{"version": "2.1.0", "$schema": "https://json.schemastore.org/sarif-2.1.0.json", "runs": [{"tool": {"driver": {"name": "Repobility", "informationUri": "https://repobility.com", "rules": [{"id": "GHSA-xv59-967r-8726", "name": "openssl: GHSA-xv59-967r-8726", "shortDescription": {"text": "openssl: GHSA-xv59-967r-8726"}, "fullDescription": {"text": "rust-openssl vulnerable to heap buffer overflow when encrypting with AES key-wrap-with-padding"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "medium", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GHSA-phqj-4mhp-q6mq", "name": "openssl: GHSA-phqj-4mhp-q6mq", "shortDescription": {"text": "openssl: GHSA-phqj-4mhp-q6mq"}, "fullDescription": {"text": "rust-openssl: Potential out-of-bounds write in `CipherCtxRef::cipher_update_inplace` for AES-KW-PAD ciphers"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "medium", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GHSA-fjx5-qpf4-xjf2", "name": "borsh: GHSA-fjx5-qpf4-xjf2", "shortDescription": {"text": "borsh: GHSA-fjx5-qpf4-xjf2"}, "fullDescription": {"text": "Parsing borsh messages with ZST which are not-copy/clone is unsound"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "medium", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "CORE_NO_CI", "name": "No CI/CD configuration found", "shortDescription": {"text": "No CI/CD configuration found"}, "fullDescription": {"text": "Add a CI/CD pipeline: create .github/workflows/ci.yml for GitHub Actions with steps to lint, test, and build on every push and pull request."}, "properties": {"scanner": "repobility-core", "category": "practices", "severity": "medium", "confidence": null, "cwe": "", "owasp": ""}}, {"id": "GHSA-xmgf-hq76-4vx2", "name": "openssl: GHSA-xmgf-hq76-4vx2", "shortDescription": {"text": "openssl: GHSA-xmgf-hq76-4vx2"}, "fullDescription": {"text": "rust-opennssl has an Out-of-bounds read in PEM password callback when returning an oversized length"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "low", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "AIC003", "name": "Duplicated implementation block across source files", "shortDescription": {"text": "Duplicated implementation block across source files"}, "fullDescription": {"text": "Duplicated blocks are a common artifact when generated code is pasted or recreated instead of reused. They increase maintenance cost because every future bug fix must be found in multiple locations."}, "properties": {"scanner": "repobility-ai-code-hygiene", "category": "quality", "severity": "low", "confidence": 0.86, "cwe": "", "owasp": ""}}, {"id": "CORE_NO_LICENSE", "name": "No LICENSE file", "shortDescription": {"text": "No LICENSE file"}, "fullDescription": {"text": "Add a LICENSE file to your repository. Use choosealicense.com to pick the right license (MIT for permissive, Apache 2.0 for patent protection, GPL for copyleft)."}, "properties": {"scanner": "repobility-core", "category": "documentation", "severity": "low", "confidence": null, "cwe": "", "owasp": ""}}, {"id": "SEC035", "name": "[SEC035] Unbounded Resource Allocation \u2014 DoS risk (and 2 more): Same pattern found in 2 additional files. Review if need", "shortDescription": {"text": "[SEC035] Unbounded Resource Allocation \u2014 DoS risk (and 2 more): Same pattern found in 2 additional files. Review if needed."}, "fullDescription": {"text": "Cap user-controlled sizes BEFORE allocation:\n  size = min(int(request.args.get('n', 100)), MAX_SIZE)\nSet framework-level limits:\n  Flask:    app.config['MAX_CONTENT_LENGTH'] = 10 * 1024 * 1024\n  FastAPI:  use middleware to enforce request size\n  Django:   DATA_UPLOAD_MAX_MEMORY_SIZE in settings.py\nNever raise `sys.setrecursionlimit` past 10K without a deeper review."}, "properties": {"scanner": "repobility-threat-engine", "category": "resource_exhaustion", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "MINED066", "name": "[MINED066] Rust Panic Macro: panic!() unwinds the stack. Use Result for recoverable errors.", "shortDescription": {"text": "[MINED066] Rust Panic Macro: panic!() unwinds the stack. Use Result for recoverable errors."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-755 /  for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "RUSTSEC-2026-0009", "name": "time: RUSTSEC-2026-0009", "shortDescription": {"text": "time: RUSTSEC-2026-0009"}, "fullDescription": {"text": "Denial of Service via Stack Exhaustion"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "RUSTSEC-2026-0049", "name": "rustls-webpki: RUSTSEC-2026-0049", "shortDescription": {"text": "rustls-webpki: RUSTSEC-2026-0049"}, "fullDescription": {"text": "CRLs not considered authoritative by Distribution Point due to faulty matching logic"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "RUSTSEC-2026-0104", "name": "rustls-webpki: RUSTSEC-2026-0104", "shortDescription": {"text": "rustls-webpki: RUSTSEC-2026-0104"}, "fullDescription": {"text": "Reachable panic in certificate revocation list parsing"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "RUSTSEC-2026-0099", "name": "rustls-webpki: