← Back to scan
File as GitHub Issue repo: zylon-ai/private-gpt

Push this scan report to zylon-ai/private-gpt

Click the green button below to open GitHub’s new-issue form, pre-filled with the report title, summary table, top findings, and an embedded score-card image. No authentication needed — you review on GitHub before submitting. Repobility is credited as the scanner.

Embedded score card image

This image will render at the top of the issue body. Hosted on Repobility, refreshes automatically after re-scans.

Repobility score card

Issue title

Missing import: `queue` used but not imported

Curate findings to include

Pick exactly which findings appear in the issue body. By default the top 5 are included. Uncheck noise, check what matters.

Top 5 (default)
Severity Rule Title File:line
CRIT MINED107 [MINED107] Missing import: `queue` used but not imported: The file uses `queue.something(… private_gpt/server/chat/interceptors/co…:113
CRIT MINED107 [MINED107] Missing import: `email` used but not imported: The file uses `email.something(… private_gpt/components/readers/text/ema…:132
CRIT MINED107 [MINED107] Missing import: `copy` used but not imported: The file uses `copy.something(..… private_gpt/components/web/web_search/p…:153
CRIT MINED107 [MINED107] Missing import: `warnings` used but not imported: The file uses `warnings.some… private_gpt/components/ingest/ingest_he…:57
CRIT MINED107 [MINED107] Missing import: `queue` used but not imported: The file uses `queue.something(… private_gpt/components/vector_store/pat…:802
CRIT MINED107 [MINED107] Missing import: `ast` used but not imported: The file uses `ast.something(...)… private_gpt/components/tabular/database…:1066
CRIT MINED107 [MINED107] Missing import: `string` used but not imported: The file uses `string.somethin… private_gpt/chat/input_models.py:58
CRIT MINED030 [MINED030] Python Pickle Loads: pickle.loads() can execute arbitrary code via __reduce__. private_gpt/components/readers/nodes/v2…:45
CRIT MINED018 [MINED018] Unsafe Deserialization Pickle: pickle.loads / yaml.load (without Loader=SafeLo… private_gpt/components/readers/nodes/v2…:45
CRIT SEC081 [SEC081] Python: pickle.loads / marshal.loads on untrusted data: pickle.load(s) and marsh… private_gpt/components/readers/nodes/v2…:45
CRIT DKR005 Docker image bakes a secret-like ENV value Dockerfile:215
CRIT DKR005 Docker image bakes a secret-like ENV value Dockerfile:214
CRIT DKR005 Docker image bakes a secret-like ENV value Dockerfile:129
CRIT DKR005 Docker image bakes a secret-like ENV value Dockerfile:128
CRIT DKR005 Docker image bakes a secret-like ENV value Dockerfile:127
CRIT MINED116 [MINED116] Workflow uses `secrets.PAT` on a `pull_request` trigger: This workflow trigger… .github/workflows/post-release-please.y…:51
CRIT MINED116 [MINED116] Workflow uses `secrets.PAT` on a `pull_request` trigger: This workflow trigger… .github/workflows/post-release-please.y…:23
HIGH MINED106 [MINED106] Phantom test coverage: test_client: Test function `test_client` runs code but … tests/fixtures/fast_api_test_client.py:70
HIGH MINED108 [MINED108] `self._do_ingest_one` used but never assigned in __init__: Method `ingest_on_w… scripts/ingest_folder.py:75
HIGH MINED108 [MINED108] `self._ingest_all` used but never assigned in __init__: Method `ingest_folder`… scripts/ingest_folder.py:61
HIGH MINED108 [MINED108] `self._find_all_files_in_folder` used but never assigned in __init__: Method `… scripts/ingest_folder.py:60
HIGH MINED108 [MINED108] `self._find_all_files_in_folder` used but never assigned in __init__: Method `… scripts/ingest_folder.py:56
HIGH MINED108 [MINED108] `self._validate_folder` used but never assigned in __init__: Method `_find_all… scripts/ingest_folder.py:53
HIGH MINED108 [MINED108] `self._create_error_response` used but never assigned in __init__: Method `__c… private_gpt/global_handler.py:41
HIGH SEC103 [SEC103] LDAP injection — non-constant search filter: User input concatenated into an LDA… scripts/update_claude_specs.py:44
HIGH MINED020 [MINED020] Logging Credential Via Fstring: logger.error(f"failed for {api_key}") — secret… private_gpt/components/workflows/others…:213
HIGH MINED014 [MINED014] Disabled Tls Verify: verify=False in requests, rejectUnauthorized:false in nod… private_gpt/components/storage/s3_helpe…:48
