{"version": "2.1.0", "$schema": "https://json.schemastore.org/sarif-2.1.0.json", "runs": [{"tool": {"driver": {"name": "Repobility", "informationUri": "https://repobility.com", "rules": [{"id": "GHSA-fxgc-95xx-grvq", "name": "tensorflow: GHSA-fxgc-95xx-grvq", "shortDescription": {"text": "tensorflow: GHSA-fxgc-95xx-grvq"}, "fullDescription": {"text": "TensorFlow Denial of Service vulnerability"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "medium", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GHSA-fqm2-gh8w-gr68", "name": "tensorflow: GHSA-fqm2-gh8w-gr68", "shortDescription": {"text": "tensorflow: GHSA-fqm2-gh8w-gr68"}, "fullDescription": {"text": "TensorFlow vulnerable to segfault when opening multiframe gif"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "medium", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GHSA-6w46-j5rx-g56g", "name": "pytest: GHSA-6w46-j5rx-g56g", "shortDescription": {"text": "pytest: GHSA-6w46-j5rx-g56g"}, "fullDescription": {"text": "pytest has vulnerable tmpdir handling"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "medium", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GHSA-fpfv-jqm9-f5jm", "name": "numpy: GHSA-fpfv-jqm9-f5jm", "shortDescription": {"text": "numpy: GHSA-fpfv-jqm9-f5jm"}, "fullDescription": {"text": "Incorrect Comparison in NumPy"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "medium", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GHSA-rf74-v2fm-23pw", "name": "nltk: GHSA-rf74-v2fm-23pw", "shortDescription": {"text": "nltk: GHSA-rf74-v2fm-23pw"}, "fullDescription": {"text": "Natural Language Toolkit (NLTK) has unbounded recursion in JSONTaggedDecoder.decode_obj() may cause DoS"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "medium", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GHSA-gfwx-w7gr-fvh7", "name": "nltk: GHSA-gfwx-w7gr-fvh7", "shortDescription": {"text": "nltk: GHSA-gfwx-w7gr-fvh7"}, "fullDescription": {"text": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in nltk"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "medium", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GHSA-mq84-hjqx-cwf2", "name": "keras: GHSA-mq84-hjqx-cwf2", "shortDescription": {"text": "keras: GHSA-mq84-hjqx-cwf2"}, "fullDescription": {"text": "Keras is vulnerable to arbitrary local file loading and Server-Side Request Forgery"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "medium", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GHSA-h4gh-qq45-vh27", "name": "cryptography: GHSA-h4gh-qq45-vh27", "shortDescription": {"text": "cryptography: GHSA-h4gh-qq45-vh27"}, "fullDescription": {"text": "pyca/cryptography has a vulnerable OpenSSL included in cryptography wheels"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "medium", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GHSA-9v9h-cgj8-h64p", "name": "cryptography: GHSA-9v9h-cgj8-h64p", "shortDescription": {"text": "cryptography: GHSA-9v9h-cgj8-h64p"}, "fullDescription": {"text": "Null pointer dereference in PKCS12 parsing"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "medium", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GHSA-39hc-v87j-747x", "name": "cryptography: GHSA-39hc-v87j-747x", "shortDescription": {"text": "cryptography: GHSA-39hc-v87j-747x"}, "fullDescription": {"text": "Vulnerable OpenSSL included in cryptography wheels"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "medium", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GHSA-q34m-jh98-gwm2", "name": "werkzeug: GHSA-q34m-jh98-gwm2", "shortDescription": {"text": "werkzeug: GHSA-q34m-jh98-gwm2"}, "fullDescription": {"text": "Werkzeug possible resource exhaustion when parsing file data in forms"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "medium", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GHSA-hgf8-39gv-g3f2", "name": "werkzeug: GHSA-hgf8-39gv-g3f2", "shortDescription": {"text": "werkzeug: GHSA-hgf8-39gv-g3f2"}, "fullDescription": {"text": "Werkzeug safe_join() allows Windows special device names"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "medium", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GHSA-f9vj-2wh5-fj8j", "name": "werkzeug: GHSA-f9vj-2wh5-fj8j", "shortDescription": {"text": "werkzeug: GHSA-f9vj-2wh5-fj8j"}, "fullDescription": {"text": "Werkzeug safe_join not safe on Windows"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "medium", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GHSA-87hc-h4r5-73f7", "name": "werkzeug: GHSA-87hc-h4r5-73f7", "shortDescription": {"text": "werkzeug: GHSA-87hc-h4r5-73f7"}, "fullDescription": {"text": " Werkzeug safe_join() allows Windows special device names with compound extensions"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "medium", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GHSA-29vq-49wr-vm6x", "name": "werkzeug: GHSA-29vq-49wr-vm6x", "shortDescription": {"text": "werkzeug: GHSA-29vq-49wr-vm6x"}, "fullDescription": {"text": " Werkzeug safe_join() allows Windows special device names"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "medium", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GHSA-gc5v-m9x4-r6x2", "name": "requests: GHSA-gc5v-m9x4-r6x2", "shortDescription": {"text": "requests: GHSA-gc5v-m9x4-r6x2"}, "fullDescription": {"text": "Requests has Insecure Temp File Reuse in its extract_zipped_paths() utility function"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "medium", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GHSA-9wx4-h78v-vm56", "name": "requests: GHSA-9wx4-h78v-vm56", "shortDescription": {"text": "requests: GHSA-9wx4-h78v-vm56"}, "fullDescription": {"text": "Requests `Session` object does not verify requests after making first request with verify=False"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "medium", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GHSA-9hjg-9r4m-mvj7", "name": "requests: GHSA-9hjg-9r4m-mvj7", "shortDescription": {"text": "requests: GHSA-9hjg-9r4m-mvj7"}, "fullDescription": {"text": "Requests vulnerable to .netrc credentials leak via malicious URLs"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "medium", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GHSA-r73j-pqj5-w3x7", "name": "pillow: GHSA-r73j-pqj5-w3x7", "shortDescription": {"text": "pillow: GHSA-r73j-pqj5-w3x7"}, "fullDescription": {"text": "Pillow has a PDF Parsing Trailer Infinite Loop (DoS)"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "medium", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GHSA-vm8q-m57g-pff3", "name": "django: GHSA-vm8q-m57g-pff3", "shortDescription": {"text": "django: GHSA-vm8q-m57g-pff3"}, "fullDescription": {"text": "Regular expression denial-of-service in Django"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "medium", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GHSA-rrqc-c2jx-6jgv", "name": "django: GHSA-rrqc-c2jx-6jgv", "shortDescription": {"text": "django: GHSA-rrqc-c2jx-6jgv"}, "fullDescription": {"text": "Django allows enumeration of user e-mail addresses"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "medium", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "SEC136", "name": "[SEC136] AI-typical over-broad exception handler swallowing all errors: Catch-all exception block that silently returns ", "shortDescription": {"text": "[SEC136] AI-typical over-broad exception handler swallowing all errors: Catch-all exception block that silently returns success or no-ops. AI agents reach for this pattern when a flaky test or an unfamiliar API throws \u2014 wrap, swallow, retur"}, "fullDescription": {"text": "Catch the specific exception type, log at error level with full exception info, and return a failure-shaped result. If the operation is genuinely best-effort, log at warning and document why in a comment so the next reader (or scanner) knows."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "medium", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "ERR001", "name": "[ERR001] Silent Exception Swallowing: Silently swallowing all exceptions hides bugs. Even in cleanup code, log at DEBUG ", "shortDescription": {"text": "[ERR001] Silent Exception Swallowing: Silently swallowing all exceptions hides bugs. Even in cleanup code, log at DEBUG level."}, "fullDescription": {"text": "Log the error: `except Exception: logger.debug('cleanup failed', exc_info=True)`. Or handle specific exception types."}, "properties": {"scanner": "repobility-threat-engine", "category": "error_handling", "severity": "medium", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "SEC123", "name": "[SEC123] Production stack trace / debug output exposed: Debug mode left on in production exposes stack traces, environme", "shortDescription": {"text": "[SEC123] Production stack trace / debug output exposed: Debug mode left on in production exposes stack traces, environment variables, framework internals \u2014 sometimes triggers RCE (Django debug page with arbitrary template eval)."}, "fullDescription": {"text": "Set DEBUG=False / APP_DEBUG=false in production. Provide a generic 500 handler that logs to backend but returns a sanitized page to clients."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "medium", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "SEC045", "name": "[SEC045] eval()/exec() on stored or user-supplied data: eval() and exec() on data \u2014 even admin-stored data \u2014 is a latera", "shortDescription": {"text": "[SEC045] eval()/exec() on stored or user-supplied data: eval() and exec() on data \u2014 even admin-stored data \u2014 is a lateral-movement vector after any one credential compromise. Sandboxes (__builtins__ cleared) are escapable: attackers use obj"}, "fullDescription": {"text": "For literal data structures: use ast.literal_eval(text) \u2014 only parses literals, raises on code.\nFor formula evaluation: use asteval or simpleeval (purpose-built sandboxes with allow-lists).\nFor Odoo: use odoo.tools.safe_eval(expr, locals_dict, mode='exec').\nIf you genuinely need to execute admin-stored code: require explicit super-admin permission AND log every execution with a stack trace."}, "properties": {"scanner": "repobility-threat-engine", "category": "injection", "severity": "medium", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "SEC005", "name": "[SEC005] Command Injection Risk: Unsafe shell execution or eval of user input.", "shortDescription": {"text": "[SEC005] Command Injection Risk: Unsafe shell execution or eval of user input."}, "fullDescription": {"text": "Use subprocess with shell=False and a list of args. Never eval user input."}, "properties": {"scanner": "repobility-threat-engine", "category": "injection", "severity": "medium", "confidence": 0.5, "cwe": "", "owasp": ""}}, {"id": "COMP001", "name": "[COMP001] High cognitive complexity: Function `parse_log` has cognitive complexity 18 (SonarSource scale). Cognitive com", "shortDescription": {"text": "[COMP001] High cognitive complexity: Function `parse_log` has cognitive complexity 18 (SonarSource scale). Cognitive complexity measures how hard the function is for a human to understand \u2014 nested branches, boolean chains, and recursion all"}, "fullDescription": {"text": "Extract nested branches into named helper functions; flatten early-return / guard clauses; replace long if/elif chains with dispatch dicts or polymorphism. SonarQube's threshold for 'should refactor' is 15 \u2014 yours is 18."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "medium", "confidence": 0.95, "cwe": "", "owasp": ""}}, {"id": "SEC127", "name": "[SEC127] AI agent stub \u2014 TODO: implement / pass placeholder body: Function body left as TODO/pass/raise NotImplementedEr", "shortDescription": {"text": "[SEC127] AI agent stub \u2014 TODO: implement / pass placeholder body: Function body left as TODO/pass/raise NotImplementedError after an AI scaffolding pass. The route appears to exist (and may even pass shallow CI), but invoking it crashes or "}, "fullDescription": {"text": "Either implement the body, or fail closed at module-load time so the deploy can't ship a half-built route. A CI gate that fails build on `raise NotImplementedError` in non-abstract code catches this cleanly."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "medium", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "AGT015", "name": "Remote install command pipes network code directly to a shell", "shortDescription": {"text": "Remote install command pipes network code directly to a shell"}, "fullDescription": {"text": "Agent helper projects often publish one-line installers. `curl | sh` style commands are convenient, but they bypass review unless the script is pinned, signed, or checksum-verified."}, "properties": {"scanner": "repobility-agent-runtime", "category": "dependency", "severity": "medium", "confidence": 0.7, "cwe": "", "owasp": ""}}, {"id": "MINED124", "name": "requirements.txt: `immutabledict` has no version pin", "shortDescription": {"text": "requirements.txt: `immutabledict` has no version pin"}, "fullDescription": {"text": "Unpinned pip requirement means every fresh install may resolve a different version. Newer releases can introduce malicious code (typosquats, account compromises). Reproducible installs need exact pins."}, "properties": {"scanner": "repobility-supply-chain", "category": "dependency", "severity": "medium", "confidence": 0.9, "cwe": "", "owasp": ""}}, {"id": "MINED109", "name": "Mutable default argument in `compute_metrics_from_results` (list)", "shortDescription": {"text": "Mutable default argument in `compute_metrics_from_results` (list)"}, "fullDescription": {"text": "`def compute_metrics_from_results(... = []/{}/set())` \u2014 Python's default value is constructed ONCE at function definition time and shared across all calls. Mutating it in one call mutates it for every future call too."}, "properties": {"scanner": "repobility-ast-engine", "category": "quality", "severity": "medium", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED111", "name": "Bare except continues silently", "shortDescription": {"text": "Bare except continues silently"}, "fullDescription": {"text": "Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose."}, "properties": {"scanner": "repobility-ast-engine", "category": "quality", "severity": "medium", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "CORE_NO_CI", "name": "No CI/CD configuration found", "shortDescription": {"text": "No CI/CD configuration found"}, "fullDescription": {"text": "Add a CI/CD pipeline: create .github/workflows/ci.yml for GitHub Actions with steps to lint, test, and build on every push and pull request."}, "properties": {"scanner": "repobility-core", "category": "practices", "severity": "medium", "confidence": null, "cwe": "", "owasp": ""}}, {"id": "GHSA-68rp-wp8r-4726", "name": "flask: GHSA-68rp-wp8r-4726", "shortDescription": {"text": "flask: GHSA-68rp-wp8r-4726"}, "fullDescription": {"text": "Flask session does not add `Vary: Cookie` header when accessed in some ways"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "low", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GHSA-v8gr-m533-ghj9", "name": "cryptography: GHSA-v8gr-m533-ghj9", "shortDescription": {"text": "cryptography: GHSA-v8gr-m533-ghj9"}, "fullDescription": {"text": "Vulnerable OpenSSL included in cryptography wheels"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "low", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GHSA-jm77-qphf-c4w8", "name": "cryptography: GHSA-jm77-qphf-c4w8", "shortDescription": {"text": "cryptography: GHSA-jm77-qphf-c4w8"}, "fullDescription": {"text": "pyca/cryptography's wheels include vulnerable OpenSSL"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "low", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GHSA-5cpq-8wj7-hf2v", "name": "cryptography: GHSA-5cpq-8wj7-hf2v", "shortDescription": {"text": "cryptography: GHSA-5cpq-8wj7-hf2v"}, "fullDescription": {"text": "Vulnerable OpenSSL included in cryptography wheels"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "low", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GHSA-q95w-c7qg-hrff", "name": "django: GHSA-q95w-c7qg-hrff", "shortDescription": {"text": "django: GHSA-q95w-c7qg-hrff"}, "fullDescription": {"text": "Django vulnerable to partial directory traversal via archives"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "low", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GHSA-mjgh-79qc-68w3", "name": "django: GHSA-mjgh-79qc-68w3", "shortDescription": {"text": "django: GHSA-mjgh-79qc-68w3"}, "fullDescription": {"text": "Django has a Race Condition vulnerability"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "low", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "AIC003", "name": "Duplicated implementation block across source files", "shortDescription": {"text": "Duplicated implementation block across source files"}, "fullDescription": {"text": "Duplicated blocks are a common artifact when generated code is pasted or recreated instead of reused. They increase maintenance cost because every future bug fix must be found in multiple locations."}, "properties": {"scanner": "repobility-ai-code-hygiene", "category": "quality", "severity": "low", "confidence": 0.86, "cwe": "", "owasp": ""}}, {"id": "MINED063", "name": "[MINED063] Toctou Os Path Exists: if os.path.exists(p): open(p) \u2014 file can be replaced/deleted between check and use.", "shortDescription": {"text": "[MINED063] Toctou Os Path Exists: if os.path.exists(p): open(p) \u2014 file can be replaced/deleted between check and use."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-367 /  for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED049", "name": "[MINED049] Print Pii: Logging password/token/email/ssn directly to stdout.", "shortDescription": {"text": "[MINED049] Print Pii: Logging password/token/email/ssn directly to stdout."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-532 / A09:2021 for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED069", "name": "[MINED069] Debug True Prod: Django/Flask DEBUG=True or app.debug=True in non-test files.", "shortDescription": {"text": "[MINED069] Debug True Prod: Django/Flask DEBUG=True or app.debug=True in non-test files."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-489 / A05:2021 for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED064", "name": "[MINED064] Python Input Call: input() blocks for stdin. Inappropriate in services.", "shortDescription": {"text": "[MINED064] Python Input Call: input() blocks for stdin. Inappropriate in services."}, "fullDescription": {"text": "Review and fix per the pattern semantics."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "SEC013", "name": "[SEC013] Path Traversal \u2014 User Input in File Path (and 1 more): Same pattern found in 1 additional files. Review if need", "shortDescription": {"text": "[SEC013] Path Traversal \u2014 User Input in File Path (and 1 more): Same pattern found in 1 additional files. Review if needed."}, "fullDescription": {"text": "Use os.path.realpath() and verify the path starts with your expected base directory. Use secure_filename() for uploads."}, "properties": {"scanner": "repobility-threat-engine", "category": "path_traversal", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "MINED072", "name": "[MINED072] Python Pass Only Class: class Foo: pass \u2014 stub waiting to be filled in.", "shortDescription": {"text": "[MINED072] Python Pass Only Class: class Foo: pass \u2014 stub waiting to be filled in."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-1188 /  for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED077", "name": "[MINED077] Python Open No Context: fp = open(path) outside with-block leaks file handles.", "shortDescription": {"text": "[MINED077] Python Open No Context: fp = open(path) outside with-block leaks file handles."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-772 /  for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "SEC128", "name": "[SEC128] Async function without await \u2014 fire-and-forget Promise (AI mistake) (and 1 more): Same pattern found in 1 addit", "shortDescription": {"text": "[SEC128] Async function without await \u2014 fire-and-forget Promise (AI mistake) (and 1 more): Same pattern found in 1 additional files. Review if needed."}, "fullDescription": {"text": "Add `await` before each async call, or chain with `.then`. If you intentionally want fire-and-forget, prefix with `void` (TS) or assign to `_` (Python with `asyncio.create_task`) to make the intent explicit and survive lint."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "MINED001", "name": "[MINED001] Bare Except Pass (and 2 more): Same pattern found in 2 additional files. Review if needed.", "shortDescription": {"text": "[MINED001] Bare Except Pass (and 2 more): Same pattern found in 2 additional files. Review if needed."