Public scan — anyone with this URL can view this analysis. Sign up to track your own repos privately, run scheduled re-scans, and get AI fix prompts via your dashboard.
Sign up free Scan another repo
2 of your 54 findings came from Repobility's proprietary detections. ✓ Repobility tags below mark them.

Scan timing: clone 12.0s · analysis 3.13s · 12.0 MB · GitHub API rate-limit (preflight)

dariubs/GoBooks

https://github.com/dariubs/GoBooks · scanned 2026-06-05 17:59 UTC (4 days, 15 hours ago) · 10 languages

63 raw signals (53 security + 10 graph) 14th percentile · Go · tiny (<2K LoC) System graph score 91 (lower by 31)

File as issue Image
UNIFIED Repobility · multi-layer engine · AI coders

Complete repo analysis

Last scanned 4 days, 15 hours ago · v2 · 56 actionable findings from 2 signal sources. 2 repeated signals grouped for readability. Security checks, system graph analysis, and verified AI-agent feedback are merged into one review queue.

JSON
Combined
72.2
/100
Security checks
53
52 findings
System graph
91
66.7% cov · 4 findings
Critical
0
click to filter
Agents
6
0 votes
Crowd
0
reported
Score breakdown â 2026-05-18-v5
Component Sub-score Weight Contribution
structure_score 45.0 0.15 6.75
security_score 55.0 0.25 13.75
testing_score 70.0 0.20 14.00
documentation_score 55.0 0.15 8.25
practices_score 70.0 0.15 10.50
code_quality 70.0 0.10 7.00
Overall 1.00 60.2
Severity distribution — click a segment to filter
Active filters: source: legacy × excluding tests × Reset all
Severity: Critical 0 High 49 Medium 3 Low 2 9-Layer: Software Security Quality Integrity Frontend Hardware Data Network Cicd Source: Security checks 52 System graph 4 Crowd 0 Layer: Quality 3 Software 49 Cicd 1 Api 1 Frontend 1 Security 1
Scan summary Quality grade C+ (60/100). Dimensions: security 55, maintainability 45. 53 findings (51 security). 284 lines analyzed.

Showing 52 of 56 actionable findings. 58 raw detector signals were grouped into reader-sized issues. Click TP / FP to vote on a finding's accuracy — votes adjust the confidence weighting and improve detection across the platform.