RUSTSEC-2026-0099", "shortDescription": {"text": "rustls-webpki: RUSTSEC-2026-0099"}, "fullDescription": {"text": "Name constraints were accepted for certificates asserting a wildcard name"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "RUSTSEC-2026-0098", "name": "rustls-webpki: RUSTSEC-2026-0098", "shortDescription": {"text": "rustls-webpki: RUSTSEC-2026-0098"}, "fullDescription": {"text": "Name constraints for URI names were incorrectly accepted"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "RUSTSEC-2025-0134", "name": "rustls-pemfile: RUSTSEC-2025-0134", "shortDescription": {"text": "rustls-pemfile: RUSTSEC-2025-0134"}, "fullDescription": {"text": "rustls-pemfile is unmaintained"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "RUSTSEC-2026-0001", "name": "rkyv: RUSTSEC-2026-0001", "shortDescription": {"text": "rkyv: RUSTSEC-2026-0001"}, "fullDescription": {"text": "Potential Undefined Behaviors in `Arc<T>`/`Rc<T>` impls of `from_value` on OOM"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "RUSTSEC-2026-0097", "name": "rand: RUSTSEC-2026-0097", "shortDescription": {"text": "rand: RUSTSEC-2026-0097"}, "fullDescription": {"text": "Rand is unsound with a custom logger using `rand::rng()`"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "RUSTSEC-2026-0037", "name": "quinn-proto: RUSTSEC-2026-0037", "shortDescription": {"text": "quinn-proto: RUSTSEC-2026-0037"}, "fullDescription": {"text": "Denial of service in Quinn endpoints"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "RUSTSEC-2024-0436", "name": "paste: RUSTSEC-2024-0436", "shortDescription": {"text": "paste: RUSTSEC-2024-0436"}, "fullDescription": {"text": "paste - no longer maintained"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GHSA-xp3w-r5p5-63rr", "name": "openssl: GHSA-xp3w-r5p5-63rr", "shortDescription": {"text": "openssl: GHSA-xp3w-r5p5-63rr"}, "fullDescription": {"text": "rust-openssl has undefined behavior in X509Ref::ocsp_responders for certificates with non-UTF-8 OCSP URLs"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GHSA-pqf5-4pqq-29f5", "name": "openssl: GHSA-pqf5-4pqq-29f5", "shortDescription": {"text": "openssl: GHSA-pqf5-4pqq-29f5"}, "fullDescription": {"text": "rust-openssl: Deriver::derive and PkeyCtxRef::derive can overflow short buffers on OpenSSL 1.1.1"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GHSA-hppc-g8h3-xhp3", "name": "openssl: GHSA-hppc-g8h3-xhp3", "shortDescription": {"text": "openssl: GHSA-hppc-g8h3-xhp3"}, "fullDescription": {"text": "rust-openssl: Unchecked callback length in PSK/cookie trampolines leaks adjacent memory to peer"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GHSA-ghm9-cr32-g9qj", "name": "openssl: GHSA-ghm9-cr32-g9qj", "shortDescription": {"text": "openssl: GHSA-ghm9-cr32-g9qj"}, "fullDescription": {"text": "rust-openssl: rustMdCtxRef::digest_final() writes past caller buffer with no length check"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GHSA-8c75-8mhr-p7r9", "name": "openssl: GHSA-8c75-8mhr-p7r9", "shortDescription": {"text": "openssl: GHSA-8c75-8mhr-p7r9"}, "fullDescription": {"text": "rust-openssl has incorrect bounds assertion in aes key wrap"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "RUSTSEC-2025-0022", "name": "openssl: RUSTSEC-2025-0022", "shortDescription": {"text": "openssl: RUSTSEC-2025-0022"}, "fullDescription": {"text": "Use-After-Free in `Md::fetch` and `Cipher::fetch`"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "RUSTSEC-2025-0119", "name": "number_prefix: RUSTSEC-2025-0119", "shortDescription": {"text": "number_prefix: RUSTSEC-2025-0119"}, "fullDescription": {"text": "number_prefix crate is unmaintained"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "RUSTSEC-2025-0161", "name": "libsecp256k1: RUSTSEC-2025-0161", "shortDescription": {"text": "libsecp256k1: RUSTSEC-2025-0161"}, "fullDescription": {"text": "libsecp256k1 is unmaintained"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "RUSTSEC-2026-0012", "name": "keccak: RUSTSEC-2026-0012", "shortDescription": {"text": "keccak: RUSTSEC-2026-0012"}, "fullDescription": {"text": "Unsoundness in opt-in ARMv8 assembly backend for `keccak`"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "RUSTSEC-2022-0093", "name": "ed25519-dalek: RUSTSEC-2022-0093", "shortDescription": {"text": "ed25519-dalek: RUSTSEC-2022-0093"}, "fullDescription": {"text": "Double Public Key Signing Function Oracle Attack on `ed25519-dalek`"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "RUSTSEC-2024-0388", "name": "derivative: RUSTSEC-2024-0388", "shortDescription": {"text": "derivative: RUSTSEC-2024-0388"}, "fullDescription": {"text": "`derivative` is unmaintained; consider using an alternative"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "RUSTSEC-2024-0344", "name": "curve25519-dalek: RUSTSEC-2024-0344", "shortDescription": {"text": "curve25519-dalek: RUSTSEC-2024-0344"}, "fullDescription": {"text": "Timing variability in `curve25519-dalek`'s `Scalar29::sub`/`Scalar52::sub`"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "RUSTSEC-2026-0007", "name": "bytes: RUSTSEC-2026-0007", "shortDescription": {"text": "bytes: RUSTSEC-2026-0007"}, "fullDescription": {"text": "Integer overflow in `BytesMut::reserve`"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "RUSTSEC-2025-0141", "name": "bincode: RUSTSEC-2025-0141", "shortDescription": {"text": "bincode: RUSTSEC-2025-0141"}, "fullDescription": {"text": "Bincode is unmaintained"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "MINED003", "name": "[MINED003] Rust Unwrap In Prod: .unwrap() panics if None/Err. Acceptable in tests; risky elsewhere.", "shortDescription": {"text": "[MINED003] Rust Unwrap In Prod: .unwrap() panics if None/Err. Acceptable in tests; risky elsewhere."