
freecad/optics_design_workbench/jupyter_utils/freecad_document.py10
  • line 13: Consider possible security implications associated with the subprocess module.
  • line 85: Starting a process with a partial executable path
  • line 85: subprocess call - check for execution of untrusted input.
  • line 97: subprocess call - check for execution of untrusted input.
  • line 213: Standard pseudo-random generators are not suitable for security/cryptographic purposes.
  • line 237: Standard pseudo-random generators are not suitable for security/cryptographic purposes.
  • line 646: Standard pseudo-random generators are not suitable for security/cryptographic purposes.
  • line 725: subprocess call - check for execution of untrusted input.
  • line 898: Standard pseudo-random generators are not suitable for security/cryptographic purposes.
  • line 1106: subprocess call - check for execution of untrusted input.
freecad/optics_design_workbench/jupyter_utils/parameter_sweeper.py4
  • line 25: Consider possible security implications associated with pickle module.
  • line 72: Standard pseudo-random generators are not suitable for security/cryptographic purposes.
  • line 77: Standard pseudo-random generators are not suitable for security/cryptographic purposes.
  • line 548: Standard pseudo-random generators are not suitable for security/cryptographic purposes.
freecad/optics_design_workbench/simulation/processes/simulation_loop.py3
  • line 36: Consider possible security implications associated with the subprocess module.
  • line 623: Starting a process with a partial executable path
  • line 623: subprocess call - check for execution of untrusted input.
freecad/optics_design_workbench/simulation/processes/worker_process.py3
  • line 12: Consider possible security implications associated with the subprocess module.
  • line 45: Standard pseudo-random generators are not suitable for security/cryptographic purposes.
  • line 59: subprocess call - check for execution of untrusted input.
freecad/optics_design_workbench/simulation/results_store.py6
  • line 15: Consider possible security implications associated with pickle module.
  • line 256: Standard pseudo-random generators are not suitable for security/cryptographic purposes.
  • line 257: Standard pseudo-random generators are not suitable for security/cryptographic purposes.
  • line 438: Standard pseudo-random generators are not suitable for security/cryptographic purposes.
  • line 448: Standard pseudo-random generators are not suitable for security/cryptographic purposes.
  • line 456: Standard pseudo-random generators are not suitable for security/cryptographic purposes.
test/0-python/z-notebooks.py1
  • line 9: Consider possible security implications associated with the subprocess module.
test/1-freecad/run-simulations.py3
  • line 14: Consider possible security implications associated with the subprocess module.
  • line 17: Consider possible security implications associated with pickle module.
  • line 42: subprocess call - check for execution of untrusted input.
package.xml1
  • line 16: Icon file 'workbench.svg' is too big (>16kB)
INFO 2
package.xml1
  • Missing author information in package.xml
Layout1
  • Uses extension based layout
Authors/Maintainers 1
Philipp Bredol

Corridor-Road main

1.0.8· FreeCAD workbench for parametric road corridor design, review, and output preparation.

77.7 / 100

Repository

https://github.com/ganadara135/CorridorRoad
main · Created: 2026-02-23 · Updated: today · 535 python files

Statistics

0
DL(Yr)
0
DL(Mo)
6
Stars
1
Issues
Manifest
Branch
main
Version
1.0.8
License
LGPL-2.1-or-later
Dependencies 4
  • Compat: PySide2
  • Compat: PySide6
  • Internal: Mesh
  • Internal: PySide
Static Analysis 176
HIGH 1
freecad/Corridor_Road/v1/exchange/ifc_export.py1
  • line 316: Use of weak SHA1 hash for security. Consider usedforsecurity=False
MEDIUM 2
freecad/Corridor_Road/v1/exchange/landxml_import.py2
  • line 30: Using xml.etree.ElementTree.parse to parse untrusted XML data is known to be vulnerable to XML attacks. Replace xml.etree.ElementTree.parse with its defusedxml equivalent function or make sure defusedxml.defuse_stdlib() is called
  • line 61: Using xml.etree.ElementTree.fromstring to parse untrusted XML data is known to be vulnerable to XML attacks. Replace xml.etree.ElementTree.fromstring with its defusedxml equivalent function or make sure defusedxml.defuse_stdlib() is called
LOW 162
freecad/Corridor_Road/objects/coord_transform.py1
  • line 71: Try, Except, Continue detected.
freecad/Corridor_Road/objects/corridor_segment_builder.py4
  • line 186: Possible hardcoded password: 'region'
  • line 188: Possible hardcoded password: 'structure'
  • line 190: Possible hardcoded password: 'notch'
  • line 297: Try, Except, Continue detected.
freecad/Corridor_Road/objects/obj_centerline3d_display.py5
  • line 432: Try, Except, Continue detected.
  • line 620: Try, Except, Continue detected.
  • line 652: Try, Except, Continue detected.
  • line 717: Try, Except, Continue detected.
  • line 850: Try, Except, Continue detected.
freecad/Corridor_Road/objects/obj_cut_fill_calc.py4
  • line 314: Try, Except, Continue detected.
  • line 345: Try, Except, Continue detected.
  • line 371: Try, Except, Continue detected.
  • line 689: Try, Except, Continue detected.
freecad/Corridor_Road/objects/obj_region_plan.py4
  • line 373: Try, Except, Continue detected.
  • line 385: Try, Except, Continue detected.
  • line 652: Try, Except, Continue detected.
  • line 922: Try, Except, Continue detected.
freecad/Corridor_Road/objects/obj_section_set.py13
  • line 58: Try, Except, Continue detected.
  • line 447: Try, Except, Continue detected.
  • line 470: Try, Except, Continue detected.
  • line 480: Try, Except, Continue detected.
  • line 1076: Try, Except, Continue detected.
  • line 3637: Try, Except, Continue detected.
  • line 3652: Try, Except, Continue detected.
  • line 3753: Try, Except, Continue detected.
  • line 3993: Try, Except, Continue detected.
  • line 4620: Try, Except, Continue detected.
  • line 5362: Possible hardcoded password: 'daylight=fallback:no_terrain'
  • line 5365: Possible hardcoded password: 'daylight=fallback:sampler_failed'
  • line 5371: Possible hardcoded password: 'daylight=off'
freecad/Corridor_Road/objects/obj_structure_set.py5
  • line 203: Try, Except, Continue detected.
  • line 218: Try, Except, Continue detected.
  • line 227: Try, Except, Continue detected.
  • line 229: Try, Except, Continue detected.
  • line 1162: Try, Except, Continue detected.
freecad/Corridor_Road/objects/sketch_alignment_import.py1
  • line 17: Try, Except, Continue detected.
freecad/Corridor_Road/objects/surface_sampling_core.py3
  • line 67: Try, Except, Continue detected.
  • line 79: Try, Except, Continue detected.
  • line 100: Try, Except, Continue detected.
freecad/Corridor_Road/objects/unit_policy.py2
  • line 150: Possible hardcoded password: 'm'
  • line 152: Possible hardcoded password: 'mm'
freecad/Corridor_Road/ui/task_alignment_editor.py1
  • line 871: Try, Except, Continue detected.
freecad/Corridor_Road/ui/task_centerline3d.py1
  • line 59: Try, Except, Continue detected.
freecad/Corridor_Road/ui/task_cross_section_editor.py2
  • line 1369: Try, Except, Continue detected.
  • line 1431: Try, Except, Continue detected.
freecad/Corridor_Road/ui/task_cross_section_viewer.py1
  • line 877: Try, Except, Continue detected.
freecad/Corridor_Road/ui/task_profile_editor.py1
  • line 122: Possible hardcoded password: 'custom'
freecad/Corridor_Road/ui/task_region_editor.py2
  • line 140: Possible hardcoded password: 'custom'
  • line 2835: Try, Except, Continue detected.
freecad/Corridor_Road/ui/task_section_generator.py2
  • line 183: Try, Except, Continue detected.
  • line 195: Try, Except, Continue detected.
freecad/Corridor_Road/ui/task_structure_editor.py3
  • line 193: Possible hardcoded password: 'custom'
  • line 2480: Try, Except, Continue detected.
  • line 2506: Try, Except, Continue detected.
freecad/Corridor_Road/ui/task_typical_section_editor.py1
  • line 237: Possible hardcoded password: 'custom'
freecad/Corridor_Road/v1/commands/cmd_build_corridor.py32
  • line 3937: Try, Except, Continue detected.
  • line 4375: Try, Except, Continue detected.
  • line 4795: Try, Except, Continue detected.
  • line 4818: Try, Except, Continue detected.
  • line 6321: Try, Except, Continue detected.
  • line 12333: Try, Except, Continue detected.
  • line 12434: Try, Except, Continue detected.
  • line 12471: Try, Except, Continue detected.
  • line 12497: Try, Except, Continue detected.
  • line 12589: Try, Except, Continue detected.
  • line 12618: Try, Except, Continue detected.
  • line 12648: Try, Except, Continue detected.
  • line 13782: Try, Except, Continue detected.
  • line 13797: Try, Except, Continue detected.
  • line 17129: Try, Except, Continue detected.
  • line 17946: Try, Except, Continue detected.
  • line 18026: Try, Except, Continue detected.
  • line 18037: Try, Except, Continue detected.
  • line 21438: Try, Except, Continue detected.
  • line 22218: Try, Except, Continue detected.
  • … 12 more issues
freecad/Corridor_Road/v1/commands/cmd_drainage_editor.py1
  • line 2117: Try, Except, Continue detected.
freecad/Corridor_Road/v1/commands/cmd_earthwork_balance.py1
  • line 48: Try, Except, Continue detected.
freecad/Corridor_Road/v1/commands/cmd_edit_tin.py1
  • line 1582: Try, Except, Continue detected.
freecad/Corridor_Road/v1/commands/cmd_generate_applied_sections.py2
  • line 618: Try, Except, Continue detected.
  • line 1282: Try, Except, Continue detected.
freecad/Corridor_Road/v1/commands/cmd_intersection_editor.py3
  • line 2143: Try, Except, Continue detected.
  • line 2196: Try, Except, Continue detected.
  • line 2255: Try, Except, Continue detected.
freecad/Corridor_Road/v1/commands/cmd_intersection_presets.py1
  • line 1401: Try, Except, Continue detected.
freecad/Corridor_Road/v1/commands/cmd_profile_editor.py2
  • line 3069: Try, Except, Continue detected.
  • line 3216: Try, Except, Continue detected.
freecad/Corridor_Road/v1/commands/cmd_region_editor.py2
  • line 596: Try, Except, Continue detected.
  • line 663: Try, Except, Continue detected.
freecad/Corridor_Road/v1/commands/cmd_review_plan_profile.py4
  • line 52: Try, Except, Continue detected.
  • line 247: Try, Except, Continue detected.
  • line 337: Try, Except, Continue detected.
  • line 364: Try, Except, Continue detected.
freecad/Corridor_Road/v1/commands/cmd_structure_editor.py1
  • line 3931: Try, Except, Continue detected.
freecad/Corridor_Road/v1/commands/cmd_subassembly_designer.py2
  • line 2186: Try, Except, Continue detected.
  • line 2237: Try, Except, Continue detected.
freecad/Corridor_Road/v1/commands/cmd_superelevation_editor.py1
  • line 601: Try, Except, Continue detected.
freecad/Corridor_Road/v1/commands/cmd_view_sections.py4
  • line 873: Try, Except, Continue detected.
  • line 895: Try, Except, Continue detected.
  • line 923: Try, Except, Continue detected.
  • line 1199: Try, Except, Continue detected.
freecad/Corridor_Road/v1/commands/cmd_watertight_solids.py9
  • line 1950: Try, Except, Continue detected.
  • line 1963: Try, Except, Continue detected.
  • line 3005: Try, Except, Continue detected.
  • line 3009: Try, Except, Continue detected.
  • line 3104: Try, Except, Continue detected.
  • line 3500: Try, Except, Continue detected.
  • line 5383: Try, Except, Continue detected.
  • line 5793: Try, Except, Continue detected.
  • line 5820: Try, Except, Continue detected.
freecad/Corridor_Road/v1/exchange/landxml_import.py3
  • line 6: Using ElementTree to parse untrusted XML data is known to be vulnerable to XML attacks. Replace ElementTree with the equivalent defusedxml package, or make sure defusedxml.defuse_stdlib() is called.
  • line 21: Possible hardcoded password: 'civil 3d'
  • line 373: Try, Except, Continue detected.
freecad/Corridor_Road/v1/objects/obj_alignment.py2
  • line 364: Try, Except, Continue detected.
  • line 402: Try, Except, Continue detected.
freecad/Corridor_Road/v1/objects/obj_quantity.py1
  • line 216: Try, Except, Continue detected.
freecad/Corridor_Road/v1/objects/obj_stationing.py1
  • line 352: Try, Except, Continue detected.
freecad/Corridor_Road/v1/objects/obj_subassembly_library.py1
  • line 288: Try, Except, Continue detected.
freecad/Corridor_Road/v1/objects/obj_subassembly_preset_library.py1
  • line 291: Try, Except, Continue detected.
freecad/Corridor_Road/v1/services/builders/applied_section_service.py6
  • line 1126: Try, Except, Continue detected.
  • line 1310: Try, Except, Continue detected.
  • line 1377: Try, Except, Continue detected.
  • line 1410: Try, Except, Continue detected.
  • line 1849: Try, Except, Continue detected.
  • line 4275: Try, Except, Continue detected.
freecad/Corridor_Road/v1/services/builders/corridor_solid_service.py2
  • line 265: Try, Except, Continue detected.
  • line 284: Try, Except, Continue detected.
freecad/Corridor_Road/v1/services/builders/corridor_surface_geometry_service.py2
  • line 430: Try, Except, Continue detected.
  • line 516: Try, Except, Continue detected.
freecad/Corridor_Road/v1/services/builders/corridor_surface_service.py1
  • line 375: Try, Except, Continue detected.
freecad/Corridor_Road/v1/services/builders/earthwork_quantity_service.py1
  • line 104: Try, Except, Continue detected.
freecad/Corridor_Road/v1/services/builders/solid_target_discovery_service.py4
  • line 1015: Try, Except, Continue detected.
  • line 1028: Try, Except, Continue detected.
  • line 1072: Try, Except, Continue detected.
  • line 1082: Try, Except, Continue detected.
freecad/Corridor_Road/v1/services/builders/watertight_simulation_qa_service.py2
  • line 548: Try, Except, Continue detected.
  • line 728: Try, Except, Continue detected.
freecad/Corridor_Road/v1/services/evaluation/alignment_curve_preview_service.py1
  • line 537: Try, Except, Continue detected.
freecad/Corridor_Road/v1/services/evaluation/alignment_evaluation_service.py1
  • line 151: Try, Except, Continue detected.
freecad/Corridor_Road/v1/services/evaluation/alignment_station_sampling_service.py1
  • line 168: Try, Except, Continue detected.
freecad/Corridor_Road/v1/services/evaluation/centerline3d_evaluation_service.py1
  • line 221: Try, Except, Continue detected.
freecad/Corridor_Road/v1/services/evaluation/centerline3d_source_geometry_service.py1
  • line 339: Try, Except, Continue detected.
freecad/Corridor_Road/v1/services/evaluation/drainage_resolution_service.py1
  • line 1102: Try, Except, Continue detected.
freecad/Corridor_Road/v1/services/evaluation/intersection_alignment_detection_service.py1
  • line 188: Try, Except, Continue detected.
freecad/Corridor_Road/v1/services/evaluation/profile_earthwork_area_hint_service.py1
  • line 141: Try, Except, Continue detected.
freecad/Corridor_Road/v1/services/evaluation/station_context_resolver.py1
  • line 99: Try, Except, Continue detected.
freecad/Corridor_Road/v1/services/evaluation/subassembly_bench_row_parser.py1
  • line 119: Try, Except, Continue detected.
freecad/Corridor_Road/v1/services/evaluation/surface_transition_validation_service.py1
  • line 152: Try, Except, Continue detected.
freecad/Corridor_Road/v1/services/evaluation/tin_sampling_service.py1
  • line 413: Try, Except, Continue detected.
freecad/Corridor_Road/v1/services/mapping/drainage_pipeline_network_mapper.py1
  • line 202: Try, Except, Continue detected.
freecad/Corridor_Road/v1/services/mapping/drainage_pipeline_solid_mapper.py1
  • line 53: Try, Except, Continue detected.
freecad/Corridor_Road/v1/services/mapping/exchange_output_mapper.py1
  • line 248: Try, Except, Continue detected.
freecad/Corridor_Road/v1/ui/common/station_context.py1
  • line 59: Try, Except, Continue detected.
freecad/Corridor_Road/v1/ui/viewers/profile_review_view.py6
  • line 847: Try, Except, Continue detected.
  • line 933: Try, Except, Continue detected.
  • line 947: Try, Except, Continue detected.
  • line 1369: Try, Except, Continue detected.
  • line 1400: Try, Except, Continue detected.
  • line 1647: Try, Except, Continue detected.
tests/regression/smoke_centerline3d_display_segmentation.py1
  • line 43: Try, Except, Continue detected.
tests/regression/smoke_intersection_t_slope_face_surface.py1
  • line 159: Try, Except, Continue detected.
INFO 1
Layout1
  • Uses extension based layout
Authors/Maintainers 1
Kcod