low Security checks cicd CI/CD security conf 0.90 ✓ Repobility 3 occurrences GitHub Action is tag-pinned rather than SHA-pinned
Action `actions/checkout` pinned to mutable ref `@v4` uses a mutable tag or branch. Pin external actions to a reviewed full commit SHA when the workflow is security-sensitive.
lines 13, 16
.github/workflows/validate.yml:13, 16 (3 hits)
CI/CD securitySupply chainGitHub Actions
high Security checks software dependencies conf 0.88 stdlib: GO-2024-3105
Stack exhaustion in all Parse functions in go/parser
gobooks/validator/go.mod
high Security checks software dependencies conf 0.88 stdlib: GO-2024-3106
Stack exhaustion in Decoder.Decode in encoding/gob
gobooks/validator/go.mod
high Security checks software dependencies conf 0.88 stdlib: GO-2024-3107
Stack exhaustion in Parse in go/build/constraint
gobooks/validator/go.mod
high Security checks software dependencies conf 0.88 stdlib: GO-2025-3373
Usage of IPv6 zone IDs can bypass URI name constraints in crypto/x509
gobooks/validator/go.mod
high Security checks software dependencies conf 0.88 stdlib: GO-2025-3420
Sensitive headers incorrectly sent after cross-domain redirect in net/http
gobooks/validator/go.mod
high Security checks software dependencies conf 0.88 stdlib: GO-2025-3447
Timing sidechannel for P-256 on ppc64le in crypto/internal/nistec
gobooks/validator/go.mod
high Security checks software dependencies conf 0.88 stdlib: GO-2025-3503
HTTP Proxy bypass using IPv6 Zone IDs in golang.org/x/net
gobooks/validator/go.mod
high Security checks software dependencies conf 0.88 stdlib: GO-2025-3563
Request smuggling due to acceptance of invalid chunked data in net/http
gobooks/validator/go.mod
high Security checks software dependencies conf 0.88 stdlib: GO-2025-3750
Inconsistent handling of O_CREATE|O_EXCL on Unix and Windows in os in syscall
gobooks/validator/go.mod
high Security checks software dependencies conf 0.88 stdlib: GO-2025-3751
Sensitive headers not cleared on cross-origin redirect in net/http
gobooks/validator/go.mod
high Security checks software dependencies conf 0.88 stdlib: GO-2025-3849
Incorrect results returned from Rows.Scan in database/sql
gobooks/validator/go.mod
high Security checks software dependencies conf 0.88 stdlib: GO-2025-3956
Unexpected paths returned from LookPath in os/exec
gobooks/validator/go.mod
high Security checks software dependencies conf 0.88 stdlib: GO-2025-4006
Excessive CPU consumption in ParseAddress in net/mail
gobooks/validator/go.mod
high Security checks software dependencies conf 0.88 stdlib: GO-2025-4007
Quadratic complexity when checking name constraints in crypto/x509
gobooks/validator/go.mod
high Security checks software dependencies conf 0.88 stdlib: GO-2025-4008
ALPN negotiation error contains attacker controlled information in crypto/tls
gobooks/validator/go.mod
high Security checks software dependencies conf 0.88 stdlib: GO-2025-4009
Quadratic complexity when parsing some invalid inputs in encoding/pem
gobooks/validator/go.mod
high Security checks software dependencies conf 0.88 stdlib: GO-2025-4010
Insufficient validation of bracketed IPv6 hostnames in net/url
gobooks/validator/go.mod
high Security checks software dependencies conf 0.88 stdlib: GO-2025-4011
Parsing DER payload can cause memory exhaustion in encoding/asn1
gobooks/validator/go.mod
high Security checks software dependencies conf 0.88 stdlib: GO-2025-4012
Lack of limit when parsing cookies can cause memory exhaustion in net/http
gobooks/validator/go.mod
high Security checks software dependencies conf 0.88 stdlib: GO-2025-4013
Panic when validating certificates with DSA public keys in crypto/x509
gobooks/validator/go.mod
high Security checks software dependencies conf 0.88 stdlib: GO-2025-4014
Unbounded allocation when parsing GNU sparse map in archive/tar
gobooks/validator/go.mod
high Security checks software dependencies conf 0.88 stdlib: GO-2025-4015
Excessive CPU consumption in Reader.ReadResponse in net/textproto
gobooks/validator/go.mod
high Security checks software dependencies conf 0.88 stdlib: GO-2025-4155
Excessive resource consumption when printing error string for host certificate validation in crypto/x509
gobooks/validator/go.mod
high Security checks software dependencies conf 0.88 stdlib: GO-2025-4175
Improper application of excluded DNS name constraints when verifying wildcard names in crypto/x509
gobooks/validator/go.mod
high Security checks software dependencies conf 0.88 stdlib: GO-2026-4337
Unexpected session resumption in crypto/tls
gobooks/validator/go.mod
high Security checks software dependencies conf 0.88 stdlib: GO-2026-4340
Handshake messages may be processed at the incorrect encryption level in crypto/tls
gobooks/validator/go.mod
high Security checks software dependencies conf 0.88 stdlib: GO-2026-4341
Memory exhaustion in query parameter parsing in net/url
