brin
brin

h2o

PyPI

Is h2o safe to use?

Based on the latest brin safety scan, no vulnerabilities or threats were detected for h2o v3.46.0.9. Trust score: 90/100. 1 known CVE, no detected threat patterns, and no suspicious capabilities identified. This is an automated, point-in-time assessment.

Install (safety-checked)

h2o Passed Security Checks

No security concerns detected

clean
CVEs

1

Threats

0

Install Scripts

0

Risk Indicators

  • GHSA-p2vc-m5fv-9w9m: UNKNOWN

h2o CVE Vulnerabilities (1)

GHSA-p2vc-m5fv-9w9m

H2O Vulnerable to Denial of Service (DoS) via `/3/ImportFiles` Endpoint

No Concerns Detected

No security concerns detected in the latest brin assessment. This is an automated, point-in-time evaluation — security posture may change.

This is an automated, point-in-time assessment and may contain errors. Findings are risk indicators, not confirmed threats. Security posture may change over time. Maintainers can dispute findings via the brin review process.

h2o Capabilities & Permissions

What h2o can access when installed. Review these capabilities before using with AI agents like Cursor, Claude Code, or Codex.

Network Access

This package makes network requests.

127.0.0.1arxiv.orgbugs.python.orgdocs.h2o.aidocs.python.orgexample.comgithub.comh2o-public-test-data.s3.amazonaws.comh2o-release.s3.amazonaws.commath.nist.gov+10 more
Protocols: http, https

Filesystem Access

Reads and writes to the filesystem.

.env (rw)/tmp/ (rw).env (rw).env (rw)/usr/ (rw)/usr/ (rw)/usr/ (rw)/usr/ (rw)+34 more

Process Spawning

This package can spawn child processes.

Environment Variables

Accesses the following environment variables.

COLUMNSH2O_DISABLE_STRICT_VERSION_CHECKH2O_JAR_PATHH2O_JAVA_HOMEJAVA_HOMEPATHUSERUSERNAME

Native Modules

Contains native code that runs outside the JavaScript sandbox.

numpypandasscipy

AGENTS.md for h2o

Good instructions lead to good results. brin adds h2o documentation to your AGENTS.md so your agent knows how to use it properly—improving both safety and performance.

brin init

Vercel's research: 100% accuracy with AGENTS.md vs 53% without →

h2o Documentation & Source Code

For the full h2o README, API documentation, and source code, visit the official package registry.

View on PyPIView SourceHomepage

Frequently asked questions about h2o safety

Weekly Downloads

60.0K

Version

3.46.0.9

License

ISC

Last Scanned

Feb 10, 2026

Trust Score

90/100·Legitimacy signals, not safety

CVEs (1)

GHSA-p2vc-m5fv-9w9m

H2O Vulnerable to Denial of Service (DoS) via `/3/ImportFiles` Endpoint

Capabilities

Network

Connects to: 127.0.0.1, arxiv.org, bugs.python.org...

Filesystem

Reads & Writes files

Process

Spawns child processes

Environment

Accesses: COLUMNS, H2O_DISABLE_STRICT_VERSION_CHECK, H2O_JAR_PATH...

Native

Contains native modules

Is h2o Safe? | PyPI Safety Scan - brin