Cfd

No description

77.3 / 100

Repository

https://github.com/qingfengxia/Cfd
master · Created: 2016-09-29 · Updated: 5 yr · 66 python files

Statistics

0
DL(Yr)
0
DL(Mo)
214
Stars
4
Issues
Dependencies 13
  • Compat: PySide2
  • Internal: Fem
  • Internal: Plot
  • Internal: PySide
  • Internal: pivy
  • Pip: matplotlib
  • Pip: numpy
  • Pip: six
  • Warn: FemTools (Not in AddonManager allowed packages)
  • Warn: PyFoam (Not in AddonManager allowed packages)
  • Warn: PyQt4 (Not in AddonManager allowed packages)
  • Warn: dolfin (Not in AddonManager allowed packages)
  • Warn: femtools (Not in AddonManager allowed packages)
Static Analysis 46
HIGH 5
FoamCaseBuilder/config.py1
  • line 23: subprocess call with shell=True identified, security issue.
FoamCaseBuilder/test/TestRunFoamApplication.py1
  • line 43: subprocess call with shell=True identified, security issue.
FoamCaseBuilder/utility.py1
  • line 454: subprocess call with shell=True identified, security issue.
importGmshMesh.py1
  • line 116: subprocess call with shell=True identified, security issue.
package.xml1
  • File not found.
MEDIUM 4
CfdExample.py1
  • line 80: Probable insecure usage of temp file/directory.
CfdTools.py2
  • line 75: Probable insecure usage of temp file/directory.
  • line 76: Probable insecure usage of temp file/directory.
FoamCaseBuilder/test/TestBuilder.py1
  • line 42: Probable insecure usage of temp file/directory.
LOW 37
CaeMesherGmsh.py2
  • line 29: Consider possible security implications associated with the subprocess module.
  • line 685: subprocess call - check for execution of untrusted input.
CfdFoamTools.py5
  • line 39: Consider possible security implications associated with the subprocess module.
  • line 45: Consider possible security implications associated with the subprocess module.
  • line 211: Consider possible security implications associated with the subprocess module.
  • line 302: Starting a process with a partial executable path
  • line 302: subprocess call - check for execution of untrusted input.
CfdRunnableFenics.py7
  • line 53: Consider possible security implications associated with the subprocess module.
  • line 58: Starting a process with a partial executable path
  • line 58: subprocess call - check for execution of untrusted input.
  • line 60: Starting a process with a partial executable path
  • line 60: subprocess call - check for execution of untrusted input.
  • line 62: Starting a process with a partial executable path
  • line 62: subprocess call - check for execution of untrusted input.
FoamCaseBuilder/BasicBuilder.py7
  • line 470: Consider possible security implications associated with the subprocess module.
  • line 474: Starting a process with a partial executable path
  • line 474: subprocess call - check for execution of untrusted input.
  • line 476: Starting a process with a partial executable path
  • line 476: subprocess call - check for execution of untrusted input.
  • line 478: Starting a process with a partial executable path
  • line 478: subprocess call - check for execution of untrusted input.
FoamCaseBuilder/config.py3
  • line 7: Consider possible security implications associated with the subprocess module.
  • line 75: subprocess call - check for execution of untrusted input.
  • line 131: subprocess call - check for execution of untrusted input.
FoamCaseBuilder/test/TestRunFoamApplication.py7
  • line 26: Consider possible security implications associated with the subprocess module.
  • line 88: subprocess call - check for execution of untrusted input.
  • line 129: Starting a process with a partial executable path
  • line 129: subprocess call - check for execution of untrusted input.
  • line 163: subprocess call - check for execution of untrusted input.
  • line 180: Starting a process with a partial executable path
  • line 180: subprocess call - check for execution of untrusted input.
FoamCaseBuilder/utility.py3
  • line 40: Consider possible security implications associated with the subprocess module.
  • line 58: subprocess call - check for execution of untrusted input.
  • line 64: subprocess call - check for execution of untrusted input.
cfdguiobjects/_TaskPanelCfdSolverControl.py1
  • line 36: Consider possible security implications associated with the subprocess module.
importGmshMesh.py1
  • line 34: Consider possible security implications associated with the subprocess module.
license.*1
  • File not found.
INFO 1
Layout1
  • Uses exec based layout
Authors/Maintainers 0

WebTools master

1.0.0· A collection of tools to work with web services

76.3 / 100

Repository

https://github.com/yorikvanhavre/WebTools
master · Created: 2017-04-08 · Updated: 10 mo · 10 python files

Statistics

0
DL(Yr)
0
DL(Mo)
28
Stars
10
Issues
Manifest
Branch
master
Version
1.0.0
License
LGPL-2.1-or-later
Dependencies 7
  • Internal: Draft
  • Internal: Mesh
  • Internal: PySide
  • Pip: Requests
  • Warn: GitPython (Not in AddonManager allowed packages)
  • Warn: ifcopenshell (Not in AddonManager allowed packages)
  • Warn: importers (Not in AddonManager allowed packages)
Static Analysis 28
HIGH 1
package.xml1
  • line 10: Missing license file 'LICENSE'
MEDIUM 20
BIMServer.py11
  • line 141: Call to requests without timeout
  • line 178: Call to requests without timeout
  • line 191: Call to requests without timeout
  • line 220: Call to requests without timeout
  • line 246: Call to requests without timeout
  • line 263: Call to requests without timeout
  • line 271: Call to requests without timeout
  • line 282: Use of insecure and deprecated function (mktemp).
  • line 305: Call to requests without timeout
  • line 324: Use of insecure and deprecated function (mktemp).
  • line 338: Call to requests without timeout
Sketchfab.py3
  • line 258: Call to requests without timeout
  • line 301: Call to requests without timeout
  • line 343: Call to requests without timeout
Speckle.py6
  • line 31: Call to requests without timeout
  • line 42: Call to requests without timeout
  • line 53: Call to requests without timeout
  • line 63: Call to requests without timeout
  • line 116: Call to requests without timeout
  • line 133: Using xml.sax.make_parser to parse untrusted XML data is known to be vulnerable to XML attacks. Replace xml.sax.make_parser with its defusedxml equivalent function or make sure defusedxml.defuse_stdlib() is called
LOW 7
Sketchfab.py1
  • line 46: Possible hardcoded password: 'https://sketchfab.com/settings/password'
Speckle.py1
  • line 23: Using xml.sax to parse untrusted XML data is known to be vulnerable to XML attacks. Replace xml.sax with the equivalent defusedxml package, or make sure defusedxml.defuse_stdlib() is called.
tools/metadata.py3
  • line 22: Consider possible security implications associated with the subprocess module.
  • line 29: Consider possible security implications associated with the subprocess module.
  • line 30: subprocess call - check for execution of untrusted input.
license.*1
  • File not found.
package.xml1
  • line 14: Icon file 'icons/webTools.svg' is too big (>16kB)
INFO 2
package.xml1
  • Missing author information in package.xml
Layout1
  • Uses exec based layout
Authors/Maintainers 1
Yorik van Havre

GDML Main

2.0.2 Beta· An external workbench for creating GDML models for Geant4 and Root

75.3 / 100

Repository

https://github.com/KeithSloan/GDML
Main · Created: 2019-11-21 · Updated: 1 mo · 72 python files

Statistics

126
DL(Yr)
126
DL(Mo)
71
Stars
53
Issues
Manifest
Branch
Main
Version
2.0.2 Beta
License
LGPL-2.1
Dependencies 12
  • Internal: BOPTools
  • Internal: Draft
  • Internal: Mesh
  • Internal: PySide
  • Internal: Sketcher
  • Internal: Spreadsheet
  • Internal: pivy
  • Pip: gmsh
  • Pip: lxml
  • Pip: numpy
  • Warn: PyQt5 (Not in AddonManager allowed packages)
  • Warn: importers (Not in AddonManager allowed packages)
Static Analysis 49
MEDIUM 22
Utils.save/buildDirStruct.py1
  • line 17: Using xml.etree.ElementTree.parse to parse untrusted XML data is known to be vulnerable to XML attacks. Replace xml.etree.ElementTree.parse with its defusedxml equivalent function or make sure defusedxml.defuse_stdlib() is called
Utils/buildDirStruct.py1
  • line 17: Using xml.etree.ElementTree.parse to parse untrusted XML data is known to be vulnerable to XML attacks. Replace xml.etree.ElementTree.parse with its defusedxml equivalent function or make sure defusedxml.defuse_stdlib() is called
benchmark/gen_all_gdml.py1
  • line 468: Using xml.dom.minidom.parseString to parse untrusted XML data is known to be vulnerable to XML attacks. Replace xml.dom.minidom.parseString with its defusedxml equivalent function or make sure defusedxml.defuse_stdlib() is called
benchmark/gen_gmsh_new_defaults.py1
  • line 144: Using xml.dom.minidom.parseString to parse untrusted XML data is known to be vulnerable to XML attacks. Replace xml.dom.minidom.parseString with its defusedxml equivalent function or make sure defusedxml.defuse_stdlib() is called
benchmark/gen_rect_cyl_gdml.py1
  • line 374: Using xml.dom.minidom.parseString to parse untrusted XML data is known to be vulnerable to XML attacks. Replace xml.dom.minidom.parseString with its defusedxml equivalent function or make sure defusedxml.defuse_stdlib() is called
freecad/gdml/GDMLObjects.py1
  • line 470: Probable insecure usage of temp file/directory.
freecad/gdml/GDMLShared.py12
  • line 111: Use of possibly insecure function - consider using safer ast.literal_eval.
  • line 199: Use of possibly insecure function - consider using safer ast.literal_eval.
  • line 248: Use of possibly insecure function - consider using safer ast.literal_eval.
  • line 312: Use of possibly insecure function - consider using safer ast.literal_eval.
  • line 881: Use of possibly insecure function - consider using safer ast.literal_eval.
  • line 1188: Use of possibly insecure function - consider using safer ast.literal_eval.
  • line 1191: Use of possibly insecure function - consider using safer ast.literal_eval.
  • line 1194: Use of possibly insecure function - consider using safer ast.literal_eval.
  • line 1310: Use of possibly insecure function - consider using safer ast.literal_eval.
  • line 1311: Use of possibly insecure function - consider using safer ast.literal_eval.
  • line 1316: Use of possibly insecure function - consider using safer ast.literal_eval.
  • line 1321: Use of possibly insecure function - consider using safer ast.literal_eval.
freecad/gdml/GmshUtils.py1
  • line 178: Probable insecure usage of temp file/directory.
freecad/gdml/exportGDML.py1
  • line 1452: Using xml.etree.ElementTree.parse to parse untrusted XML data is known to be vulnerable to XML attacks. Replace xml.etree.ElementTree.parse with its defusedxml equivalent function or make sure defusedxml.defuse_stdlib() is called
freecad/gdml/importGDML.py2
  • line 3072: Using xml.etree.ElementTree.parse to parse untrusted XML data is known to be vulnerable to XML attacks. Replace xml.etree.ElementTree.parse with its defusedxml equivalent function or make sure defusedxml.defuse_stdlib() is called
  • line 3523: Using xml.etree.ElementTree.parse to parse untrusted XML data is known to be vulnerable to XML attacks. Replace xml.etree.ElementTree.parse with its defusedxml equivalent function or make sure defusedxml.defuse_stdlib() is called
LOW 27
CommandLine/convertObj.py1
  • line 279: Using xml.etree.ElementTree to parse untrusted XML data is known to be vulnerable to XML attacks. Replace xml.etree.ElementTree with the equivalent defusedxml package, or make sure defusedxml.defuse_stdlib() is called.
Macros/calcCenterOfMass.py3
  • line 125: Standard pseudo-random generators are not suitable for security/cryptographic purposes.
  • line 126: Standard pseudo-random generators are not suitable for security/cryptographic purposes.
  • line 127: Standard pseudo-random generators are not suitable for security/cryptographic purposes.
Utils.save/buildDirStruct.py1
  • line 15: Using xml.etree.ElementTree to parse untrusted XML data is known to be vulnerable to XML attacks. Replace xml.etree.ElementTree with the equivalent defusedxml package, or make sure defusedxml.defuse_stdlib() is called.
Utils.save/convertObj.py1
  • line 237: Using xml.etree.ElementTree to parse untrusted XML data is known to be vulnerable to XML attacks. Replace xml.etree.ElementTree with the equivalent defusedxml package, or make sure defusedxml.defuse_stdlib() is called.
Utils/buildDirStruct.py1
  • line 15: Using xml.etree.ElementTree to parse untrusted XML data is known to be vulnerable to XML attacks. Replace xml.etree.ElementTree with the equivalent defusedxml package, or make sure defusedxml.defuse_stdlib() is called.
Utils/calcCenterOfMass.py3
  • line 125: Standard pseudo-random generators are not suitable for security/cryptographic purposes.
  • line 126: Standard pseudo-random generators are not suitable for security/cryptographic purposes.
  • line 127: Standard pseudo-random generators are not suitable for security/cryptographic purposes.
benchmark/gen_all_gdml.py2
  • line 21: Using xml.etree.ElementTree to parse untrusted XML data is known to be vulnerable to XML attacks. Replace xml.etree.ElementTree with the equivalent defusedxml package, or make sure defusedxml.defuse_stdlib() is called.
  • line 22: Using minidom to parse untrusted XML data is known to be vulnerable to XML attacks. Replace minidom with the equivalent defusedxml package, or make sure defusedxml.defuse_stdlib() is called.
benchmark/gen_gmsh_new_defaults.py2
  • line 15: Using xml.etree.ElementTree to parse untrusted XML data is known to be vulnerable to XML attacks. Replace xml.etree.ElementTree with the equivalent defusedxml package, or make sure defusedxml.defuse_stdlib() is called.
  • line 16: Using minidom to parse untrusted XML data is known to be vulnerable to XML attacks. Replace minidom with the equivalent defusedxml package, or make sure defusedxml.defuse_stdlib() is called.
benchmark/gen_rect_cyl_gdml.py2
  • line 35: Using xml.etree.ElementTree to parse untrusted XML data is known to be vulnerable to XML attacks. Replace xml.etree.ElementTree with the equivalent defusedxml package, or make sure defusedxml.defuse_stdlib() is called.
  • line 36: Using minidom to parse untrusted XML data is known to be vulnerable to XML attacks. Replace minidom with the equivalent defusedxml package, or make sure defusedxml.defuse_stdlib() is called.
freecad/gdml/GDMLObjects.py3
  • line 4823: Standard pseudo-random generators are not suitable for security/cryptographic purposes.
  • line 4823: Standard pseudo-random generators are not suitable for security/cryptographic purposes.
  • line 4823: Standard pseudo-random generators are not suitable for security/cryptographic purposes.
freecad/gdml/exportGDML.py2
  • line 60: Using xml.etree.ElementTree to parse untrusted XML data is known to be vulnerable to XML attacks. Replace xml.etree.ElementTree with the equivalent defusedxml package, or make sure defusedxml.defuse_stdlib() is called.
  • line 6330: Standard pseudo-random generators are not suitable for security/cryptographic purposes.
freecad/gdml/exportOpenMC.py2
  • line 67: Using xml.etree.ElementTree to parse untrusted XML data is known to be vulnerable to XML attacks. Replace xml.etree.ElementTree with the equivalent defusedxml package, or make sure defusedxml.defuse_stdlib() is called.
  • line 6601: Try, Except, Continue detected.
freecad/gdml/importGDML.py2
  • line 3064: Using xml.etree.ElementTree to parse untrusted XML data is known to be vulnerable to XML attacks. Replace xml.etree.ElementTree with the equivalent defusedxml package, or make sure defusedxml.defuse_stdlib() is called.
  • line 3516: Using xml.etree.ElementTree to parse untrusted XML data is known to be vulnerable to XML attacks. Replace xml.etree.ElementTree with the equivalent defusedxml package, or make sure defusedxml.defuse_stdlib() is called.
freecad/gdml/preProcessLoops.py1
  • line 13: Using xml.etree.ElementTree to parse untrusted XML data is known to be vulnerable to XML attacks. Replace xml.etree.ElementTree with the equivalent defusedxml package, or make sure defusedxml.defuse_stdlib() is called.
package.xml1
  • line 17: Icon file 'freecad/gdml/Resources/icons/GDMLWorkbench.svg' is too big (>16kB)
INFO 2
package.xml1
  • Missing author information in package.xml
Layout1
  • Uses extension based layout
Authors/Maintainers 1
Keith Sloan

boltsfc main

2022.11.5· Installable FreeCAD package of BOLTS, an Open Library for Technical Specifications.