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-755 /  for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "high", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "CORE_NO_TESTS", "name": "No test files found", "shortDescription": {"text": "No test files found"}, "fullDescription": {"text": "Add a test directory (tests/ or __tests__/) with unit tests for core functionality. Use pytest (Python), Jest (JS/TS), or go test (Go). Start with tests for critical business logic and security-sensitive functions."}, "properties": {"scanner": "repobility-core", "category": "testing", "severity": "high", "confidence": null, "cwe": "", "owasp": ""}}]}}, "automationDetails": {"id": "repobility/1062"}, "properties": {"repository": "regolith-labs/ore", "repoUrl": "https://github.com/regolith-labs/ore", "branch": "master"}, "results": [{"ruleId": "GHSA-xv59-967r-8726", "level": "warning", "message": {"text": "openssl: GHSA-xv59-967r-8726"}, "properties": {"repobilityId": 104162, "scanner": "osv-scanner", "fingerprint": "40f7a69afef8f05b62f850cc1a053fe6e15a2035daedd2be3c02e1fc04ce060b", "category": "dependency", "severity": "medium", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-44662"], "package": "openssl", "rule_id": "GHSA-xv59-967r-8726", "scanner": "osv-scanner", "correlation_key": "vuln|openssl|CVE-2026-44662|cargo.lock"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "Cargo.lock"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-phqj-4mhp-q6mq", "level": "warning", "message": {"text": "openssl: GHSA-phqj-4mhp-q6mq"}, "properties": {"repobilityId": 104158, "scanner": "osv-scanner", "fingerprint": "e7d9444dd05c6f7db70b4bbdd19e857b94c64c61212cc0633fa15cbc0de69929", "category": "dependency", "severity": "medium", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-45784"], "package": "openssl", "rule_id": "GHSA-phqj-4mhp-q6mq", "scanner": "osv-scanner", "correlation_key": "vuln|openssl|CVE-2026-45784|cargo.lock"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "Cargo.lock"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-fjx5-qpf4-xjf2", "level": "warning", "message": {"text": "borsh: GHSA-fjx5-qpf4-xjf2"}, "properties": {"repobilityId": 104146, "scanner": "osv-scanner", "fingerprint": "c1a31094169df1446fd7d64ddbf2a2d76b8a15c380bd356b8863323dc1ec79d6", "category": "dependency", "severity": "medium", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["RUSTSEC-2023-0033"], "package": "borsh", "rule_id": "GHSA-fjx5-qpf4-xjf2", "scanner": "osv-scanner", "correlation_key": "vuln|borsh|GHSA-FJX5-QPF4-XJF2|cargo.lock"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "Cargo.lock"}, "region": {"startLine": 1}}}]}, {"ruleId": "CORE_NO_CI", "level": "warning", "message": {"text": "No CI/CD configuration found"}, "properties": {"repobilityId": 104136, "scanner": "repobility-core", "fingerprint": "ca5da3551af97272c4f099fc472740148135a15816b81b90bd862e8f91ec66ce", "category": "practices", "severity": "medium", "confidence": null, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"rule_id": "CORE_NO_CI", "scanner": "repobility-core", "correlation_key": "repo|practices|core_no_ci"}}}, {"ruleId": "GHSA-xmgf-hq76-4vx2", "level": "note", "message": {"text": "openssl: GHSA-xmgf-hq76-4vx2"}, "properties": {"repobilityId": 104160, "scanner": "osv-scanner", "fingerprint": "0bc60beacdb75611689692a159e78cd7d749ffffcaa137ffd32c2c53a7f6a2a7", "category": "dependency", "severity": "low", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-41677"], "package": "openssl", "rule_id": "GHSA-xmgf-hq76-4vx2", "scanner": "osv-scanner", "correlation_key": "vuln|openssl|CVE-2026-41677|cargo.lock"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "Cargo.lock"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 104137, "scanner": "repobility-ai-code-hygiene", "fingerprint": "3a2c534469e983c58f9d448c06f79f077865fad73d9f6d908ae39a3f0edb12ec", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "program/src/bury.rs", "duplicate_line": 52, "correlation_key": "fp|3a2c534469e983c58f9d448c06f79f077865fad73d9f6d908ae39a3f0edb12ec"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "program/src/buyback.rs"}, "region": {"startLine": 106}}}]}, {"ruleId": "CORE_NO_LICENSE", "level": "note", "message": {"text": "No LICENSE file"}, "properties": {"repobilityId": 104135, "scanner": "repobility-core", "fingerprint": "9314e9238cd99885865b92490d1aaa96ca62b1390c9377878d5f3d99227e1c3c", "category": "documentation", "severity": "low", "confidence": null, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"rule_id": "CORE_NO_LICENSE", "scanner": "repobility-core", "correlation_key": "repo|documentation|core_no_license"}}}, {"ruleId": "SEC035", "level": "none", "message": {"text": "[SEC035] Unbounded Resource Allocation \u2014 DoS risk (and 2 more): Same pattern found in 2 additional files. Review if needed."