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-755 /  for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "MINED006", "name": "[MINED006] Overcatch Baseexception (and 2 more): Same pattern found in 2 additional files. Review if needed.", "shortDescription": {"text": "[MINED006] Overcatch Baseexception (and 2 more): Same pattern found in 2 additional files. Review if needed."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-705 /  for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "SEC020", "name": "[SEC020] Secret Printed to Logs (and 1 more): Same pattern found in 1 additional files. Review if needed.", "shortDescription": {"text": "[SEC020] Secret Printed to Logs (and 1 more): Same pattern found in 1 additional files. Review if needed."}, "fullDescription": {"text": "Log only redacted, hashed, or last-four-style metadata. Rotate any secret that may have reached logs."}, "properties": {"scanner": "repobility-threat-engine", "category": "credential_exposure", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "MINED055", "name": "[MINED055] Npm Install No Lockfile (and 16 more): Same pattern found in 16 additional files. Review if needed.", "shortDescription": {"text": "[MINED055] Npm Install No Lockfile (and 16 more): Same pattern found in 16 additional files. Review if needed."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-1357 / A06:2021 for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "MINED043", "name": "[MINED043] Http Not Https (and 5 more): Same pattern found in 5 additional files. Review if needed.", "shortDescription": {"text": "[MINED043] Http Not Https (and 5 more): Same pattern found in 5 additional files. Review if needed."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-319 / A02:2021 for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "MINED050", "name": "[MINED050] Stub Only Function (and 7 more): Same pattern found in 7 additional files. Review if needed.", "shortDescription": {"text": "[MINED050] Stub Only Function (and 7 more): Same pattern found in 7 additional files. Review if needed."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-1188 /  for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "GHSA-rcf8-g8jv-vg6p", "name": "tensorflow: GHSA-rcf8-g8jv-vg6p", "shortDescription": {"text": "tensorflow: GHSA-rcf8-g8jv-vg6p"}, "fullDescription": {"text": "TensorFlow has Floating Point Exception in AvgPoolGrad with XLA"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GHSA-qjqc-vqcf-5qvj", "name": "tensorflow: GHSA-qjqc-vqcf-5qvj", "shortDescription": {"text": "tensorflow: GHSA-qjqc-vqcf-5qvj"}, "fullDescription": {"text": "TensorFlow vulnerable to seg fault in `tf.raw_ops.Print`"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GHSA-j5w9-hmfh-4cr6", "name": "tensorflow: GHSA-j5w9-hmfh-4cr6", "shortDescription": {"text": "tensorflow: GHSA-j5w9-hmfh-4cr6"}, "fullDescription": {"text": "TensorFlow has segmentation fault in tfg-translate "}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GHSA-gjh7-xx4r-x345", "name": "tensorflow: GHSA-gjh7-xx4r-x345", "shortDescription": {"text": "tensorflow: GHSA-gjh7-xx4r-x345"}, "fullDescription": {"text": "TensorFlow has segfault in array_ops.upper_bound"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GHSA-gf97-q72m-7579", "name": "tensorflow: GHSA-gf97-q72m-7579", "shortDescription": {"text": "tensorflow: GHSA-gf97-q72m-7579"}, "fullDescription": {"text": "TensorFlow has Null Pointer Error in RandomShuffle with XLA enable "}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GHSA-f637-vh3r-vfh2", "name": "tensorflow: GHSA-f637-vh3r-vfh2", "shortDescription": {"text": "tensorflow: GHSA-f637-vh3r-vfh2"}, "fullDescription": {"text": "TensorFlow has Floating Point Exception in AudioSpectrogram "}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GHSA-f49c-87jh-g47q", "name": "tensorflow: GHSA-f49c-87jh-g47q", "shortDescription": {"text": "tensorflow: GHSA-f49c-87jh-g47q"}, "fullDescription": {"text": "TensorFlow has double free in Fractional(Max/Avg)Pool"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GHSA-94mm-g2mv-8p7r", "name": "tensorflow: GHSA-94mm-g2mv-8p7r", "shortDescription": {"text": "tensorflow: GHSA-94mm-g2mv-8p7r"}, "fullDescription": {"text": "TensorFlow has Null Pointer Error in LookupTableImportV2"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GHSA-93vr-9q9m-pj8p", "name": "tensorflow: GHSA-93vr-9q9m-pj8p", "shortDescription": {"text": "tensorflow: GHSA-93vr-9q9m-pj8p"}, "fullDescription": {"text": "TensorFlow vulnerable to Out-of-Bounds Read in DynamicStitch"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GHSA-7x4v-9gxg-9hwj", "name": "tensorflow: GHSA-7x4v-9gxg-9hwj", "shortDescription": {"text": "tensorflow: GHSA-7x4v-9gxg-9hwj"}, "fullDescription": {"text": "TensorFlow has Segfault in Bincount with XLA"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GHSA-7jvm-xxmr-v5cw", "name": "tensorflow: GHSA-7jvm-xxmr-v5cw", "shortDescription": {"text": "tensorflow: GHSA-7jvm-xxmr-v5cw"}, "fullDescription": {"text": "TensorFlow vulnerable to integer overflow in EditDistance"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GHSA-6wfh-89q8-44jq", "name": "tensorflow: GHSA-6wfh-89q8-44jq", "shortDescription": {"text": "tensorflow: GHSA-6wfh-89q8-44jq"}, "fullDescription": {"text": "TensorFlow has null dereference on ParallelConcat with XLA"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GHSA-6hg6-5c2q-7rcr", "name": "tensorflow: GHSA-6hg6-5c2q-7rcr", "shortDescription": {"text": "tensorflow: GHSA-6hg6-5c2q-7rcr"}, "fullDescription": {"text": "TensorFlow has Heap-buffer-overflow in AvgPoolGrad "}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GHSA-68v3-g9cm-rmm6", "name": "tensorflow: GHSA-68v3-g9cm-rmm6", "shortDescription": {"text": "tensorflow: GHSA-68v3-g9cm-rmm6"}, "fullDescription": {"text": "TensorFlow vulnerable to Out-of-Bounds Read in GRUBlockCellGrad"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GHSA-64jg-wjww-7c5w", "name": "tensorflow: GHSA-64jg-wjww-7c5w", "shortDescription": {"text": "tensorflow: GHSA-64jg-wjww-7c5w"}, "fullDescription": {"text": "TensorFlow has Null Pointer Error in TensorArrayConcatV2"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GHSA-647v-r7qq-24fh", "name": "tensorflow: GHSA-647v-r7qq-24fh", "shortDescription": {"text": "tensorflow: GHSA-647v-r7qq-24fh"}, "fullDescription": {"text": "TensorFlow has Floating Point Exception in TensorListSplit with XLA "}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GHSA-5w96-866f-6rm8", "name": "tensorflow: GHSA-5w96-866f-6rm8", "shortDescription": {"text": "tensorflow: GHSA-5w96-866f-6rm8"}, "fullDescription": {"text": "TensorFlow has Floating Point Exception in TFLite in conv kernel"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GHSA-558h-mq8x-7q9g", "name": "tensorflow: GHSA-558h-mq8x-7q9g", "shortDescription": {"text": "tensorflow: GHSA-558h-mq8x-7q9g"}, "fullDescription": {"text": "TensorFlow has Null Pointer Error in SparseSparseMaximum"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GHSA-49rq-hwc3-x77w", "name": "tensorflow: GHSA-49rq-hwc3-x77w", "shortDescription": {"text": "tensorflow: GHSA-49rq-hwc3-x77w"}, "fullDescription": {"text": "TensorFlow has Null Pointer Error in QuantizedMatMulWithBiasAndDequantize"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "PYSEC-2023-114", "name": "scipy: PYSEC-2023-114", "shortDescription": {"text": "scipy: PYSEC-2023-114"}, "fullDescription": {"text": "** DISPUTED ** A use-after-free issue was discovered in Py_FindObjects() function in SciPy versions prior to 1.8.0. NOTE: the vendor and discoverer indicate that this is not a security issue."}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "PYSEC-2023-102", "name": "scipy: PYSEC-2023-102", "shortDescription": {"text": "scipy: PYSEC-2023-102"}, "fullDescription": {"text": "A refcounting issue which leads to potential memory leak was discovered in scipy commit 8627df31ab in Py_FindObjects() function."}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "PYSEC-2024-110", "name": "scikit-learn: PYSEC-2024-110", "shortDescription": {"text": "scikit-learn: PYSEC-2024-110"}, "fullDescription": {"text": "A sensitive data leakage vulnerability was identified in scikit-learn's TfidfVectorizer, specifically in versions up to and including 1.4.1.post1, which was fixed in version 1.5.0. The vulnerability arises from the unexpected storage of all tokens present in the training data within the `stop_words_` attribute, rather than only storing the subset of tokens required for the TF-IDF technique to function. This behavior leads to the potential leakage of sensitive information, as the `stop_words_` attribute could contain tokens that were meant to be discarded and not stored, such as passwords or keys. The impact of this vulnerability varies based on the nature of the data being processed by the vectorizer."}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GHSA-j225-cvw7-qrx7", "name": "pycryptodome: GHSA-j225-cvw7-qrx7", "shortDescription": {"text": "pycryptodome: GHSA-j225-cvw7-qrx7"}, "fullDescription": {"text": "PyCryptodome and pycryptodomex side-channel leakage for OAEP decryption"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GHSA-jm6w-m3j8-898g", "name": "nltk: GHSA-jm6w-m3j8-898g", "shortDescription": {"text": "nltk: GHSA-jm6w-m3j8-898g"}, "fullDescription": {"text": "Unauthenticated remote shutdown in nltk.app.wordnet_app"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GHSA-469j-vmhf-r6v7", "name": "nltk: GHSA-469j-vmhf-r6v7", "shortDescription": {"text": "nltk: GHSA-469j-vmhf-r6v7"}, "fullDescription": {"text": "NLTK has a Downloader Path Traversal Vulnerability (AFO) - Arbitrary File Overwrite"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "PYSEC-2026-99", "name": "nltk: PYSEC-2026-99", "shortDescription": {"text": "nltk: PYSEC-2026-99"}, "fullDescription": {"text": "NLTK versions <=3.9.2 are vulnerable to arbitrary code execution due to improper input validation in the StanfordSegmenter module. The module dynamically loads external Java .jar files without verification or sandboxing. An attacker can supply or replace the JAR file, enabling the execution of arbitrary Java bytecode at import time. This vulnerability can be exploited through methods such as model poisoning, MITM attacks, or dependency poisoning, leading to remote code execution. The issue arises from the direct execution of the JAR file via subprocess with unvalidated classpath input, allowing malicious classes to execute when loaded by the JVM."}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "PYSEC-2026-98", "name": "nltk: PYSEC-2026-98", "shortDescription": {"text": "nltk: PYSEC-2026-98"}, "fullDescription": {"text": "A vulnerability in NLTK versions up to and including 3.9.2 allows arbitrary file read via path traversal in multiple CorpusReader classes, including WordListCorpusReader, TaggedCorpusReader, and BracketParseCorpusReader. These classes fail to properly sanitize or validate file paths, enabling attackers to traverse directories and access sensitive files on the server. This issue is particularly critical in scenarios where user-controlled file inputs are processed, such as in machine learning APIs, chatbots, or NLP pipelines. Exploitation of this vulnerability can lead to unauthorized access to sensitive files, including system files, SSH private keys, and API tokens, and may potentially escalate to remote code execution when combined with other vulnerabilities."}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "PYSEC-2026-97", "name": "nltk: PYSEC-2026-97", "shortDescription": {"text": "nltk: PYSEC-2026-97"}, "fullDescription": {"text": "A vulnerability in the `filestring()` function of the `nltk.util` module in nltk version 3.9.2 allows arbitrary file read due to improper validation of input paths. The function directly opens files specified by user input without sanitization, enabling attackers to access sensitive system files by providing absolute paths or traversal paths. This vulnerability can be exploited locally or remotely, particularly in scenarios where the function is used in web APIs or other interfaces that accept user-supplied input."}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "PYSEC-2024-167", "name": "nltk: PYSEC-2024-167", "shortDescription": {"text": "nltk: PYSEC-2024-167"}, "fullDescription": {"text": "NLTK through 3.8.1 allows remote code execution if untrusted packages have pickled Python code, and the integrated data package download functionality is used. This affects, for example, averaged_perceptron_tagger and punkt."}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "PYSEC-2026-87", "name": "lxml: PYSEC-2026-87", "shortDescription": {"text": "lxml: PYSEC-2026-87"}, "fullDescription": {"text": "lxml is a library for processing XML and HTML in the Python language. Prior to 6.1.0, using either of the two parsers in the default configuration (with resolve_entities=True) allows untrusted XML input to read local files. Setting the resolve_entities option explicitly to resolve_entities='internal' or resolve_entities=False disables the local file access. This vulnerability is fixed in 6.1.0."}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GHSA-hjqc-jx6g-rwp9", "name": "keras: GHSA-hjqc-jx6g-rwp9", "shortDescription": {"text": "keras: GHSA-hjqc-jx6g-rwp9"}, "fullDescription": {"text": "Keras Directory Traversal Vulnerability"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GHSA-4f3f-g24h-fr8m", "name": "keras: GHSA-4f3f-g24h-fr8m", "shortDescription": {"text": "keras: GHSA-4f3f-g24h-fr8m"}, "fullDescription": {"text": "Keras has an untrusted deserialization vulnerability"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GHSA-36fq-jgmw-4r9c", "name": "keras: GHSA-36fq-jgmw-4r9c", "shortDescription": {"text": "keras: GHSA-36fq-jgmw-4r9c"}, "fullDescription": {"text": "Keras is vulnerable to Deserialization of Untrusted Data"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "PYSEC-2025-121", "name": "keras: PYSEC-2025-121", "shortDescription": {"text": "keras: PYSEC-2025-121"}, "fullDescription": {"text": "An issue in keras 3.7.0 allows attackers to write arbitrary files to the user's machine via downloading a crafted tar file through the get_file function."}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "PYSEC-2026-62", "name": "geopandas: PYSEC-2026-62", "shortDescription": {"text": "geopandas: PYSEC-2026-62"}, "fullDescription": {"text": "SQL injection vulnerability in geopandas before v.1.1.2 allows an attacker to obtain sensitive information via the to_postgis()` function being used to write GeoDataFrames to a PostgreSQL database."}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GHSA-x4qr-2fvf-3mr5", "name": "cryptography: GHSA-x4qr-2fvf-3mr5", "shortDescription": {"text": "cryptography: GHSA-x4qr-2fvf-3mr5"}, "fullDescription": {"text": "Vulnerable OpenSSL included in cryptography wheels"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GHSA-r6ph-v2qm-q3c2", "name": "cryptography: GHSA-r6ph-v2qm-q3c2", "shortDescription": {"text": "cryptography: GHSA-r6ph-v2qm-q3c2"}, "fullDescription": {"text": "cryptography Vulnerable to a Subgroup Attack Due to Missing Subgroup Validation for SECT Curves"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GHSA-3ww4-gg4f-jr7f", "name": "cryptography: GHSA-3ww4-gg4f-jr7f", "shortDescription": {"text": "cryptography: GHSA-3ww4-gg4f-jr7f"}, "fullDescription": {"text": "Python Cryptography package vulnerable to Bleichenbacher timing oracle attack"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "PYSEC-2026-35", "name": "cryptography: PYSEC-2026-35", "shortDescription": {"text": "cryptography: PYSEC-2026-35"}, "fullDescription": {"text": "cryptography is a package designed to expose cryptographic primitives and recipes to Python developers. Prior to version 46.0.6, DNS name constraints were only validated against SANs within child certificates, and not the \"peer name\" presented during each validation. Consequently, cryptography would allow a peer named bar.example.com to validate against a wildcard leaf certificate for *.example.com, even if the leaf's parent certificate (or upwards) contained an excluded subtree constraint for bar.example.com. This issue has been patched in version 46.0.6."}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "PYSEC-2024-225", "name": "cryptography: PYSEC-2024-225", "shortDescription": {"text": "cryptography: PYSEC-2024-225"}, "fullDescription": {"text": "cryptography is a package designed to expose cryptographic primitives and recipes to Python developers. Starting in version 38.0.0 and prior to version 42.0.4, if `pkcs12.serialize_key_and_certificates` is called with both a certificate whose public key did not match the provided private key and an `encryption_algorithm` with `hmac_hash` set (via `PrivateFormat.PKCS12.encryption_builder().hmac_hash(...)`, then a NULL pointer dereference would occur, crashing the Python process. This has been resolved in version 42.0.4, the first version in which a `ValueError` is properly raised."}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "PYSEC-2023-254", "name": "cryptography: PYSEC-2023-254", "shortDescription": {"text": "cryptography: PYSEC-2023-254"}, "fullDescription": {"text": "cryptography is a package designed to expose cryptographic primitives and recipes to Python developers. Calling `load_pem_pkcs7_certificates` or `load_der_pkcs7_certificates` could lead to a NULL-pointer dereference and segfault. Exploitation of this vulnerability poses a serious risk of Denial of Service (DoS) for any application attempting to deserialize a PKCS7 blob/certificate. The consequences extend to potential disruptions in system availability and stability. This vulnerability has been patched in version 41.0.6."}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "PYSEC-2023-11", "name": "cryptography: PYSEC-2023-11", "shortDescription": {"text": "cryptography: PYSEC-2023-11"}, "fullDescription": {"text": "cryptography is a package designed to expose cryptographic primitives and recipes to Python developers. In affected versions `Cipher.update_into` would accept Python objects which implement the buffer protocol, but provide only immutable buffers. This would allow immutable objects (such as `bytes`) to be mutated, thus violating fundamental rules of Python and resulting in corrupted output. This now correctly raises an exception. This issue has been present since `update_into` was originally introduced in cryptography 1.8."}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GHSA-2g68-c3qc-8985", "name": "werkzeug: GHSA-2g68-c3qc-8985", "shortDescription": {"text": "werkzeug: GHSA-2g68-c3qc-8985"}, "fullDescription": {"text": "Werkzeug debugger vulnerable to remote execution when interacting with attacker controlled domain"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GHSA-whj4-6x5x-4v2j", "name": "pillow: GHSA-whj4-6x5x-4v2j", "shortDescription": {"text": "pillow: GHSA-whj4-6x5x-4v2j"}, "fullDescription": {"text": "FITS GZIP decompression bomb in Pillow"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GHSA-pwv6-vv43-88gr", "name": "pillow: GHSA-pwv6-vv43-88gr", "shortDescription": {"text": "pillow: GHSA-pwv6-vv43-88gr"}, "fullDescription": {"text": "Pillow has an OOB Write with Invalid PSD Tile Extents (Integer Overflow)"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GHSA-cfh3-3jmp-rvhc", "name": "pillow: GHSA-cfh3-3jmp-rvhc", "shortDescription": {"text": "pillow: GHSA-cfh3-3jmp-rvhc"}, "fullDescription": {"text": "Pillow affected by out-of-bounds write when loading PSD images"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "PYSEC-2026-165", "name": "pillow: PYSEC-2026-165", "shortDescription": {"text": "pillow: PYSEC-2026-165"}, "fullDescription": {"text": "Pillow is a Python imaging library. Prior to version 12.2.0, if a font advances for each glyph by an exceeding large amount, when Pillow keeps track of the current position, it may lead to an integer overflow. This issue has been patched in version 12.2.0."}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GHSA-8p8v-wh79-9r56", "name": "django: GHSA-8p8v-wh79-9r56", "shortDescription": {"text": "django: GHSA-8p8v-wh79-9r56"}, "fullDescription": {"text": "Django vulnerable to Uncontrolled Resource Consumption"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "PYSEC-2026-53", "name": "django: PYSEC-2026-53", "shortDescription": {"text": "django: PYSEC-2026-53"}, "fullDescription": {"text": "An issue was discovered in 6.0 before 6.0.4, 5.2 before 5.2.13, and 4.2 before 4.2.30.