69.8 / 100

Repository

https://github.com/boltsparts/boltsfc
main · Created: 2017-07-02 · Updated: 4 yr · 51 python files

Statistics

5,254
DL(Yr)
1,016
DL(Mo)
41
Stars
3
Issues
Manifest
Branch
main
Version
2022.11.5
License
LGPLv2.1
Dependencies 3
  • Internal: Arch
  • Internal: PySide
  • Pip: PyYAML
Static Analysis 26
HIGH 3
package.xml3
  • line 2: Expecting an element content, got nothing
  • line 2: Invalid sequence in interleave
  • line 2: Element package failed to validate content
MEDIUM 21
BOLTS/bolttools/test_blt.py1
  • line 26: Use of unsafe yaml load. Allows instantiation of arbitrary objects. Consider yaml.safe_load().
BOLTS/bolttools/test_common.py19
  • line 111: Use of unsafe yaml load. Allows instantiation of arbitrary objects. Consider yaml.safe_load().
  • line 119: Use of unsafe yaml load. Allows instantiation of arbitrary objects. Consider yaml.safe_load().
  • line 128: Use of unsafe yaml load. Allows instantiation of arbitrary objects. Consider yaml.safe_load().
  • line 179: Use of unsafe yaml load. Allows instantiation of arbitrary objects. Consider yaml.safe_load().
  • line 189: Use of unsafe yaml load. Allows instantiation of arbitrary objects. Consider yaml.safe_load().
  • line 200: Use of unsafe yaml load. Allows instantiation of arbitrary objects. Consider yaml.safe_load().
  • line 204: Use of unsafe yaml load. Allows instantiation of arbitrary objects. Consider yaml.safe_load().
  • line 213: Use of unsafe yaml load. Allows instantiation of arbitrary objects. Consider yaml.safe_load().
  • line 278: Use of unsafe yaml load. Allows instantiation of arbitrary objects. Consider yaml.safe_load().
  • line 297: Use of unsafe yaml load. Allows instantiation of arbitrary objects. Consider yaml.safe_load().
  • line 309: Use of unsafe yaml load. Allows instantiation of arbitrary objects. Consider yaml.safe_load().
  • line 321: Use of unsafe yaml load. Allows instantiation of arbitrary objects. Consider yaml.safe_load().
  • line 334: Use of unsafe yaml load. Allows instantiation of arbitrary objects. Consider yaml.safe_load().
  • line 348: Use of unsafe yaml load. Allows instantiation of arbitrary objects. Consider yaml.safe_load().
  • line 355: Use of unsafe yaml load. Allows instantiation of arbitrary objects. Consider yaml.safe_load().
  • line 361: Use of unsafe yaml load. Allows instantiation of arbitrary objects. Consider yaml.safe_load().
  • line 366: Use of unsafe yaml load. Allows instantiation of arbitrary objects. Consider yaml.safe_load().
  • line 377: Use of unsafe yaml load. Allows instantiation of arbitrary objects. Consider yaml.safe_load().
  • line 384: Use of unsafe yaml load. Allows instantiation of arbitrary objects. Consider yaml.safe_load().
BOLTS/bolttools/yaml_in_yaml.py1
  • line 63: Use of unsafe yaml load. Allows instantiation of arbitrary objects. Consider yaml.safe_load().
LOW 2
license.*1
  • File not found.
package.xml1
  • line 22: Icon file 'BOLTS/icons/BOLTS_logo.svg' is too big (>16kB)
INFO 2
package.xml1
  • Missing author information in package.xml
Layout1
  • No Mod init scripts found
Authors/Maintainers 1
Bernd Hahnebach

Ondsel-Lens main

2025.12.22.01· Workspace manager for Ondsel Lens workspaces

68.4 / 100

Repository

https://github.com/FreeCAD/Ondsel-Lens-Addon
main · Created: 2025-06-22 · Updated: 6 mo · 66 python files

Statistics

0
DL(Yr)
0
DL(Mo)
4
Stars
9
Issues
Manifest
Branch
main
Version
2025.12.22.01
License
LGPL-2.0-or-later, Apache-2.0, CC0-1.0, CC-BY-SA-2.0, CC-BY-SA-4.0
Dependencies 5
  • Internal: PySide
  • Pip: PyJWT
  • Pip: Requests
  • Pip: tzlocal
  • Warn: config (Not in AddonManager allowed packages)
Static Analysis 25
HIGH 6
register_lens_handler.py1
  • line 112: Starting a process with a shell, possible injection detected, security issue.
package.xml5
  • line 15: Missing license file 'None'
  • line 16: Missing license file 'None'
  • line 17: Missing license file 'None'
  • line 18: Missing license file 'None'
  • line 19: Missing license file 'None'
MEDIUM 13
APIClient.py7
  • line 240: Call to requests without timeout
  • line 264: Call to requests without timeout
  • line 284: Call to requests without timeout
  • line 308: Call to requests without timeout
  • line 335: Call to requests without timeout
  • line 354: Call to requests without timeout
  • line 369: Call to requests without timeout
Utils.py1
  • line 260: Call to requests without timeout
VersionModel.py1
  • line 142: Using xml.etree.ElementTree.fromstring to parse untrusted XML data is known to be vulnerable to XML attacks. Replace xml.etree.ElementTree.fromstring with its defusedxml equivalent function or make sure defusedxml.defuse_stdlib() is called
Workspace.py1
  • line 508: Call to requests without timeout
check_links.py1
  • line 16: Using xml.etree.ElementTree.fromstring to parse untrusted XML data is known to be vulnerable to XML attacks. Replace xml.etree.ElementTree.fromstring with its defusedxml equivalent function or make sure defusedxml.defuse_stdlib() is called
delegates/curation_display_delegate.py1
  • line 193: Call to requests without timeout
integrations/reloadablefile/reloadable.py1
  • line 201: Call to requests without timeout
LOW 6
VersionModel.py1
  • line 9: Using xml.etree.ElementTree to parse untrusted XML data is known to be vulnerable to XML attacks. Replace xml.etree.ElementTree with the equivalent defusedxml package, or make sure defusedxml.defuse_stdlib() is called.
WorkspaceView.py2
  • line 754: Possible hardcoded password: ''
  • line 2834: Standard pseudo-random generators are not suitable for security/cryptographic purposes.
check_links.py1
  • line 6: Using xml.etree.ElementTree to parse untrusted XML data is known to be vulnerable to XML attacks. Replace xml.etree.ElementTree with the equivalent defusedxml package, or make sure defusedxml.defuse_stdlib() is called.
components/login_dialog.py1
  • line 44: Possible hardcoded password: ''
package.xml1
  • line 22: Icon file 'Resources/icons/OndselWorkbench.svg' is too big (>16kB)
INFO 2
package.xml1
  • Missing author information in package.xml
Layout1
  • Uses exec based layout
Authors/Maintainers 1
Pieter Hijma

Rocket master

5.1.1· Workbench for designing model rockets.

67.8 / 100

Repository

https://github.com/davesrocketshop/Rocket
master · Created: 2021-02-01 · Updated: 5 mo · 311 python files

Statistics

724
DL(Yr)
186
DL(Mo)
76
Stars
10
Issues
Manifest
Branch
master
Version
5.1.1
License
LGPL-2.1-or-later, MIT
Dependencies 10
  • Internal: Fem
  • Internal: PySide
  • Internal: Sketcher
  • Internal: pivy
  • Pip: Shapely
  • Pip: matplotlib
  • Pip: numpy
  • Warn: Materials (Not in AddonManager allowed packages)
  • Warn: docx (Not in AddonManager allowed packages)
  • Warn: pycurl (Not in AddonManager allowed packages)
Static Analysis 51
HIGH 5
util/updateTranslations.py3
  • line 141: Starting a process with a shell, possible injection detected, security issue.
  • line 181: Starting a process with a shell, possible injection detected, security issue.
  • line 201: Starting a process with a shell, possible injection detected, security issue.
util/updatets.py1
  • line 193: Starting a process with a shell, possible injection detected, security issue.
package.xml1
  • line 83: Missing license file 'LICENSE-CODE'
MEDIUM 14
Rocket/Importer/OpenRocket/OpenRocket.py1
  • line 167: Using xml.sax.make_parser to parse untrusted XML data is known to be vulnerable to XML attacks. Replace xml.sax.make_parser with its defusedxml equivalent function or make sure defusedxml.defuse_stdlib() is called
Rocket/Importer/RASAero/RASAero.py1
  • line 185: Using xml.sax.make_parser to parse untrusted XML data is known to be vulnerable to XML attacks. Replace xml.sax.make_parser with its defusedxml equivalent function or make sure defusedxml.defuse_stdlib() is called
Rocket/Importer/Rocksim/Rocksim.py1
  • line 198: Using xml.sax.make_parser to parse untrusted XML data is known to be vulnerable to XML attacks. Replace xml.sax.make_parser with its defusedxml equivalent function or make sure defusedxml.defuse_stdlib() is called
Rocket/Parts/BodyTube.py3
  • line 109: Possible SQL injection vector through string-based query construction.
  • line 115: Possible SQL injection vector through string-based query construction.
  • line 142: Possible SQL injection vector through string-based query construction.
Rocket/Parts/Material.py1
  • line 171: Possible SQL injection vector through string-based query construction.
Rocket/Parts/NoseCone.py1
  • line 134: Possible SQL injection vector through string-based query construction.
Rocket/Parts/PartDatabase.py1
  • line 177: Using xml.sax.make_parser to parse untrusted XML data is known to be vulnerable to XML attacks. Replace xml.sax.make_parser with its defusedxml equivalent function or make sure defusedxml.defuse_stdlib() is called
Rocket/Parts/Transition.py1
  • line 158: Possible SQL injection vector through string-based query construction.
util/updateTranslations.py2
  • line 194: Using xml.sax.parseString to parse untrusted XML data is known to be vulnerable to XML attacks. Replace xml.sax.parseString with its defusedxml equivalent function or make sure defusedxml.defuse_stdlib() is called
  • line 215: Using xml.sax.parseString to parse untrusted XML data is known to be vulnerable to XML attacks. Replace xml.sax.parseString with its defusedxml equivalent function or make sure defusedxml.defuse_stdlib() is called
util/updatecrowdin.py2
  • line 142: Audit url open for permitted schemes. Allowing use of file:/ or custom schemes is often unexpected.
  • line 188: Audit url open for permitted schemes. Allowing use of file:/ or custom schemes is often unexpected.
LOW 30
Rocket/Importer/OpenRocket/OpenRocket.py1
  • line 36: Using xml.sax to parse untrusted XML data is known to be vulnerable to XML attacks. Replace xml.sax with the equivalent defusedxml package, or make sure defusedxml.defuse_stdlib() is called.
Rocket/Importer/RASAero/RASAero.py1
  • line 36: Using xml.sax to parse untrusted XML data is known to be vulnerable to XML attacks. Replace xml.sax with the equivalent defusedxml package, or make sure defusedxml.defuse_stdlib() is called.
Rocket/Importer/Rocksim/Rocksim.py1
  • line 32: Using xml.sax to parse untrusted XML data is known to be vulnerable to XML attacks. Replace xml.sax with the equivalent defusedxml package, or make sure defusedxml.defuse_stdlib() is called.
Rocket/Parts/PartDatabase.py1
  • line 34: Using xml.sax to parse untrusted XML data is known to be vulnerable to XML attacks. Replace xml.sax with the equivalent defusedxml package, or make sure defusedxml.defuse_stdlib() is called.
Rocket/Parts/PartDatabaseOrcImporter.py1
  • line 34: Using xml.sax to parse untrusted XML data is known to be vulnerable to XML attacks. Replace xml.sax with the equivalent defusedxml package, or make sure defusedxml.defuse_stdlib() is called.
util/updateTranslations.py1
  • line 54: Using xml.sax to parse untrusted XML data is known to be vulnerable to XML attacks. Replace xml.sax with the equivalent defusedxml package, or make sure defusedxml.defuse_stdlib() is called.
util/updatecrowdin.py3
  • line 74: Consider possible security implications associated with the subprocess module.
  • line 350: Starting a process with a partial executable path
  • line 350: subprocess call - check for execution of untrusted input.
util/updatets.py23
  • line 51: Consider possible security implications associated with the subprocess module.
  • line 86: Starting a process with a partial executable path
  • line 86: subprocess call - check for execution of untrusted input.
  • line 98: Starting a process with a shell: Seems safe, but may be changed in the future, consider rewriting without shell
  • line 98: Starting a process with a partial executable path
  • line 103: Starting a process with a shell: Seems safe, but may be changed in the future, consider rewriting without shell
  • line 103: Starting a process with a partial executable path
  • line 113: Starting a process with a shell: Seems safe, but may be changed in the future, consider rewriting without shell
  • line 113: Starting a process with a partial executable path
  • line 115: Starting a process with a shell: Seems safe, but may be changed in the future, consider rewriting without shell
  • line 115: Starting a process with a partial executable path
  • line 119: Starting a process with a shell: Seems safe, but may be changed in the future, consider rewriting without shell
  • line 119: Starting a process with a partial executable path
  • line 121: Starting a process with a shell: Seems safe, but may be changed in the future, consider rewriting without shell
  • line 121: Starting a process with a partial executable path
  • line 125: Starting a process with a shell: Seems safe, but may be changed in the future, consider rewriting without shell
  • line 125: Starting a process with a partial executable path
  • line 129: Starting a process with a shell: Seems safe, but may be changed in the future, consider rewriting without shell
  • line 129: Starting a process with a partial executable path
  • line 139: Starting a process with a shell: Seems safe, but may be changed in the future, consider rewriting without shell
  • … 3 more issues
INFO 1
Layout1
  • Uses exec based layout
Authors/Maintainers 1
David Carter

BCFPlugin master

1.0.0· Integrate collaboration in the BIM space through support of the BCF (BIM Collaboration Format).