}, "properties": {"repobilityId": 104144, "scanner": "repobility-threat-engine", "fingerprint": "32181899fd70cd79eccb1f3d4a885720d5ff57f2275fc23a5edfd09bced21cc3", "category": "resource_exhaustion", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 2 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"reason": "Deduplicated summary only: 2 additional occurrences found. The top occurrences remain visible as actionable findings.", "rule_id": "SEC035", "scanner": "repobility-threat-engine", "confidence": 0.2, "correlation_key": "fp|32181899fd70cd79eccb1f3d4a885720d5ff57f2275fc23a5edfd09bced21cc3"}}}, {"ruleId": "MINED066", "level": "none", "message": {"text": "[MINED066] Rust Panic Macro: panic!() unwinds the stack. Use Result for recoverable errors."}, "properties": {"repobilityId": 104140, "scanner": "repobility-threat-engine", "fingerprint": "b825cf71842c5206dc1e153956740753ce36140f31c0b83f89e8dcbdc6a3bdc6", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "rust-panic-macro", "owasp": null, "cwe_ids": ["CWE-755"], "languages": ["rust"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348055+00:00", "triaged_in_corpus": 12, "observations_count": 48611, "ai_coder_pattern_id": 113}, "scanner": "repobility-threat-engine", "correlation_key": "fp|b825cf71842c5206dc1e153956740753ce36140f31c0b83f89e8dcbdc6a3bdc6"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "api/src/state/miner.rs"}, "region": {"startLine": 97}}}]}, {"ruleId": "RUSTSEC-2026-0009", "level": "error", "message": {"text": "time: RUSTSEC-2026-0009"}, "properties": {"repobilityId": 104172, "scanner": "osv-scanner", "fingerprint": "9fb941cdcde7d808df297ded949de574907ac1fbeb6f7223b9e05c56e941adb0", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "Collapsed 1 duplicate scanner signal(s) for the same underlying issue.", "evidence": {"match": "", "aliases": ["CVE-2026-25727", "GHSA-r6v5-fh4h-64xc"], "package": "time", "rule_id": "RUSTSEC-2026-0009", "scanner": "osv-scanner", "correlation_key": "vuln|time|CVE-2026-25727|cargo.lock", "duplicate_count": 1, "duplicate_rule_ids": ["GHSA-r6v5-fh4h-64xc", "RUSTSEC-2026-0009"], "duplicate_scanners": ["osv-scanner"], "duplicate_fingerprints": ["2c2d2ae12df666e8132d287bd534a3c14d824cdb5129b7d9425024955a840e9f", "9fb941cdcde7d808df297ded949de574907ac1fbeb6f7223b9e05c56e941adb0"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "Cargo.lock"}, "region": {"startLine": 1}}}]}, {"ruleId": "RUSTSEC-2026-0049", "level": "error", "message": {"text": "rustls-webpki: RUSTSEC-2026-0049"}, "properties": {"repobilityId": 104171, "scanner": "osv-scanner", "fingerprint": "c255a366c5ce5102bcdc590878b2b69c65babf58fba82dc3e7831720a1de8e0b", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "Collapsed 1 duplicate scanner signal(s) for the same underlying issue.", "evidence": {"match": "", "aliases": ["GHSA-pwjx-qhcg-rvj4"], "package": "rustls-webpki", "rule_id": "RUSTSEC-2026-0049", "scanner": "osv-scanner", "correlation_key": "vuln|rustls-webpki|GHSA-PWJX-QHCG-RVJ4|cargo.lock", "duplicate_count": 1, "duplicate_rule_ids": ["GHSA-pwjx-qhcg-rvj4", "RUSTSEC-2026-0049"], "duplicate_scanners": ["osv-scanner"], "duplicate_fingerprints": ["8d0a8a95183a8e67ddddb67ea96d335b0564fb0fcd1f901d95577ef01a82be3b", "c255a366c5ce5102bcdc590878b2b69c65babf58fba82dc3e7831720a1de8e0b"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "Cargo.lock"}, "region": {"startLine": 1}}}]}, {"ruleId": "RUSTSEC-2026-0104", "level": "error", "message": {"text": "rustls-webpki: RUSTSEC-2026-0104"}, "properties": {"repobilityId": 104170, "scanner": "osv-scanner", "fingerprint": "fcab9132587a2c990296f83177c4848cd44ed60f21e65c82ba81416282ab891e", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "Collapsed 1 duplicate scanner signal(s) for the same underlying issue.", "evidence": {"match": "", "aliases": ["GHSA-82j2-j2ch-gfr8"], "package": "rustls-webpki", "rule_id": "RUSTSEC-2026-0104", "scanner": "osv-scanner", "correlation_key": "vuln|rustls-webpki|GHSA-82J2-J2CH-GFR8|cargo.lock", "duplicate_count": 1, "duplicate_rule_ids": ["GHSA-82j2-j2ch-gfr8", "RUSTSEC-2026-0104"], "duplicate_scanners": ["osv-scanner"], "duplicate_fingerprints": ["476482283f7b4bf24cebe63c772832bbcbb2a342714f10bd108d0c5c67b78813", "fcab9132587a2c990296f83177c4848cd44ed60f21e65c82ba81416282ab891e"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "Cargo.lock"}, "region": {"startLine": 1}}}]}, {"ruleId": "RUSTSEC-2026-0099", "level": "error", "message": {"text": "rustls-webpki: RUSTSEC-2026-0099"}, "properties": {"repobilityId": 104169, "scanner": "osv-scanner", "fingerprint": "ac54d27f2da05de068570ed12b689c1c212043920c11599e88d3ec15aed9e04f", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "Collapsed 