\nAdmin changelist forms using `ModelAdmin.list_editable` incorrectly allowed new\ninstances to be created via forged `POST` data.\nEarlier, unsupported Django series (such as 5.0.x, 4.1.x, and 3.2.x) were not evaluated and may also be affected.\nDjango would like to thank Cantina for reporting this issue."}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "PYSEC-2026-52", "name": "django: PYSEC-2026-52", "shortDescription": {"text": "django: PYSEC-2026-52"}, "fullDescription": {"text": "An issue was discovered in 6.0 before 6.0.4, 5.2 before 5.2.13, and 4.2 before 4.2.30.\nAdd permissions on inline model instances were not validated on submission of\nforged `POST` data in `GenericInlineModelAdmin`.\nEarlier, unsupported Django series (such as 5.0.x, 4.1.x, and 3.2.x) were not evaluated and may also be affected.\nDjango would like to thank N05ec@LZU-DSLab for reporting this issue."}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "PYSEC-2026-51", "name": "django: PYSEC-2026-51", "shortDescription": {"text": "django: PYSEC-2026-51"}, "fullDescription": {"text": "An issue was discovered in 6.0 before 6.0.4, 5.2 before 5.2.13, and 4.2 before 4.2.30.\n`ASGIRequest` allows a remote attacker to spoof headers by exploiting an ambiguous mapping of two header variants (with hyphens or with underscores) to a single version with underscores.\nEarlier, unsupported Django series (such as 5.0.x, 4.1.x, and 3.2.x) were not evaluated and may also be affected.\nDjango would like to thank Tarek Nakkouch for reporting this issue."}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "PYSEC-2026-49", "name": "django: PYSEC-2026-49", "shortDescription": {"text": "django: PYSEC-2026-49"}, "fullDescription": {"text": "An issue was discovered in 6.0 before 6.0.4, 5.2 before 5.2.13, and 4.2 before 4.2.30.\nASGI requests with a missing or understated `Content-Length` header could\nbypass the `DATA_UPLOAD_MAX_MEMORY_SIZE` limit when reading\n`HttpRequest.body`, allowing remote attackers to load an unbounded request body into\nmemory.\nEarlier, unsupported Django series (such as 5.0.x, 4.1.x, and 3.2.x) were not evaluated and may also be affected.\nDjango would like to thank Superior for reporting this issue."}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "PYSEC-2026-48", "name": "django: PYSEC-2026-48", "shortDescription": {"text": "django: PYSEC-2026-48"}, "fullDescription": {"text": "An issue was discovered in 6.0 before 6.0.4, 5.2 before 5.2.13, and 4.2 before 4.2.30.\n`MultiPartParser` allows remote attackers to degrade performance by submitting multipart uploads with `Content-Transfer-Encoding: base64` including excessive whitespace.\nEarlier, unsupported Django series (such as 5.0.x, 4.1.x, and 3.2.x) were not evaluated and may also be affected.\nDjango would like to thank Seokchan Yoon for reporting this issue."}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "PYSEC-2026-47", "name": "django: PYSEC-2026-47", "shortDescription": {"text": "django: PYSEC-2026-47"}, "fullDescription": {"text": "An issue was discovered in 6.0 before 6.0.2, 5.2 before 5.2.11, and 4.2 before 4.2.28.\n`.QuerySet.order_by()` is subject to SQL injection in column aliases containing periods when the same alias is, using a suitably crafted dictionary, with dictionary expansion, used in `FilteredRelation`.\nEarlier, unsupported Django series (such as 5.0.x, 4.1.x, and 3.2.x) were not evaluated and may also be affected.\nDjango would like to thank Solomon Kebede for reporting this issue."}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "PYSEC-2026-46", "name": "django: PYSEC-2026-46", "shortDescription": {"text": "django: PYSEC-2026-46"}, "fullDescription": {"text": "An issue was discovered in 6.0 before 6.0.2, 5.2 before 5.2.11, and 4.2 before 4.2.28.\n`FilteredRelation` is subject to SQL injection in column aliases via control characters, using a suitably crafted dictionary, with dictionary expansion, as the `**kwargs` passed to `QuerySet` methods `annotate()`, `aggregate()`, `extra()`, `values()`, `values_list()`, and `alias()`.\nEarlier, unsupported Django series (such as 5.0.x, 4.1.x, and 3.2.x) were not evaluated and may also be affected.\nDjango would like to thank Solomon Kebede for reporting this issue."}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "PYSEC-2026-45", "name": "django: PYSEC-2026-45", "shortDescription": {"text": "django: PYSEC-2026-45"}, "fullDescription": {"text": "An issue was discovered in 6.0 before 6.0.2, 5.2 before 5.2.11, and 4.2 before 4.2.28.\n`django.utils.text.Truncator.chars()` and `Truncator.words()` methods (with `html=True`) and the `truncatechars_html` and `truncatewords_html` template filters allow a remote attacker to cause a potential denial-of-service via crafted inputs containing a large number of unmatched HTML end tags.\nEarlier, unsupported Django series (such as 5.0.x, 4.1.x, and 3.2.x) were not evaluated and may also be affected.\nDjango would like to thank Seokchan Yoon for reporting this issue."}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "PYSEC-2026-44", "name": "django: PYSEC-2026-44", "shortDescription": {"text": "django: PYSEC-2026-44"}, "fullDescription": {"text": "An issue was discovered in 6.0 before 6.0.2, 5.2 before 5.2.11, and 4.2 before 4.2.28.\nRaster lookups on ``RasterField`` (only implemented on PostGIS) allows remote attackers to inject SQL via the band index parameter.\nEarlier, unsupported Django series (such as 5.0.x, 4.1.x, and 3.2.x) were not evaluated and may also be affected.\nDjango would like to thank Tarek Nakkouch for reporting this issue."}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "PYSEC-2026-43", "name": "django: PYSEC-2026-43", "shortDescription": {"text": "django: PYSEC-2026-43"}, "fullDescription": {"text": "An issue was discovered in 6.0 before 6.0.2, 5.2 before 5.2.11, and 4.2 before 4.2.28.\n`ASGIRequest` allows a remote attacker to cause a potential denial-of-service via a crafted request with multiple duplicate headers.\nEarlier, unsupported Django series (such as 5.0.x, 4.1.x, and 3.2.x) were not evaluated and may also be affected.\nDjango would like to thank Jiyong Yang for reporting this issue."}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "PYSEC-2026-42", "name": "django: PYSEC-2026-42", "shortDescription": {"text": "django: PYSEC-2026-42"}, "fullDescription": {"text": "An issue was discovered in 6.0 before 6.0.2, 5.2 before 5.2.11, and 4.2 before 4.2.28.\nThe `django.contrib.auth.handlers.modwsgi.check_password()` function for authentication via `mod_wsgi` allows remote attackers to enumerate users via a timing attack.\nEarlier, unsupported Django series (such as 5.0.x, 4.1.x, and 3.2.x) were not evaluated and may also be affected.\nDjango would like to thank Stackered for reporting this issue."}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "PYSEC-2025-47", "name": "django: PYSEC-2025-47", "shortDescription": {"text": "django: PYSEC-2025-47"}, "fullDescription": {"text": "An issue was discovered in Django 5.2 before 5.2.2, 5.1 before 5.1.10, and 4.2 before 4.2.22. Internal HTTP response logging does not escape request.path, which allows remote attackers to potentially manipulate log output via crafted URLs. This may lead to log injection or forgery when logs are viewed in terminals or processed by external systems."}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "PYSEC-2025-37", "name": "django: PYSEC-2025-37", "shortDescription": {"text": "django: PYSEC-2025-37"}, "fullDescription": {"text": "An issue was discovered in Django 4.2 before 4.2.21, 5.1 before 5.1.9, and 5.2 before 5.2.1. The django.utils.html.strip_tags() function is vulnerable to a potential denial-of-service (slow performance) when processing inputs containing large sequences of incomplete HTML tags. The template filter striptags is also vulnerable, because it is built on top of strip_tags()."}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "PYSEC-2025-13", "name": "django: PYSEC-2025-13", "shortDescription": {"text": "django: PYSEC-2025-13"}, "fullDescription": {"text": "An issue was discovered in Django 5.1 before 5.1.7, 5.0 before 5.0.13, and 4.2 before 4.2.20. The django.utils.text.wrap() method and wordwrap template filter are subject to a potential denial-of-service attack when used with very long strings."}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "PYSEC-2025-109", "name": "django: PYSEC-2025-109", "shortDescription": {"text": "django: PYSEC-2025-109"}, "fullDescription": {"text": "An issue was discovered in 5.2 before 5.2.9, 5.1 before 5.1.15, and 4.2 before 4.2.27.\nAlgorithmic complexity in `django.core.serializers.xml_serializer.getInnerText()` allows a remote attacker to cause a potential denial-of-service attack triggering CPU and memory exhaustion via specially crafted XML input processed by the XML `Deserializer`.\nEarlier, unsupported Django series (such as 5.0.x, 4.1.x, and 3.2.x) were not evaluated and may also be affected.\nDjango would like to thank Seokchan Yoon for reporting this issue."}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "PYSEC-2025-107", "name": "django: PYSEC-2025-107", "shortDescription": {"text": "django: PYSEC-2025-107"}, "fullDescription": {"text": "An issue was discovered in 5.1 before 5.1.14, 4.2 before 4.2.26, and 5.2 before 5.2.8.\nNFKC normalization in Python is slow on Windows. As a consequence, `django.http.HttpResponseRedirect`, `django.http.HttpResponsePermanentRedirect`, and the shortcut `django.shortcuts.redirect`  were subject to a potential  denial-of-service attack via certain inputs with a very large number of Unicode characters.\nEarlier, unsupported Django series (such as 5.0.x, 4.1.x, and 3.2.x) were not evaluated and may also be affected.\nDjango would like to thank Seokchan Yoon for reporting this issue."}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "PYSEC-2025-106", "name": "django: PYSEC-2025-106", "shortDescription": {"text": "django: PYSEC-2025-106"}, "fullDescription": {"text": "An issue was discovered in Django 4.2 before 4.2.25, 5.1 before 5.1.13, and 5.2 before 5.2.7. QuerySet.annotate(), QuerySet.alias(), QuerySet.aggregate(), and QuerySet.extra() are subject to SQL injection in column aliases, when using a suitably crafted dictionary, with dictionary expansion, as the **kwargs passed to these methods (on MySQL and MariaDB)."}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "PYSEC-2025-105", "name": "django: PYSEC-2025-105", "shortDescription": {"text": "django: PYSEC-2025-105"}, "fullDescription": {"text": "An issue was discovered in Django 4.2 before 4.2.24, 5.1 before 5.1.12, and 5.2 before 5.2.6. FilteredRelation is subject to SQL injection in column aliases, using a suitably crafted dictionary, with dictionary expansion, as the **kwargs passed QuerySet.annotate() or QuerySet.alias()."}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "PYSEC-2025-104", "name": "django: PYSEC-2025-104", "shortDescription": {"text": "django: PYSEC-2025-104"}, "fullDescription": {"text": "An issue was discovered in 5.2 before 5.2.9, 5.1 before 5.1.15, and 4.2 before 4.2.27.\n`FilteredRelation` is subject to SQL injection in column aliases, using a suitably crafted dictionary, with dictionary expansion, as the `**kwargs` passed to `QuerySet.annotate()` or `QuerySet.alias()` on PostgreSQL.\nEarlier, unsupported Django series (such as 5.0.x, 4.1.x, and 3.2.x) were not evaluated and may also be affected.\nDjango would like to thank Stackered for reporting this issue."}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "PYSEC-2025-1", "name": "django: PYSEC-2025-1", "shortDescription": {"text": "django: PYSEC-2025-1"}, "fullDescription": {"text": "An issue was discovered in Django 5.1 before 5.1.5, 5.0 before 5.0.11, and 4.2 before 4.2.18. Lack of upper-bound limit enforcement in strings passed when performing IPv6 validation could lead to a potential denial-of-service attack. The undocumented and private functions clean_ipv6_address and is_valid_ipv6_address are vulnerable, as is the django.forms.GenericIPAddressField form field. (The django.db.models.GenericIPAddressField model field is not affected.)"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "PYSEC-2024-69", "name": "django: PYSEC-2024-69", "shortDescription": {"text": "django: PYSEC-2024-69"}, "fullDescription": {"text": "An issue was discovered in Django 5.0 before 5.0.8 and 4.2 before 4.2.15. The urlize and urlizetrunc template filters, and the AdminURLFieldWidget widget, are subject to a potential denial-of-service attack via certain inputs with a very large number of Unicode characters."}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "PYSEC-2024-68", "name": "django: PYSEC-2024-68", "shortDescription": {"text": "django: PYSEC-2024-68"}, "fullDescription": {"text": "An issue was discovered in Django 5.0 before 5.0.8 and 4.2 before 4.2.15. The urlize() and urlizetrunc() template filters are subject to a potential denial-of-service attack via very large inputs with a specific sequence of characters."}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "PYSEC-2024-67", "name": "django: PYSEC-2024-67", "shortDescription": {"text": "django: PYSEC-2024-67"}, "fullDescription": {"text": "An issue was discovered in Django 5.0 before 5.0.8 and 4.2 before 4.2.15. The floatformat template filter is subject to significant memory consumption when given a string representation of a number in scientific notation with a large exponent."}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "PYSEC-2024-59", "name": "django: PYSEC-2024-59", "shortDescription": {"text": "django: PYSEC-2024-59"}, "fullDescription": {"text": "An issue was discovered in Django 5.0 before 5.0.7 and 4.2 before 4.2.14. get_supported_language_variant() was subject to a potential denial-of-service attack when used with very long strings containing specific characters."}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "PYSEC-2024-58", "name": "django: PYSEC-2024-58", "shortDescription": {"text": "django: PYSEC-2024-58"}, "fullDescription": {"text": "An issue was discovered in Django 5.0 before 5.0.7 and 4.2 before 4.2.14. Derived classes of the django.core.files.storage.Storage base class, when they override generate_filename() without replicating the file-path validations from the parent class, potentially allow directory traversal via certain inputs during a save() call. (Built-in Storage sub-classes are unaffected.)"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "PYSEC-2024-57", "name": "django: PYSEC-2024-57", "shortDescription": {"text": "django: PYSEC-2024-57"}, "fullDescription": {"text": "An issue was discovered in Django 5.0 before 5.0.7 and 4.2 before 4.2.14. The django.contrib.auth.backends.ModelBackend.authenticate() method allows remote attackers to enumerate users via a timing attack involving login requests for users with an unusable password."}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "PYSEC-2024-56", "name": "django: PYSEC-2024-56", "shortDescription": {"text": "django: PYSEC-2024-56"}, "fullDescription": {"text": "An issue was discovered in Django 4.2 before 4.2.14 and 5.0 before 5.0.7. urlize and urlizetrunc were subject to a potential denial of service attack via certain inputs with a very large number of brackets."}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "PYSEC-2024-47", "name": "django: PYSEC-2024-47", "shortDescription": {"text": "django: PYSEC-2024-47"}, "fullDescription": {"text": "In Django 3.2 before 3.2.25, 4.2 before 4.2.11, and 5.0 before 5.0.3, the django.utils.text.Truncator.words() method (with html=True) and the truncatewords_html template filter are subject to a potential regular expression denial-of-service attack via a crafted string. NOTE: this issue exists because of an incomplete fix for CVE-2019-14232 and CVE-2023-43665."}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "PYSEC-2024-28", "name": "django: PYSEC-2024-28", "shortDescription": {"text": "django: PYSEC-2024-28"}, "fullDescription": {"text": "An issue was discovered in Django 3.2 before 3.2.24, 4.2 before 4.2.10, and Django 5.0 before 5.0.2. The intcomma template filter was subject to a potential denial-of-service attack when used with very long strings."}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "PYSEC-2024-157", "name": "django: PYSEC-2024-157", "shortDescription": {"text": "django: PYSEC-2024-157"}, "fullDescription": {"text": "An issue was discovered in Django 5.1 before 5.1.4, 5.0 before 5.0.10, and 4.2 before 4.2.17. Direct usage of the django.db.models.fields.json.HasKey lookup, when an Oracle database is used, is subject to SQL injection if untrusted data is used as an lhs value. (Applications that use the jsonfield.has_key lookup via __ are unaffected.)"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "PYSEC-2024-156", "name": "django: PYSEC-2024-156", "shortDescription": {"text": "django: PYSEC-2024-156"}, "fullDescription": {"text": "An issue was discovered in Django 5.1 before 5.1.4, 5.0 before 5.0.10, and 4.2 before 4.2.17. The strip_tags() method and striptags template filter are subject to a potential denial-of-service attack via certain inputs containing large sequences of nested incomplete HTML entities."}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "PYSEC-2024-102", "name": "django: PYSEC-2024-102", "shortDescription": {"text": "django: PYSEC-2024-102"}, "fullDescription": {"text": "An issue was discovered in Django 5.1 before 5.1.1, 5.0 before 5.0.9, and 4.2 before 4.2.16. The urlize() and urlizetrunc() template filters are subject to a potential denial-of-service attack via very large inputs with a specific sequence of characters."}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "SEC085", "name": "[SEC085] JS: child_process.exec with non-literal: child_process.exec with user-derived input enables command injection. ", "shortDescription": {"text": "[SEC085] JS: child_process.exec with non-literal: child_process.exec with user-derived input enables command injection. Ported from eslint-plugin-security detect-child-process (Apache-2.0)."}, "fullDescription": {"text": "Use execFile / spawn with separate args array; never pass shell strings."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "high", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED034", "name": "[MINED034] Python Subprocess Shell True: subprocess(..., shell=True) enables command injection.", "shortDescription": {"text": "[MINED034] Python Subprocess Shell True: subprocess(..., shell=True) enables command injection."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-78 /  for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "high", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED009", "name": "[MINED009] Floats For Money: Variable named price/amount/cost typed as float instead of Decimal.", "shortDescription": {"text": "[MINED009] Floats For Money: Variable named price/amount/cost typed as float instead of Decimal."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-682 /  for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "high", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED012", "name": "[MINED012] Curl Pipe Bash: curl ... | sh / bash \u2014 runs unverified network code.", "shortDescription": {"text": "[MINED012] Curl Pipe Bash: curl ... | sh / bash \u2014 runs unverified network code."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-494 / A08:2021 for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "high", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "SEC103", "name": "[SEC103] LDAP injection \u2014 non-constant search filter: User input concatenated into an LDAP search filter. Attackers inje", "shortDescription": {"text": "[SEC103] LDAP injection \u2014 non-constant search filter: User input concatenated into an LDAP search filter. Attackers inject `*)(uid=*` style payloads to bypass auth or enumerate accounts."}, "fullDescription": {"text": "Escape with javax.naming.ldap.Rdn.escapeValue or equivalent. For python-ldap, use ldap.filter.escape_filter_chars. Better: use parameterized search APIs (Spring LdapTemplate filter encoders)."}, "properties": {"scanner": "repobility-threat-engine", "category": "injection", "severity": "high", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED106", "name": "Phantom test coverage: test_patch_run", "shortDescription": {"text": "Phantom test coverage: test_patch_run"}, "fullDescription": {"text": "Test function `test_patch_run` runs code but contains no assert / expect / should call \u2014 it passes regardless of behaviour. Adds line coverage without verifying anything."