65.2 / 100

Repository

https://github.com/podestplatz/BCF-Plugin-FreeCAD
master · Created: 2019-05-11 · Updated: 4 yr · 52 python files

Statistics

0
DL(Yr)
0
DL(Mo)
9
Stars
6
Issues
Manifest
Branch
master
Version
1.0.0
License
LGPLv2.1
Dependencies 7
  • Compat: PySide2
  • Internal: Draft
  • Internal: pivy
  • Pip: pytz
  • Warn: pyperclip (Not in AddonManager allowed packages)
  • Warn: python_dateutil (Not in AddonManager allowed packages)
  • Warn: xmlschema (Not in AddonManager allowed packages)
Static Analysis 35
HIGH 8
bcfplugin/tests/interface_tests.py2
  • line 56: Starting a process with a shell, possible injection detected, security issue.
  • line 58: Starting a process with a shell, possible injection detected, security issue.
bcfplugin/tests/search_tests.py2
  • line 51: Starting a process with a shell, possible injection detected, security issue.
  • line 53: Starting a process with a shell, possible injection detected, security issue.
bcfplugin/tests/viewController_tests.py2
  • line 37: Starting a process with a shell, possible injection detected, security issue.
  • line 42: Starting a process with a shell, possible injection detected, security issue.
bcfplugin/tests/writer_tests.py2
  • line 53: Starting a process with a shell, possible injection detected, security issue.
  • line 58: Starting a process with a shell, possible injection detected, security issue.
MEDIUM 9
bcfplugin/rdwr/writer.py4
  • line 529: Using xml.dom.minidom.parseString to parse untrusted XML data is known to be vulnerable to XML attacks. Replace xml.dom.minidom.parseString with its defusedxml equivalent function or make sure defusedxml.defuse_stdlib() is called
  • line 755: Using xml.etree.ElementTree.parse to parse untrusted XML data is known to be vulnerable to XML attacks. Replace xml.etree.ElementTree.parse with its defusedxml equivalent function or make sure defusedxml.defuse_stdlib() is called
  • line 822: Using xml.etree.ElementTree.parse to parse untrusted XML data is known to be vulnerable to XML attacks. Replace xml.etree.ElementTree.parse with its defusedxml equivalent function or make sure defusedxml.defuse_stdlib() is called
  • line 897: Using xml.etree.ElementTree.parse to parse untrusted XML data is known to be vulnerable to XML attacks. Replace xml.etree.ElementTree.parse with its defusedxml equivalent function or make sure defusedxml.defuse_stdlib() is called
bcfplugin/tests/writer_tests.py4
  • line 571: Using xml.etree.ElementTree.parse to parse untrusted XML data is known to be vulnerable to XML attacks. Replace xml.etree.ElementTree.parse with its defusedxml equivalent function or make sure defusedxml.defuse_stdlib() is called
  • line 597: Using xml.etree.ElementTree.parse to parse untrusted XML data is known to be vulnerable to XML attacks. Replace xml.etree.ElementTree.parse with its defusedxml equivalent function or make sure defusedxml.defuse_stdlib() is called
  • line 623: Using xml.etree.ElementTree.parse to parse untrusted XML data is known to be vulnerable to XML attacks. Replace xml.etree.ElementTree.parse with its defusedxml equivalent function or make sure defusedxml.defuse_stdlib() is called
  • line 651: Using xml.etree.ElementTree.parse to parse untrusted XML data is known to be vulnerable to XML attacks. Replace xml.etree.ElementTree.parse with its defusedxml equivalent function or make sure defusedxml.defuse_stdlib() is called
bcfplugin/util.py1
  • line 338: Audit url open for permitted schemes. Allowing use of file:/ or custom schemes is often unexpected.
LOW 18
bcfplugin/frontend/viewController.py1
  • line 72: Standard pseudo-random generators are not suitable for security/cryptographic purposes.
bcfplugin/gui/plugin_view.py1
  • line 39: Consider possible security implications associated with the subprocess module.
bcfplugin/gui/views/topicmetricsdialog.py6
  • line 35: Consider possible security implications associated with the subprocess module.
  • line 127: Starting a process with a partial executable path
  • line 127: subprocess call - check for execution of untrusted input.
  • line 129: Starting a process without a shell.
  • line 131: Starting a process with a partial executable path
  • line 131: subprocess call - check for execution of untrusted input.
bcfplugin/rdwr/markup.py1
  • line 29: Using xml.etree.ElementTree to parse untrusted XML data is known to be vulnerable to XML attacks. Replace xml.etree.ElementTree with the equivalent defusedxml package, or make sure defusedxml.defuse_stdlib() is called.
bcfplugin/rdwr/project.py1
  • line 32: Using xml.etree.ElementTree to parse untrusted XML data is known to be vulnerable to XML attacks. Replace xml.etree.ElementTree with the equivalent defusedxml package, or make sure defusedxml.defuse_stdlib() is called.
bcfplugin/rdwr/threedvector.py1
  • line 29: Using xml.etree.ElementTree to parse untrusted XML data is known to be vulnerable to XML attacks. Replace xml.etree.ElementTree with the equivalent defusedxml package, or make sure defusedxml.defuse_stdlib() is called.
bcfplugin/rdwr/topic.py1
  • line 29: Using xml.etree.ElementTree to parse untrusted XML data is known to be vulnerable to XML attacks. Replace xml.etree.ElementTree with the equivalent defusedxml package, or make sure defusedxml.defuse_stdlib() is called.
bcfplugin/rdwr/writer.py2
  • line 44: Using xml.etree.ElementTree to parse untrusted XML data is known to be vulnerable to XML attacks. Replace xml.etree.ElementTree with the equivalent defusedxml package, or make sure defusedxml.defuse_stdlib() is called.
  • line 45: Using xml.dom.minidom to parse untrusted XML data is known to be vulnerable to XML attacks. Replace xml.dom.minidom with the equivalent defusedxml package, or make sure defusedxml.defuse_stdlib() is called.
bcfplugin/tests/interface_tests.py1
  • line 28: Using xml.etree.ElementTree to parse untrusted XML data is known to be vulnerable to XML attacks. Replace xml.etree.ElementTree with the equivalent defusedxml package, or make sure defusedxml.defuse_stdlib() is called.
bcfplugin/tests/search_tests.py1
  • line 27: Using xml.etree.ElementTree to parse untrusted XML data is known to be vulnerable to XML attacks. Replace xml.etree.ElementTree with the equivalent defusedxml package, or make sure defusedxml.defuse_stdlib() is called.
bcfplugin/tests/writer_tests.py1
  • line 27: Using xml.etree.ElementTree to parse untrusted XML data is known to be vulnerable to XML attacks. Replace xml.etree.ElementTree with the equivalent defusedxml package, or make sure defusedxml.defuse_stdlib() is called.
license.*1
  • File not found.
INFO 2
package.xml1
  • Missing author information in package.xml
Layout1
  • No Mod init scripts found
Authors/Maintainers 1
Patrick Podest (podestplatz)

AnimationFreeCAD main

1.0-beta· The FreeCAD Animation workbench allows users to animate any object easily through visual scripting Nodes thanks to PyFlow.

44.1 / 100

Repository

https://github.com/QuentinTournier40/AnimationFreeCAD
main · Created: 2022-01-29 · Updated: 1 yr · 630 python files

Statistics

1,965
DL(Yr)
371
DL(Mo)
35
Stars
10
Issues
Manifest
Branch
main
Version
1.0-beta
License
Apache-2.0
Dependencies 21
  • Compat: PySide2
  • Compat: shiboken2
  • Internal: Draft
  • Internal: PySide
  • Pip: Pillow
  • Pip: Pygments
  • Pip: lxml
  • Pip: numpy
  • Pip: six
  • Warn: ConfigParser (Not in AddonManager allowed packages)
  • Warn: Image (Not in AddonManager allowed packages)
  • Warn: PyQt4 (Not in AddonManager allowed packages)
  • Warn: PyQt5 (Not in AddonManager allowed packages)
  • Warn: Sphinx (Not in AddonManager allowed packages)
  • Warn: aenum (Not in AddonManager allowed packages)
  • Warn: nose (Not in AddonManager allowed packages)
  • Warn: opencv-python (Not in AddonManager allowed packages)
  • Warn: recommonmark (Not in AddonManager allowed packages)
  • Warn: setuptools (Not in AddonManager allowed packages)
  • Warn: shiboken (Not in AddonManager allowed packages)
  • Warn: sip (Not in AddonManager allowed packages)
Static Analysis 105
HIGH 2
PyFlow/Packages/PyFlowBase/UI/UIPythonNode.py1
  • line 220: subprocess call with shell=True identified, security issue.
package.xml1
  • line 2: Expecting a namespace for element package
MEDIUM 44
PyFlow/Core/PyCodeCompiler.py2
  • line 42: Use of exec detected.
  • line 64: Use of exec detected.
PyFlow/Packages/AnimationFreeCAD/Class/Rotation.py1
  • line 45: Use of exec detected.
PyFlow/Packages/AnimationFreeCAD/Class/TranslationAvecCourbe.py1
  • line 56: Use of exec detected.
PyFlow/Packages/AnimationFreeCAD/Class/TranslationTest.py1
  • line 56: Use of exec detected.
PyFlow/Packages/AnimationFreeCAD/Class/translationFormuleMathematiques.py5
  • line 26: Use of possibly insecure function - consider using safer ast.literal_eval.
  • line 27: Use of possibly insecure function - consider using safer ast.literal_eval.
  • line 28: Use of possibly insecure function - consider using safer ast.literal_eval.
  • line 48: Use of exec detected.
  • line 56: Use of exec detected.
requirements/Qt.py-master/examples/loadUi/baseinstance2.py3
  • line 35: Using xml.etree.ElementTree.parse to parse untrusted XML data is known to be vulnerable to XML attacks. Replace xml.etree.ElementTree.parse with its defusedxml equivalent function or make sure defusedxml.defuse_stdlib() is called
  • line 45: Use of exec detected.
  • line 50: Use of possibly insecure function - consider using safer ast.literal_eval.
requirements/Qt.py-master/membership.py3
  • line 158: Use of exec detected.
  • line 167: Use of exec detected.
  • line 176: Use of exec detected.
requirements/blinker-master/tests/test_utilities.py1
  • line 23: Pickle and modules that wrap it can be unsafe when used to deserialize untrusted data, possible security issue.
requirements/docutils-0.18/docutils/utils/math/math2html.py1
  • line 3173: Use of possibly insecure function - consider using safer ast.literal_eval.
requirements/docutils-0.18/docutils/writers/docutils_xml.py1
  • line 84: Using xml.sax.make_parser to parse untrusted XML data is known to be vulnerable to XML attacks. Replace xml.sax.make_parser with its defusedxml equivalent function or make sure defusedxml.defuse_stdlib() is called
requirements/docutils-0.18/docutils/writers/odf_odt/__init__.py6
  • line 758: Using xml.dom.minidom.parseString to parse untrusted XML data is known to be vulnerable to XML attacks. Replace xml.dom.minidom.parseString with its defusedxml equivalent function or make sure defusedxml.defuse_stdlib() is called
  • line 985: Using xml.etree.ElementTree.fromstring to parse untrusted XML data is known to be vulnerable to XML attacks. Replace xml.etree.ElementTree.fromstring with its defusedxml equivalent function or make sure defusedxml.defuse_stdlib() is called
  • line 986: Using xml.etree.ElementTree.fromstring to parse untrusted XML data is known to be vulnerable to XML attacks. Replace xml.etree.ElementTree.fromstring with its defusedxml equivalent function or make sure defusedxml.defuse_stdlib() is called
  • line 991: Using xml.etree.ElementTree.fromstring to parse untrusted XML data is known to be vulnerable to XML attacks. Replace xml.etree.ElementTree.fromstring with its defusedxml equivalent function or make sure defusedxml.defuse_stdlib() is called
  • line 2688: Using xml.etree.ElementTree.fromstring to parse untrusted XML data is known to be vulnerable to XML attacks. Replace xml.etree.ElementTree.fromstring with its defusedxml equivalent function or make sure defusedxml.defuse_stdlib() is called
  • line 2910: Using xml.etree.ElementTree.fromstring to parse untrusted XML data is known to be vulnerable to XML attacks. Replace xml.etree.ElementTree.fromstring with its defusedxml equivalent function or make sure defusedxml.defuse_stdlib() is called
requirements/docutils-0.18/test/functional/tests/footnotes_html5.py1
  • line 2: Use of exec detected.
requirements/docutils-0.18/test/functional/tests/standalone_rst_docutils_xml.py1
  • line 2: Use of exec detected.
requirements/docutils-0.18/test/functional/tests/standalone_rst_html4css1.py1
  • line 2: Use of exec detected.
requirements/docutils-0.18/test/functional/tests/standalone_rst_html5.py1
  • line 2: Use of exec detected.
requirements/docutils-0.18/test/functional/tests/standalone_rst_latex.py1
  • line 2: Use of exec detected.
requirements/docutils-0.18/test/functional/tests/standalone_rst_manpage.py1
  • line 2: Use of exec detected.
requirements/docutils-0.18/test/functional/tests/standalone_rst_pseudoxml.py1
  • line 2: Use of exec detected.
requirements/docutils-0.18/test/functional/tests/standalone_rst_s5_html_1.py1
  • line 2: Use of exec detected.
requirements/docutils-0.18/test/functional/tests/standalone_rst_s5_html_2.py1
  • line 3: Use of exec detected.
requirements/docutils-0.18/test/functional/tests/standalone_rst_xetex.py1
  • line 2: Use of exec detected.
requirements/docutils-0.18/test/test_functional.py2
  • line 114: Use of exec detected.
  • line 116: Use of exec detected.
requirements/docutils-0.18/test/test_pickle.py1
  • line 23: Pickle and modules that wrap it can be unsafe when used to deserialize untrusted data, possible security issue.
requirements/docutils-0.18/test/test_publisher.py1
  • line 160: Pickle and modules that wrap it can be unsafe when used to deserialize untrusted data, possible security issue.
requirements/docutils-0.18/test/test_writers/test_odt.py1
  • line 107: Using xml.etree.ElementTree.fromstring to parse untrusted XML data is known to be vulnerable to XML attacks. Replace xml.etree.ElementTree.fromstring with its defusedxml equivalent function or make sure defusedxml.defuse_stdlib() is called
requirements/docutils-0.18/tools/dev/create_unimap.py1
  • line 66: Using xml.dom.minidom.parse to parse untrusted XML data is known to be vulnerable to XML attacks. Replace xml.dom.minidom.parse with its defusedxml equivalent function or make sure defusedxml.defuse_stdlib() is called
requirements/docutils-0.18/tools/dev/profile_docutils.py1
  • line 38: Use of exec detected.
requirements/nine-1.1.0/nine-1.1.0/nine/__init__.py1
  • line 52: Use of exec detected.
requirements/nine-1.1.0/nine/__init__.py1
  • line 52: Use of exec detected.
LOW 59
PyFlow/App.py3
  • line 21: Consider possible security implications associated with the subprocess module.
  • line 71: Standard pseudo-random generators are not suitable for security/cryptographic purposes.
  • line 205: Try, Except, Continue detected.
PyFlow/Core/GraphBase.py1
  • line 235: Try, Except, Continue detected.
PyFlow/Packages/AnimationFreeCAD/Class/Exportation.py1
  • line 4: Consider possible security implications associated with FALSE module.
PyFlow/Packages/PyFlowBase/FunctionLibraries/DefaultLib.py4
  • line 55: Starting a process with a shell: Seems safe, but may be changed in the future, consider rewriting without shell
  • line 55: Starting a process with a partial executable path
  • line 57: Starting a process with a shell: Seems safe, but may be changed in the future, consider rewriting without shell
  • line 57: Starting a process with a partial executable path
PyFlow/Packages/PyFlowBase/FunctionLibraries/RandomLib.py1
  • line 36: Standard pseudo-random generators are not suitable for security/cryptographic purposes.
PyFlow/Packages/PyFlowBase/Tools/LoggerTool.py2
  • line 30: Consider possible security implications associated with the subprocess module.
  • line 256: subprocess call - check for execution of untrusted input.
PyFlow/Packages/PyFlowBase/UI/UIPythonNode.py1
  • line 17: Consider possible security implications associated with the subprocess module.
PyFlow/UI/CompileUiQt.py2
  • line 18: Consider possible security implications associated with the subprocess module.
  • line 41: subprocess call - check for execution of untrusted input.
PyFlow/UI/EncodeResources.py2
  • line 18: Consider possible security implications associated with the subprocess module.
  • line 54: subprocess call - check for execution of untrusted input.
PyFlow/Wizards/PkgGen.py1
  • line 152: Standard pseudo-random generators are not suitable for security/cryptographic purposes.
requirements/Qt.py-master/Qt.py1
  • line 942: Using ElementTree to parse untrusted XML data is known to be vulnerable to XML attacks. Replace ElementTree with the equivalent defusedxml package, or make sure defusedxml.defuse_stdlib() is called.
requirements/Qt.py-master/examples/loadUi/baseinstance2.py1
  • line 32: Using xml.etree.ElementTree to parse untrusted XML data is known to be vulnerable to XML attacks. Replace xml.etree.ElementTree with the equivalent defusedxml package, or make sure defusedxml.defuse_stdlib() is called.
requirements/Qt.py-master/run_tests.py5
  • line 4: Consider possible security implications associated with the subprocess module.
  • line 43: subprocess call - check for execution of untrusted input.
  • line 47: subprocess call - check for execution of untrusted input.
  • line 50: subprocess call - check for execution of untrusted input.
  • line 53: subprocess call - check for execution of untrusted input.
requirements/Qt.py-master/tests.py9
  • line 9: Consider possible security implications associated with the subprocess module.
  • line 441: Using ElementTree to parse untrusted XML data is known to be vulnerable to XML attacks. Replace ElementTree with the equivalent defusedxml package, or make sure defusedxml.defuse_stdlib() is called.
  • line 560: subprocess call - check for execution of untrusted input.
  • line 568: subprocess call - check for execution of untrusted input.
  • line 576: subprocess call - check for execution of untrusted input.
  • line 594: subprocess call - check for execution of untrusted input.
  • line 637: subprocess call - check for execution of untrusted input.
  • line 647: subprocess call - check for execution of untrusted input.
  • line 836: subprocess call - check for execution of untrusted input.
requirements/blinker-master/tests/test_utilities.py1
  • line 1: Consider possible security implications associated with pickle module.
requirements/docutils-0.18/docutils/nodes.py2
  • line 93: Using xml.dom.minidom to parse untrusted XML data is known to be vulnerable to XML attacks. Replace xml.dom.minidom with the equivalent defusedxml package, or make sure defusedxml.defuse_stdlib() is called.
  • line 1350: Using xml.dom.minidom to parse untrusted XML data is known to be vulnerable to XML attacks. Replace xml.dom.minidom with the equivalent defusedxml package, or make sure defusedxml.defuse_stdlib() is called.
requirements/docutils-0.18/docutils/utils/math/tex2mathml_extern.py8
  • line 19: Consider possible security implications associated with the subprocess module.
  • line 33: Starting a process with a partial executable path
  • line 33: subprocess call - check for execution of untrusted input.
  • line 49: Starting a process with a partial executable path
  • line 49: subprocess call - check for execution of untrusted input.
  • line 79: Starting a process with a partial executable path
  • line 79: subprocess call - check for execution of untrusted input.
  • line 121: subprocess call - check for execution of untrusted input.
requirements/docutils-0.18/docutils/utils/smartquotes.py1
  • line 568: Possible hardcoded password: ' '
requirements/docutils-0.18/docutils/writers/docutils_xml.py1
  • line 14: Using xml.sax.saxutils to parse untrusted XML data is known to be vulnerable to XML attacks. Replace xml.sax.saxutils with the equivalent defusedxml package, or make sure defusedxml.defuse_stdlib() is called.
requirements/docutils-0.18/docutils/writers/odf_odt/__init__.py4
  • line 19: Using ElementTree to parse untrusted XML data is known to be vulnerable to XML attacks. Replace ElementTree with the equivalent defusedxml package, or make sure defusedxml.defuse_stdlib() is called.
  • line 20: Using minidom to parse untrusted XML data is known to be vulnerable to XML attacks. Replace minidom with the equivalent defusedxml package, or make sure defusedxml.defuse_stdlib() is called.
  • line 1104: Starting a process with a shell: Seems safe, but may be changed in the future, consider rewriting without shell
  • line 1104: Starting a process with a partial executable path
requirements/docutils-0.18/docutils/writers/pep_html/__init__.py1
  • line 83: Standard pseudo-random generators are not suitable for security/cryptographic purposes.
requirements/docutils-0.18/test/test_pickle.py1
  • line 12: Consider possible security implications associated with pickle module.
requirements/docutils-0.18/test/test_publisher.py1
  • line 11: Consider possible security implications associated with pickle module.
requirements/docutils-0.18/test/test_writers/test_odt.py1
  • line 36: Using xml.etree.ElementTree to parse untrusted XML data is known to be vulnerable to XML attacks. Replace xml.etree.ElementTree with the equivalent defusedxml package, or make sure defusedxml.defuse_stdlib() is called.
requirements/docutils-0.18/tools/dev/create_unimap.py1
  • line 13: Using minidom to parse untrusted XML data is known to be vulnerable to XML attacks. Replace minidom with the equivalent defusedxml package, or make sure defusedxml.defuse_stdlib() is called.
requirements/docutils-0.18/tools/test/test_buildhtml.py2
  • line 27: Consider possible security implications associated with the subprocess module.
  • line 39: subprocess call - check for execution of untrusted input.
package.xml1
  • line 14: Icon file 'icons/clapCinema.svg' is too big (>16kB)
INFO 1
Layout1
  • Uses exec based layout
Authors/Maintainers 2
Andréas Cottet Quentin Tournier