HIGH MINED034 [MINED034] Python Subprocess Shell True: subprocess(..., shell=True) enables command inje… private_gpt/components/sandbox/local.py:35
HIGH SEC029 [SEC029] Server-Side Request Forgery (SSRF) — outbound HTTP from user input: Outbound HTT… private_gpt/components/model_discovery/…:226
HIGH SEC029 [SEC029] Server-Side Request Forgery (SSRF) — outbound HTTP from user input: Outbound HTT… private_gpt/components/llm/tokenizers/r…:171
HIGH SEC029 [SEC029] Server-Side Request Forgery (SSRF) — outbound HTTP from user input: Outbound HTT… private_gpt/components/concurrency/redi…:62
HIGH SEC085 [SEC085] JS: child_process.exec with non-literal: child_process.exec with user-derived in… private_gpt/components/sandbox/local.py:29
HIGH SEC085 [SEC085] JS: child_process.exec with non-literal: child_process.exec with user-derived in… private_gpt/components/sandbox/base.py:57
HIGH SEC085 [SEC085] JS: child_process.exec with non-literal: child_process.exec with user-derived in… private_gpt/components/code_execution/l…:43
HIGH MINED001 [MINED001] Bare Except Pass: except: pass or except Exception: pass — silently swallows e… private_gpt/components/database/table_l…:132
HIGH MINED001 [MINED001] Bare Except Pass: except: pass or except Exception: pass — silently swallows e… private_gpt/components/concurrency/sema…:12
HIGH MINED001 [MINED001] Bare Except Pass: except: pass or except Exception: pass — silently swallows e… private_gpt/cli/commands/serve.py:43
HIGH MINED006 [MINED006] Overcatch Baseexception: except BaseException: ... — prevents Ctrl+C and Syste… private_gpt/server/chat/interceptors/co…:191
HIGH MINED006 [MINED006] Overcatch Baseexception: except BaseException: ... — prevents Ctrl+C and Syste… private_gpt/cli/commands/worker.py:150
HIGH MINED006 [MINED006] Overcatch Baseexception: except BaseException: ... — prevents Ctrl+C and Syste… private_gpt/celery/tasks/ingestion/extr…:121
HIGH SEC078 [SEC078] Python: requests without timeout: requests.get/post without a timeout will hang … private_gpt/server/ingest/uri_loader.py:12
HIGH SEC078 [SEC078] Python: requests without timeout: requests.get/post without a timeout will hang … private_gpt/components/model_discovery/…:188
HIGH SEC128 [SEC128] Async function without await — fire-and-forget Promise (AI mistake): Async call … private_gpt/celery/tasks/ingestion/extr…:124
HIGH SEC128 [SEC128] Async function without await — fire-and-forget Promise (AI mistake): Async call … private_gpt/celery/tasks/ingestion/dele…:37
HIGH SEC128 [SEC128] Async function without await — fire-and-forget Promise (AI mistake): Async call … private_gpt/celery/base.py:76
HIGH MINED115 [MINED115] Action `actions/checkout` pinned to mutable ref `@v6`: `uses: actions/checkout… .github/workflows/post-release-please.y…:48
HIGH MINED115 [MINED115] Action `actions/checkout` pinned to mutable ref `@v6`: `uses: actions/checkout… .github/workflows/post-release-please.y…:20
HIGH MINED115 [MINED115] Action `actions/upload-artifact` pinned to mutable ref `@v7`: `uses: actions/u… .github/workflows/tests.yml:55
HIGH MINED115 [MINED115] Action `actions/upload-artifact` pinned to mutable ref `@v7`: `uses: actions/u… .github/workflows/tests.yml:49
HIGH MINED115 [MINED115] Action `actions/checkout` pinned to mutable ref `@v6`: `uses: actions/checkout… .github/workflows/tests.yml:42
HIGH MINED115 [MINED115] Action `actions/checkout` pinned to mutable ref `@v6`: `uses: actions/checkout… .github/workflows/tests.yml:33
HIGH MINED115 [MINED115] Action `actions/github-script` pinned to mutable ref `@v9`: `uses: actions/git… .github/workflows/preview-docs.yml:44
HIGH MINED115 [MINED115] Action `actions/setup-node` pinned to mutable ref `@v6`: `uses: actions/setup-… .github/workflows/preview-docs.yml:25
HIGH MINED115 [MINED115] Action `actions/checkout` pinned to mutable ref `@v6`: `uses: actions/checkout… .github/workflows/preview-docs.yml:20
HIGH MINED115 [MINED115] Action `actions/setup-node` pinned to mutable ref `@v6`: `uses: actions/setup-… .github/workflows/publish-docs.yml:18
HIGH MINED115 [MINED115] Action `actions/checkout` pinned to mutable ref `@v6`: `uses: actions/checkout… .github/workflows/publish-docs.yml:15
HIGH MINED115 [MINED115] Action `actions/setup-node` pinned to mutable ref `@v6`: `uses: actions/setup-… .github/workflows/fern-check.yml:18