}, "properties": {"scanner": "repobility-ast-engine", "category": "quality", "severity": "high", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED108", "name": "`self.ask_confirmation` used but never assigned in __init__", "shortDescription": {"text": "`self.ask_confirmation` used but never assigned in __init__"}, "fullDescription": {"text": "Method `execute_action` of class `InteractiveAgent` reads `self.ask_confirmation`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"scanner": "repobility-ast-engine", "category": "quality", "severity": "high", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "GHSA-gw97-ff7c-9v96", "name": "tensorflow: GHSA-gw97-ff7c-9v96", "shortDescription": {"text": "tensorflow: GHSA-gw97-ff7c-9v96"}, "fullDescription": {"text": "TensorFlow has a heap out-of-buffer read vulnerability in the QuantizeAndDequantize operation"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "critical", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GHSA-7p94-766c-hgjp", "name": "nltk: GHSA-7p94-766c-hgjp", "shortDescription": {"text": "nltk: GHSA-7p94-766c-hgjp"}, "fullDescription": {"text": "NLTK has a Zip Slip Vulnerability"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "critical", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GHSA-x4wf-678h-2pmq", "name": "keras: GHSA-x4wf-678h-2pmq", "shortDescription": {"text": "keras: GHSA-x4wf-678h-2pmq"}, "fullDescription": {"text": "Keras code injection vulnerability"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "critical", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GHSA-frmv-pr5f-9mcr", "name": "django: GHSA-frmv-pr5f-9mcr", "shortDescription": {"text": "django: GHSA-frmv-pr5f-9mcr"}, "fullDescription": {"text": "Django vulnerable to SQL injection via _connector keyword argument in QuerySet and Q objects."}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "critical", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GHSA-pv4p-cwwg-4rph", "name": "django: GHSA-pv4p-cwwg-4rph", "shortDescription": {"text": "django: GHSA-pv4p-cwwg-4rph"}, "fullDescription": {"text": "Django SQL injection vulnerability"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "critical", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "MINED107", "name": "Missing import: `logging` used but not imported", "shortDescription": {"text": "Missing import: `logging` used but not imported"}, "fullDescription": {"text": "The file uses `logging.something(...)` but never imports `logging`. This raises NameError at runtime the first time the line executes."}, "properties": {"scanner": "repobility-ast-engine", "category": "quality", "severity": "critical", "confidence": 1.0, "cwe": "", "owasp": ""}}]}}, "automationDetails": {"id": "repobility/1286"}, "properties": {"repository": "LiveBench/LiveBench", "repoUrl": "https://github.com/LiveBench/LiveBench", "branch": "main"}, "results": [{"ruleId": "GHSA-fxgc-95xx-grvq", "level": "warning", "message": {"text": "tensorflow: GHSA-fxgc-95xx-grvq"}, "properties": {"repobilityId": 130703, "scanner": "osv-scanner", "fingerprint": "354aeeddc166951827871eebd1b19687311ca402338cd98369456528a640ea8e", "category": "dependency", "severity": "medium", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["BIT-tensorflow-2023-25661", "CVE-2023-25661"], "package": "tensorflow", "rule_id": "GHSA-fxgc-95xx-grvq", "scanner": "osv-scanner", "correlation_key": "vuln|tensorflow|CVE-2023-25661|token"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "livebench/code_runner/requirements_eval.txt"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-fqm2-gh8w-gr68", "level": "warning", "message": {"text": "tensorflow: GHSA-fqm2-gh8w-gr68"}, "properties": {"repobilityId": 130702, "scanner": "osv-scanner", "fingerprint": "0384c68a0c75d717cbb7adeefc4f6ec23461095de15088af76b97f8be0eea075", "category": "dependency", "severity": "medium", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["BIT-tensorflow-2023-25667", "CVE-2023-25667"], "package": "tensorflow", "rule_id": "GHSA-fqm2-gh8w-gr68", "scanner": "osv-scanner", "correlation_key": "vuln|tensorflow|CVE-2023-25667|token"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "livebench/code_runner/requirements_eval.txt"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-6w46-j5rx-g56g", "level": "warning", "message": {"text": "pytest: GHSA-6w46-j5rx-g56g"}, "properties": {"repobilityId": 130684, "scanner": "osv-scanner", "fingerprint": "f987a0357a95b5736b825cb1da4ea5c8c3618312be0eab659bf1900b3c2bb5e8", "category": "dependency", "severity": "medium", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2025-71176"], "package": "pytest", "rule_id": "GHSA-6w46-j5rx-g56g", "scanner": "osv-scanner", "correlation_key": "vuln|pytest|CVE-2025-71176|token"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "livebench/code_runner/requirements_eval.txt"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-fpfv-jqm9-f5jm", "level": "warning", "message": {"text": "numpy: GHSA-fpfv-jqm9-f5jm"}, "properties": {"repobilityId": 130682, "scanner": "osv-scanner", "fingerprint": "084ac0611cc90c6628aaf8377732fb6510de800eedcef022680540960cf9b656", "category": "dependency", "severity": "medium", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2021-34141", "PYSEC-2021-855"], "package": "numpy", "rule_id": "GHSA-fpfv-jqm9-f5jm", "scanner": "osv-scanner", "correlation_key": "vuln|numpy|CVE-2021-34141|token"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "livebench/code_runner/requirements_eval.txt"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-rf74-v2fm-23pw", "level": "warning", "message": {"text": "nltk: GHSA-rf74-v2fm-23pw"}, "properties": {"repobilityId": 130681, "scanner": "osv-scanner", "fingerprint": "4bcb47c036424a9ffa297b94155381194c58cdc36eac6d4ef406d594d29924b8", "category": "dependency", "severity": "medium", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "package": "nltk", "rule_id": "GHSA-rf74-v2fm-23pw", "scanner": "osv-scanner", "correlation_key": "vuln|nltk|GHSA-RF74-V2FM-23PW|token"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "livebench/code_runner/requirements_eval.txt"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-gfwx-w7gr-fvh7", "level": "warning", "message": {"text": "nltk: GHSA-gfwx-w7gr-fvh7"}, "properties": {"repobilityId": 130679, "scanner": "osv-scanner", "fingerprint": "1b4a723d6d29f9d94300cba08600412d88f003ecd3db8ffbbf6be371e665cca3", "category": "dependency", "severity": "medium", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-33230"], "package": "nltk", "rule_id": "GHSA-gfwx-w7gr-fvh7", "scanner": "osv-scanner", "correlation_key": "vuln|nltk|CVE-2026-33230|token"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "livebench/code_runner/requirements_eval.txt"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-mq84-hjqx-cwf2", "level": "warning", "message": {"text": "keras: GHSA-mq84-hjqx-cwf2"}, "properties": {"repobilityId": 130670, "scanner": "osv-scanner", "fingerprint": "2a10ef9c7481497ce357f21f23fc8a5153cf19f90993c1dee6a7965689a3d89e", "category": "dependency", "severity": "medium", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2025-12058", "GHSA-qg93-c7p6-gg7f"], "package": "keras", "rule_id": "GHSA-mq84-hjqx-cwf2", "scanner": "osv-scanner", "correlation_key": "vuln|keras|CVE-2025-12058|token"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "livebench/code_runner/requirements_eval.txt"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-h4gh-qq45-vh27", "level": "warning", "message": {"text": "cryptography: GHSA-h4gh-qq45-vh27"}, "properties": {"repobilityId": 130659, "scanner": "osv-scanner", "fingerprint": "560e3c6eab09cd489f88c6ba550c03ce2c97338f46a01de569fc3039de0fbece", "category": "dependency", "severity": "medium", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "package": "cryptography", "rule_id": "GHSA-h4gh-qq45-vh27", "scanner": "osv-scanner", "correlation_key": "vuln|cryptography|GHSA-H4GH-QQ45-VH27|token"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "livebench/code_runner/requirements_eval.txt"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-9v9h-cgj8-h64p", "level": "warning", "message": {"text": "cryptography: GHSA-9v9h-cgj8-h64p"}, "properties": {"repobilityId": 130658, "scanner": "osv-scanner", "fingerprint": "78657d38445f3150a552141d8c9478f0a12fd50842063a2fcf049179e01a1b2b", "category": "dependency", "severity": "medium", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2024-0727"], "package": "cryptography", "rule_id": "GHSA-9v9h-cgj8-h64p", "scanner": "osv-scanner", "correlation_key": "vuln|cryptography|CVE-2024-0727|token"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "livebench/code_runner/requirements_eval.txt"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-39hc-v87j-747x", "level": "warning", "message": {"text": "cryptography: GHSA-39hc-v87j-747x"}, "properties": {"repobilityId": 130655, "scanner": "osv-scanner", "fingerprint": "43e4384870161d2c362caac26ff661bbdbb1017a1bbd3e95ba7708c81892a298", "category": "dependency", "severity": "medium", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "package": "cryptography", "rule_id": "GHSA-39hc-v87j-747x", "scanner": "osv-scanner", "correlation_key": "vuln|cryptography|GHSA-39HC-V87J-747X|token"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "livebench/code_runner/requirements_eval.txt"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-q34m-jh98-gwm2", "level": "warning", "message": {"text": "werkzeug: GHSA-q34m-jh98-gwm2"}, "properties": {"repobilityId": 130650, "scanner": "osv-scanner", "fingerprint": "0556f034a35747820f6511327cc6446b65c3465d4f646f1f11ef31c0bdae6cec", "category": "dependency", "severity": "medium", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2024-49767"], "package": "werkzeug", "rule_id": "GHSA-q34m-jh98-gwm2", "scanner": "osv-scanner", "correlation_key": "vuln|werkzeug|CVE-2024-49767|token"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "livebench/code_runner/requirements_eval.txt"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-hgf8-39gv-g3f2", "level": "warning", "message": {"text": "werkzeug: GHSA-hgf8-39gv-g3f2"}, "properties": {"repobilityId": 130649, "scanner": "osv-scanner", "fingerprint": "9c38b8d616548b41b6c12a010fa210f93aa747f27617c3b1cc2a03e598afd42b", "category": "dependency", "severity": "medium", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2025-66221"], "package": "werkzeug", "rule_id": "GHSA-hgf8-39gv-g3f2", "scanner": "osv-scanner", "correlation_key": "vuln|werkzeug|CVE-2025-66221|token"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "livebench/code_runner/requirements_eval.txt"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-f9vj-2wh5-fj8j", "level": "warning", "message": {"text": "werkzeug: GHSA-f9vj-2wh5-fj8j"}, "properties": {"repobilityId": 130648, "scanner": "osv-scanner", "fingerprint": "69b43d4264b1e495ae1a23dcf3c9496220fb7eacb87607381d4371886195d380", "category": "dependency", "severity": "medium", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2024-49766"], "package": "werkzeug", "rule_id": "GHSA-f9vj-2wh5-fj8j", "scanner": "osv-scanner", "correlation_key": "vuln|werkzeug|CVE-2024-49766|token"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "livebench/code_runner/requirements_eval.txt"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-87hc-h4r5-73f7", "level": "warning", "message": {"text": "werkzeug: GHSA-87hc-h4r5-73f7"}, "properties": {"repobilityId": 130647, "scanner": "osv-scanner", "fingerprint": "ef83190ef64f0e6efe061d1c86d88ce53f2162d224da9d388d883fc4055081b9", "category": "dependency", "severity": "medium", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-21860"], "package": "werkzeug", "rule_id": "GHSA-87hc-h4r5-73f7", "scanner": "osv-scanner", "correlation_key": "vuln|werkzeug|CVE-2026-21860|token"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "livebench/code_runner/requirements_eval.txt"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-29vq-49wr-vm6x", "level": "warning", "message": {"text": "werkzeug: GHSA-29vq-49wr-vm6x"}, "properties": {"repobilityId": 130645, "scanner": "osv-scanner", "fingerprint": "eb344257cffb5e34c9f0ed241b5fd220995faad315075426bf5099cd619e48f4", "category": "dependency", "severity": "medium", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-27199"], "package": "werkzeug", "rule_id": "GHSA-29vq-49wr-vm6x", "scanner": "osv-scanner", "correlation_key": "vuln|werkzeug|CVE-2026-27199|token"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "livebench/code_runner/requirements_eval.txt"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-gc5v-m9x4-r6x2", "level": "warning", "message": {"text": "requests: GHSA-gc5v-m9x4-r6x2"}, "properties": {"repobilityId": 130644, "scanner": "osv-scanner", "fingerprint": "faddbd0f34a02a2e4a00e97db3c5b6639394b1891288302da598f14ef082072d", "category": "dependency", "severity": "medium", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-25645"], "package": "requests", "rule_id": "GHSA-gc5v-m9x4-r6x2", "scanner": "osv-scanner", "correlation_key": "vuln|requests|CVE-2026-25645|token"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "livebench/code_runner/requirements_eval.txt"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-9wx4-h78v-vm56", "level": "warning", "message": {"text": "requests: GHSA-9wx4-h78v-vm56"}, "properties": {"repobilityId": 130643, "scanner": "osv-scanner", "fingerprint": "2947252479ff50e9da78f643e0ad4aacf778c5193cb4133cfc535e9fdc9037b9", "category": "dependency", "severity": "medium", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2024-35195"], "package": "requests", "rule_id": "GHSA-9wx4-h78v-vm56", "scanner": "osv-scanner", "correlation_key": "vuln|requests|CVE-2024-35195|token"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "livebench/code_runner/requirements_eval.txt"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-9hjg-9r4m-mvj7", "level": "warning", "message": {"text": "requests: GHSA-9hjg-9r4m-mvj7"}, "properties": {"repobilityId": 130642, "scanner": "osv-scanner", "fingerprint": "d1729208352f4ff60b65cf335e990684cd33d926153416d9849c8b5f7c2a8e42", "category": "dependency", "severity": "medium", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2024-47081"], "package": "requests", "rule_id": "GHSA-9hjg-9r4m-mvj7", "scanner": "osv-scanner", "correlation_key": "vuln|requests|CVE-2024-47081|token"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "livebench/code_runner/requirements_eval.txt"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-r73j-pqj5-w3x7", "level": "warning", "message": {"text": "pillow: GHSA-r73j-pqj5-w3x7"}, "properties": {"repobilityId": 130640, "scanner": "osv-scanner", "fingerprint": "864eecf7d64812df180eb2b8fab204cbbc2e4a0c856dfd391702f79798285f2e", "category": "dependency", "severity": "medium", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["BIT-pillow-2026-42310", "CVE-2026-42310"], "package": "pillow", "rule_id": "GHSA-r73j-pqj5-w3x7", "scanner": "osv-scanner", "correlation_key": "vuln|pillow|CVE-2026-42310|token"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "livebench/code_runner/requirements_eval.txt"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-vm8q-m57g-pff3", "level": "warning", "message": {"text": "django: GHSA-vm8q-m57g-pff3"}, "properties": {"repobilityId": 130636, "scanner": "osv-scanner", "fingerprint": "9df4ca1aa306f34e09cfa34b6c61e44b605f287f33c43cf481abadbc5ef42ad7", "category": "dependency", "severity": "medium", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["BIT-django-2024-27351", "CVE-2024-27351", "PYSEC-2024-47"], "package": "django", "rule_id": "GHSA-vm8q-m57g-pff3", "scanner": "osv-scanner", "correlation_key": "vuln|django|CVE-2024-27351|token"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "livebench/code_runner/requirements_eval.txt"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-rrqc-c2jx-6jgv", "level": "warning", "message": {"text": "django: GHSA-rrqc-c2jx-6jgv"}, "properties": {"repobilityId": 130635, "scanner": "osv-scanner", "fingerprint": "f5756f63cb6c7b07bd7c539d978bab5f8c36505ebbd1b509bb5616a38507f0a1", "category": "dependency", "severity": "medium", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["BIT-django-2024-45231", "CVE-2024-45231"], "package": "django", "rule_id": "GHSA-rrqc-c2jx-6jgv", "scanner": "osv-scanner", "correlation_key": "vuln|django|CVE-2024-45231|token"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "livebench/code_runner/requirements_eval.txt"}, "region": {"startLine": 1}}}]}, {"ruleId": "SEC136", "level": "warning", "message": {"text": "[SEC136] AI-typical over-broad exception handler swallowing all errors: Catch-all exception block that silently returns success or no-ops. AI agents reach for this pattern when a flaky test or an unfamiliar API throws \u2014 wrap, swallow, return success. Real bugs are masked, observability is destroyed, and callers think the operation worked. CWE-396 (improperly-generalized exception). Distinct from intentional fallback because there's no log line and the success value is fabricated."}, "properties": {"repobilityId": 130594, "scanner": "repobility-threat-engine", "fingerprint": "d99ed30a5fc436d39a73ee8414ff5832feba97e2643333a5ba24d2c701a333ec", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "try:\n                            return json.dumps(value, ensure_ascii=False)", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC136", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|d99ed30a5fc436d39a73ee8414ff5832feba97e2643333a5ba24d2c701a333ec"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "livebench/scripts/inspect_agentic_traj.py"}, "region": {"startLine": 139}}}]}, {"ruleId": "SEC136", "level": "warning", "message": {"text": "[SEC136] AI-typical over-broad exception handler swallowing all errors: Catch-all exception block that silently returns success or no-ops. AI agents reach for this pattern when a flaky test or an unfamiliar API throws \u2014 wrap, swallow, return success. Real bugs are masked, observability is destroyed, and callers think the operation worked. CWE-396 (improperly-generalized exception). Distinct from intentional fallback because there's no log line and the success value is fabricated."}, "properties": {"repobilityId": 130593, "scanner": "repobility-threat-engine", "fingerprint": "77444c241cb12eb7309cee5e39355da016ab4f367e6713267d64971de3298105", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "try:\n        mapping = json.loads(mapping_file.read_text())\n    except Exception:\n        return art", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC136", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|77444c241cb12eb7309cee5e39355da016ab4f367e6713267d64971de3298105"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "livebench/scripts/check_grading_flakiness.py"}, "region": {"startLine": 43}}}]}, {"ruleId": "ERR001", "level": "warning", "message": {"text": "[ERR001] Silent Exception Swallowing: Silently swallowing all exceptions hides bugs. Even in cleanup code, log at DEBUG level."}, "properties": {"repobilityId": 130589, "scanner": "repobility-threat-engine", "fingerprint": "432acfb70c0ce9d3fd0cb32046ec120f03d3755b91138c72726f2945424d5c86", "category": "error_handling", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "except Exception:\n        pass", "reason": "Pattern matched with no mitigating context found", "rule_id": "ERR001", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|432acfb70c0ce9d3fd0cb32046ec120f03d3755b91138c72726f2945424d5c86"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "livebench/process_results/math/integrals_with_game/utils.py"}, "region": {"startLine": 122}}}]}, {"ruleId": "ERR001", "level": "warning", "message": {"text": "[ERR001] Silent Exception Swallowing: Silently swallowing all exceptions hides bugs. Even in cleanup code, log at DEBUG level."}, "properties": {"repobilityId": 130588, "scanner": "repobility-threat-engine", "fingerprint": "20f29ed19431dacc87f5109d52fa4f19b39685e41e694f25cc15111702867e48", "category": "error_handling", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "except:\n            pass", "reason": "Pattern matched with no mitigating context found", "rule_id": "ERR001", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|20f29ed19431dacc87f5109d52fa4f19b39685e41e694f25cc15111702867e48"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "livebench/process_results/data_analysis/tablereformat/utils.py"}, "region": {"startLine": 15}}}]}, {"ruleId": "SEC123", "level": "warning", "message": {"text": "[SEC123] Production stack trace / debug output exposed: Debug mode left on in production exposes stack traces, environment variables, framework internals \u2014 sometimes triggers RCE (Django debug page with arbitrary template eval)."