1 duplicate scanner signal(s) for the same underlying issue.", "evidence": {"match": "", "aliases": ["GHSA-xgp8-3hg3-c2mh"], "package": "rustls-webpki", "rule_id": "RUSTSEC-2026-0099", "scanner": "osv-scanner", "correlation_key": "vuln|rustls-webpki|GHSA-XGP8-3HG3-C2MH|cargo.lock", "duplicate_count": 1, "duplicate_rule_ids": ["GHSA-xgp8-3hg3-c2mh", "RUSTSEC-2026-0099"], "duplicate_scanners": ["osv-scanner"], "duplicate_fingerprints": ["2a5659d7cbd0bb9dfc9d2adea8035c41fc228507431bf1ff230640799fbb9dc2", "ac54d27f2da05de068570ed12b689c1c212043920c11599e88d3ec15aed9e04f"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "Cargo.lock"}, "region": {"startLine": 1}}}]}, {"ruleId": "RUSTSEC-2026-0098", "level": "error", "message": {"text": "rustls-webpki: RUSTSEC-2026-0098"}, "properties": {"repobilityId": 104168, "scanner": "osv-scanner", "fingerprint": "f164bd6ab1544e41652580549ab01f3ee5677dfeb6440d8de8a63093cf542613", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "Collapsed 1 duplicate scanner signal(s) for the same underlying issue.", "evidence": {"match": "", "aliases": ["GHSA-965h-392x-2mh5"], "package": "rustls-webpki", "rule_id": "RUSTSEC-2026-0098", "scanner": "osv-scanner", "correlation_key": "vuln|rustls-webpki|GHSA-965H-392X-2MH5|cargo.lock", "duplicate_count": 1, "duplicate_rule_ids": ["GHSA-965h-392x-2mh5", "RUSTSEC-2026-0098"], "duplicate_scanners": ["osv-scanner"], "duplicate_fingerprints": ["4e353f860af1fd9047341f396e862081c6c9d858904293310e34f17a61d47c4c", "f164bd6ab1544e41652580549ab01f3ee5677dfeb6440d8de8a63093cf542613"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "Cargo.lock"}, "region": {"startLine": 1}}}]}, {"ruleId": "RUSTSEC-2025-0134", "level": "error", "message": {"text": "rustls-pemfile: RUSTSEC-2025-0134"}, "properties": {"repobilityId": 104167, "scanner": "osv-scanner", "fingerprint": "16c6cdd2e6cf0f2fb425a0bc02ce469766da4f1065573f6b5829e63820fb23d5", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "package": "rustls-pemfile", "rule_id": "RUSTSEC-2025-0134", "scanner": "osv-scanner", "correlation_key": "fp|16c6cdd2e6cf0f2fb425a0bc02ce469766da4f1065573f6b5829e63820fb23d5"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "Cargo.lock"}, "region": {"startLine": 1}}}]}, {"ruleId": "RUSTSEC-2026-0001", "level": "error", "message": {"text": "rkyv: RUSTSEC-2026-0001"}, "properties": {"repobilityId": 104166, "scanner": "osv-scanner", "fingerprint": "c30432919d6ec100777283c2f698e06491502f741de76670a46219116241aa3e", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "package": "rkyv", "rule_id": "RUSTSEC-2026-0001", "scanner": "osv-scanner", "correlation_key": "fp|c30432919d6ec100777283c2f698e06491502f741de76670a46219116241aa3e"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "Cargo.lock"}, "region": {"startLine": 1}}}]}, {"ruleId": "RUSTSEC-2026-0097", "level": "error", "message": {"text": "rand: RUSTSEC-2026-0097"}, "properties": {"repobilityId": 104165, "scanner": "osv-scanner", "fingerprint": "a22e3aa5f0c463335f53b031b0648b51d94f3563915cac37a8666a217ed7a5dc", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "Collapsed 1 duplicate scanner signal(s) for the same underlying issue.", "evidence": {"match": "", "aliases": ["GHSA-cq8v-f236-94qc"], "package": "rand", "rule_id": "RUSTSEC-2026-0097", "scanner": "osv-scanner", "correlation_key": "vuln|rand|GHSA-CQ8V-F236-94QC|cargo.lock", "duplicate_count": 1, "duplicate_rule_ids": ["GHSA-cq8v-f236-94qc", "RUSTSEC-2026-0097"], "duplicate_scanners": ["osv-scanner"], "duplicate_fingerprints": ["a22e3aa5f0c463335f53b031b0648b51d94f3563915cac37a8666a217ed7a5dc", "ee2ad9157999fcb0c8f925391a5e09946511288ceed3e6c5f5b05828611b879f"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "Cargo.lock"}, "region": {"startLine": 1}}}]}, {"ruleId": "RUSTSEC-2026-0037", "level": "error", "message": {"text": "quinn-proto: RUSTSEC-2026-0037"}, "properties": {"repobilityId": 104164, "scanner": "osv-scanner", "fingerprint": "f9c1af453f9a0bdfe4a69e7898d9b3129cb1ee80152010518158bda28e881f27", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "Collapsed 1 duplicate scanner signal(s) for the same underlying issue.", "evidence": {"match": "", "aliases": ["CVE-2026-31812", "GHSA-6xvm-j4wr-6v98"], "package": "quinn-proto", "rule_id": "RUSTSEC-2026-0037", "scanner": "osv-scanner", "correlation_key": "vuln|quinn-proto|CVE-2026-31812|cargo.lock", "duplicate_count": 1, "duplicate_rule_ids": ["GHSA-6xvm-j4wr-6v98", "RUSTSEC-2026-0037"], "duplicate_scanners": ["osv-scanner"], "duplicate_fingerprints": ["2dc7434cf5d6d3f88ba848d37c8b48497b46115aca80c0a7dd5239e3c7556031", "f9c1af453f9a0bdfe4a69e7898d9b3129cb1ee80152010518158bda28e881f27"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "Cargo.lock"}, "region": {"startLine": 1}}}]}, {"ruleId": "RUSTSEC-2024-0436", "level": "error", "message": {"text": "paste: RUSTSEC-2024-0436"}, "properties": {"repobilityId": 