HIGH MINED115 [MINED115] Action `actions/checkout` pinned to mutable ref `@v6`: `uses: actions/checkout… .github/workflows/fern-check.yml:15
HIGH MINED115 [MINED115] Action `actions/checkout` pinned to mutable ref `@v6`: `uses: actions/checkout… .github/workflows/generate-release.yml:243
HIGH MINED115 [MINED115] Action `actions/setup-python` pinned to mutable ref `@v6`: `uses: actions/setu… .github/workflows/generate-release.yml:228
HIGH MINED115 [MINED115] Action `actions/checkout` pinned to mutable ref `@v6`: `uses: actions/checkout… .github/workflows/generate-release.yml:225
HIGH MINED115 [MINED115] Action `actions/checkout` pinned to mutable ref `@v6`: `uses: actions/checkout… .github/workflows/generate-release.yml:175
HIGH MINED115 [MINED115] Action `jlumbroso/free-disk-space` pinned to mutable ref `@v1.3.1`: `uses: jlu… .github/workflows/generate-release.yml:164
HIGH MINED115 [MINED115] Action `actions/download-artifact` pinned to mutable ref `@v8`: `uses: actions… .github/workflows/generate-release.yml:106
HIGH MINED115 [MINED115] Action `actions/setup-python` pinned to mutable ref `@v6`: `uses: actions/setu… .github/workflows/generate-release.yml:101
HIGH MINED115 [MINED115] Action `actions/checkout` pinned to mutable ref `@v6`: `uses: actions/checkout… .github/workflows/generate-release.yml:98
HIGH MINED115 [MINED115] Action `actions/upload-artifact` pinned to mutable ref `@v7`: `uses: actions/u… .github/workflows/generate-release.yml:61
HIGH MINED115 [MINED115] Action `actions/checkout` pinned to mutable ref `@v6`: `uses: actions/checkout… .github/workflows/generate-release.yml:30
HIGH MINED115 [MINED115] Action `googleapis/release-please-action` pinned to mutable ref `@v5`: `uses: … .github/workflows/release-please.yml:16
HIGH MINED115 [MINED115] Action `actions/checkout` pinned to mutable ref `@v6`: `uses: actions/checkout… .github/workflows/update-claude-specs.y…:16
HIGH MINED118 [MINED118] Dockerfile FROM `python:3.11.10-slim-bookworm` not pinned by digest: `FROM pyt… Dockerfile:2
HIGH SEC016 [SEC016] LLM Prompt Injection — User Input in AI Prompt: User-supplied text is interpolat… private_gpt/cli/commands/run.py:253
HIGH MINED112 [MINED112] FastAPI POST /search has no auth: Handler `search` is registered with router/a… private_gpt/server/primitives/primitive…:304
HIGH MINED112 [MINED112] FastAPI POST /delete/async has no auth: Handler `delete_ingested_async` is reg… private_gpt/server/ingest/ingest_router…:945
HIGH MINED112 [MINED112] FastAPI POST /ingest/async has no auth: Handler `ingest_content_async` is regi… private_gpt/server/ingest/ingest_router…:564
HIGH MINED112 [MINED112] FastAPI POST /delete has no auth: Handler `delete_ingested` is registered with… private_gpt/server/ingest/ingest_router…:896
HIGH MINED112 [MINED112] FastAPI POST /ingest has no auth: Handler `ingest_content` is registered with … private_gpt/server/ingest/ingest_router…:412
HIGH MINED112 [MINED112] FastAPI POST /messages/validate has no auth: Handler `validate_messages` is re… private_gpt/server/chat/chat_router.py:388
HIGH MINED112 [MINED112] FastAPI POST /messages/count_tokens has no auth: Handler `count_message_tokens… private_gpt/server/chat/chat_router.py:274
HIGH MINED112 [MINED112] FastAPI POST /messages has no auth: Handler `chat_messages` is registered with… private_gpt/server/chat/chat_router.py:222
HIGH MINED112 [MINED112] FastAPI POST /embeddings has no auth: Handler `embeddings_generation` is regis… private_gpt/server/embeddings/embedding…:283
HIGH MINED112 [MINED112] FastAPI POST /chunked-content has no auth: Handler `chunked_content_retrieval`… private_gpt/server/content/content_rout…:523
HIGH MINED112 [MINED112] FastAPI POST /content has no auth: Handler `content_retrieval` is registered w… private_gpt/server/content/content_rout…:333
HIGH MINED112 [MINED112] FastAPI POST /tools/web-search has no auth: Handler `web_search` is registered… private_gpt/server/tools/tool_router.py:610
HIGH MINED112 [MINED112] FastAPI POST /tools/web-fetch has no auth: Handler `web_fetch` is registered w… private_gpt/server/tools/tool_router.py:515
HIGH MINED112 [MINED112] FastAPI POST /tools/database-query has no auth: Handler `database_query` is re… private_gpt/server/tools/tool_router.py:429