}, "properties": {"repobilityId": 130583, "scanner": "repobility-threat-engine", "fingerprint": "988365dd419959c10572a6cc7ff79984c9fc7e6056c7185d31722d09a5177905", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "debug=True", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC123", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|988365dd419959c10572a6cc7ff79984c9fc7e6056c7185d31722d09a5177905"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "livebench/scripts/edit_questions.py"}, "region": {"startLine": 138}}}]}, {"ruleId": "SEC123", "level": "warning", "message": {"text": "[SEC123] Production stack trace / debug output exposed: Debug mode left on in production exposes stack traces, environment variables, framework internals \u2014 sometimes triggers RCE (Django debug page with arbitrary template eval)."}, "properties": {"repobilityId": 130582, "scanner": "repobility-threat-engine", "fingerprint": "402c34b85f3add3562f4c1a1790bd49594ded6a6648b19399aa2929262275e52", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "debug=True", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC123", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|402c34b85f3add3562f4c1a1790bd49594ded6a6648b19399aa2929262275e52"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "livebench/scripts/check_grading_flakiness.py"}, "region": {"startLine": 111}}}]}, {"ruleId": "SEC123", "level": "warning", "message": {"text": "[SEC123] Production stack trace / debug output exposed: Debug mode left on in production exposes stack traces, environment variables, framework internals \u2014 sometimes triggers RCE (Django debug page with arbitrary template eval)."}, "properties": {"repobilityId": 130581, "scanner": "repobility-threat-engine", "fingerprint": "bdaecc9d04ff0255802faf5513fdd83b1c8582442ae0dfbddca48ffdc45f352a", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "debug=True", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC123", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|bdaecc9d04ff0255802faf5513fdd83b1c8582442ae0dfbddca48ffdc45f352a"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "livebench/lcb_runner/evaluation/compute_code_generation_metrics.py"}, "region": {"startLine": 29}}}]}, {"ruleId": "SEC045", "level": "warning", "message": {"text": "[SEC045] eval()/exec() on stored or user-supplied data: eval() and exec() on data \u2014 even admin-stored data \u2014 is a lateral-movement vector after any one credential compromise. Sandboxes (__builtins__ cleared) are escapable: attackers use object introspection (().__class__.__mro__[-1].__subclasses__()) to reach os.system. CWE-95 (eval injection)."}, "properties": {"repobilityId": 130573, "scanner": "repobility-threat-engine", "fingerprint": "49bc5b6ccd12a4341e8da4ee482b7e5a020fb03bb7582a69448583b88eaf44b0", "category": "injection", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "exec(", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC045", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "code|injection|token|158|sec045"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "livebench/code_runner/eval/__init__.py"}, "region": {"startLine": 158}}}]}, {"ruleId": "SEC005", "level": "warning", "message": {"text": "[SEC005] Command Injection Risk: Unsafe shell execution or eval of user input."}, "properties": {"repobilityId": 130562, "scanner": "repobility-threat-engine", "fingerprint": "a621232580f8afcfdcf96c7397010fdf55f36aa263b1973848d58ed9420bcf89", "category": "injection", "severity": "medium", "confidence": 0.5, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "shell=True detected \u2014 verify command source is not user-controllable", "evidence": {"match": "os.popen(", "reason": "shell=True detected \u2014 verify command source is not user-controllable", "rule_id": "SEC005", "scanner": "repobility-threat-engine", "confidence": 0.5, "correlation_key": "code|injection|token|201|sec005"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "livebench/code_runner/eval/utils.py"}, "region": {"startLine": 201}}}]}, {"ruleId": "SEC005", "level": "warning", "message": {"text": "[SEC005] Command Injection Risk: Unsafe shell execution or eval of user input."}, "properties": {"repobilityId": 130561, "scanner": "repobility-threat-engine", "fingerprint": "ef7ee8791553e393e921a5568dc83c2efa2a85f4d1906157dfd099983ee0fb05", "category": "injection", "severity": "medium", "confidence": 0.5, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "shell=True detected \u2014 verify command source is not user-controllable", "evidence": {"match": "subprocess.run(\n            command,\n            shell=True", "reason": "shell=True detected \u2014 verify command source is not user-controllable", "rule_id": "SEC005", "scanner": "repobility-threat-engine", "confidence": 0.5, "correlation_key": "code|injection|token|23|sec005"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "livebench/agentic_code_runner/minisweagent/environments/local.py"}, "region": {"startLine": 23}}}]}, {"ruleId": "SEC005", "level": "warning", "message": {"text": "[SEC005] Command Injection Risk: Unsafe shell execution or eval of user input."}, "properties": {"repobilityId": 130560, "scanner": "repobility-threat-engine", "fingerprint": "f10369b33a5e5d1dc039ae3cbfe7d9a8f1cf662959ef4e0b122e08b1c72e61b1", "category": "injection", "severity": "medium", "confidence": 0.5, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "shell=True detected \u2014 verify command source is not user-controllable", "evidence": {"match": "subprocess.Popen(cmd, shell=True", "reason": "shell=True detected \u2014 verify command source is not user-controllable", "rule_id": "SEC005", "scanner": "repobility-threat-engine", "confidence": 0.5, "correlation_key": "code|injection|token|106|sec005"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "livebench/agentic_code_runner/minisweagent/environments/docker.py"}, "region": {"startLine": 106}}}]}, {"ruleId": "COMP001", "level": "warning", "message": {"text": "[COMP001] High cognitive complexity: Function `parse_log` has cognitive complexity 18 (SonarSource scale). Cognitive complexity measures how hard the function is for a human to understand \u2014 nested branches, boolean chains, and recursion all weigh in. Breakdown: continue=1, elif=1, else=2, for=1, if=7, nested_bonus=6."}, "properties": {"repobilityId": 130535, "scanner": "repobility-threat-engine", "fingerprint": "43d896b8832c8cc0c845592579678db3e130aa766a4b0480c20a458f9a3f658d", "category": "quality", "severity": "medium", "confidence": 0.95, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "AST-derived cognitive complexity score = 18 (severity threshold for medium: 15+).", "evidence": {"scanner": "repobility-threat-engine", "function": "parse_log", "breakdown": {"if": 7, "for": 1, "elif": 1, "else": 2, "continue": 1, "nested_bonus": 6}, "complexity": 18, "correlation_key": "fp|43d896b8832c8cc0c845592579678db3e130aa766a4b0480c20a458f9a3f658d"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "livebench/agentic_code_runner/eval/harness/repos/c/facebook/zstd.py"}, "region": {"startLine": 242}}}]}, {"ruleId": "COMP001", "level": "warning", "message": {"text": "[COMP001] High cognitive complexity: Function `check` has cognitive complexity 21 (SonarSource scale). Cognitive complexity measures how hard the function is for a human to understand \u2014 nested branches, boolean chains, and recursion all weigh in. Breakdown: elif=3, for=4, if=7, nested_bonus=7."}, "properties": {"repobilityId": 130533, "scanner": "repobility-threat-engine", "fingerprint": "01f87c6d630d4037c823faf6592b79c346b67d08a9c0caad9297d69101a1d12a", "category": "quality", "severity": "medium", "confidence": 0.95, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "AST-derived cognitive complexity score = 21 (severity threshold for medium: 15+).", "evidence": {"scanner": "repobility-threat-engine", "function": "check", "breakdown": {"if": 7, "for": 4, "elif": 3, "nested_bonus": 7}, "complexity": 21, "correlation_key": "fp|01f87c6d630d4037c823faf6592b79c346b67d08a9c0caad9297d69101a1d12a"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "livebench/agentic_code_runner/eval/harness/report.py"}, "region": {"startLine": 90}}}]}, {"ruleId": "SEC127", "level": "warning", "message": {"text": "[SEC127] AI agent stub \u2014 TODO: implement / pass placeholder body: Function body left as TODO/pass/raise NotImplementedError after an AI scaffolding pass. The route appears to exist (and may even pass shallow CI), but invoking it crashes or silently no-ops. AI agents consistently emit these when their context window runs out mid-implementation. Production callers hitting these stubs is a classic AI-generated-incident."}, "properties": {"repobilityId": 130528, "scanner": "repobility-threat-engine", "fingerprint": "d923ce89a50d05a1a762eb349540ab4b483b8857c1fb1964697f2d122c496968", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "def pr(self) -> PullRequest:\n        raise NotImplementedError", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC127", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|d923ce89a50d05a1a762eb349540ab4b483b8857c1fb1964697f2d122c496968"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "livebench/agentic_code_runner/eval/harness/instance.py"}, "region": {"startLine": 24}}}]}, {"ruleId": "SEC127", "level": "warning", "message": {"text": "[SEC127] AI agent stub \u2014 TODO: implement / pass placeholder body: Function body left as TODO/pass/raise NotImplementedError after an AI scaffolding pass. The route appears to exist (and may even pass shallow CI), but invoking it crashes or silently no-ops. AI agents consistently emit these when their context window runs out mid-implementation. Production callers hitting these stubs is a classic AI-generated-incident."}, "properties": {"repobilityId": 130527, "scanner": "repobility-threat-engine", "fingerprint": "94649a615c70076a2e13f48d176108a1ea9c9978b8f8712d968114ad6c476121", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "def pr(self) -> PullRequest:\n        raise NotImplementedError", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC127", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|94649a615c70076a2e13f48d176108a1ea9c9978b8f8712d968114ad6c476121"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "livebench/agentic_code_runner/eval/harness/image.py"}, "region": {"startLine": 52}}}]}, {"ruleId": "AGT015", "level": "warning", "message": {"text": "Remote install command pipes network code directly to a shell"}, "properties": {"repobilityId": 130526, "scanner": "repobility-agent-runtime", "fingerprint": "e53b4a36588e3e3b2353512f34df4bced892254a6b34d02113255b94d80c8560", "category": "dependency", "severity": "medium", "confidence": 0.7, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "File contains a remote download piped directly to a shell without visible checksum or signature verification.", "evidence": {"rule_id": "AGT015", "scanner": "repobility-agent-runtime", "references": [], "correlation_key": "fp|e53b4a36588e3e3b2353512f34df4bced892254a6b34d02113255b94d80c8560"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "livebench/agentic_code_runner/eval/harness/repos/typescript/ant_design/ant_design.py"}, "region": {"startLine": 58}}}]}, {"ruleId": "AGT015", "level": "warning", "message": {"text": "Remote install command pipes network code directly to a shell"}, "properties": {"repobilityId": 130525, "scanner": "repobility-agent-runtime", "fingerprint": "04b0d54bc517cf55d718ae9716d3e71e212aa261476acbab4a0b621412c4ca5c", "category": "dependency", "severity": "medium", "confidence": 0.7, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "File contains a remote download piped directly to a shell without visible checksum or signature verification.", "evidence": {"rule_id": "AGT015", "scanner": "repobility-agent-runtime", "references": [], "correlation_key": "fp|04b0d54bc517cf55d718ae9716d3e71e212aa261476acbab4a0b621412c4ca5c"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "livebench/agentic_code_runner/eval/harness/repos/javascript/sveltejs/svelte.py"}, "region": {"startLine": 52}}}]}, {"ruleId": "AGT015", "level": "warning", "message": {"text": "Remote install command pipes network code directly to a shell"}, "properties": {"repobilityId": 130524, "scanner": "repobility-agent-runtime", "fingerprint": "d24a84b26a07c255160655d1edf58d107a4e8e87348cca745bfee872e342d31f", "category": "dependency", "severity": "medium", "confidence": 0.7, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "File contains a remote download piped directly to a shell without visible checksum or signature verification.", "evidence": {"rule_id": "AGT015", "scanner": "repobility-agent-runtime", "references": [], "correlation_key": "fp|d24a84b26a07c255160655d1edf58d107a4e8e87348cca745bfee872e342d31f"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "livebench/agentic_code_runner/eval/harness/repos/javascript/axios/axios.py"}, "region": {"startLine": 60}}}]}, {"ruleId": "AGT015", "level": "warning", "message": {"text": "Remote install command pipes network code directly to a shell"}, "properties": {"repobilityId": 130523, "scanner": "repobility-agent-runtime", "fingerprint": "524344c47acbcebaf90e5f840cd79eb0f6054e98f6965958a12708c8991c1f32", "category": "dependency", "severity": "medium", "confidence": 0.7, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "File contains a remote download piped directly to a shell without visible checksum or signature verification.", "evidence": {"rule_id": "AGT015", "scanner": "repobility-agent-runtime", "references": [], "correlation_key": "fp|524344c47acbcebaf90e5f840cd79eb0f6054e98f6965958a12708c8991c1f32"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "livebench/agentic_code_runner/eval/harness/repos/javascript/Automattic/mongoose.py"}, "region": {"startLine": 98}}}]}, {"ruleId": "MINED124", "level": "warning", "message": {"text": "requirements.txt: `immutabledict` has no version pin"}, "properties": {"repobilityId": 130522, "scanner": "repobility-supply-chain", "fingerprint": "9f61b67844015e76e3006e3cbce50bdc97bded1ca22444cf03a44ff29085ef47", "category": "dependency", "severity": "medium", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "unpinned-pip-requirement", "owasp": null, "cwe_ids": ["CWE-1357"], "languages": ["python"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|9f61b67844015e76e3006e3cbce50bdc97bded1ca22444cf03a44ff29085ef47"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "livebench/if_runner/instruction_following_eval/requirements.txt"}, "region": {"startLine": 4}}}]}, {"ruleId": "MINED124", "level": "warning", "message": {"text": "requirements.txt: `nltk` has no version pin"}, "properties": {"repobilityId": 130521, "scanner": "repobility-supply-chain", "fingerprint": "0923674a71ea41c18c00383ea295b0b620f9c3d8ccb80c04b6cc75ab1c8d7f58", "category": "dependency", "severity": "medium", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "unpinned-pip-requirement", "owasp": null, "cwe_ids": ["CWE-1357"], "languages": ["python"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|0923674a71ea41c18c00383ea295b0b620f9c3d8ccb80c04b6cc75ab1c8d7f58"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "livebench/if_runner/instruction_following_eval/requirements.txt"}, "region": {"startLine": 3}}}]}, {"ruleId": "MINED124", "level": "warning", "message": {"text": "requirements.txt: `langdetect` has no version pin"}, "properties": {"repobilityId": 130520, "scanner": "repobility-supply-chain", "fingerprint": "1f9160489dba6c3f7f293a38bec93331bec9afbdb3225052135442bc6af81760", "category": "dependency", "severity": "medium", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "unpinned-pip-requirement", "owasp": null, "cwe_ids": ["CWE-1357"], "languages": ["python"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|1f9160489dba6c3f7f293a38bec93331bec9afbdb3225052135442bc6af81760"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "livebench/if_runner/instruction_following_eval/requirements.txt"}, "region": {"startLine": 2}}}]}, {"ruleId": "MINED124", "level": "warning", "message": {"text": "requirements.txt: `absl-py` has no version pin"}, "properties": {"repobilityId": 130519, "scanner": "repobility-supply-chain", "fingerprint": "6968fc361560ddaf2d3a22e63f3fa714198044c3f66accabc32f193c6b61ac18", "category": "dependency", "severity": "medium", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "unpinned-pip-requirement", "owasp": null, "cwe_ids": ["CWE-1357"], "languages": ["python"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|6968fc361560ddaf2d3a22e63f3fa714198044c3f66accabc32f193c6b61ac18"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "livebench/if_runner/instruction_following_eval/requirements.txt"}, "region": {"startLine": 1}}}]}, {"ruleId": "MINED109", "level": "warning", "message": {"text": "Mutable default argument in `compute_metrics_from_results` (list)"}, "properties": {"repobilityId": 130517, "scanner": "repobility-ast-engine", "fingerprint": "1898dabc5d31f6c665a6f517730af2945d916604c213d16516c64efebed2a85b", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "mutable-default-arg", "owasp": null, "cwe_ids": ["CWE-1023"], "languages": ["python"], "observations_count": 64867}, "scanner": "repobility-ast-engine", "correlation_key": "fp|1898dabc5d31f6c665a6f517730af2945d916604c213d16516c64efebed2a85b"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "livebench/lcb_runner/evaluation/pass_k_utils.py"}, "region": {"startLine": 26}}}]}, {"ruleId": "MINED109", "level": "warning", "message": {"text": "Mutable default argument in `codegen_metrics` (list)"}, "properties": {"repobilityId": 130516, "scanner": "repobility-ast-engine", "fingerprint": "edf2a5452bf2efca2bb817db476df3d34fc6df2d21307b5cdeabd8da79152f45", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "mutable-default-arg", "owasp": null, "cwe_ids": ["CWE-1023"], "languages": ["python"], "observations_count": 64867}, "scanner": "repobility-ast-engine", "correlation_key": "fp|edf2a5452bf2efca2bb817db476df3d34fc6df2d21307b5cdeabd8da79152f45"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "livebench/lcb_runner/evaluation/compute_code_generation_metrics.py"}, "region": {"startLine": 157}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "Bare except continues silently"}, "properties": {"repobilityId": 130512, "scanner": "repobility-ast-engine", "fingerprint": "39714fe943c213f33af0f7906bc1cc585596801c22474b117a6b22c153b54f48", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|39714fe943c213f33af0f7906bc1cc585596801c22474b117a6b22c153b54f48"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "livebench/process_results/instruction_following/utils.py"}, "region": {"startLine": 53}}}]}, {"ruleId": "MINED109", "level": "warning", "message": {"text": "Mutable default argument in `from_reports` (list)"}, "properties": {"repobilityId": 130488, "scanner": "repobility-ast-engine", "fingerprint": "84545bca2a02e0bed407f903e4dbe387758428d78d5a214992339aec15e7e4a5", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "mutable-default-arg", "owasp": null, "cwe_ids": ["CWE-1023"], "languages": ["python"], "observations_count": 64867}, "scanner": "repobility-ast-engine", "correlation_key": "fp|84545bca2a02e0bed407f903e4dbe387758428d78d5a214992339aec15e7e4a5"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "livebench/agentic_code_runner/eval/harness/report.py"}, "region": {"startLine": 303}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "Bare except continues silently"}, "properties": {"repobilityId": 130464, "scanner": "repobility-ast-engine", "fingerprint": "d73da381ff238725f04fa4fd08b63eac86577b4accc0f86749b11add17f927d1", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|d73da381ff238725f04fa4fd08b63eac86577b4accc0f86749b11add17f927d1"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "livebench/agentic_code_runner/minisweagent/run_inference.py"}, "region": {"startLine": 233}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "Bare except continues silently"}, "properties": {"repobilityId": 130463, "scanner": "repobility-ast-engine", "fingerprint": "3825ae4374e3a35e837dfa6a3dc4f4e754be62417d74f3479d1ff7b1d847cd9a", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|3825ae4374e3a35e837dfa6a3dc4f4e754be62417d74f3479d1ff7b1d847cd9a"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "livebench/code_runner/eval/utils.py"}, "region": {"startLine": 236}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "Bare except continues silently"}, "properties": {"repobilityId": 