104163, "scanner": "osv-scanner", "fingerprint": "ecf6a49d252eada338538964a3d9bb37acf276dba6d473e55cf76f528b35783f", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "package": "paste", "rule_id": "RUSTSEC-2024-0436", "scanner": "osv-scanner", "correlation_key": "fp|ecf6a49d252eada338538964a3d9bb37acf276dba6d473e55cf76f528b35783f"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "Cargo.lock"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-xp3w-r5p5-63rr", "level": "error", "message": {"text": "openssl: GHSA-xp3w-r5p5-63rr"}, "properties": {"repobilityId": 104161, "scanner": "osv-scanner", "fingerprint": "d3c5711dee25a3797b74ad5eb81fb765a4fb03d4c045924932e9431b10ed3aa6", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-42327"], "package": "openssl", "rule_id": "GHSA-xp3w-r5p5-63rr", "scanner": "osv-scanner", "correlation_key": "vuln|openssl|CVE-2026-42327|cargo.lock"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "Cargo.lock"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-pqf5-4pqq-29f5", "level": "error", "message": {"text": "openssl: GHSA-pqf5-4pqq-29f5"}, "properties": {"repobilityId": 104159, "scanner": "osv-scanner", "fingerprint": "0ec078659210fefe0ed55693da0692e92806f964834e9dd96ef956f363973206", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-41676"], "package": "openssl", "rule_id": "GHSA-pqf5-4pqq-29f5", "scanner": "osv-scanner", "correlation_key": "vuln|openssl|CVE-2026-41676|cargo.lock"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "Cargo.lock"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-hppc-g8h3-xhp3", "level": "error", "message": {"text": "openssl: GHSA-hppc-g8h3-xhp3"}, "properties": {"repobilityId": 104157, "scanner": "osv-scanner", "fingerprint": "88a97a0ca38fd4860b8196b0939de4a840c1e4dabcf9da45cd425237ca3a51e7", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-41898"], "package": "openssl", "rule_id": "GHSA-hppc-g8h3-xhp3", "scanner": "osv-scanner", "correlation_key": "vuln|openssl|CVE-2026-41898|cargo.lock"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "Cargo.lock"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-ghm9-cr32-g9qj", "level": "error", "message": {"text": "openssl: GHSA-ghm9-cr32-g9qj"}, "properties": {"repobilityId": 104156, "scanner": "osv-scanner", "fingerprint": "57a3956e206bd3b83f7ab45d9ab03abf63121d7caac7aea76eba0bab20f3b54a", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-41681"], "package": "openssl", "rule_id": "GHSA-ghm9-cr32-g9qj", "scanner": "osv-scanner", "correlation_key": "vuln|openssl|CVE-2026-41681|cargo.lock"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "Cargo.lock"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-8c75-8mhr-p7r9", "level": "error", "message": {"text": "openssl: GHSA-8c75-8mhr-p7r9"}, "properties": {"repobilityId": 104155, "scanner": "osv-scanner", "fingerprint": "d293e6e38180ff7bbd16cc8c5355c5503db1da8dbbee4e0f5820f94c039c562a", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-41678"], "package": "openssl", "rule_id": "GHSA-8c75-8mhr-p7r9", "scanner": "osv-scanner", "correlation_key": "vuln|openssl|CVE-2026-41678|cargo.lock"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "Cargo.lock"}, "region": {"startLine": 1}}}]}, {"ruleId": "RUSTSEC-2025-0022", "level": "error", "message": {"text": "openssl: RUSTSEC-2025-0022"}, "properties": {"repobilityId": 104154, "scanner": "osv-scanner", "fingerprint": "d27be3cea3bd92484deeb3013db33563567b54352bfcbb424721cf4c1dd942ad", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "Collapsed 1 duplicate scanner signal(s) for the same underlying issue.", "evidence": {"match": "", "aliases": ["GHSA-4fcv-w3qc-ppgg"], "package": "openssl", "rule_id": "RUSTSEC-2025-0022", "scanner": "osv-scanner", "correlation_key": "vuln|openssl|GHSA-4FCV-W3QC-PPGG|cargo.lock", "duplicate_count": 1, "duplicate_rule_ids": ["GHSA-4fcv-w3qc-ppgg", "RUSTSEC-2025-0022"], "duplicate_scanners": ["osv-scanner"], "duplicate_fingerprints": ["d27be3cea3bd92484deeb3013db33563567b54352bfcbb424721cf4c1dd942ad", "e22f59b7ab2cf26946c1f9dd419c8ed6fd5fd932ce3a341d0d47c9b63761684f"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "Cargo.lock"}, "region": {"startLine": 1}}}]}, {"ruleId": "RUSTSEC-2025-0119", "level": "error", "message": {"text": "number_prefix: RUSTSEC-2025-0119"}, "properties": {"repobilityId": 104153, "scanner": "osv-scanner", "fingerprint": "cc81fba84c326e572b9634175b3b53e32085ac28a5cd991c3bb028754d296545", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "package": "number_prefix", "rule_id": "RUSTSEC-2025-0119", "scanner": "osv-scanner", "correlation_key": "fp|cc81fba84c326e572b9634175b3b53e32085ac28a5cd991c3bb028754d296545"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "Cargo.lock"}, "region": {"startLine": 1}}}]}, {"ruleId": "RUSTSEC-2025-0161", "level": "error", "message": {"text": "libsecp256k1: RUSTSEC-2025-0161"}, "properties": {"repobilityId": 104152, "scanner": "osv-scanner", "fingerprint": "d764410b1554fda09151f2e17efd542c1d2e58d19ea68e7e50140ad5c01e0de2", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "package": "libsecp256k1", "rule_id": "RUSTSEC-2025-0161", "scanner": "osv-scanner", "correlation_key": "fp|d764410b1554fda09151f2e17efd542c1d2e58d19ea68e7e50140ad5c01e0de2"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "Cargo.lock"}, "region": {"startLine": 