workfeature-macro

No description

17.9 / 100

Repository

https://github.com/Rentlau/WorkFeature
master · Created: 2015-02-15 · Updated: 2 yr · 34 python files

Statistics

0
DL(Yr)
0
DL(Mo)
28
Stars
3
Issues
Dependencies 6
  • Compat: PySide2
  • Internal: Draft
  • Internal: Mesh
  • Internal: PySide
  • Internal: pivy
  • Pip: numpy
Static Analysis 81
HIGH 1
package.xml1
  • File not found.
MEDIUM 34
WorkFeature/ParCurve/WF_ObjParCurve.py66
  • line 610: Use of possibly insecure function - consider using safer ast.literal_eval.
  • line 615: Use of possibly insecure function - consider using safer ast.literal_eval.
  • line 620: Use of possibly insecure function - consider using safer ast.literal_eval.
  • line 625: Use of possibly insecure function - consider using safer ast.literal_eval.
  • line 750: Use of possibly insecure function - consider using safer ast.literal_eval.
  • line 751: Use of possibly insecure function - consider using safer ast.literal_eval.
  • line 779: Use of possibly insecure function - consider using safer ast.literal_eval.
  • line 780: Use of possibly insecure function - consider using safer ast.literal_eval.
  • line 781: Use of possibly insecure function - consider using safer ast.literal_eval.
  • line 789: Use of possibly insecure function - consider using safer ast.literal_eval.
  • line 790: Use of possibly insecure function - consider using safer ast.literal_eval.
  • line 791: Use of possibly insecure function - consider using safer ast.literal_eval.
  • line 801: Use of possibly insecure function - consider using safer ast.literal_eval.
  • line 802: Use of possibly insecure function - consider using safer ast.literal_eval.
  • line 803: Use of possibly insecure function - consider using safer ast.literal_eval.
  • line 855: Use of exec detected.
  • line 894: Use of possibly insecure function - consider using safer ast.literal_eval.
  • line 895: Use of possibly insecure function - consider using safer ast.literal_eval.
  • line 896: Use of possibly insecure function - consider using safer ast.literal_eval.
  • line 942: Use of exec detected.
  • … 46 more issues
WorkFeature/ParCurve/WF_ObjParCurveEdit.py1
  • line 266: Use of possibly insecure function - consider using safer ast.literal_eval.
WorkFeature/WF.py12
  • line 1001: Use of possibly insecure function - consider using safer ast.literal_eval.
  • line 3804: Possible SQL injection vector through string-based query construction.
  • line 4199: Possible SQL injection vector through string-based query construction.
  • line 5727: Possible SQL injection vector through string-based query construction.
  • line 5805: Possible SQL injection vector through string-based query construction.
  • line 5806: Possible SQL injection vector through string-based query construction.
  • line 5807: Possible SQL injection vector through string-based query construction.
  • line 5808: Possible SQL injection vector through string-based query construction.
  • line 12983: Possible SQL injection vector through string-based query construction.
  • line 13084: Possible SQL injection vector through string-based query construction.
  • line 13421: Possible SQL injection vector through string-based query construction.
  • line 13478: Possible SQL injection vector through string-based query construction.
LOW 1
license.*1
  • File not found.
INFO 1
Layout1
  • No Mod init scripts found
Authors/Maintainers 0

AIGenFurniture main

0.1.6· Parametric furniture cabinet design workbench. Generate cabinets from simple boxes, apply features (fronts, shelves, drawers), and export ma...

0 / 100

Repository

https://github.com/yelloish6/AIGenFurniture-freecad-workbench
main · Created: 2025-08-27 · Updated: 19 d · 871 python files

