Is decimal safe to use?

decimal has 1 known vulnerabilities on the latest version (3.1.1). DepScope rates its health at 83/100 (low risk).

What is the latest version of decimal?

The latest version of decimal is 3.1.1, released 2026-05-27.

Does decimal have known vulnerabilities?

Yes. decimal has 1 known vulnerabilities. See depscope.dev/pkg/hex/decimal for details.

Is decimal deprecated?

No, decimal is actively maintained. Latest release: 3.1.1 (2026-05-27).

What are alternatives to decimal?

DepScope has no curated alternatives for decimal at this time.

What license does decimal use?

decimal is licensed under Apache-2.0.

decimal

hexv3.1.1

Arbitrary precision decimal arithmetic.

License Apache-2.0permissive36 versions2 maintainers0 deps318,823 weekly dl

ericmj/decimal

/ 100

Health

safe to use

[email protected] is safe to use (health: 83/100)

Update to >= 6a523f3a73b8c9974540e21c7aa88f1258bb35ae to fix known vulnerabilities

Health breakdown0 – 100

25/25

maintenance

14/20

popularity

23/25

security

15/15

maturity

6/15

community

0/15

popularity_floor

Vulnerabilities

1 medium

Advisories (1)

Severity	ID	Summary	Fixed in
medium	CVE-2026-32686	Unbounded exponent in decimal enables unauthenticated DoS	6a523f3a73b8c9974540e21c7aa88f1258bb35ae

OSS Scorecard

OpenSSF security posture score

3.6/10

weak

Maintainer trust

Active maintainers (3m)

1

Contributors (12m)

1

Primary author dominance

100%

GitHub stars

476

single active maintainer 3msingle author dominance

Health History

Dependency Tree

License Audit

API access

Get this data programmatically — free, no authentication.

curl https://depscope.dev/api/check/hex/decimal

First published · 2014-04-21T18:22:13.000000Z

Last updated · 2026-05-27T12:42:10.349392Z