1}}}]}, {"ruleId": "RUSTSEC-2026-0012", "level": "error", "message": {"text": "keccak: RUSTSEC-2026-0012"}, "properties": {"repobilityId": 104151, "scanner": "osv-scanner", "fingerprint": "2eba33045ef74519b1f129eca1bacda28e898b1c1b0a3bf298f37f1a04d58067", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "Collapsed 1 duplicate scanner signal(s) for the same underlying issue.", "evidence": {"match": "", "aliases": ["GHSA-3288-p39f-rqpv"], "package": "keccak", "rule_id": "RUSTSEC-2026-0012", "scanner": "osv-scanner", "correlation_key": "vuln|keccak|GHSA-3288-P39F-RQPV|cargo.lock", "duplicate_count": 1, "duplicate_rule_ids": ["GHSA-3288-p39f-rqpv", "RUSTSEC-2026-0012"], "duplicate_scanners": ["osv-scanner"], "duplicate_fingerprints": ["0021b2f3a684967d7f97ec73453a4331ab25b2cf201c44f78b1be2b0ced23c31", "2eba33045ef74519b1f129eca1bacda28e898b1c1b0a3bf298f37f1a04d58067"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "Cargo.lock"}, "region": {"startLine": 1}}}]}, {"ruleId": "RUSTSEC-2022-0093", "level": "error", "message": {"text": "ed25519-dalek: RUSTSEC-2022-0093"}, "properties": {"repobilityId": 104150, "scanner": "osv-scanner", "fingerprint": "da27cb4f4c497712e7208b6d74de2fb88fae1ee5536ec461e17db456771bcf9a", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "Collapsed 1 duplicate scanner signal(s) for the same underlying issue.", "evidence": {"match": "", "aliases": ["CVE-2022-50237", "GHSA-w5vr-6qhr-36cc"], "package": "ed25519-dalek", "rule_id": "RUSTSEC-2022-0093", "scanner": "osv-scanner", "correlation_key": "vuln|ed25519-dalek|CVE-2022-50237|cargo.lock", "duplicate_count": 1, "duplicate_rule_ids": ["GHSA-w5vr-6qhr-36cc", "RUSTSEC-2022-0093"], "duplicate_scanners": ["osv-scanner"], "duplicate_fingerprints": ["6ce0d276c34e70ea2ef061113fdd2c780ed1285f33160391855231ce38623591", "da27cb4f4c497712e7208b6d74de2fb88fae1ee5536ec461e17db456771bcf9a"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "Cargo.lock"}, "region": {"startLine": 1}}}]}, {"ruleId": "RUSTSEC-2024-0388", "level": "error", "message": {"text": "derivative: RUSTSEC-2024-0388"}, "properties": {"repobilityId": 104149, "scanner": "osv-scanner", "fingerprint": "547bdd0377aa2b4e584493ec26f7c8f775912e0ae45112076d07893a6853c7c3", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "package": "derivative", "rule_id": "RUSTSEC-2024-0388", "scanner": "osv-scanner", "correlation_key": "fp|547bdd0377aa2b4e584493ec26f7c8f775912e0ae45112076d07893a6853c7c3"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "Cargo.lock"}, "region": {"startLine": 1}}}]}, {"ruleId": "RUSTSEC-2024-0344", "level": "error", "message": {"text": "curve25519-dalek: RUSTSEC-2024-0344"}, "properties": {"repobilityId": 104148, "scanner": "osv-scanner", "fingerprint": "99f6b5ea095966bad47f6d8dab62b66050ea1a016079bf6300c3d9ce9d1d80c7", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "Collapsed 1 duplicate scanner signal(s) for the same underlying issue.", "evidence": {"match": "", "aliases": ["CVE-2024-58262", "GHSA-x4gp-pqpj-f43q"], "package": "curve25519-dalek", "rule_id": "RUSTSEC-2024-0344", "scanner": "osv-scanner", "correlation_key": "vuln|curve25519-dalek|CVE-2024-58262|cargo.lock", "duplicate_count": 1, "duplicate_rule_ids": ["GHSA-x4gp-pqpj-f43q", "RUSTSEC-2024-0344"], "duplicate_scanners": ["osv-scanner"], "duplicate_fingerprints": ["99f6b5ea095966bad47f6d8dab62b66050ea1a016079bf6300c3d9ce9d1d80c7", "9c028b7e3dc546b327a0822208919e64c6a33d5b2ca198c8f3e7b12e75394f46"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "Cargo.lock"}, "region": {"startLine": 1}}}]}, {"ruleId": "RUSTSEC-2026-0007", "level": "error", "message": {"text": "bytes: RUSTSEC-2026-0007"}, "properties": {"repobilityId": 104147, "scanner": "osv-scanner", "fingerprint": "840e36d2de2ac4a8c1c34987b6b57d85a91e4b9353f37c12a525b9daca3b5258", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "Collapsed 1 duplicate scanner signal(s) for the same underlying issue.", "evidence": {"match": "", "aliases": ["CVE-2026-25541", "GHSA-434x-w66g-qw3r"], "package": "bytes", "rule_id": "RUSTSEC-2026-0007", "scanner": "osv-scanner", "correlation_key": "vuln|bytes|CVE-2026-25541|cargo.lock", "duplicate_count": 1, "duplicate_rule_ids": ["GHSA-434x-w66g-qw3r", "RUSTSEC-2026-0007"], "duplicate_scanners": ["osv-scanner"], "duplicate_fingerprints": ["840e36d2de2ac4a8c1c34987b6b57d85a91e4b9353f37c12a525b9daca3b5258", "95131744e23e323a780caee127b231789361290b6f3c2f97df8af0deb20d6e30"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "Cargo.lock"}, "region": {"startLine": 1}}}]}, {"ruleId": "RUSTSEC-2025-0141", "level": "error", "message": {"text": "bincode: RUSTSEC-2025-0141"}, "properties": {"repobilityId": 104145, "scanner": "osv-scanner", "fingerprint": "634ded575a91e8662811f47a1170cf5fb4279a65e3c3176bb84aeaac3c78b213", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "package": "bincode", "rule_id": "RUSTSEC-2025-0141", "scanner": "osv-scanner", "correlation_key": "fp|634ded575a91e8662811f47a1170cf5fb4279a65e3c3176bb84aeaac3c78b213"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "Cargo.lock"}, "region": {"startLine": 1}}}]}, {"ruleId": "SEC035", "level": "error", "message": {"text": "[SEC035] Unbounded Resource Allocation \u2014 DoS risk: Allocating resources (buffers, recursion stack, large ranges) based on user input without an upper bound. Attackers send `size=10000000` to exhaust memory, or trigger expensive computation. CWE-770/400. Examples: CVE-2023-44487 (HTTP/2 Rapid Reset), countless YAML/XML billion-laughs variants."