Statistics

1,882
DL(Yr)
816
DL(Mo)
5
Stars
0
Issues
Manifest
Branch
main
Version
0.1.6
License
LGPL-2.1-or-later
Dependencies 35
  • Internal: Draft
  • Internal: PySide
  • Pip: Pillow
  • Pip: Pygments
  • Pip: defusedxml
  • Pip: fontTools
  • Pip: ipython
  • Pip: lxml
  • Pip: pandas
  • Pip: psutil
  • Pip: pytz
  • Pip: threadpoolctl
  • Warn: Cython (Not in AddonManager allowed packages)
  • Warn: Image (Not in AddonManager allowed packages)
  • Warn: PyInstaller (Not in AddonManager allowed packages)
  • Warn: Pyphen (Not in AddonManager allowed packages)
  • Warn: blessings (Not in AddonManager allowed packages)
  • Warn: checks (Not in AddonManager allowed packages)
  • Warn: cppyy (Not in AddonManager allowed packages)
  • Warn: freetype_py (Not in AddonManager allowed packages)
  • Warn: hypothesis (Not in AddonManager allowed packages)
  • Warn: ipykernel (Not in AddonManager allowed packages)
  • Warn: mtrand (Not in AddonManager allowed packages)
  • Warn: mypy (Not in AddonManager allowed packages)
  • Warn: new (Not in AddonManager allowed packages)
  • Warn: pyaes (Not in AddonManager allowed packages)
  • Warn: pylibdmtx (Not in AddonManager allowed packages)
  • Warn: pymupdf_fonts (Not in AddonManager allowed packages)
  • Warn: pytest (Not in AddonManager allowed packages)
  • Warn: rlPyCairo (Not in AddonManager allowed packages)
  • Warn: rlextra (Not in AddonManager allowed packages)
  • Warn: scipy_doctest (Not in AddonManager allowed packages)
  • Warn: sets (Not in AddonManager allowed packages)
  • Warn: setuptools (Not in AddonManager allowed packages)
  • Warn: uharfbuzz (Not in AddonManager allowed packages)
Static Analysis 362
HIGH 7
freecad/AIGenFurniture/vendor/pymupdf/__init__.py1
  • line 17841: subprocess call with shell=True identified, security issue.
freecad/AIGenFurniture/vendor/reportlab/lib/pdfencrypt.py6
  • line 344: Use of weak MD5 hash for security. Consider usedforsecurity=False
  • line 355: Use of weak MD5 hash for security. Consider usedforsecurity=False
  • line 373: Use of weak MD5 hash for security. Consider usedforsecurity=False
  • line 379: Use of weak MD5 hash for security. Consider usedforsecurity=False
  • line 395: Use of weak MD5 hash for security. Consider usedforsecurity=False
  • line 432: Use of weak MD5 hash for security. Consider usedforsecurity=False
MEDIUM 156
freecad/AIGenFurniture/vendor/numpy/__config__.py1
  • line 96: Probable insecure usage of temp file/directory.
freecad/AIGenFurniture/vendor/numpy/_core/tests/test__exceptions.py2
  • line 19: Pickle and modules that wrap it can be unsafe when used to deserialize untrusted data, possible security issue.
  • line 84: Pickle and modules that wrap it can be unsafe when used to deserialize untrusted data, possible security issue.
freecad/AIGenFurniture/vendor/numpy/_core/tests/test_arrayprint.py2
  • line 340: Use of possibly insecure function - consider using safer ast.literal_eval.
  • line 341: Use of possibly insecure function - consider using safer ast.literal_eval.
freecad/AIGenFurniture/vendor/numpy/_core/tests/test_custom_dtypes.py1
  • line 308: Pickle and modules that wrap it can be unsafe when used to deserialize untrusted data, possible security issue.
freecad/AIGenFurniture/vendor/numpy/_core/tests/test_datetime.py7
  • line 851: Pickle and modules that wrap it can be unsafe when used to deserialize untrusted data, possible security issue.
  • line 853: Pickle and modules that wrap it can be unsafe when used to deserialize untrusted data, possible security issue.
  • line 855: Pickle and modules that wrap it can be unsafe when used to deserialize untrusted data, possible security issue.
  • line 858: Pickle and modules that wrap it can be unsafe when used to deserialize untrusted data, possible security issue.
  • line 865: Pickle and modules that wrap it can be unsafe when used to deserialize untrusted data, possible security issue.
  • line 869: Pickle and modules that wrap it can be unsafe when used to deserialize untrusted data, possible security issue.
  • line 873: Pickle and modules that wrap it can be unsafe when used to deserialize untrusted data, possible security issue.
freecad/AIGenFurniture/vendor/numpy/_core/tests/test_dtype.py4
  • line 1065: Use of possibly insecure function - consider using safer ast.literal_eval.
  • line 1366: Pickle and modules that wrap it can be unsafe when used to deserialize untrusted data, possible security issue.
  • line 1428: Pickle and modules that wrap it can be unsafe when used to deserialize untrusted data, possible security issue.
  • line 1439: Pickle and modules that wrap it can be unsafe when used to deserialize untrusted data, possible security issue.
freecad/AIGenFurniture/vendor/numpy/_core/tests/test_multiarray.py21
  • line 189: Pickle and modules that wrap it can be unsafe when used to deserialize untrusted data, possible security issue.
  • line 1549: Use of possibly insecure function - consider using safer ast.literal_eval.
  • line 1701: Pickle and modules that wrap it can be unsafe when used to deserialize untrusted data, possible security issue.
  • line 1855: Pickle and modules that wrap it can be unsafe when used to deserialize untrusted data, possible security issue.
  • line 1862: Pickle and modules that wrap it can be unsafe when used to deserialize untrusted data, possible security issue.
  • line 1871: Pickle and modules that wrap it can be unsafe when used to deserialize untrusted data, possible security issue.
  • line 1882: Pickle and modules that wrap it can be unsafe when used to deserialize untrusted data, possible security issue.
  • line 3939: Use of possibly insecure function - consider using safer ast.literal_eval.
  • line 4404: Pickle and modules that wrap it can be unsafe when used to deserialize untrusted data, possible security issue.
  • line 4406: Pickle and modules that wrap it can be unsafe when used to deserialize untrusted data, possible security issue.
  • line 4427: Pickle and modules that wrap it can be unsafe when used to deserialize untrusted data, possible security issue.
  • line 4446: Pickle and modules that wrap it can be unsafe when used to deserialize untrusted data, possible security issue.
  • line 4459: Pickle and modules that wrap it can be unsafe when used to deserialize untrusted data, possible security issue.
  • line 4461: Pickle and modules that wrap it can be unsafe when used to deserialize untrusted data, possible security issue.
  • line 4463: Pickle and modules that wrap it can be unsafe when used to deserialize untrusted data, possible security issue.
  • line 4465: Pickle and modules that wrap it can be unsafe when used to deserialize untrusted data, possible security issue.
  • line 4476: Pickle and modules that wrap it can be unsafe when used to deserialize untrusted data, possible security issue.
  • line 4496: Pickle and modules that wrap it can be unsafe when used to deserialize untrusted data, possible security issue.
  • line 4505: Pickle and modules that wrap it can be unsafe when used to deserialize untrusted data, possible security issue.
  • line 4559: Pickle and modules that wrap it can be unsafe when used to deserialize untrusted data, possible security issue.
  • … 1 more issues
freecad/AIGenFurniture/vendor/numpy/_core/tests/test_overrides.py1
  • line 221: Pickle and modules that wrap it can be unsafe when used to deserialize untrusted data, possible security issue.
freecad/AIGenFurniture/vendor/numpy/_core/tests/test_records.py9
  • line 170: Use of possibly insecure function - consider using safer ast.literal_eval.
  • line 171: Use of possibly insecure function - consider using safer ast.literal_eval.
  • line 173: Use of possibly insecure function - consider using safer ast.literal_eval.
  • line 414: Pickle and modules that wrap it can be unsafe when used to deserialize untrusted data, possible security issue.
  • line 415: Pickle and modules that wrap it can be unsafe when used to deserialize untrusted data, possible security issue.
  • line 421: Pickle and modules that wrap it can be unsafe when used to deserialize untrusted data, possible security issue.
  • line 422: Pickle and modules that wrap it can be unsafe when used to deserialize untrusted data, possible security issue.
  • line 429: Pickle and modules that wrap it can be unsafe when used to deserialize untrusted data, possible security issue.
  • line 453: Pickle and modules that wrap it can be unsafe when used to deserialize untrusted data, possible security issue.
freecad/AIGenFurniture/vendor/numpy/_core/tests/test_regression.py16
  • line 52: Pickle and modules that wrap it can be unsafe when used to deserialize untrusted data, possible security issue.
  • line 363: Pickle and modules that wrap it can be unsafe when used to deserialize untrusted data, possible security issue.
  • line 489: Pickle and modules that wrap it can be unsafe when used to deserialize untrusted data, possible security issue.
  • line 833: Pickle and modules that wrap it can be unsafe when used to deserialize untrusted data, possible security issue.
  • line 1069: Pickle and modules that wrap it can be unsafe when used to deserialize untrusted data, possible security issue.
  • line 1082: Pickle and modules that wrap it can be unsafe when used to deserialize untrusted data, possible security issue.
  • line 1275: Pickle and modules that wrap it can be unsafe when used to deserialize untrusted data, possible security issue.
  • line 1277: Pickle and modules that wrap it can be unsafe when used to deserialize untrusted data, possible security issue.
  • line 1907: Pickle and modules that wrap it can be unsafe when used to deserialize untrusted data, possible security issue.
  • line 1919: Pickle and modules that wrap it can be unsafe when used to deserialize untrusted data, possible security issue.
  • line 1931: Pickle and modules that wrap it can be unsafe when used to deserialize untrusted data, possible security issue.
  • line 1957: Pickle and modules that wrap it can be unsafe when used to deserialize untrusted data, possible security issue.
  • line 1966: Pickle and modules that wrap it can be unsafe when used to deserialize untrusted data, possible security issue.
  • line 2212: Pickle and modules that wrap it can be unsafe when used to deserialize untrusted data, possible security issue.
  • line 2436: Pickle and modules that wrap it can be unsafe when used to deserialize untrusted data, possible security issue.
  • line 2567: Pickle and modules that wrap it can be unsafe when used to deserialize untrusted data, possible security issue.
freecad/AIGenFurniture/vendor/numpy/_core/tests/test_scalarmath.py1
  • line 654: Use of possibly insecure function - consider using safer ast.literal_eval.
freecad/AIGenFurniture/vendor/numpy/_core/tests/test_simd.py11
  • line 244: Use of possibly insecure function - consider using safer ast.literal_eval.
  • line 510: Use of possibly insecure function - consider using safer ast.literal_eval.
  • line 640: Use of possibly insecure function - consider using safer ast.literal_eval.
  • line 701: Use of possibly insecure function - consider using safer ast.literal_eval.
  • line 721: Use of possibly insecure function - consider using safer ast.literal_eval.
  • line 741: Use of possibly insecure function - consider using safer ast.literal_eval.
  • line 767: Use of possibly insecure function - consider using safer ast.literal_eval.
  • line 804: Use of possibly insecure function - consider using safer ast.literal_eval.
  • line 843: Use of possibly insecure function - consider using safer ast.literal_eval.
  • line 895: Use of possibly insecure function - consider using safer ast.literal_eval.
  • line 1102: Use of possibly insecure function - consider using safer ast.literal_eval.
freecad/AIGenFurniture/vendor/numpy/_core/tests/test_stringdtype.py1
  • line 366: Pickle and modules that wrap it can be unsafe when used to deserialize untrusted data, possible security issue.
freecad/AIGenFurniture/vendor/numpy/_core/tests/test_ufunc.py5
  • line 204: Pickle and modules that wrap it can be unsafe when used to deserialize untrusted data, possible security issue.
  • line 209: Pickle and modules that wrap it can be unsafe when used to deserialize untrusted data, possible security issue.
  • line 216: Pickle and modules that wrap it can be unsafe when used to deserialize untrusted data, possible security issue.
  • line 226: Pickle and modules that wrap it can be unsafe when used to deserialize untrusted data, possible security issue.
  • line 501: Pickle and modules that wrap it can be unsafe when used to deserialize untrusted data, possible security issue.
freecad/AIGenFurniture/vendor/numpy/_core/tests/test_umath.py2
  • line 513: Use of possibly insecure function - consider using safer ast.literal_eval.
  • line 577: Use of possibly insecure function - consider using safer ast.literal_eval.
freecad/AIGenFurniture/vendor/numpy/_core/tests/test_umath_accuracy.py2
  • line 71: Use of possibly insecure function - consider using safer ast.literal_eval.
  • line 72: Use of possibly insecure function - consider using safer ast.literal_eval.
freecad/AIGenFurniture/vendor/numpy/f2py/auxfuncs.py3
  • line 632: Use of possibly insecure function - consider using safer ast.literal_eval.
  • line 640: Use of possibly insecure function - consider using safer ast.literal_eval.
  • line 644: Use of possibly insecure function - consider using safer ast.literal_eval.
freecad/AIGenFurniture/vendor/numpy/f2py/capi_maps.py3
  • line 159: Use of possibly insecure function - consider using safer ast.literal_eval.
  • line 296: Use of possibly insecure function - consider using safer ast.literal_eval.
  • line 449: Use of possibly insecure function - consider using safer ast.literal_eval.
freecad/AIGenFurniture/vendor/numpy/f2py/crackfortran.py9
  • line 1329: Use of possibly insecure function - consider using safer ast.literal_eval.
  • line 2271: Use of possibly insecure function - consider using safer ast.literal_eval.
  • line 2559: Use of possibly insecure function - consider using safer ast.literal_eval.
  • line 2637: Use of possibly insecure function - consider using safer ast.literal_eval.
  • line 2646: Use of possibly insecure function - consider using safer ast.literal_eval.
  • line 2914: Use of possibly insecure function - consider using safer ast.literal_eval.
  • line 2985: Use of possibly insecure function - consider using safer ast.literal_eval.
  • line 3016: Use of possibly insecure function - consider using safer ast.literal_eval.
  • line 3468: Use of possibly insecure function - consider using safer ast.literal_eval.
freecad/AIGenFurniture/vendor/numpy/lib/_datasource.py2
  • line 333: Audit url open for permitted schemes. Allowing use of file:/ or custom schemes is often unexpected.
  • line 475: Audit url open for permitted schemes. Allowing use of file:/ or custom schemes is often unexpected.
freecad/AIGenFurniture/vendor/numpy/lib/_format_impl.py1
  • line 838: Pickle and modules that wrap it can be unsafe when used to deserialize untrusted data, possible security issue.
freecad/AIGenFurniture/vendor/numpy/lib/_npyio_impl.py1
  • line 494: Pickle and modules that wrap it can be unsafe when used to deserialize untrusted data, possible security issue.
freecad/AIGenFurniture/vendor/numpy/ma/tests/test_core.py6
  • line 733: Pickle and modules that wrap it can be unsafe when used to deserialize untrusted data, possible security issue.
  • line 748: Pickle and modules that wrap it can be unsafe when used to deserialize untrusted data, possible security issue.
  • line 757: Pickle and modules that wrap it can be unsafe when used to deserialize untrusted data, possible security issue.
  • line 767: Pickle and modules that wrap it can be unsafe when used to deserialize untrusted data, possible security issue.
  • line 777: Pickle and modules that wrap it can be unsafe when used to deserialize untrusted data, possible security issue.
  • line 5547: Pickle and modules that wrap it can be unsafe when used to deserialize untrusted data, possible security issue.
freecad/AIGenFurniture/vendor/numpy/ma/tests/test_mrecords.py1
  • line 293: Pickle and modules that wrap it can be unsafe when used to deserialize untrusted data, possible security issue.
freecad/AIGenFurniture/vendor/numpy/ma/tests/test_old_ma.py1
  • line 621: Pickle and modules that wrap it can be unsafe when used to deserialize untrusted data, possible security issue.
freecad/AIGenFurniture/vendor/numpy/matrixlib/tests/test_masked_matrix.py1
  • line 89: Pickle and modules that wrap it can be unsafe when used to deserialize untrusted data, possible security issue.
freecad/AIGenFurniture/vendor/numpy/polynomial/tests/test_polynomial.py1
  • line 62: Pickle and modules that wrap it can be unsafe when used to deserialize untrusted data, possible security issue.
freecad/AIGenFurniture/vendor/numpy/random/tests/test_direct.py5
  • line 303: Pickle and modules that wrap it can be unsafe when used to deserialize untrusted data, possible security issue.
  • line 311: Pickle and modules that wrap it can be unsafe when used to deserialize untrusted data, possible security issue.
  • line 321: Pickle and modules that wrap it can be unsafe when used to deserialize untrusted data, possible security issue.
  • line 327: Pickle and modules that wrap it can be unsafe when used to deserialize untrusted data, possible security issue.
  • line 555: Pickle and modules that wrap it can be unsafe when used to deserialize untrusted data, possible security issue.
freecad/AIGenFurniture/vendor/numpy/random/tests/test_generator_mt19937.py3
  • line 2776: Pickle and modules that wrap it can be unsafe when used to deserialize untrusted data, possible security issue.
  • line 2782: Pickle and modules that wrap it can be unsafe when used to deserialize untrusted data, possible security issue.
  • line 2798: Pickle and modules that wrap it can be unsafe when used to deserialize untrusted data, possible security issue.
freecad/AIGenFurniture/vendor/numpy/random/tests/test_randomstate.py1
  • line 268: Pickle and modules that wrap it can be unsafe when used to deserialize untrusted data, possible security issue.
freecad/AIGenFurniture/vendor/numpy/random/tests/test_smoke.py2
  • line 437: Pickle and modules that wrap it can be unsafe when used to deserialize untrusted data, possible security issue.
  • line 443: Pickle and modules that wrap it can be unsafe when used to deserialize untrusted data, possible security issue.
freecad/AIGenFurniture/vendor/numpy/testing/_private/utils.py2
  • line 1297: Use of exec detected.
  • line 1583: Use of exec detected.
freecad/AIGenFurniture/vendor/numpy/tests/test_public_api.py1
  • line 407: Use of possibly insecure function - consider using safer ast.literal_eval.
freecad/AIGenFurniture/vendor/numpy/tests/test_reloading.py1
  • line 45: Pickle and modules that wrap it can be unsafe when used to deserialize untrusted data, possible security issue.
freecad/AIGenFurniture/vendor/reportlab/graphics/widgets/grids.py1
  • line 517: Probable insecure usage of temp file/directory.
freecad/AIGenFurniture/vendor/reportlab/graphics/widgets/markers.py1
  • line 245: Probable insecure usage of temp file/directory.
freecad/AIGenFurniture/vendor/reportlab/lib/extformat.py1
  • line 48: Use of possibly insecure function - consider using safer ast.literal_eval.
freecad/AIGenFurniture/vendor/reportlab/lib/fontfinder.py1
  • line 231: Pickle and modules that wrap it can be unsafe when used to deserialize untrusted data, possible security issue.
freecad/AIGenFurniture/vendor/reportlab/lib/pdfencrypt.py2
  • line 723: Use of exec detected.
  • line 725: Use of exec detected.
freecad/AIGenFurniture/vendor/reportlab/lib/rl_accel.py1
  • line 26: Use of exec detected.
freecad/AIGenFurniture/vendor/reportlab/lib/rl_safe_eval.py2
  • line 1203: Use of possibly insecure function - consider using safer ast.literal_eval.
  • line 1291: Use of possibly insecure function - consider using safer ast.literal_eval.
freecad/AIGenFurniture/vendor/reportlab/lib/rltempfile.py1
  • line 37: Use of insecure and deprecated function (mktemp).
freecad/AIGenFurniture/vendor/reportlab/lib/testutils.py2
  • line 110: Audit url open for permitted schemes. Allowing use of file:/ or custom schemes is often unexpected.
  • line 184: Use of possibly insecure function - consider using safer ast.literal_eval.
freecad/AIGenFurniture/vendor/reportlab/lib/utils.py4
  • line 122: Pickle and modules that wrap it can be unsafe when used to deserialize untrusted data, possible security issue.