HIGH MINED112 [MINED112] FastAPI POST /tools/tabular-data-analysis has no auth: Handler `tabular_data_a… private_gpt/server/tools/tool_router.py:320
HIGH MINED112 [MINED112] FastAPI POST /tools/semantic-search has no auth: Handler `semantic_search` is … private_gpt/server/tools/tool_router.py:211
HIGH MINED112 [MINED112] FastAPI DELETE /{message_id}/delete has no auth: Handler `delete_stream` is re… private_gpt/server/chat_async/chat_asyn…:618
HIGH MINED112 [MINED112] FastAPI POST /{message_id}/cancel has no auth: Handler `cancel_stream` is regi… private_gpt/server/chat_async/chat_asyn…:556
HIGH MINED112 [MINED112] FastAPI POST (unknown path) has no auth: Handler `chat_messages` is registered… private_gpt/server/chat_async/chat_asyn…:197
HIGH MINED112 [MINED112] FastAPI DELETE /{skill_id}/versions/{version} has no auth: Handler `delete_ski… private_gpt/server/skills/skill_router.…:539
HIGH MINED112 [MINED112] FastAPI POST /{skill_id}/versions has no auth: Handler `create_skill_version` … private_gpt/server/skills/skill_router.…:345
HIGH MINED112 [MINED112] FastAPI DELETE /{skill_id} has no auth: Handler `delete_skill` is registered w… private_gpt/server/skills/skill_router.…:270
HIGH MINED112 [MINED112] FastAPI POST (unknown path) has no auth: Handler `create_skill` is registered … private_gpt/server/skills/skill_router.…:84
HIGH MINED112 [MINED112] FastAPI POST /complete has no auth: Handler `create_completion` is registered … private_gpt/server/completion/completio…:23
HIGH SEC004 [SEC004] SQL Injection Risk: String interpolation in SQL execution. Allows SQL injection. private_gpt/components/code_execution/l…:134
MED MINED111 [MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that r… private_gpt/components/database/functio…:206
MED MINED111 [MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that r… private_gpt/components/database/functio…:118
MED MINED111 [MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that r… private_gpt/components/database/procedu…:285
MED MINED111 [MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that r… private_gpt/components/database/procedu…:205
MED MINED111 [MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that r… private_gpt/components/database/procedu…:117
MED MINED111 [MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that r… private_gpt/components/web/web_scraper_…:375
MED MINED111 [MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that r… private_gpt/components/web/web_scraper_…:330
MED MINED111 [MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that r… private_gpt/components/tools/binary_blo…:166
MED MINED111 [MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that r… private_gpt/components/tabular/database…:1199
MED MINED111 [MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that r… private_gpt/components/tabular/database…:299
MED MINED111 [MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that r… private_gpt/components/tabular/database…:280
MED MINED111 [MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that r… private_gpt/components/llm/utils.py:17
MED MINED111 [MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that r… private_gpt/cli/commands/run.py:114
MED MINED111 [MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that r… private_gpt/cli/commands/run.py:40
MED MINED111 [MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that r… private_gpt/events/models/_errors.py:64
MED MINED111 [MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that r… private_gpt/events/interceptors/ping_ev…:31
MED MINED111 [MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that r… private_gpt/events/sse/sse_producer.py:61
MED SEC012 [SEC012] ZipSlip — Archive Path Traversal: Archive extraction without path validation all… private_gpt/initialize.py:55
MED SEC014 [SEC014] SSL Verification Disabled: SSL certificate verification is disabled, allowing ma… private_gpt/components/storage/s3_helpe…:48
MED SEC031 [SEC031] Catastrophic Backtracking Regex (ReDoS): Regex contains nested quantifiers like … private_gpt/components/skills/parser.py:7
MED SEC007 [SEC007] Unsafe Deserialization: Unsafe deserialization can execute arbitrary code. private_gpt/components/readers/nodes/v2…:45
MED ERR001 [ERR001] Silent Exception Swallowing: Silently swallowing all exceptions hides bugs. Even… private_gpt/components/streaming/stream…:113