130458, "scanner": "repobility-ast-engine", "fingerprint": "1f2c97b894bd8aedb1fdd359e19df2165c6b145ea60b86dd10daeadefb2284f1", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|1f2c97b894bd8aedb1fdd359e19df2165c6b145ea60b86dd10daeadefb2284f1"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "livebench/code_runner/eval/__init__.py"}, "region": {"startLine": 182}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "Bare except continues silently"}, "properties": {"repobilityId": 130457, "scanner": "repobility-ast-engine", "fingerprint": "14260247c8092a5e40486dd6c258ea570ef627b2a475aa10fb703c7555921d1d", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|14260247c8092a5e40486dd6c258ea570ef627b2a475aa10fb703c7555921d1d"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "livebench/code_runner/eval/__init__.py"}, "region": {"startLine": 346}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "Bare except continues silently"}, "properties": {"repobilityId": 130455, "scanner": "repobility-ast-engine", "fingerprint": "734a486a62ff51676af1a390059c024e823a1652adc68f63639f0a18779e85e6", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|734a486a62ff51676af1a390059c024e823a1652adc68f63639f0a18779e85e6"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "livebench/scripts/syntax_error_finder.py"}, "region": {"startLine": 196}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "Bare except continues silently"}, "properties": {"repobilityId": 130454, "scanner": "repobility-ast-engine", "fingerprint": "29dca9b7d89caf8588c6c2eb309e7fa3f2d639893752e17e482d7c4f12fe1bdc", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|29dca9b7d89caf8588c6c2eb309e7fa3f2d639893752e17e482d7c4f12fe1bdc"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "livebench/scripts/check_grading_flakiness.py"}, "region": {"startLine": 56}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "Bare except continues silently"}, "properties": {"repobilityId": 130453, "scanner": "repobility-ast-engine", "fingerprint": "2da7c4ea8b792c83c94ee60f2bce1eb6cf32b1c4b6212ca847faa4b76f5b14a2", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|2da7c4ea8b792c83c94ee60f2bce1eb6cf32b1c4b6212ca847faa4b76f5b14a2"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "livebench/scripts/check_grading_flakiness.py"}, "region": {"startLine": 45}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "Bare except continues silently"}, "properties": {"repobilityId": 130452, "scanner": "repobility-ast-engine", "fingerprint": "501e75ab11099f9098ee0fd2975e440d5029943385dcc76096391d6b43df1e13", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|501e75ab11099f9098ee0fd2975e440d5029943385dcc76096391d6b43df1e13"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "livebench/scripts/compare_score_tables.py"}, "region": {"startLine": 30}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "Bare except continues silently"}, "properties": {"repobilityId": 130451, "scanner": "repobility-ast-engine", "fingerprint": "9f187aca7d747f755f0918c20015d66a0a5713e27d3477523c892af1617bac02", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|9f187aca7d747f755f0918c20015d66a0a5713e27d3477523c892af1617bac02"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "livebench/scripts/replay_agent_trajectory.py"}, "region": {"startLine": 373}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "Bare except continues silently"}, "properties": {"repobilityId": 130450, "scanner": "repobility-ast-engine", "fingerprint": "f435b5dba662ae06f67eea3d1c73eb7c6922e75822221fff402952a66855a7fe", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|f435b5dba662ae06f67eea3d1c73eb7c6922e75822221fff402952a66855a7fe"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "livebench/scripts/replay_agent_trajectory.py"}, "region": {"startLine": 79}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "Bare except continues silently"}, "properties": {"repobilityId": 130449, "scanner": "repobility-ast-engine", "fingerprint": "38b1acef7fd74bd533831ea2256c65901280bd9d0bfc0efc9bf20b05594009ca", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|38b1acef7fd74bd533831ea2256c65901280bd9d0bfc0efc9bf20b05594009ca"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "livebench/scripts/inspect_model_answers.py"}, "region": {"startLine": 365}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "Bare except continues silently"}, "properties": {"repobilityId": 130448, "scanner": "repobility-ast-engine", "fingerprint": "808e5d50e9abd46303011464101c5f3950fa7a7f78621e70082cd2f50a6e8599", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|808e5d50e9abd46303011464101c5f3950fa7a7f78621e70082cd2f50a6e8599"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "livebench/scripts/inspect_agentic_traj.py"}, "region": {"startLine": 141}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "Bare except continues silently"}, "properties": {"repobilityId": 130447, "scanner": "repobility-ast-engine", "fingerprint": "e3ec464890756b4efc474ce3bae869f0955b5d830379c68c2fa9f23bc84e75a8", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|e3ec464890756b4efc474ce3bae869f0955b5d830379c68c2fa9f23bc84e75a8"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "livebench/scripts/inspect_agentic_traj.py"}, "region": {"startLine": 181}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "Bare except continues silently"}, "properties": {"repobilityId": 130446, "scanner": "repobility-ast-engine", "fingerprint": "60f1f740fcf603e932c5af409aee176f554849536b90c47fa706fd527384bf3c", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|60f1f740fcf603e932c5af409aee176f554849536b90c47fa706fd527384bf3c"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "livebench/scripts/inspect_agentic_traj.py"}, "region": {"startLine": 144}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "Bare except continues silently"}, "properties": {"repobilityId": 130445, "scanner": "repobility-ast-engine", "fingerprint": "7adc34a685739fb307df292671c4bb13ce17296c5a62c516addc5a1dff374ed5", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|7adc34a685739fb307df292671c4bb13ce17296c5a62c516addc5a1dff374ed5"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "livebench/scripts/answer_csv_to_jsonl.py"}, "region": {"startLine": 42}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "Bare except continues silently"}, "properties": {"repobilityId": 130444, "scanner": "repobility-ast-engine", "fingerprint": "8ce6168f94de6981419b49181993a9c60251cd85829222aade1f0d57bb89c12b", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|8ce6168f94de6981419b49181993a9c60251cd85829222aade1f0d57bb89c12b"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "livebench/scripts/spend_report.py"}, "region": {"startLine": 22}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "Bare except continues silently"}, "properties": {"repobilityId": 130443, "scanner": "repobility-ast-engine", "fingerprint": "aa2cb7470adcaf90ddd7b93effb8b436388000ec39d49d42c0d3a5ccd42da97c", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|aa2cb7470adcaf90ddd7b93effb8b436388000ec39d49d42c0d3a5ccd42da97c"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "livebench/scripts/calc_token_offset.py"}, "region": {"startLine": 60}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "Bare except continues silently"}, "properties": {"repobilityId": 130442, "scanner": "repobility-ast-engine", "fingerprint": "714cd5b7a8acf7b26703fc6d32b0edf6c382fd86f6bc315acc175e11a6ae26b0", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|714cd5b7a8acf7b26703fc6d32b0edf6c382fd86f6bc315acc175e11a6ae26b0"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "livebench/scripts/edit_questions.py"}, "region": {"startLine": 184}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "Bare except continues silently"}, "properties": {"repobilityId": 130441, "scanner": "repobility-ast-engine", "fingerprint": "d5f4ab203eb5d6a7ef316cba761001f23db065f86a3a25d1a7bf0398e4c0b073", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|d5f4ab203eb5d6a7ef316cba761001f23db065f86a3a25d1a7bf0398e4c0b073"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "livebench/scripts/edit_questions.py"}, "region": {"startLine": 144}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "Bare except continues silently"}, "properties": {"repobilityId": 130439, "scanner": "repobility-ast-engine", "fingerprint": "75a49cc760cc581d994669262d83a83a7a32685957afd6fa5df9d57402f54a61", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|75a49cc760cc581d994669262d83a83a7a32685957afd6fa5df9d57402f54a61"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "livebench/model/completions.py"}, "region": {"startLine": 524}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "Bare except continues silently"}, "properties": {"repobilityId": 130438, "scanner": "repobility-ast-engine", "fingerprint": "764cda92db8dc022f831b7afa918992a83b086c6011721310520537be896c0ba", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|764cda92db8dc022f831b7afa918992a83b086c6011721310520537be896c0ba"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "livebench/model/completions.py"}, "region": {"startLine": 231}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "Bare except continues silently"}, "properties": {"repobilityId": 130437, "scanner": "repobility-ast-engine", "fingerprint": "ee4f9c5318be33f7af70c23fdcce3cde19f6e1ae5abe15a451619df6ac139dfe", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|ee4f9c5318be33f7af70c23fdcce3cde19f6e1ae5abe15a451619df6ac139dfe"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "livebench/common.py"}, "region": {"startLine": 48}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "Bare except continues silently"}, "properties": {"repobilityId": 130436, "scanner": "repobility-ast-engine", "fingerprint": "092e031f93f12ad887e3ec4483fa607ed5fd8e94b5115662a7c8bf173cad9325", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|092e031f93f12ad887e3ec4483fa607ed5fd8e94b5115662a7c8bf173cad9325"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "livebench/gen_ground_truth_judgment.py"}, "region": {"startLine": 206}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "Bare except continues silently"}, "properties": {"repobilityId": 130435, "scanner": "repobility-ast-engine", "fingerprint": "7bc279187b1b093efc37b16d807ecf6be0891afeceff7fab5915c6622f825bf3", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|7bc279187b1b093efc37b16d807ecf6be0891afeceff7fab5915c6622f825bf3"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "livebench/run_livebench.py"}, "region": {"startLine": 169}}}]}, {"ruleId": "CORE_NO_CI", "level": "warning", "message": {"text": "No CI/CD configuration found"}, "properties": {"repobilityId": 130404, "scanner": "repobility-core", "fingerprint": "ca5da3551af97272c4f099fc472740148135a15816b81b90bd862e8f91ec66ce", "category": "practices", "severity": "medium", "confidence": null, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"rule_id": "CORE_NO_CI", "scanner": "repobility-core", "correlation_key": "repo|practices|core_no_ci"}}}, {"ruleId": "GHSA-68rp-wp8r-4726", "level": "note", "message": {"text": "flask: GHSA-68rp-wp8r-4726"}, "properties": {"repobilityId": 130664, "scanner": "osv-scanner", "fingerprint": "8023427af17e4cd6995eb2c6520cd36f5140a9840e92266db25ec4c0ef5aba18", "category": "dependency", "severity": "low", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-27205"], "package": "flask", "rule_id": "GHSA-68rp-wp8r-4726", "scanner": "osv-scanner", "correlation_key": "vuln|flask|CVE-2026-27205|token"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "livebench/code_runner/requirements_eval.txt"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-v8gr-m533-ghj9", "level": "note", "message": {"text": "cryptography: GHSA-v8gr-m533-ghj9"}, "properties": {"repobilityId": 130662, "scanner": "osv-scanner", "fingerprint": "f3177ecac438af62a5c3aac7bd90114e262ea3cb6d19e831c540c547dde1ec9a", "category": "dependency", "severity": "low", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "package": "cryptography", "rule_id": "GHSA-v8gr-m533-ghj9", "scanner": "osv-scanner", "correlation_key": "vuln|cryptography|GHSA-V8GR-M533-GHJ9|token"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "livebench/code_runner/requirements_eval.txt"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-jm77-qphf-c4w8", "level": "note", "message": {"text": "cryptography: GHSA-jm77-qphf-c4w8"}, "properties": {"repobilityId": 130660, "scanner": "osv-scanner", "fingerprint": "a0d95daf95df8265c2b5a1889a683590c6dd9a52e95547928fcdf0391e8bd7e3", "category": "dependency", "severity": "low", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "package": "cryptography", "rule_id": "GHSA-jm77-qphf-c4w8", "scanner": "osv-scanner", "correlation_key": "vuln|cryptography|GHSA-JM77-QPHF-C4W8|token"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "livebench/code_runner/requirements_eval.txt"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-5cpq-8wj7-hf2v", "level": "note", "message": {"text": "cryptography: GHSA-5cpq-8wj7-hf2v"}, "properties": {"repobilityId": 130657, "scanner": "osv-scanner", "fingerprint": "cca3b53ca3c4256ccb606ea6e0b27a94bb7ec38a43d3d8d482f5bf30f7d4345d", "category": "dependency", "severity": "low", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "package": "cryptography", "rule_id": "GHSA-5cpq-8wj7-hf2v", "scanner": "osv-scanner", "correlation_key": "vuln|cryptography|GHSA-5CPQ-8WJ7-HF2V|token"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "livebench/code_runner/requirements_eval.txt"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-q95w-c7qg-hrff", "level": "note", "message": {"text": "django: GHSA-q95w-c7qg-hrff"}, "properties": {"repobilityId": 130634, "scanner": "osv-scanner", "fingerprint": "4286e22c4d3e33285dddfae4f635953763fa38319477d6eaf554c7144553b733", "category": "dependency", "severity": "low", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["BIT-django-2025-59682", "CVE-2025-59682"], "package": "django", "rule_id": "GHSA-q95w-c7qg-hrff", "scanner": "osv-scanner", "correlation_key": "vuln|django|CVE-2025-59682|token"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "livebench/code_runner/requirements_eval.txt"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-mjgh-79qc-68w3", "level": "note", "message": {"text": "django: GHSA-mjgh-79qc-68w3"}, "properties": {"repobilityId": 130633, "scanner": "osv-scanner", "fingerprint": "dc5c0bd9b8d382e5115f5937059f5beff379759f165a81710ac764c65513c84b", "category": "dependency", "severity": "low", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["BIT-django-2026-25674", "CVE-2026-25674"], "package": "django", "rule_id": "GHSA-mjgh-79qc-68w3", "scanner": "osv-scanner", "correlation_key": "vuln|django|CVE-2026-25674|token"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "livebench/code_runner/requirements_eval.txt"}, "region": {"startLine": 1}}}]}, {"ruleId": "COMP001", "level": "note", "message": {"text": "[COMP001] High cognitive complexity: Function `parse_log` has cognitive complexity 14 (SonarSource scale). Cognitive complexity measures how hard the function is for a human to understand \u2014 nested branches, boolean chains, and recursion all weigh in. Breakdown: continue=1, for=3, if=3, nested_bonus=7."}, "properties": {"repobilityId": 130534, "scanner": "repobility-threat-engine", "fingerprint": "4d2593a3fab3730c7125ec0275427ea925e97b1c4f3e62e577a2749b916506b4", "category": "quality", "severity": "low", "confidence": 0.95, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "AST-derived cognitive complexity score = 14 (severity threshold for low: 8+).", "evidence": {"scanner": "repobility-threat-engine", "function": "parse_log", "breakdown": {"if": 3, "for": 3, "continue": 1, "nested_bonus": 7}, "complexity": 14, "correlation_key": "fp|4d2593a3fab3730c7125ec0275427ea925e97b1c4f3e62e577a2749b916506b4"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "livebench/agentic_code_runner/eval/harness/repos/c/OpenMathLib/OpenBLAS.py"}, "region": {"startLine": 241}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 130434, "scanner": "repobility-ai-code-hygiene", "fingerprint": "14bbe68d34d8579191b3483dd118c51b314fca7a4310985e0cea737093e84a85", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "livebench/agentic_code_runner/eval/harness/repos/c/mruby/mruby.py", "duplicate_line": 43, "correlation_key": "fp|14bbe68d34d8579191b3483dd118c51b314fca7a4310985e0cea737093e84a85"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "livebench/agentic_code_runner/eval/harness/repos/cpp/bitcoin/bitcoin.py"}, "region": {"startLine": 49}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 130433, "scanner": "repobility-ai-code-hygiene", "fingerprint": "dea6681dc775c256b3585cfceb5c57aa7e53798798edafc9322a2c55a853a228", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "livebench/agentic_code_runner/eval/harness/repos/c/OpenMathLib/OpenBLAS.py", "duplicate_line": 7, "correlation_key": "fp|dea6681dc775c256b3585cfceb5c57aa7e53798798edafc9322a2c55a853a228"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "livebench/agentic_code_runner/eval/harness/repos/cpp/bitcoin/bitcoin.py"}, "region": {"startLine": 7}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 130432, "scanner": "repobility-ai-code-hygiene", "fingerprint": "8ef6ca441a3be0ce117c7537e4c254bc1d5cd93abb8ead4369979c5ac9988077", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "livebench/agentic_code_runner/eval/harness/repos/c/ponylang/ponyc.py", "duplicate_line": 466, "correlation_key": "fp|8ef6ca441a3be0ce117c7537e4c254bc1d5cd93abb8ead4369979c5ac9988077"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "livebench/agentic_code_runner/eval/harness/repos/c/valkey_io/valkey.py"}, "region": {"startLine": 175}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 130431, "scanner": "repobility-ai-code-hygiene", "fingerprint": "81084ddbbe209ec95e2540f5f9e9d4277e0fb7620fc3f40a8003804d5694fb4c", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "livebench/agentic_code_runner/eval/harness/repos/c/redis/redis.py", "duplicate_line": 98, "correlation_key": "fp|81084ddbbe209ec95e2540f5f9e9d4277e0fb7620fc3f40a8003804d5694fb4c"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "livebench/agentic_code_runner/eval/harness/repos/c/valkey_io/valkey.py"}, "region": {"startLine": 98}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 130430, "scanner": "repobility-ai-code-hygiene", "fingerprint": "54e317a06836b7ff5b729a7e21c2842118ab5377c39dee2b7a1401e6bc49a65a", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "livebench/agentic_code_runner/eval/harness/repos/c/facebook/zstd.py", "duplicate_line": 25, "correlation_key": "fp|54e317a06836b7ff5b729a7e21c2842118ab5377c39dee2b7a1401e6bc49a65a"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "livebench/agentic_code_runner/eval/harness/repos/c/valkey_io/valkey.py"}, "region": {"startLine": 25}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 130429, "scanner": "repobility-ai-code-hygiene", "fingerprint": "f03a22babf3fe9b7f532be54ae95c00144a06caee00f94e051406cce3f54702f", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "livebench/agentic_code_runner/eval/harness/repos/c/OpenMathLib/OpenBLAS.py", "duplicate_line": 18, "correlation_key": "fp|f03a22babf3fe9b7f532be54ae95c00144a06caee00f94e051406cce3f54702f"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "livebench/agentic_code_runner/eval/harness/repos/c/valkey_io/valkey.py"}, "region": {"startLine": 18}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 130428, "scanner": "repobility-ai-code-hygiene", "fingerprint": "38854ef4d6d611bb8381bc350a5eddc55a473d0b872a37050b381933b050f76e", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "livebench/agentic_code_runner/eval/harness/repos/c/jqlang/jq.py", "duplicate_line": 7, "correlation_key": "fp|38854ef4d6d611bb8381bc350a5eddc55a473d0b872a37050b381933b050f76e"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "livebench/agentic_code_runner/eval/harness/repos/c/valkey_io/valkey.py"}, "region": {"startLine": 7}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 130427, "scanner": "repobility-ai-code-hygiene", "fingerprint": "449375ae8d227303cd564e02435180dd0c540ea20aee8686a5c3db2d9ef51811", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "livebench/agentic_code_runner/eval/harness/repos/c/jqlang/jq.py", "duplicate_line": 211, "correlation_key": "fp|449375ae8d227303cd564e02435180dd0c540ea20aee8686a5c3db2d9ef51811"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "livebench/agentic_code_runner/eval/harness/repos/c/redis/redis.py"}, "region": {"startLine": 211}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 