  • line 476: Audit url open for permitted schemes. Allowing use of file:/ or custom schemes is often unexpected.
  • line 806: Deserialization with the marshal module is possibly dangerous.
  • line 907: Pickle and modules that wrap it can be unsafe when used to deserialize untrusted data, possible security issue.
freecad/AIGenFurniture/vendor/reportlab/pdfbase/cidfonts.py4
  • line 205: Deserialization with the marshal module is possibly dangerous.
  • line 206: Deserialization with the marshal module is possibly dangerous.
  • line 207: Deserialization with the marshal module is possibly dangerous.
  • line 208: Deserialization with the marshal module is possibly dangerous.
freecad/AIGenFurniture/vendor/reportlab/pdfgen/textobject.py2
  • line 56: Use of exec detected.
  • line 79: Use of exec detected.
freecad/AIGenFurniture/vendor/stl/stl.py2
  • line 496: Using xml.etree.ElementTree.parse to parse untrusted XML data is known to be vulnerable to XML attacks. Replace xml.etree.ElementTree.parse with its defusedxml equivalent function or make sure defusedxml.defuse_stdlib() is called
  • line 505: Using xml.etree.ElementTree.parse to parse untrusted XML data is known to be vulnerable to XML attacks. Replace xml.etree.ElementTree.parse with its defusedxml equivalent function or make sure defusedxml.defuse_stdlib() is called
freecad/AIGenFurniture/vendor/typing_extensions.py2
  • line 4034: Use of possibly insecure function - consider using safer ast.literal_eval.
  • line 4116: Use of possibly insecure function - consider using safer ast.literal_eval.
LOW 167
freecad/AIGenFurniture/furniture_design/cabinets/features/__init__.py1
  • line 4: Consider possible security implications associated with ShelvesMixin module.
freecad/AIGenFurniture/vendor/et_xmlfile/incremental_tree.py1
  • line 44: Using xml.etree.ElementTree to parse untrusted XML data is known to be vulnerable to XML attacks. Replace xml.etree.ElementTree with the equivalent defusedxml package, or make sure defusedxml.defuse_stdlib() is called.
freecad/AIGenFurniture/vendor/et_xmlfile/xmlfile.py1
  • line 9: Using Element to parse untrusted XML data is known to be vulnerable to XML attacks. Replace Element with the equivalent defusedxml package, or make sure defusedxml.defuse_stdlib() is called.
freecad/AIGenFurniture/vendor/numpy/_core/_methods.py1
  • line 7: Consider possible security implications associated with pickle module.
freecad/AIGenFurniture/vendor/numpy/_core/tests/test__exceptions.py1
  • line 5: Consider possible security implications associated with pickle module.
freecad/AIGenFurniture/vendor/numpy/_core/tests/test_casting_unittests.py1
  • line 168: Standard pseudo-random generators are not suitable for security/cryptographic purposes.
freecad/AIGenFurniture/vendor/numpy/_core/tests/test_cpu_features.py5
  • line 5: Consider possible security implications associated with the subprocess module.
  • line 29: Consider possible security implications associated with the subprocess module.
  • line 30: subprocess call - check for execution of untrusted input.
  • line 109: subprocess call - check for execution of untrusted input.
  • line 162: subprocess call - check for execution of untrusted input.
freecad/AIGenFurniture/vendor/numpy/_core/tests/test_custom_dtypes.py1
  • line 303: Consider possible security implications associated with pickle module.
freecad/AIGenFurniture/vendor/numpy/_core/tests/test_cython.py9
  • line 2: Consider possible security implications associated with the subprocess module.
  • line 55: Starting a process with a partial executable path
  • line 55: subprocess call - check for execution of untrusted input.
  • line 61: Starting a process with a partial executable path
  • line 61: subprocess call - check for execution of untrusted input.
  • line 68: Starting a process with a partial executable path
  • line 68: subprocess call - check for execution of untrusted input.
  • line 73: Starting a process with a partial executable path
  • line 73: subprocess call - check for execution of untrusted input.
freecad/AIGenFurniture/vendor/numpy/_core/tests/test_datetime.py1
  • line 2: Consider possible security implications associated with pickle module.
freecad/AIGenFurniture/vendor/numpy/_core/tests/test_dtype.py2
  • line 4: Consider possible security implications associated with pickle module.
  • line 1334: Standard pseudo-random generators are not suitable for security/cryptographic purposes.
freecad/AIGenFurniture/vendor/numpy/_core/tests/test_hashtable.py3
  • line 14: Standard pseudo-random generators are not suitable for security/cryptographic purposes.
  • line 15: Standard pseudo-random generators are not suitable for security/cryptographic purposes.
  • line 20: Standard pseudo-random generators are not suitable for security/cryptographic purposes.
freecad/AIGenFurniture/vendor/numpy/_core/tests/test_limited_api.py9
  • line 2: Consider possible security implications associated with the subprocess module.
  • line 53: Starting a process with a partial executable path
  • line 53: subprocess call - check for execution of untrusted input.
  • line 59: Starting a process with a partial executable path
  • line 59: subprocess call - check for execution of untrusted input.
  • line 67: Starting a process with a partial executable path
  • line 67: subprocess call - check for execution of untrusted input.
  • line 72: Starting a process with a partial executable path
  • line 72: subprocess call - check for execution of untrusted input.
freecad/AIGenFurniture/vendor/numpy/_core/tests/test_multiarray.py2
  • line 12: Consider possible security implications associated with pickle module.
  • line 183: Consider possible security implications associated with pickle module.
freecad/AIGenFurniture/vendor/numpy/_core/tests/test_nditer.py2
  • line 1: Consider possible security implications associated with the subprocess module.
  • line 2094: subprocess call - check for execution of untrusted input.
freecad/AIGenFurniture/vendor/numpy/_core/tests/test_overrides.py1
  • line 3: Consider possible security implications associated with pickle module.
freecad/AIGenFurniture/vendor/numpy/_core/tests/test_records.py1
  • line 2: Consider possible security implications associated with pickle module.
freecad/AIGenFurniture/vendor/numpy/_core/tests/test_regression.py1
  • line 3: Consider possible security implications associated with pickle module.
freecad/AIGenFurniture/vendor/numpy/_core/tests/test_stringdtype.py1
  • line 4: Consider possible security implications associated with pickle module.
freecad/AIGenFurniture/vendor/numpy/_core/tests/test_ufunc.py1
  • line 3: Consider possible security implications associated with pickle module.
freecad/AIGenFurniture/vendor/numpy/_pyinstaller/tests/test_pyinstaller.py2
  • line 1: Consider possible security implications associated with the subprocess module.
  • line 34: subprocess call - check for execution of untrusted input.
freecad/AIGenFurniture/vendor/numpy/f2py/__init__.py1
  • line 13: Consider possible security implications associated with the subprocess module.
freecad/AIGenFurniture/vendor/numpy/f2py/_backends/_meson.py2
  • line 5: Consider possible security implications associated with the subprocess module.
  • line 179: subprocess call - check for execution of untrusted input.
freecad/AIGenFurniture/vendor/numpy/f2py/tests/test_f2py2e.py5
  • line 4: Consider possible security implications associated with the subprocess module.
  • line 597: subprocess call - check for execution of untrusted input.
  • line 766: subprocess call - check for execution of untrusted input.
  • line 788: subprocess call - check for execution of untrusted input.
  • line 813: subprocess call - check for execution of untrusted input.
freecad/AIGenFurniture/vendor/numpy/f2py/tests/util.py5
  • line 15: Consider possible security implications associated with the subprocess module.
  • line 50: Starting a process with a partial executable path
  • line 50: subprocess call - check for execution of untrusted input.
  • line 246: subprocess call - check for execution of untrusted input.
  • line 267: subprocess call - check for execution of untrusted input.
freecad/AIGenFurniture/vendor/numpy/lib/_format_impl.py2
  • line 166: Consider possible security implications associated with pickle module.
  • line 613: Possible hardcoded password: 'L'
freecad/AIGenFurniture/vendor/numpy/lib/_npyio_impl.py1
  • line 9: Consider possible security implications associated with pickle module.
freecad/AIGenFurniture/vendor/numpy/lib/tests/test_format.py4
  • line 409: Standard pseudo-random generators are not suitable for security/cryptographic purposes.
  • line 941: Consider possible security implications associated with the subprocess module.
  • line 942: Starting a process with a partial executable path
  • line 942: subprocess call - check for execution of untrusted input.
freecad/AIGenFurniture/vendor/numpy/linalg/tests/test_linalg.py3
  • line 6: Consider possible security implications associated with the subprocess module.
  • line 2053: subprocess call - check for execution of untrusted input.
  • line 2058: subprocess call - check for execution of untrusted input.
freecad/AIGenFurniture/vendor/numpy/ma/tests/test_core.py1
  • line 11: Consider possible security implications associated with pickle module.
freecad/AIGenFurniture/vendor/numpy/ma/tests/test_mrecords.py1
  • line 7: Consider possible security implications associated with pickle module.
freecad/AIGenFurniture/vendor/numpy/ma/tests/test_old_ma.py1
  • line 1: Consider possible security implications associated with pickle module.
freecad/AIGenFurniture/vendor/numpy/matrixlib/tests/test_masked_matrix.py1
  • line 1: Consider possible security implications associated with pickle module.
freecad/AIGenFurniture/vendor/numpy/polynomial/tests/test_polynomial.py1
  • line 4: Consider possible security implications associated with pickle module.
freecad/AIGenFurniture/vendor/numpy/random/tests/test_direct.py3
  • line 298: Consider possible security implications associated with pickle module.
  • line 317: Consider possible security implications associated with pickle module.
  • line 540: Consider possible security implications associated with pickle module.
freecad/AIGenFurniture/vendor/numpy/random/tests/test_extending.py7
  • line 3: Consider possible security implications associated with the subprocess module.
  • line 76: Starting a process with a partial executable path
  • line 76: subprocess call - check for execution of untrusted input.
  • line 83: Starting a process with a partial executable path
  • line 83: subprocess call - check for execution of untrusted input.
  • line 87: Starting a process with a partial executable path
  • line 87: subprocess call - check for execution of untrusted input.
freecad/AIGenFurniture/vendor/numpy/random/tests/test_generator_mt19937.py53
  • line 760: Standard pseudo-random generators are not suitable for security/cryptographic purposes.
  • line 767: Standard pseudo-random generators are not suitable for security/cryptographic purposes.
  • line 772: Standard pseudo-random generators are not suitable for security/cryptographic purposes.
  • line 780: Standard pseudo-random generators are not suitable for security/cryptographic purposes.
  • line 789: Standard pseudo-random generators are not suitable for security/cryptographic purposes.
  • line 801: Standard pseudo-random generators are not suitable for security/cryptographic purposes.
  • line 807: Standard pseudo-random generators are not suitable for security/cryptographic purposes.
  • line 813: Standard pseudo-random generators are not suitable for security/cryptographic purposes.
  • line 816: Standard pseudo-random generators are not suitable for security/cryptographic purposes.
  • line 822: Standard pseudo-random generators are not suitable for security/cryptographic purposes.
  • line 828: Standard pseudo-random generators are not suitable for security/cryptographic purposes.
  • line 834: Standard pseudo-random generators are not suitable for security/cryptographic purposes.
  • line 840: Standard pseudo-random generators are not suitable for security/cryptographic purposes.
  • line 865: Standard pseudo-random generators are not suitable for security/cryptographic purposes.
  • line 866: Standard pseudo-random generators are not suitable for security/cryptographic purposes.
  • line 867: Standard pseudo-random generators are not suitable for security/cryptographic purposes.
  • line 868: Standard pseudo-random generators are not suitable for security/cryptographic purposes.
  • line 869: Standard pseudo-random generators are not suitable for security/cryptographic purposes.
  • line 870: Standard pseudo-random generators are not suitable for security/cryptographic purposes.
  • line 874: Standard pseudo-random generators are not suitable for security/cryptographic purposes.
  • … 33 more issues
freecad/AIGenFurniture/vendor/numpy/random/tests/test_randomstate.py1
  • line 2: Consider possible security implications associated with pickle module.
freecad/AIGenFurniture/vendor/numpy/random/tests/test_smoke.py1
  • line 1: Consider possible security implications associated with pickle module.
freecad/AIGenFurniture/vendor/numpy/testing/_private/extbuild.py7
  • line 9: Consider possible security implications associated with the subprocess module.
  • line 230: Starting a process with a partial executable path
  • line 230: subprocess call - check for execution of untrusted input.
  • line 236: Starting a process with a partial executable path
  • line 236: subprocess call - check for execution of untrusted input.
  • line 242: Starting a process with a partial executable path
  • line 242: subprocess call - check for execution of untrusted input.
freecad/AIGenFurniture/vendor/numpy/testing/_private/utils.py2
  • line 1426: Consider possible security implications associated with the subprocess module.
  • line 1429: subprocess call - check for execution of untrusted input.
freecad/AIGenFurniture/vendor/numpy/tests/test_configtool.py3
  • line 5: Consider possible security implications associated with the subprocess module.
  • line 22: Starting a process with a partial executable path
  • line 22: subprocess call - check for execution of untrusted input.
freecad/AIGenFurniture/vendor/numpy/tests/test_public_api.py2
  • line 5: Consider possible security implications associated with the subprocess module.
  • line 65: subprocess call - check for execution of untrusted input.
freecad/AIGenFurniture/vendor/numpy/tests/test_reloading.py3
  • line 1: Consider possible security implications associated with pickle module.
  • line 2: Consider possible security implications associated with the subprocess module.
  • line 70: subprocess call - check for execution of untrusted input.
freecad/AIGenFurniture/vendor/numpy/tests/test_scripts.py3
  • line 6: Consider possible security implications associated with the subprocess module.
  • line 42: subprocess call - check for execution of untrusted input.
  • line 48: subprocess call - check for execution of untrusted input.
freecad/AIGenFurniture/vendor/openpyxl/formula/tokenizer.py1
  • line 43: Possible hardcoded password: ',;}) +-*/^&=><%'
freecad/AIGenFurniture/vendor/openpyxl/utils/protection.py1
  • line 4: Possible hardcoded password: ''
freecad/AIGenFurniture/vendor/openpyxl/xml/functions.py2
  • line 28: Using Element to parse untrusted XML data is known to be vulnerable to XML attacks. Replace Element with the equivalent defusedxml package, or make sure defusedxml.defuse_stdlib() is called.
  • line 40: Using iterparse to parse untrusted XML data is known to be vulnerable to XML attacks. Replace iterparse with the equivalent defusedxml package, or make sure defusedxml.defuse_stdlib() is called.
freecad/AIGenFurniture/vendor/pymupdf/__init__.py5
  • line 17816: Consider possible security implications associated with the subprocess module.
  • line 17818: Starting a process with a partial executable path
  • line 17818: subprocess call with shell=True seems safe, but may be changed in the future, consider rewriting without shell
  • line 17827: Starting a process with a partial executable path
  • line 17827: subprocess call with shell=True seems safe, but may be changed in the future, consider rewriting without shell
freecad/AIGenFurniture/vendor/pymupdf/utils.py1
  • line 5417: Standard pseudo-random generators are not suitable for security/cryptographic purposes.
freecad/AIGenFurniture/vendor/python_utils/decorators.py1
  • line 170: Standard pseudo-random generators are not suitable for security/cryptographic purposes.
freecad/AIGenFurniture/vendor/python_utils/terminal.py5
  • line 129: Consider possible security implications associated with the subprocess module.
  • line 131: Starting a process with a partial executable path
  • line 131: subprocess call - check for execution of untrusted input.
  • line 139: Starting a process with a partial executable path
  • line 139: subprocess call - check for execution of untrusted input.
freecad/AIGenFurniture/vendor/reportlab/graphics/renderPM.py1
  • line 786: Using escape to parse untrusted XML data is known to be vulnerable to XML attacks. Replace escape with the equivalent defusedxml package, or make sure defusedxml.defuse_stdlib() is called.
freecad/AIGenFurniture/vendor/reportlab/lib/extformat.py2
  • line 44: Possible hardcoded password: '('
  • line 45: Possible hardcoded password: ')'
freecad/AIGenFurniture/vendor/reportlab/lib/fontfinder.py3
  • line 61: Consider possible security implications associated with pickle module.
  • line 63: Using quoteattr to parse untrusted XML data is known to be vulnerable to XML attacks. Replace quoteattr with the equivalent defusedxml package, or make sure defusedxml.defuse_stdlib() is called.
  • line 255: Try, Except, Continue detected.
freecad/AIGenFurniture/vendor/reportlab/lib/randomtext.py5
  • line 311: Standard pseudo-random generators are not suitable for security/cryptographic purposes.
  • line 416: Standard pseudo-random generators are not suitable for security/cryptographic purposes.
  • line 418: Standard pseudo-random generators are not suitable for security/cryptographic purposes.
  • line 419: Standard pseudo-random generators are not suitable for security/cryptographic purposes.
  • line 420: Standard pseudo-random generators are not suitable for security/cryptographic purposes.
freecad/AIGenFurniture/vendor/reportlab/lib/rl_accel.py2
  • line 333: Consider possible security implications associated with the subprocess module.
  • line 361: subprocess call - check for execution of untrusted input.
freecad/AIGenFurniture/vendor/reportlab/lib/testutils.py2
  • line 364: Consider possible security implications associated with the subprocess module.
  • line 365: subprocess call - check for execution of untrusted input.
freecad/AIGenFurniture/vendor/reportlab/lib/utils.py2
  • line 7: Consider possible security implications associated with pickle module.
  • line 1067: Using escape to parse untrusted XML data is known to be vulnerable to XML attacks. Replace escape with the equivalent defusedxml package, or make sure defusedxml.defuse_stdlib() is called.
freecad/AIGenFurniture/vendor/reportlab/platypus/doctemplate.py1
  • line 1399: Standard pseudo-random generators are not suitable for security/cryptographic purposes.
freecad/AIGenFurniture/vendor/reportlab/platypus/flowables.py1
  • line 2587: Using escape to parse untrusted XML data is known to be vulnerable to XML attacks. Replace escape with the equivalent defusedxml package, or make sure defusedxml.defuse_stdlib() is called.
freecad/AIGenFurniture/vendor/reportlab/platypus/tableofcontents.py1
  • line 61: Using unescape to parse untrusted XML data is known to be vulnerable to XML attacks. Replace unescape with the equivalent defusedxml package, or make sure defusedxml.defuse_stdlib() is called.
freecad/AIGenFurniture/vendor/stl/main.py1
  • line 52: Standard pseudo-random generators are not suitable for security/cryptographic purposes.
freecad/AIGenFurniture/vendor/stl/stl.py1
  • line 8: Using ElementTree to parse untrusted XML data is known to be vulnerable to XML attacks. Replace ElementTree with the equivalent defusedxml package, or make sure defusedxml.defuse_stdlib() is called.
package.xml1
  • line 21: Icon file 'Resources/Icons/AIGenFurniture_logo_noBG.svg' is too big (>16kB)
INFO 1
Layout1
  • Uses extension based layout
Authors/Maintainers 1
Bogdan