gobooks/validator/go.mod
high Security checks software dependencies conf 0.88 stdlib: GO-2026-4342
Excessive CPU consumption when building archive index in archive/zip
gobooks/validator/go.mod
high Security checks software dependencies conf 0.88 stdlib: GO-2026-4403
Improper access to parent directory of root in os
gobooks/validator/go.mod
high Security checks software dependencies conf 0.88 stdlib: GO-2026-4601
Incorrect parsing of IPv6 host literals in net/url
gobooks/validator/go.mod
high Security checks software dependencies conf 0.88 stdlib: GO-2026-4602
FileInfo can escape from a Root in os
gobooks/validator/go.mod
high Security checks software dependencies conf 0.88 stdlib: GO-2026-4603
URLs in meta content attribute actions are not escaped in html/template
gobooks/validator/go.mod
high Security checks software dependencies conf 0.88 stdlib: GO-2026-4864
TOCTOU permits root escape on Linux via Root.Chmod in os in internal/syscall/unix
gobooks/validator/go.mod
high Security checks software dependencies conf 0.88 stdlib: GO-2026-4865
JsBraceDepth Context Tracking Bugs (XSS) in html/template
gobooks/validator/go.mod
high Security checks software dependencies conf 0.88 stdlib: GO-2026-4869
Unbounded allocation for old GNU sparse in archive/tar
gobooks/validator/go.mod
high Security checks software dependencies conf 0.88 stdlib: GO-2026-4870
Unauthenticated TLS 1.3 KeyUpdate record can cause persistent connection retention and DoS in crypto/tls
gobooks/validator/go.mod
high Security checks software dependencies conf 0.88 stdlib: GO-2026-4918
Infinite loop in HTTP/2 transport when given bad SETTINGS_MAX_FRAME_SIZE in net/http/internal/http2 in golang.org/x/net
gobooks/validator/go.mod
high Security checks software dependencies conf 0.88 stdlib: GO-2026-4946
Inefficient policy validation in crypto/x509
gobooks/validator/go.mod
high Security checks software dependencies conf 0.88 stdlib: GO-2026-4947
Unexpected work during chain building in crypto/x509
gobooks/validator/go.mod
high Security checks software dependencies conf 0.88 stdlib: GO-2026-4971
Panic in Dial and LookupPort when handling NUL byte on Windows in net
gobooks/validator/go.mod
high Security checks software dependencies conf 0.88 stdlib: GO-2026-4976
ReverseProxy forwards queries with more than urlmaxqueryparams parameters in net/http/httputil
gobooks/validator/go.mod
high Security checks software dependencies conf 0.88 stdlib: GO-2026-4977
Quadratic string concatenation in consumePhrase in net/mail
gobooks/validator/go.mod
high Security checks software dependencies conf 0.88 stdlib: GO-2026-4980
Escaper bypass leads to XSS in html/template
gobooks/validator/go.mod
high Security checks software dependencies conf 0.88 stdlib: GO-2026-4981
Crash when handling long CNAME response in net
gobooks/validator/go.mod
high Security checks software dependencies conf 0.88 stdlib: GO-2026-4982
Bypass of meta content URL escaping causes XSS in html/template
gobooks/validator/go.mod
high Security checks software dependencies conf 0.88 stdlib: GO-2026-4986
Quadratic string concatentation in consumeComment in net/mail
gobooks/validator/go.mod
high Security checks software dependencies conf 0.88 stdlib: GO-2026-5037
Inefficient candidate hostname parsing in crypto/x509
gobooks/validator/go.mod
high Security checks software dependencies conf 0.88 stdlib: GO-2026-5038
Quadratic complexity in WordDecoder.DecodeHeader in mime
gobooks/validator/go.mod
high Security checks software dependencies conf 0.88 stdlib: GO-2026-5039
Arbitrary inputs are included in errors without any escaping in net/textproto
gobooks/validator/go.mod
medium Security checks quality Practices conf 1.00 [CFG006] Missing .gitignore: No .gitignore file. Risk of committing secrets and build artifacts.
Add a .gitignore appropriate for your language/framework.
low Security checks quality Documentation No LICENSE file
Add a LICENSE file to your repository. Use choosealicense.com to pick the right license (MIT for permissive, Apache 2.0 for patent protection, GPL for copyleft).
For AI agents: Voting guide (TP/FP) MCP manifest Stdio wrapper SARIF Integrate Findings queue Vote TP/FP on findings to calibrate the engine.
For AI agents + API integrations
Email me when this repo regresses
Free. We re-scan periodically; new criticals → your inbox. No signup required for the scan itself.
API access

This page is publicly accessible at: https://repobility.com/scan/0e222dfd-7890-440c-8e07-834ec01e4a24/

To check status programmatically (no auth required): 

curl -s https://repobility.com/api/v1/public/scan/0e222dfd-7890-440c-8e07-834ec01e4a24/

Important — please don't re-submit the same URL repeatedly. The submission endpoint is idempotent: re-submitting the same git URL returns this same scan_token, not a new one. To re-scan this repo, sign up free and use the dashboard.