130426, "scanner": "repobility-ai-code-hygiene", "fingerprint": "796f099fd642c776c594c0b330f72c65dc999dee10b95394a26531869f1a1eb0", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "livebench/agentic_code_runner/eval/harness/repos/c/ponylang/ponyc.py", "duplicate_line": 466, "correlation_key": "fp|796f099fd642c776c594c0b330f72c65dc999dee10b95394a26531869f1a1eb0"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "livebench/agentic_code_runner/eval/harness/repos/c/redis/redis.py"}, "region": {"startLine": 175}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 130425, "scanner": "repobility-ai-code-hygiene", "fingerprint": "1c49bc60ac8b11982444d5cf3dae4600c1b1786b55ab7d2f6ad96ad87932be06", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "livebench/agentic_code_runner/eval/harness/repos/c/OpenMathLib/OpenBLAS.py", "duplicate_line": 18, "correlation_key": "fp|1c49bc60ac8b11982444d5cf3dae4600c1b1786b55ab7d2f6ad96ad87932be06"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "livebench/agentic_code_runner/eval/harness/repos/c/redis/redis.py"}, "region": {"startLine": 18}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 130424, "scanner": "repobility-ai-code-hygiene", "fingerprint": "dc0efff431ef9647b4bbdee2bb9bed27293adaa8809b86c19ed5fa9aeaeb404c", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "livebench/agentic_code_runner/eval/harness/repos/c/facebook/zstd.py", "duplicate_line": 1, "correlation_key": "fp|dc0efff431ef9647b4bbdee2bb9bed27293adaa8809b86c19ed5fa9aeaeb404c"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "livebench/agentic_code_runner/eval/harness/repos/c/redis/redis.py"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 130423, "scanner": "repobility-ai-code-hygiene", "fingerprint": "b228ac312fc0c42e2b8cb34feaa281c5c6d42804fe4e7cfba7e7f82cb69bcce4", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "livebench/agentic_code_runner/eval/harness/repos/c/libgit2/libgit2.py", "duplicate_line": 200, "correlation_key": "fp|b228ac312fc0c42e2b8cb34feaa281c5c6d42804fe4e7cfba7e7f82cb69bcce4"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "livebench/agentic_code_runner/eval/harness/repos/c/ponylang/ponyc.py"}, "region": {"startLine": 342}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 130422, "scanner": "repobility-ai-code-hygiene", "fingerprint": "d6776858e69c477c88623d8046e9885abbbf79e380973a5d3af5d775c8067529", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "livebench/agentic_code_runner/eval/harness/repos/c/facebook/zstd.py", "duplicate_line": 25, "correlation_key": "fp|d6776858e69c477c88623d8046e9885abbbf79e380973a5d3af5d775c8067529"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "livebench/agentic_code_runner/eval/harness/repos/c/ponylang/ponyc.py"}, "region": {"startLine": 25}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 130421, "scanner": "repobility-ai-code-hygiene", "fingerprint": "fcda17d1762c2a189af16f4b77581e6226ac7e6a6fdb4247b9ba1fa8008d1e8b", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "livebench/agentic_code_runner/eval/harness/repos/c/OpenMathLib/OpenBLAS.py", "duplicate_line": 18, "correlation_key": "fp|fcda17d1762c2a189af16f4b77581e6226ac7e6a6fdb4247b9ba1fa8008d1e8b"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "livebench/agentic_code_runner/eval/harness/repos/c/ponylang/ponyc.py"}, "region": {"startLine": 18}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 130420, "scanner": "repobility-ai-code-hygiene", "fingerprint": "25184d2061a900b3af200a78fe1a83843c5a30e2d0ebe001ab2af98f1d62e0a3", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "livebench/agentic_code_runner/eval/harness/repos/c/jqlang/jq.py", "duplicate_line": 7, "correlation_key": "fp|25184d2061a900b3af200a78fe1a83843c5a30e2d0ebe001ab2af98f1d62e0a3"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "livebench/agentic_code_runner/eval/harness/repos/c/ponylang/ponyc.py"}, "region": {"startLine": 7}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 130419, "scanner": "repobility-ai-code-hygiene", "fingerprint": "3f2e86185c5f48d2530d579a950f036c4d94518192e4b00c39d6814692d9145f", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "livebench/agentic_code_runner/eval/harness/repos/c/facebook/zstd.py", "duplicate_line": 95, "correlation_key": "fp|3f2e86185c5f48d2530d579a950f036c4d94518192e4b00c39d6814692d9145f"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "livebench/agentic_code_runner/eval/harness/repos/c/php/phpsrc.py"}, "region": {"startLine": 88}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 130418, "scanner": "repobility-ai-code-hygiene", "fingerprint": "483221ee5c82d51906bd3fc7445cfb21b7bbbbb40fba70f03cad14a9d2ff54bd", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "livebench/agentic_code_runner/eval/harness/repos/c/OpenMathLib/OpenBLAS.py", "duplicate_line": 7, "correlation_key": "fp|483221ee5c82d51906bd3fc7445cfb21b7bbbbb40fba70f03cad14a9d2ff54bd"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "livebench/agentic_code_runner/eval/harness/repos/c/php/phpsrc.py"}, "region": {"startLine": 7}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 130417, "scanner": "repobility-ai-code-hygiene", "fingerprint": "9e183f55c19f6f6ce344d12cf66dd189b409578f25e0f0505754ad5a0a6c9e91", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "livebench/agentic_code_runner/eval/harness/repos/c/libgit2/libgit2.py", "duplicate_line": 200, "correlation_key": "fp|9e183f55c19f6f6ce344d12cf66dd189b409578f25e0f0505754ad5a0a6c9e91"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "livebench/agentic_code_runner/eval/harness/repos/c/mruby/mruby.py"}, "region": {"startLine": 174}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 130416, "scanner": "repobility-ai-code-hygiene", "fingerprint": "a257b26dc63cd205fcb6d15ba85b0e6debb544ad31edab873dbe754849164eb5", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "livebench/agentic_code_runner/eval/harness/repos/c/facebook/zstd.py", "duplicate_line": 95, "correlation_key": "fp|a257b26dc63cd205fcb6d15ba85b0e6debb544ad31edab873dbe754849164eb5"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "livebench/agentic_code_runner/eval/harness/repos/c/mruby/mruby.py"}, "region": {"startLine": 125}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 130415, "scanner": "repobility-ai-code-hygiene", "fingerprint": "159c6998716e4295152b824d070c99874de4f89500bc8d55a35ac781ec14bdae", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "livebench/agentic_code_runner/eval/harness/repos/c/OpenMathLib/OpenBLAS.py", "duplicate_line": 7, "correlation_key": "fp|159c6998716e4295152b824d070c99874de4f89500bc8d55a35ac781ec14bdae"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "livebench/agentic_code_runner/eval/harness/repos/c/mruby/mruby.py"}, "region": {"startLine": 7}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 130414, "scanner": "repobility-ai-code-hygiene", "fingerprint": "d73016a6f3995b28c1feb637d04435381e8e8d473f5a1cf9076aa16409b62d33", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "livebench/agentic_code_runner/eval/harness/repos/c/fluent/fluentbit.py", "duplicate_line": 124, "correlation_key": "fp|d73016a6f3995b28c1feb637d04435381e8e8d473f5a1cf9076aa16409b62d33"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "livebench/agentic_code_runner/eval/harness/repos/c/libsdlorg/SDL.py"}, "region": {"startLine": 87}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 130413, "scanner": "repobility-ai-code-hygiene", "fingerprint": "82b02b4d67ada262c0a39530398d590f09a14ed62583f0292e07c36ceb38964f", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "livebench/agentic_code_runner/eval/harness/repos/c/OpenMathLib/OpenBLAS.py", "duplicate_line": 7, "correlation_key": "fp|82b02b4d67ada262c0a39530398d590f09a14ed62583f0292e07c36ceb38964f"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "livebench/agentic_code_runner/eval/harness/repos/c/libsdlorg/SDL.py"}, "region": {"startLine": 7}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 130412, "scanner": "repobility-ai-code-hygiene", "fingerprint": "d84579b6ed8d51467a7bdc78883e7a6e5af68929446aa691c26ed39d2869db23", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "livebench/agentic_code_runner/eval/harness/repos/c/facebook/zstd.py", "duplicate_line": 25, "correlation_key": "fp|d84579b6ed8d51467a7bdc78883e7a6e5af68929446aa691c26ed39d2869db23"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "livebench/agentic_code_runner/eval/harness/repos/c/libgit2/libgit2.py"}, "region": {"startLine": 72}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 130411, "scanner": "repobility-ai-code-hygiene", "fingerprint": "1a7078568faa36e8949f02c197527b0132c83b0982d21a279acbfa429f3b36b0", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "livebench/agentic_code_runner/eval/harness/repos/c/OpenMathLib/OpenBLAS.py", "duplicate_line": 18, "correlation_key": "fp|1a7078568faa36e8949f02c197527b0132c83b0982d21a279acbfa429f3b36b0"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "livebench/agentic_code_runner/eval/harness/repos/c/libgit2/libgit2.py"}, "region": {"startLine": 18}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 130410, "scanner": "repobility-ai-code-hygiene", "fingerprint": "5f88b3935a136fc062ef42ab454ae842fc93f1bf80ec0e57f24005bf4b573287", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "livebench/agentic_code_runner/eval/harness/repos/c/fluent/fluentbit.py", "duplicate_line": 42, "correlation_key": "fp|5f88b3935a136fc062ef42ab454ae842fc93f1bf80ec0e57f24005bf4b573287"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "livebench/agentic_code_runner/eval/harness/repos/c/libgit2/libgit2.py"}, "region": {"startLine": 7}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 130409, "scanner": "repobility-ai-code-hygiene", "fingerprint": "09aa7fcbf0d5684eea443abd07985639a7b2fcea4d0eea5583a31e31d08ade8a", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "livebench/agentic_code_runner/eval/harness/repos/c/OpenMathLib/OpenBLAS.py", "duplicate_line": 18, "correlation_key": "fp|09aa7fcbf0d5684eea443abd07985639a7b2fcea4d0eea5583a31e31d08ade8a"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "livebench/agentic_code_runner/eval/harness/repos/c/jqlang/jq.py"}, "region": {"startLine": 18}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 130408, "scanner": "repobility-ai-code-hygiene", "fingerprint": "4c01c26cead558905be83dbe4399e95defeb6b27d325c7d3a950889f5c8600e9", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "livebench/agentic_code_runner/eval/harness/repos/c/facebook/zstd.py", "duplicate_line": 1, "correlation_key": "fp|4c01c26cead558905be83dbe4399e95defeb6b27d325c7d3a950889f5c8600e9"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "livebench/agentic_code_runner/eval/harness/repos/c/jqlang/jq.py"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 130407, "scanner": "repobility-ai-code-hygiene", "fingerprint": "6362f8028d540baf0c493e239982421033b020dc7e7977902b270aa3b03be440", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "livebench/agentic_code_runner/eval/harness/repos/c/OpenMathLib/OpenBLAS.py", "duplicate_line": 7, "correlation_key": "fp|6362f8028d540baf0c493e239982421033b020dc7e7977902b270aa3b03be440"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "livebench/agentic_code_runner/eval/harness/repos/c/fluent/fluentbit.py"}, "region": {"startLine": 7}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 130406, "scanner": "repobility-ai-code-hygiene", "fingerprint": "87eb00f2d1ae3189d822e65de56df79a3d43bf63a1e6246134f63820f2ac5864", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "livebench/agentic_code_runner/eval/harness/repos/c/OpenMathLib/OpenBLAS.py", "duplicate_line": 18, "correlation_key": "fp|87eb00f2d1ae3189d822e65de56df79a3d43bf63a1e6246134f63820f2ac5864"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "livebench/agentic_code_runner/eval/harness/repos/c/facebook/zstd.py"}, "region": {"startLine": 18}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 130405, "scanner": "repobility-ai-code-hygiene", "fingerprint": "cf835b506bd0590a36a23452dad91e477d0756e1313888a01af28b016d26d0d2", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "livebench/agentic_code_runner/eval/harness/build_dataset.py", "duplicate_line": 162, "correlation_key": "fp|cf835b506bd0590a36a23452dad91e477d0756e1313888a01af28b016d26d0d2"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "livebench/agentic_code_runner/eval/harness/gen_report.py"}, "region": {"startLine": 83}}}]}, {"ruleId": "MINED063", "level": "none", "message": {"text": "[MINED063] Toctou Os Path Exists: if os.path.exists(p): open(p) \u2014 file can be replaced/deleted between check and use."}, "properties": {"repobilityId": 130597, "scanner": "repobility-threat-engine", "fingerprint": "d0bc3dbfe14eb60a9a7a9fa0b824e085aa9c38fb8f8d7f230bdb6b35046dfbca", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "toctou-os-path-exists", "owasp": null, "cwe_ids": ["CWE-367"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348048+00:00", "triaged_in_corpus": 12, "observations_count": 90754, "ai_coder_pattern_id": 41}, "scanner": "repobility-threat-engine", "correlation_key": "fp|d0bc3dbfe14eb60a9a7a9fa0b824e085aa9c38fb8f8d7f230bdb6b35046dfbca"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "livebench/scripts/spend_report.py"}, "region": {"startLine": 52}}}]}, {"ruleId": "MINED063", "level": "none", "message": {"text": "[MINED063] Toctou Os Path Exists: if os.path.exists(p): open(p) \u2014 file can be replaced/deleted between check and use."}, "properties": {"repobilityId": 130596, "scanner": "repobility-threat-engine", "fingerprint": "bdca7e690b9c8f867528d7d42ad5d15032e7d8783181dbbc7f7a024085a6c123", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "toctou-os-path-exists", "owasp": null, "cwe_ids": ["CWE-367"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348048+00:00", "triaged_in_corpus": 12, "observations_count": 90754, "ai_coder_pattern_id": 41}, "scanner": "repobility-threat-engine", "correlation_key": "fp|bdca7e690b9c8f867528d7d42ad5d15032e7d8783181dbbc7f7a024085a6c123"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "livebench/scripts/edit_questions.py"}, "region": {"startLine": 121}}}]}, {"ruleId": "MINED063", "level": "none", "message": {"text": "[MINED063] Toctou Os Path Exists: if os.path.exists(p): open(p) \u2014 file can be replaced/deleted between check and use."}, "properties": {"repobilityId": 130595, "scanner": "repobility-threat-engine", "fingerprint": "5f16aef85e48015a6d94adf9968f6aea5012771a6734cba9be0bdf0c7d9d5d9d", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "toctou-os-path-exists", "owasp": null, "cwe_ids": ["CWE-367"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348048+00:00", "triaged_in_corpus": 12, "observations_count": 90754, "ai_coder_pattern_id": 41}, "scanner": "repobility-threat-engine", "correlation_key": "fp|5f16aef85e48015a6d94adf9968f6aea5012771a6734cba9be0bdf0c7d9d5d9d"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "livebench/scripts/check_question_variance.py"}, "region": {"startLine": 169}}}]}, {"ruleId": "MINED049", "level": "none", "message": {"text": "[MINED049] Print Pii: Logging password/token/email/ssn directly to stdout."}, "properties": {"repobilityId": 130592, "scanner": "repobility-threat-engine", "fingerprint": "7530cbc7faaf2edcb80ebf76619f856c40c21ec76e4a6824f55896edaa329179", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "print-pii", "owasp": "A09:2021", "cwe_ids": ["CWE-532"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348015+00:00", "triaged_in_corpus": 12, "observations_count": 676566, "ai_coder_pattern_id": 26}, "scanner": "repobility-threat-engine", "correlation_key": "fp|7530cbc7faaf2edcb80ebf76619f856c40c21ec76e4a6824f55896edaa329179"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "livebench/scripts/spend_report.py"}, "region": {"startLine": 108}}}]}, {"ruleId": "MINED049", "level": "none", "message": {"text": "[MINED049] Print Pii: Logging password/token/email/ssn directly to stdout."}, "properties": {"repobilityId": 130591, "scanner": "repobility-threat-engine", "fingerprint": "1b27af7652063051abba902a8949cae6c73c482cc4b5734e4fffddff5c7d5588", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "print-pii", "owasp": "A09:2021", "cwe_ids": ["CWE-532"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348015+00:00", "triaged_in_corpus": 12, "observations_count": 676566, "ai_coder_pattern_id": 26}, "scanner": "repobility-threat-engine", "correlation_key": "fp|1b27af7652063051abba902a8949cae6c73c482cc4b5734e4fffddff5c7d5588"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "livebench/scripts/rerun_failed_questions.py"}, "region": {"startLine": 73}}}]}, {"ruleId": "MINED049", "level": "none", "message": {"text": "[MINED049] Print Pii: Logging password/token/email/ssn directly to stdout."}, "properties": {"repobilityId": 130590, "scanner": "repobility-threat-engine", "fingerprint": "120c995c47085bb32e8a69422747d2dd4e37a20fd50993e2f51dae218d0f9480", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "print-pii", "owasp": "A09:2021", "cwe_ids": ["CWE-532"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348015+00:00", "triaged_in_corpus": 12, "observations_count": 676566, "ai_coder_pattern_id": 26}, "scanner": "repobility-threat-engine", "correlation_key": "fp|120c995c47085bb32e8a69422747d2dd4e37a20fd50993e2f51dae218d0f9480"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "livebench/scripts/calc_token_offset.py"}, "region": {"startLine": 38}}}]}, {"ruleId": "MINED069", "level": "none", "message": {"text": "[MINED069] Debug True Prod: Django/Flask DEBUG=True or app.debug=True in non-test files."}, "properties": {"repobilityId": 130587, "scanner": "repobility-threat-engine", "fingerprint": "bbca57e7cb4040b89ea772cace23b5be0f5d63a428132c2f74a5f68a12e98d8f", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "debug-true-prod", "owasp": "A05:2021", "cwe_ids": ["CWE-489"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348063+00:00", "triaged_in_corpus": 12, "observations_count": 37393, "ai_coder_pattern_id": 17}, "scanner": "repobility-threat-engine", "correlation_key": "fp|bbca57e7cb4040b89ea772cace23b5be0f5d63a428132c2f74a5f68a12e98d8f"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "livebench/scripts/edit_questions.py"}, "region": {"startLine": 138}}}]}, {"ruleId": "MINED069", "level": "none", "message": {"text": "[MINED069] Debug True Prod: Django/Flask DEBUG=True or app.debug=True in non-test files."}, "properties": {"repobilityId": 130586, "scanner": "repobility-threat-engine", "fingerprint": "ee0a63f943d2c6fae04e55a8d74d1f64d4f633763b10583f8dbc68e0018fcc6a", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "debug-true-prod", "owasp": "A05:2021", "cwe_ids": ["CWE-489"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348063+00:00", "triaged_in_corpus": 12, "observations_count": 37393, "ai_coder_pattern_id": 17}, "scanner": "repobility-threat-engine", "correlation_key": "fp|ee0a63f943d2c6fae04e55a8d74d1f64d4f633763b10583f8dbc68e0018fcc6a"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "livebench/scripts/check_grading_flakiness.py"}, "region": {"startLine": 111}}}]}, {"ruleId": "MINED069", "level": "none", "message": {"text": "[MINED069] Debug True Prod: Django/Flask DEBUG=True or app.debug=True in non-test files."}, "properties": {"repobilityId": 130585, "scanner": "repobility-threat-engine", "fingerprint": "1eaa01152e697f403de5773980e81425767f9df807cc7654205173a5213c16b7", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "debug-true-prod", "owasp": "A05:2021", "cwe_ids": ["CWE-489"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348063+00:00", "triaged_in_corpus": 12, "observations_count": 37393, "ai_coder_pattern_id": 17}, "scanner": "repobility-threat-engine", "correlation_key": "fp|1eaa01152e697f403de5773980e81425767f9df807cc7654205173a5213c16b7"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "livebench/lcb_runner/evaluation/compute_code_generation_metrics.py"}, "region": {"startLine": 29}}}]}, {"ruleId": "MINED064", "level": "none", "message": {"text": "[MINED064] Python Input Call: input() blocks for stdin. Inappropriate in services."}, "properties": {"repobilityId": 130584, "scanner": "repobility-threat-engine", "fingerprint": "70a114b9c29d44f9b279b4b55e1d5c23951267bdcf1f00e5626e84d07bfd6e1b", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "python-input-call", "owasp": null, "cwe_ids": [], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348050+00:00", "triaged_in_corpus": 12, "observations_count": 66378, "ai_coder_pattern_id": 124}, "scanner": "repobility-threat-engine", "correlation_key": "fp|70a114b9c29d44f9b279b4b55e1d5c23951267bdcf1f00e5626e84d07bfd6e1b"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "livebench/lcb_runner/evaluation/compute_code_generation_metrics.py"}, "region": {"startLine": 247}}}]}, {"ruleId": "SEC013", "level": "none", "message": {"text": "[SEC013] Path Traversal \u2014 User Input in File Path (and 1 more): Same pattern found in 1 additional files. Review if needed."