}, "properties": {"repobilityId": 104143, "scanner": "repobility-threat-engine", "fingerprint": "e3fb9406a379c7ce8f2ee6c683b11cf297665064b134597a787fe8216070a01b", "category": "resource_exhaustion", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "bytes(args.", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC035", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|e3fb9406a379c7ce8f2ee6c683b11cf297665064b134597a787fe8216070a01b"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "program/src/deploy.rs"}, "region": {"startLine": 10}}}]}, {"ruleId": "SEC035", "level": "error", "message": {"text": "[SEC035] Unbounded Resource Allocation \u2014 DoS risk: Allocating resources (buffers, recursion stack, large ranges) based on user input without an upper bound. Attackers send `size=10000000` to exhaust memory, or trigger expensive computation. CWE-770/400. Examples: CVE-2023-44487 (HTTP/2 Rapid Reset), countless YAML/XML billion-laughs variants."}, "properties": {"repobilityId": 104142, "scanner": "repobility-threat-engine", "fingerprint": "43cd40a5d6054f90789264f2044cd1f8b473076c689b0f2d80cc4671fd44fa65", "category": "resource_exhaustion", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "bytes(args.", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC035", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|43cd40a5d6054f90789264f2044cd1f8b473076c689b0f2d80cc4671fd44fa65"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "program/src/bury.rs"}, "region": {"startLine": 10}}}]}, {"ruleId": "SEC035", "level": "error", "message": {"text": "[SEC035] Unbounded Resource Allocation \u2014 DoS risk: Allocating resources (buffers, recursion stack, large ranges) based on user input without an upper bound. Attackers send `size=10000000` to exhaust memory, or trigger expensive computation. CWE-770/400. Examples: CVE-2023-44487 (HTTP/2 Rapid Reset), countless YAML/XML billion-laughs variants."}, "properties": {"repobilityId": 104141, "scanner": "repobility-threat-engine", "fingerprint": "c574316d21e903a63982e9f162c6b4bf16857dcff2d6a9512a8b46d2df6bc708", "category": "resource_exhaustion", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "bytes(args.", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC035", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|c574316d21e903a63982e9f162c6b4bf16857dcff2d6a9512a8b46d2df6bc708"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "program/src/automate.rs"}, "region": {"startLine": 8}}}]}, {"ruleId": "MINED003", "level": "error", "message": {"text": "[MINED003] Rust Unwrap In Prod: .unwrap() panics if None/Err. Acceptable in tests; risky elsewhere."}, "properties": {"repobilityId": 104139, "scanner": "repobility-threat-engine", "fingerprint": "4d59ba95d24e85b2f018e9d0360920c11a53fe81d3cd4c9f5960fb9a4e5ea88a", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "rust-unwrap-in-prod", "owasp": null, "cwe_ids": ["CWE-755"], "languages": ["rust"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347903+00:00", "triaged_in_corpus": 15, "observations_count": 386515, "ai_coder_pattern_id": 111}, "scanner": "repobility-threat-engine", "correlation_key": "fp|4d59ba95d24e85b2f018e9d0360920c11a53fe81d3cd4c9f5960fb9a4e5ea88a"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "api/src/state/round.rs"}, "region": {"startLine": 60}}}]}, {"ruleId": "MINED003", "level": "error", "message": {"text": "[MINED003] Rust Unwrap In Prod: .unwrap() panics if None/Err. Acceptable in tests; risky elsewhere."}, "properties": {"repobilityId": 104138, "scanner": "repobility-threat-engine", "fingerprint": "4f40c3bc409d5ff104ebc3039fa8804c522a099066c3a92f4ff77d29935cc58a", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "rust-unwrap-in-prod", "owasp": null, "cwe_ids": ["CWE-755"], "languages": ["rust"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347903+00:00", "triaged_in_corpus": 15, "observations_count": 386515, "ai_coder_pattern_id": 111}, "scanner": "repobility-threat-engine", "correlation_key": "fp|4f40c3bc409d5ff104ebc3039fa8804c522a099066c3a92f4ff77d29935cc58a"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "api/src/state/automation.rs"}, "region": {"startLine": 47}}}]}, {"ruleId": "CORE_NO_TESTS", "level": "error", "message": {"text": "No test files found"}, "properties": {"repobilityId": 104134, "scanner": "repobility-core", "fingerprint": "0200e9918bc2a7bf9c116d0907e50ac3df640c758b93852cf1890ec6e14d870d", "category": "testing", "severity": "high", "confidence": null, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"rule_id": "CORE_NO_TESTS", "scanner": "repobility-core", "correlation_key": "repo|testing|core_no_tests"}}}]}]}