MED ERR001 [ERR001] Silent Exception Swallowing: Silently swallowing all exceptions hides bugs. Even… private_gpt/components/database/table_l…:132
MED SEC127 [SEC127] AI agent stub — TODO: implement / pass placeholder body: Function body left as T… private_gpt/components/llm/tokenizers/h…:223
MED SEC127 [SEC127] AI agent stub — TODO: implement / pass placeholder body: Function body left as T… private_gpt/components/llm/custom/base.…:150
MED SEC127 [SEC127] AI agent stub — TODO: implement / pass placeholder body: Function body left as T… private_gpt/components/concurrency/sema…:20
MED SEC045 [SEC045] eval()/exec() on stored or user-supplied data: eval() and exec() on data — even … private_gpt/components/sandbox/local.py:29
MED SEC045 [SEC045] eval()/exec() on stored or user-supplied data: eval() and exec() on data — even … private_gpt/components/sandbox/base.py:57
MED SEC045 [SEC045] eval()/exec() on stored or user-supplied data: eval() and exec() on data — even … private_gpt/components/code_execution/l…:43
MED SEC015 [SEC015] Insecure Randomness for Security: Weak PRNG used in security-sensitive context. … private_gpt/components/postgres/postgre…:32
MED SEC015 [SEC015] Insecure Randomness for Security: Weak PRNG used in security-sensitive context. … private_gpt/components/code_execution/l…:211
MED SEC015 [SEC015] Insecure Randomness for Security: Weak PRNG used in security-sensitive context. … private_gpt/components/code_execution/b…:66
MED SEC134 [SEC134] AI scaffold leftover — Lorem ipsum / example.com / John Doe in code: Lorem ipsum… private_gpt/components/chunk/models.py:82
MED SEC136 [SEC136] AI-typical over-broad exception handler swallowing all errors: Catch-all excepti… private_gpt/components/engines/citation…:57
MED SEC136 [SEC136] AI-typical over-broad exception handler swallowing all errors: Catch-all excepti… private_gpt/components/database/table_l…:92
MED SEC136 [SEC136] AI-typical over-broad exception handler swallowing all errors: Catch-all excepti… private_gpt/cli/commands/run.py:106
MED SEC034 [SEC034] Log Injection / Log Forging — unsanitized user input in log: User input is logge… scripts/ingest_folder.py:144
MED SEC034 [SEC034] Log Injection / Log Forging — unsanitized user input in log: User input is logge… private_gpt/components/workflows/retrie…:243
MED SEC034 [SEC034] Log Injection / Log Forging — unsanitized user input in log: User input is logge… private_gpt/celery/tasks/ingestion/extr…:68
MED COMP001 [COMP001] High cognitive complexity: Function `__call__` has cognitive complexity 15 (Son… private_gpt/celery/base.py:158
MED AUC001 [AUC001] No Repobility access matrix policy found: The repository uses web/API frameworks…
MED DKR001 Docker final stage has no non-root USER Dockerfile:174
MED WEB003 Public web service has no security.txt .well-known/security.txt
MED DKR004 Docker build secret exposed through ARG Dockerfile:120
MED DKR004 Docker build secret exposed through ARG Dockerfile:119
MED AUC002 [AUC002] Low visible authorization coverage in route inventory: Only 33.3% of discovered …
MED AUC012 [AUC012] FastAPI interactive docs may be exposed by framework defaults: FastAPI exposes /…
MED AGT012 Agent control bridge may listen on a network interface without visible auth private_gpt/launcher.py:1
MED AGT015 Remote install command pipes network code directly to a shell fern/docs/pages/installation/local.mdx:31
MED AGT015 Remote install command pipes network code directly to a shell fern/docs/pages/getting-started/quickst…:18
MED AGT015 Remote install command pipes network code directly to a shell README.md:65
MED SEC005 [SEC005] Command Injection Risk: Unsafe shell execution or eval of user input. private_gpt/components/sandbox/local.py:35
LOW COMP001 [COMP001] High cognitive complexity: Function `health_check` has cognitive complexity 10 … private_gpt/celery/healthcheck.py:46
LOW COMP001 [COMP001] High cognitive complexity: Function `run_callback` has cognitive complexity 8 (… private_gpt/celery/callback.py:40
LOW AIC003 Duplicated implementation block across source files private_gpt/server/tools/tool_router.py:457
LOW AIC003 Duplicated implementation block across source files private_gpt/server/chat_async/chat_asyn…:110
LOW AIC003 Duplicated implementation block across source files private_gpt/server/chat_async/chat_asyn…:31