pcb master

6.2023.1· Printed Circuit Board (PCB) Workbench for FreeCAD

0 / 100

Repository

https://github.com/marmni/FreeCAD-PCB
master · Created: 2016-01-06 · Updated: 4 mo · 280 python files

Statistics

3,843
DL(Yr)
687
DL(Mo)
119
Stars
7
Issues
Manifest
Branch
master
Version
6.2023.1
License
AGPLv3.0
Dependencies 19
  • Internal: Draft
  • Internal: Mesh
  • Internal: PySide
  • Internal: Sketcher
  • Internal: pivy
  • Pip: protobuf
  • Warn: ConfigParser (Not in AddonManager allowed packages)
  • Warn: PyQt4 (Not in AddonManager allowed packages)
  • Warn: Sybase (Not in AddonManager allowed packages)
  • Warn: cdecimal (Not in AddonManager allowed packages)
  • Warn: cx_Oracle (Not in AddonManager allowed packages)
  • Warn: dataBase (Not in AddonManager allowed packages)
  • Warn: mx (Not in AddonManager allowed packages)
  • Warn: pgdb (Not in AddonManager allowed packages)
  • Warn: pysqlcipher3 (Not in AddonManager allowed packages)
  • Warn: pysqlite (Not in AddonManager allowed packages)
  • Warn: pytest (Not in AddonManager allowed packages)
  • Warn: pytest_xdist (Not in AddonManager allowed packages)
  • Warn: setuptools (Not in AddonManager allowed packages)
Static Analysis 147
HIGH 3
sqlalchemy/util/langhelpers.py1
  • line 31: Use of weak MD5 hash for security. Consider usedforsecurity=False
package.xml1
  • line 7: Missing license file 'LICENSE'
Layout1
  • Invalid __init__.py file in root. Change to Init.py
MEDIUM 86
PCBbrd.py1
  • line 79: Using xml.dom.minidom.parse to parse untrusted XML data is known to be vulnerable to XML attacks. Replace xml.dom.minidom.parse with its defusedxml equivalent function or make sure defusedxml.defuse_stdlib() is called
PCBdataBase.py8
  • line 345: Use of possibly insecure function - consider using safer ast.literal_eval.
  • line 346: Use of possibly insecure function - consider using safer ast.literal_eval.
  • line 347: Use of possibly insecure function - consider using safer ast.literal_eval.
  • line 369: Use of possibly insecure function - consider using safer ast.literal_eval.
  • line 833: Use of possibly insecure function - consider using safer ast.literal_eval.
  • line 839: Use of possibly insecure function - consider using safer ast.literal_eval.
  • line 856: Use of possibly insecure function - consider using safer ast.literal_eval.
  • line 864: Use of possibly insecure function - consider using safer ast.literal_eval.
PCBfunctions.py1
  • line 835: Use of possibly insecure function - consider using safer ast.literal_eval.
PCBpartManaging.py8
  • line 144: Use of possibly insecure function - consider using safer ast.literal_eval.
  • line 149: Use of possibly insecure function - consider using safer ast.literal_eval.
  • line 591: Use of possibly insecure function - consider using safer ast.literal_eval.
  • line 652: Use of possibly insecure function - consider using safer ast.literal_eval.
  • line 820: Use of possibly insecure function - consider using safer ast.literal_eval.
  • line 821: Use of possibly insecure function - consider using safer ast.literal_eval.
  • line 892: Use of possibly insecure function - consider using safer ast.literal_eval.
  • line 893: Use of possibly insecure function - consider using safer ast.literal_eval.
command/PCBassembly.py1
  • line 454: Use of possibly insecure function - consider using safer ast.literal_eval.
command/PCBassignModel.py3
  • line 448: Use of possibly insecure function - consider using safer ast.literal_eval.
  • line 455: Use of possibly insecure function - consider using safer ast.literal_eval.
  • line 918: Use of possibly insecure function - consider using safer ast.literal_eval.
command/PCBexport.py2
  • line 146: Use of possibly insecure function - consider using safer ast.literal_eval.
  • line 1241: Using xml.dom.minidom.parse to parse untrusted XML data is known to be vulnerable to XML attacks. Replace xml.dom.minidom.parse with its defusedxml equivalent function or make sure defusedxml.defuse_stdlib() is called
command/PCBexportBOM.py1
  • line 364: Use of possibly insecure function - consider using safer ast.literal_eval.
command/PCBexportDrillingMap.py36
  • line 146: Use of possibly insecure function - consider using safer ast.literal_eval.
  • line 280: Use of possibly insecure function - consider using safer ast.literal_eval.
  • line 281: Use of possibly insecure function - consider using safer ast.literal_eval.
  • line 294: Use of possibly insecure function - consider using safer ast.literal_eval.
  • line 295: Use of possibly insecure function - consider using safer ast.literal_eval.
  • line 303: Use of possibly insecure function - consider using safer ast.literal_eval.
  • line 304: Use of possibly insecure function - consider using safer ast.literal_eval.
  • line 305: Use of possibly insecure function - consider using safer ast.literal_eval.
  • line 319: Use of possibly insecure function - consider using safer ast.literal_eval.
  • line 320: Use of possibly insecure function - consider using safer ast.literal_eval.
  • line 321: Use of possibly insecure function - consider using safer ast.literal_eval.
  • line 473: Use of possibly insecure function - consider using safer ast.literal_eval.
  • line 481: Use of possibly insecure function - consider using safer ast.literal_eval.
  • line 491: Use of possibly insecure function - consider using safer ast.literal_eval.
  • line 503: Use of possibly insecure function - consider using safer ast.literal_eval.
  • line 508: Use of possibly insecure function - consider using safer ast.literal_eval.
  • line 515: Use of possibly insecure function - consider using safer ast.literal_eval.
  • line 535: Use of possibly insecure function - consider using safer ast.literal_eval.
  • line 536: Use of possibly insecure function - consider using safer ast.literal_eval.
  • line 544: Use of possibly insecure function - consider using safer ast.literal_eval.
  • … 16 more issues
command/PCBexportHoles.py1
  • line 376: Use of possibly insecure function - consider using safer ast.literal_eval.
command/PCBglue.py1
  • line 126: Use of possibly insecure function - consider using safer ast.literal_eval.
command/PCBsections.py3
  • line 141: Use of possibly insecure function - consider using safer ast.literal_eval.
  • line 739: Using xml.dom.minidom.parse to parse untrusted XML data is known to be vulnerable to XML attacks. Replace xml.dom.minidom.parse with its defusedxml equivalent function or make sure defusedxml.defuse_stdlib() is called
  • line 749: Using xml.dom.minidom.parse to parse untrusted XML data is known to be vulnerable to XML attacks. Replace xml.dom.minidom.parse with its defusedxml equivalent function or make sure defusedxml.defuse_stdlib() is called
formats/dialogMAIN_FORM.py1
  • line 306: Use of possibly insecure function - consider using safer ast.literal_eval.
formats/eagle.py2
  • line 59: Using xml.dom.minidom.parse to parse untrusted XML data is known to be vulnerable to XML attacks. Replace xml.dom.minidom.parse with its defusedxml equivalent function or make sure defusedxml.defuse_stdlib() is called
  • line 140: Using xml.dom.minidom.parse to parse untrusted XML data is known to be vulnerable to XML attacks. Replace xml.dom.minidom.parse with its defusedxml equivalent function or make sure defusedxml.defuse_stdlib() is called
sqlalchemy/dialects/firebird/base.py1
  • line 614: Possible SQL injection vector through string-based query construction.
sqlalchemy/dialects/mssql/base.py1
  • line 2405: Possible SQL injection vector through string-based query construction.
sqlalchemy/dialects/mysql/base.py1
  • line 1683: Possible SQL injection vector through string-based query construction.
sqlalchemy/dialects/oracle/base.py1
  • line 1246: Possible SQL injection vector through string-based query construction.
sqlalchemy/dialects/postgresql/base.py7
  • line 1975: Possible SQL injection vector through string-based query construction.
  • line 2883: Possible SQL injection vector through string-based query construction.
  • line 2964: Possible SQL injection vector through string-based query construction.
  • line 3000: Possible SQL injection vector through string-based query construction.
  • line 3238: Possible SQL injection vector through string-based query construction.
  • line 3416: Possible SQL injection vector through string-based query construction.
  • line 3454: Possible SQL injection vector through string-based query construction.
sqlalchemy/dialects/sqlite/base.py6
  • line 1091: Possible SQL injection vector through string-based query construction.
  • line 1638: Possible SQL injection vector through string-based query construction.
  • line 1677: Possible SQL injection vector through string-based query construction.
  • line 1689: Possible SQL injection vector through string-based query construction.
  • line 2150: Possible SQL injection vector through string-based query construction.
  • line 2159: Possible SQL injection vector through string-based query construction.
sqlalchemy/ext/declarative/clsregistry.py1
  • line 326: Use of possibly insecure function - consider using safer ast.literal_eval.
sqlalchemy/orm/instrumentation.py1
  • line 565: Use of exec detected.
sqlalchemy/orm/persistence.py1
  • line 833: Possible SQL injection vector through string-based query construction.
sqlalchemy/sql/selectable.py1
  • line 3253: Possible SQL injection vector through string-based query construction.
sqlalchemy/testing/plugin/pytestplugin.py1
  • line 321: Use of exec detected.
sqlalchemy/testing/suite/test_reflection.py2
  • line 150: Possible SQL injection vector through string-based query construction.
  • line 431: Possible SQL injection vector through string-based query construction.
sqlalchemy/testing/suite/test_sequence.py1
  • line 85: Possible SQL injection vector through string-based query construction.
sqlalchemy/util/_preloaded.py1
  • line 144: Use of possibly insecure function - consider using safer ast.literal_eval.
sqlalchemy/util/compat.py3
  • line 244: Use of exec detected.
  • line 246: Use of exec detected.
  • line 293: Use of exec detected.
sqlalchemy/util/langhelpers.py3
  • line 162: Use of exec detected.
  • line 207: Use of exec detected.
  • line 1455: Use of exec detected.
LOW 43
PCBbrd.py1
  • line 35: Using minidom to parse untrusted XML data is known to be vulnerable to XML attacks. Replace minidom with the equivalent defusedxml package, or make sure defusedxml.defuse_stdlib() is called.
PCBfunctions.py2
  • line 327: Standard pseudo-random generators are not suitable for security/cryptographic purposes.
  • line 330: Standard pseudo-random generators are not suitable for security/cryptographic purposes.
PCBobjects.py3
  • line 868: Standard pseudo-random generators are not suitable for security/cryptographic purposes.
  • line 868: Standard pseudo-random generators are not suitable for security/cryptographic purposes.
  • line 868: Standard pseudo-random generators are not suitable for security/cryptographic purposes.
PCBtoolBar.py2
  • line 250: Starting a process without a shell.
  • line 832: Try, Except, Continue detected.
command/PCBassembly.py1
  • line 299: Standard pseudo-random generators are not suitable for security/cryptographic purposes.
command/PCBexplode.py2
  • line 518: Try, Except, Continue detected.
  • line 533: Try, Except, Continue detected.
command/PCBexport.py1
  • line 34: Using minidom to parse untrusted XML data is known to be vulnerable to XML attacks. Replace minidom with the equivalent defusedxml package, or make sure defusedxml.defuse_stdlib() is called.
command/PCBexportDrillingMap.py1
  • line 164: Standard pseudo-random generators are not suitable for security/cryptographic purposes.
command/PCBexportKerkythea.py3
  • line 169: Standard pseudo-random generators are not suitable for security/cryptographic purposes.
  • line 172: Standard pseudo-random generators are not suitable for security/cryptographic purposes.
  • line 346: Try, Except, Continue detected.
command/PCBexportPovRay.py1
  • line 72: Try, Except, Continue detected.
command/PCBsections.py1
  • line 37: Using minidom to parse untrusted XML data is known to be vulnerable to XML attacks. Replace minidom with the equivalent defusedxml package, or make sure defusedxml.defuse_stdlib() is called.
formats/eagle.py1
  • line 30: Using minidom to parse untrusted XML data is known to be vulnerable to XML attacks. Replace minidom with the equivalent defusedxml package, or make sure defusedxml.defuse_stdlib() is called.
formats/fidocadj.py3
  • line 611: Try, Except, Continue detected.
  • line 863: Try, Except, Continue detected.
  • line 1078: Try, Except, Continue detected.
formats/kicad_v3.py1
  • line 855: Try, Except, Continue detected.
formats/librepcb.py1
  • line 600: Try, Except, Continue detected.
formats/razen.py1
  • line 78: Try, Except, Continue detected.
sqlalchemy/dialects/mssql/base.py3
  • line 2261: Possible hardcoded password: '['
  • line 2264: Possible hardcoded password: ']'
  • line 2266: Possible hardcoded password: '.'
sqlalchemy/dialects/mysql/mysqldb.py1
  • line 184: Possible hardcoded password: 'passwd'
sqlalchemy/dialects/mysql/oursql.py1
  • line 204: Possible hardcoded password: 'passwd'
sqlalchemy/dialects/oracle/cx_oracle.py1
  • line 1176: Standard pseudo-random generators are not suitable for security/cryptographic purposes.
sqlalchemy/dialects/oracle/provision.py1
  • line 101: Possible hardcoded password: 'xe'
sqlalchemy/dialects/sybase/pysybase.py1
  • line 74: Possible hardcoded password: 'passwd'
sqlalchemy/engine/default.py1
  • line 578: Standard pseudo-random generators are not suitable for security/cryptographic purposes.
sqlalchemy/orm/path_registry.py2
  • line 27: Possible hardcoded password: '*'
  • line 28: Possible hardcoded password: '_sa_default'
sqlalchemy/testing/util.py3
  • line 54: Consider possible security implications associated with cPickle module.
  • line 60: Consider possible security implications associated with pickle module.
  • line 87: Standard pseudo-random generators are not suitable for security/cryptographic purposes.
sqlalchemy/util/compat.py3
  • line 108: Consider possible security implications associated with pickle module.
  • line 218: Consider possible security implications associated with cPickle module.
  • line 220: Consider possible security implications associated with pickle module.
license.*1
  • File not found.
INFO 2
package.xml1
  • Missing author information in package.xml
Layout1
  • Uses exec based layout
Authors/Maintainers 1
marmni