LOW AIC003 Duplicated implementation block across source files private_gpt/server/chat/interceptors/to…:6
LOW AIC003 Duplicated implementation block across source files private_gpt/server/chat/interceptors/sy…:8
LOW AIC003 Duplicated implementation block across source files private_gpt/components/web/web_search/p…:55
LOW AIC003 Duplicated implementation block across source files private_gpt/components/tools/tool_facto…:71
LOW AIC003 Duplicated implementation block across source files private_gpt/components/tools/tool_facto…:38
LOW AIC003 Duplicated implementation block across source files private_gpt/components/tools/builders/t…:98
LOW AIC003 Duplicated implementation block across source files private_gpt/components/streaming/provid…:52
LOW AIC003 Duplicated implementation block across source files private_gpt/components/readers/text/tex…:13
LOW AIC003 Duplicated implementation block across source files private_gpt/components/readers/pptx2md/…:31
LOW AIC003 Duplicated implementation block across source files private_gpt/components/readers/nodes/te…:13
LOW AIC003 Duplicated implementation block across source files private_gpt/components/multimodality/im…:260
LOW AIC003 Duplicated implementation block across source files private_gpt/components/llm/tokenizers/t…:66
LOW AIC003 Duplicated implementation block across source files private_gpt/components/llm/tokenizers/t…:65
LOW AIC003 Duplicated implementation block across source files private_gpt/components/llm/tokenizers/r…:67
LOW AIC003 Duplicated implementation block across source files private_gpt/components/llm/tokenizers/m…:437
LOW AIC003 Duplicated implementation block across source files private_gpt/components/llm/registry.py:60
LOW AIC003 Duplicated implementation block across source files private_gpt/components/database/procedu…:34
LOW AIC003 Duplicated implementation block across source files private_gpt/components/concurrency/redi…:81
LOW DKR008 .dockerignore misses sensitive defaults .dockerignore
LOW DKR012 Dockerfile keeps pip download cache Dockerfile:206
LOW DKR012 Dockerfile keeps pip download cache Dockerfile:133
INFO MINED065 [MINED065] Cors Wildcard: Access-Control-Allow-Origin: * exposes the API to any browser o… private_gpt/launcher.py:260
INFO MINED043 [MINED043] Http Not Https: Hardcoded http:// (not localhost) for endpoints that handle cr… private_gpt/launcher.py:223
INFO MINED049 [MINED049] Print Pii: Logging password/token/email/ssn directly to stdout. private_gpt/components/postprocessor/tr…:72
INFO MINED062 [MINED062] Python Dataclass No Fields: @dataclass over an empty class — unfinished model. private_gpt/utils/async_utils.py:17
INFO MINED062 [MINED062] Python Dataclass No Fields: @dataclass over an empty class — unfinished model. private_gpt/components/readers/nodes/no…:23
INFO MINED062 [MINED062] Python Dataclass No Fields: @dataclass over an empty class — unfinished model. private_gpt/components/engines/citation…:14
INFO MINED067 [MINED067] Python Requests No Timeout: requests.get/post/etc. without timeout= can hang f… private_gpt/components/model_discovery/…:188
INFO MINED067 [MINED067] Python Requests No Timeout: requests.get/post/etc. without timeout= can hang f… private_gpt/components/llm/discovery.py:92
INFO MINED067 [MINED067] Python Requests No Timeout: requests.get/post/etc. without timeout= can hang f… private_gpt/celery/healthcheck.py:19
INFO MINED072 [MINED072] Python Pass Only Class: class Foo: pass — stub waiting to be filled in. private_gpt/components/concurrency/sema…:12
INFO MINED072 [MINED072] Python Pass Only Class: class Foo: pass — stub waiting to be filled in. private_gpt/celery/notify.py:12
INFO MINED072 [MINED072] Python Pass Only Class: class Foo: pass — stub waiting to be filled in. private_gpt/artifact_index/artifact_exc…:4
INFO MINED050 [MINED050] Stub Only Function: Function declared but body is just pass, return None, rais… private_gpt/celery/notify.py:13
INFO MINED050 [MINED050] Stub Only Function: Function declared but body is just pass, return None, rais… private_gpt/celery/base.py:97
INFO MINED050 [MINED050] Stub Only Function: Function declared but body is just pass, return None, rais… private_gpt/artifact_index/artifact_exc…:5
Reset to top 5 190 findings available (after auto-suppression of test files + won't-fix)

Issue body (markdown)

## Code-quality scan: `zylon-ai/private-gpt`

**Score: 77/100 (A-)**  ·  243 findings  ·  scanned 2026-06-05 09:58 UTC  ·  109,316 LOC

| Severity | Count |
|---|---|
| CRITICAL | 17 |
| HIGH | 80 |
| MEDIUM | 52 |
| LOW | 26 |

📊 [Full filterable report](https://repobility.com/scan/236a1059-41c1-4798-8b77-d160d63718b9/)  ·  ![scorecard](https://repobility.com/scan/236a1059-41c1-4798-8b77-d160d63718b9/report.png?v=1780653499-s2)

### Top findings

1. **CRITICAL** `MINED107` — Missing import: `queue` used but not imported
   `private_gpt/server/chat/interceptors/condensation_interceptor.py:113` · ✓ Repobility
2. **CRITICAL** `MINED107` — Missing import: `email` used but not imported
   `private_gpt/components/readers/text/email_reader.py:132` · ✓ Repobility
3. **CRITICAL** `MINED107` — Missing import: `copy` used but not imported
   `private_gpt/components/web/web_search/processors/select_best_links.py:153` · ✓ Repobility
4. **CRITICAL** `MINED107` — Missing import: `warnings` used but not imported
   `private_gpt/components/ingest/ingest_helper.py:57` · ✓ Repobility
5. **CRITICAL** `MINED107` — Missing import: `queue` used but not imported
   `private_gpt/components/vector_store/patched_qdrant_store.py:802` · ✓ Repobility

---

_Filed automatically. Close this issue if not useful — we won't refile. Full report: https://repobility.com/scan/236a1059-41c1-4798-8b77-d160d63718b9/_
Megaproject â high spam risk
Could not determine 'zylon-ai/private-gpt' star count (GitHub API rate-limited or unreachable). When in doubt about repo size, prefer opening a focused PR or a discussion rather than an issue.
Already filed
85/259 findings (33%) on this scan are already flagged as test-file, won't-fix, or suppressed. The scan is too noisy to file as a single issue. Curate down to specific actionable findings, or address the FP source first.
I read the warnings â override Cancel

The button opens GitHubâs new-issue page in a new tab. You will see the title + body pre-filled â review, edit if you want, then click GitHubâs "Submit new issue" button. Repobility never posts anything on your behalf.

For real security findings on big repos: use the project's SECURITY.md or private advisory flow instead of a public issue.