}, "properties": {"repobilityId": 130580, "scanner": "repobility-threat-engine", "fingerprint": "75f22750f5eefefb3a3ce8f933bc32c82dff4c8e9ca3ec94aeac313553cfbd0d", "category": "path_traversal", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 1 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"reason": "Deduplicated summary only: 1 additional occurrences found. The top occurrences remain visible as actionable findings.", "rule_id": "SEC013", "scanner": "repobility-threat-engine", "confidence": 0.2, "correlation_key": "fp|75f22750f5eefefb3a3ce8f933bc32c82dff4c8e9ca3ec94aeac313553cfbd0d"}}}, {"ruleId": "MINED072", "level": "none", "message": {"text": "[MINED072] Python Pass Only Class: class Foo: pass \u2014 stub waiting to be filled in."}, "properties": {"repobilityId": 130576, "scanner": "repobility-threat-engine", "fingerprint": "080e752bdfc2c802aae8df932977096c4eb70348229513e17840397b6827b777", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "python-pass-only-class", "owasp": null, "cwe_ids": ["CWE-1188"], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348069+00:00", "triaged_in_corpus": 10, "observations_count": 14245, "ai_coder_pattern_id": 143}, "scanner": "repobility-threat-engine", "correlation_key": "fp|080e752bdfc2c802aae8df932977096c4eb70348229513e17840397b6827b777"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "livebench/code_runner/eval/utils.py"}, "region": {"startLine": 252}}}]}, {"ruleId": "MINED077", "level": "none", "message": {"text": "[MINED077] Python Open No Context: fp = open(path) outside with-block leaks file handles."}, "properties": {"repobilityId": 130575, "scanner": "repobility-threat-engine", "fingerprint": "2328e45cb5fd33209230772c14c7ba7d44e80e33e163f9e47e6b99a1cae9c98e", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "python-open-no-context", "owasp": null, "cwe_ids": ["CWE-772"], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348081+00:00", "triaged_in_corpus": 12, "observations_count": 7864, "ai_coder_pattern_id": 123}, "scanner": "repobility-threat-engine", "correlation_key": "fp|2328e45cb5fd33209230772c14c7ba7d44e80e33e163f9e47e6b99a1cae9c98e"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "livebench/code_runner/eval/__init__.py"}, "region": {"startLine": 265}}}]}, {"ruleId": "SEC128", "level": "none", "message": {"text": "[SEC128] Async function without await \u2014 fire-and-forget Promise (AI mistake) (and 1 more): Same pattern found in 1 additional files. Review if needed."}, "properties": {"repobilityId": 130572, "scanner": "repobility-threat-engine", "fingerprint": "8a77ffb0a8fcdda223aabe32cdaf0e5bdc6cae13db4c9684d2f2d4932a1285a8", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 1 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"reason": "Deduplicated summary only: 1 additional occurrences found. The top occurrences remain visible as actionable findings.", "rule_id": "SEC128", "scanner": "repobility-threat-engine", "confidence": 0.2, "correlation_key": "fp|8a77ffb0a8fcdda223aabe32cdaf0e5bdc6cae13db4c9684d2f2d4932a1285a8"}}}, {"ruleId": "MINED001", "level": "none", "message": {"text": "[MINED001] Bare Except Pass (and 2 more): Same pattern found in 2 additional files. Review if needed."}, "properties": {"repobilityId": 130568, "scanner": "repobility-threat-engine", "fingerprint": "95cc9797c40c926759aaa04a4225f0a4ae4f9faafb543c58446c2f46cd9cfe9e", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 2 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"mined": true, "mining": {"slug": "bare-except-pass", "owasp": null, "cwe_ids": ["CWE-755"], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347744+00:00", "triaged_in_corpus": 15, "observations_count": 1550824, "ai_coder_pattern_id": 6}, "scanner": "repobility-threat-engine", "aggregated": true, "correlation_key": "fp|95cc9797c40c926759aaa04a4225f0a4ae4f9faafb543c58446c2f46cd9cfe9e", "aggregated_count": 2}}}, {"ruleId": "MINED006", "level": "none", "message": {"text": "[MINED006] Overcatch Baseexception (and 2 more): Same pattern found in 2 additional files. Review if needed."}, "properties": {"repobilityId": 130559, "scanner": "repobility-threat-engine", "fingerprint": "1d890d539f069e5c1d06723a89c54cb2ca3fc5652d4e9d8f9bab1f234c90d8fb", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 2 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"mined": true, "mining": {"slug": "overcatch-baseexception", "owasp": null, "cwe_ids": ["CWE-705"], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347911+00:00", "triaged_in_corpus": 15, "observations_count": 230624, "ai_coder_pattern_id": 8}, "scanner": "repobility-threat-engine", "aggregated": true, "correlation_key": "fp|1d890d539f069e5c1d06723a89c54cb2ca3fc5652d4e9d8f9bab1f234c90d8fb", "aggregated_count": 2}}}, {"ruleId": "SEC020", "level": "none", "message": {"text": "[SEC020] Secret Printed to Logs (and 1 more): Same pattern found in 1 additional files. Review if needed."}, "properties": {"repobilityId": 130555, "scanner": "repobility-threat-engine", "fingerprint": "b6edddaddab6b62ff63a87b52b7d7b3bab2a5af6b4d7361c1238d18c2c6e3162", "category": "credential_exposure", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 1 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"reason": "Deduplicated summary only: 1 additional occurrences found. The top occurrences remain visible as actionable findings.", "rule_id": "SEC020", "scanner": "repobility-threat-engine", "confidence": 0.2, "correlation_key": "fp|b6edddaddab6b62ff63a87b52b7d7b3bab2a5af6b4d7361c1238d18c2c6e3162"}}}, {"ruleId": "SEC020", "level": "none", "message": {"text": "[SEC020] Secret Printed to Logs: Debug or diagnostic code appears to print a credential-bearing value. This is a frequent AI-assisted coding failure: the helper exposes the exact value needed for troubleshooting."}, "properties": {"repobilityId": 130554, "scanner": "repobility-threat-engine", "fingerprint": "38f210c2b3c94978a86daf8438de2cc957d8c5392aa4f3d56f15fb8b8c4d3a4b", "category": "credential_exposure", "severity": "info", "confidence": 0.15, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "The token term appears to refer to NLP/model token counts, a tokenizer, or blockchain token metadata rather than credential material", "evidence": {"match": "print(f\"\\n* {grand['partial']} answers had no input-token data (predate cost tracking)", "reason": "The token term appears to refer to NLP/model token counts, a tokenizer, or blockchain token metadata rather than credential material", "rule_id": "SEC020", "scanner": "repobility-threat-engine", "confidence": 0.15, "correlation_key": "secret|token|10|print f n grand partial answers had no input-token data predate cost tracking"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "livebench/scripts/spend_report.py"}, "region": {"startLine": 108}}}]}, {"ruleId": "SEC020", "level": "none", "message": {"text": "[SEC020] Secret Printed to Logs: Debug or diagnostic code appears to print a credential-bearing value. This is a frequent AI-assisted coding failure: the helper exposes the exact value needed for troubleshooting."}, "properties": {"repobilityId": 130553, "scanner": "repobility-threat-engine", "fingerprint": "2d1d35aba04a52a92057d3369809f6ff62812fafc720610b4c0f5a709f8e692b", "category": "credential_exposure", "severity": "info", "confidence": 0.15, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Log message mentions credential-related metadata but does not print a credential-bearing value", "evidence": {"match": "print(f\"Warning: Actual tokens is 0 for line: {line_content.strip()", "reason": "Log message mentions credential-related metadata but does not print a credential-bearing value", "rule_id": "SEC020", "scanner": "repobility-threat-engine", "confidence": 0.15, "correlation_key": "secret|token|3|print f warning: actual tokens is 0 for line: line_content.strip"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "livebench/scripts/calc_token_offset.py"}, "region": {"startLine": 38}}}]}, {"ruleId": "MINED055", "level": "none", "message": {"text": "[MINED055] Npm Install No Lockfile (and 16 more): Same pattern found in 16 additional files. Review if needed."}, "properties": {"repobilityId": 130546, "scanner": "repobility-threat-engine", "fingerprint": "1274ba78615b945a1a61ccdcaaf6671984e3494b84a598276b51b2bbcdb6b690", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 16 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"mined": true, "mining": {"slug": "npm-install-no-lockfile", "owasp": "A06:2021", "cwe_ids": ["CWE-1357"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348030+00:00", "triaged_in_corpus": 12, "observations_count": 317602, "ai_coder_pattern_id": 42}, "scanner": "repobility-threat-engine", "aggregated": true, "correlation_key": "fp|1274ba78615b945a1a61ccdcaaf6671984e3494b84a598276b51b2bbcdb6b690", "aggregated_count": 16}}}, {"ruleId": "MINED055", "level": "none", "message": {"text": "[MINED055] Npm Install No Lockfile: Production image runs npm install (resolves new versions on every build) instead of npm ci."}, "properties": {"repobilityId": 130545, "scanner": "repobility-threat-engine", "fingerprint": "8eea5f58eb87a7a2589d1e8883eb89ca04203d3ecfd63f1cb22745721f174ef8", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "npm-install-no-lockfile", "owasp": "A06:2021", "cwe_ids": ["CWE-1357"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348030+00:00", "triaged_in_corpus": 12, "observations_count": 317602, "ai_coder_pattern_id": 42}, "scanner": "repobility-threat-engine", "correlation_key": "fp|8eea5f58eb87a7a2589d1e8883eb89ca04203d3ecfd63f1cb22745721f174ef8"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "livebench/agentic_code_runner/eval/harness/repos/javascript/expressjs/express.py"}, "region": {"startLine": 133}}}]}, {"ruleId": "MINED055", "level": "none", "message": {"text": "[MINED055] Npm Install No Lockfile: Production image runs npm install (resolves new versions on every build) instead of npm ci."}, "properties": {"repobilityId": 130544, "scanner": "repobility-threat-engine", "fingerprint": "397a06b49349f742f5d1a24a075010effa1a135339ccdc3cdf877cbde4c33005", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "npm-install-no-lockfile", "owasp": "A06:2021", "cwe_ids": ["CWE-1357"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348030+00:00", "triaged_in_corpus": 12, "observations_count": 317602, "ai_coder_pattern_id": 42}, "scanner": "repobility-threat-engine", "correlation_key": "fp|397a06b49349f742f5d1a24a075010effa1a135339ccdc3cdf877cbde4c33005"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "livebench/agentic_code_runner/eval/harness/repos/javascript/caolan/async_.py"}, "region": {"startLine": 127}}}]}, {"ruleId": "MINED055", "level": "none", "message": {"text": "[MINED055] Npm Install No Lockfile: Production image runs npm install (resolves new versions on every build) instead of npm ci."}, "properties": {"repobilityId": 130543, "scanner": "repobility-threat-engine", "fingerprint": "17cad740eef27fcd767f3aeca6005fdaa053d94dd3edcbc17455f1b889b924a7", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "npm-install-no-lockfile", "owasp": "A06:2021", "cwe_ids": ["CWE-1357"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348030+00:00", "triaged_in_corpus": 12, "observations_count": 317602, "ai_coder_pattern_id": 42}, "scanner": "repobility-threat-engine", "correlation_key": "fp|17cad740eef27fcd767f3aeca6005fdaa053d94dd3edcbc17455f1b889b924a7"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "livebench/agentic_code_runner/eval/harness/repos/javascript/anuraghazra/github_readme_stats.py"}, "region": {"startLine": 130}}}]}, {"ruleId": "MINED043", "level": "none", "message": {"text": "[MINED043] Http Not Https (and 5 more): Same pattern found in 5 additional files. Review if needed."}, "properties": {"repobilityId": 130540, "scanner": "repobility-threat-engine", "fingerprint": "cd0c8e85bd308a46f755f44bc6ab20955e3c28a1f9d626cb3a3bf09c3b5d92c7", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 5 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"mined": true, "mining": {"slug": "http-not-https", "owasp": "A02:2021", "cwe_ids": ["CWE-319"], "precision": 0.917, "promoted_at": "2026-05-18T14:01:32.347999+00:00", "triaged_in_corpus": 12, "observations_count": 4113831, "ai_coder_pattern_id": 15}, "scanner": "repobility-threat-engine", "aggregated": true, "correlation_key": "fp|cd0c8e85bd308a46f755f44bc6ab20955e3c28a1f9d626cb3a3bf09c3b5d92c7", "aggregated_count": 5}}}, {"ruleId": "MINED043", "level": "none", "message": {"text": "[MINED043] Http Not Https: Hardcoded http:// (not localhost) for endpoints that handle credentials or data."}, "properties": {"repobilityId": 130539, "scanner": "repobility-threat-engine", "fingerprint": "95ff1dfa346c687f0227479be669f8eaaead0f5ca45931fbade3471c886ae064", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "http-not-https", "owasp": "A02:2021", "cwe_ids": ["CWE-319"], "precision": 0.917, "promoted_at": "2026-05-18T14:01:32.347999+00:00", "triaged_in_corpus": 12, "observations_count": 4113831, "ai_coder_pattern_id": 15}, "scanner": "repobility-threat-engine", "correlation_key": "fp|95ff1dfa346c687f0227479be669f8eaaead0f5ca45931fbade3471c886ae064"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "livebench/agentic_code_runner/eval/harness/repos/java/checkstyle/checkstyle.py"}, "region": {"startLine": 134}}}]}, {"ruleId": "MINED043", "level": "none", "message": {"text": "[MINED043] Http Not Https: Hardcoded http:// (not localhost) for endpoints that handle credentials or data."}, "properties": {"repobilityId": 130538, "scanner": "repobility-threat-engine", "fingerprint": "4200f08a12783ef8e65f4efd5fc54bb43155b688849a48bbe293a3e82f19a9d3", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "http-not-https", "owasp": "A02:2021", "cwe_ids": ["CWE-319"], "precision": 0.917, "promoted_at": "2026-05-18T14:01:32.347999+00:00", "triaged_in_corpus": 12, "observations_count": 4113831, "ai_coder_pattern_id": 15}, "scanner": "repobility-threat-engine", "correlation_key": "fp|4200f08a12783ef8e65f4efd5fc54bb43155b688849a48bbe293a3e82f19a9d3"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "livebench/agentic_code_runner/eval/harness/repos/java/apache/dubbo.py"}, "region": {"startLine": 212}}}]}, {"ruleId": "MINED043", "level": "none", "message": {"text": "[MINED043] Http Not Https: Hardcoded http:// (not localhost) for endpoints that handle credentials or data."}, "properties": {"repobilityId": 130537, "scanner": "repobility-threat-engine", "fingerprint": "7c3a70077293ca022ea39ff9de9a5c60fb18bf4b2449440ea9a01ab1dd592276", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "http-not-https", "owasp": "A02:2021", "cwe_ids": ["CWE-319"], "precision": 0.917, "promoted_at": "2026-05-18T14:01:32.347999+00:00", "triaged_in_corpus": 12, "observations_count": 4113831, "ai_coder_pattern_id": 15}, "scanner": "repobility-threat-engine", "correlation_key": "fp|7c3a70077293ca022ea39ff9de9a5c60fb18bf4b2449440ea9a01ab1dd592276"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "livebench/agentic_code_runner/eval/harness/repos/c/libgit2/libgit2.py"}, "region": {"startLine": 120}}}]}, {"ruleId": "COMP001", "level": "none", "message": {"text": "[COMP001] High cognitive complexity (and 168 more): Same pattern found in 168 additional files. Review if needed."}, "properties": {"repobilityId": 130536, "scanner": "repobility-threat-engine", "fingerprint": "b3bb4a14c10eb3705618d51855e76ec9e8205833f447608022c7f1abdb1bcc45", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 168 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"scanner": "repobility-threat-engine", "function": "check", "breakdown": {"if": 7, "for": 4, "elif": 3, "nested_bonus": 7}, "aggregated": true, "complexity": 21, "correlation_key": "fp|b3bb4a14c10eb3705618d51855e76ec9e8205833f447608022c7f1abdb1bcc45", "aggregated_count": 168}}}, {"ruleId": "MINED050", "level": "none", "message": {"text": "[MINED050] Stub Only Function (and 7 more): Same pattern found in 7 additional files. Review if needed."}, "properties": {"repobilityId": 130532, "scanner": "repobility-threat-engine", "fingerprint": "50406309e3101c911d59a3045c7bd41e083f0c20641ab6d2cbf99c80311d7d9e", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 7 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"mined": true, "mining": {"slug": "stub-only-function", "owasp": null, "cwe_ids": ["CWE-1188"], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348017+00:00", "triaged_in_corpus": 12, "observations_count": 633513, "ai_coder_pattern_id": 2}, "scanner": "repobility-threat-engine", "aggregated": true, "correlation_key": "fp|50406309e3101c911d59a3045c7bd41e083f0c20641ab6d2cbf99c80311d7d9e", "aggregated_count": 7}}}, {"ruleId": "MINED050", "level": "none", "message": {"text": "[MINED050] Stub Only Function: Function declared but body is just pass, return None, raise NotImplementedError, or TODO comment."}, "properties": {"repobilityId": 130531, "scanner": "repobility-threat-engine", "fingerprint": "4f81c5c1a9761187dd524cfc09af1999a19b1fa7ef88b749fa75e6092b8e422a", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "stub-only-function", "owasp": null, "cwe_ids": ["CWE-1188"], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348017+00:00", "triaged_in_corpus": 12, "observations_count": 633513, "ai_coder_pattern_id": 2}, "scanner": "repobility-threat-engine", "correlation_key": "fp|4f81c5c1a9761187dd524cfc09af1999a19b1fa7ef88b749fa75e6092b8e422a"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "livebench/agentic_code_runner/minisweagent/agents/interactive.py"}, "region": {"startLine": 60}}}]}, {"ruleId": "MINED050", "level": "none", "message": {"text": "[MINED050] Stub Only Function: Function declared but body is just pass, return None, raise NotImplementedError, or TODO comment."}, "properties": {"repobilityId": 130530, "scanner": "repobility-threat-engine", "fingerprint": "c9ad9e7a685dc9a4b27bc60f91a119a0d2c4f574296ff48b39f56d926f03feaf", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "stub-only-function", "owasp": null, "cwe_ids": ["CWE-1188"], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348017+00:00", "triaged_in_corpus": 12, "observations_count": 633513, "ai_coder_pattern_id": 2}, "scanner": "repobility-threat-engine", "correlation_key": "fp|c9ad9e7a685dc9a4b27bc60f91a119a0d2c4f574296ff48b39f56d926f03feaf"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "livebench/agentic_code_runner/eval/harness/instance.py"}, "region": {"startLine": 25}}}]}, {"ruleId": "MINED050", "level": "none", "message": {"text": "[MINED050] Stub Only Function: Function declared but body is just pass, return None, raise NotImplementedError, or TODO comment."}, "properties": {"repobilityId": 130529, "scanner": "repobility-threat-engine", "fingerprint": "1d455ebb0a410f8b76c8af1994ceb984141382d96152aabe34b0420bb1fde81f", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "stub-only-function", "owasp": null, "cwe_ids": ["CWE-1188"], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348017+00:00", "triaged_in_corpus": 12, "observations_count": 633513, "ai_coder_pattern_id": 2}, "scanner": "repobility-threat-engine", "correlation_key": "fp|1d455ebb0a410f8b76c8af1994ceb984141382d96152aabe34b0420bb1fde81f"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "livebench/agentic_code_runner/eval/harness/image.py"}, "region": {"startLine": 53}}}]}, {"ruleId": "GHSA-rcf8-g8jv-vg6p", "level": "error", "message": {"text": "tensorflow: GHSA-rcf8-g8jv-vg6p"}, "properties": {"repobilityId": 130709, "scanner": "osv-scanner", "fingerprint": "5e9f6a7b895df212c4371126ca8aa2bb3890eed57f25539df5ad855786992a9a", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["BIT-tensorflow-2023-25669", "CVE-2023-25669"], "package": "tensorflow", "rule_id": "GHSA-rcf8-g8jv-vg6p", "scanner": "osv-scanner", "correlation_key": "vuln|tensorflow|CVE-2023-25669|token"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "livebench/code_runner/requirements_eval.txt"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-qjqc-vqcf-5qvj", "level": "error", "message": {"text": "tensorflow: GHSA-qjqc-vqcf-5qvj"}, "properties": {"repobilityId": 130708, "scanner": "osv-scanner", "fingerprint": "8ca4fcea81de6aa7389e59a02d3eb1e647bc57b3768b57c768877d2e5e38d0d8", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["BIT-tensorflow-2023-25660", "CVE-2023-25660"], "package": "tensorflow", "rule_id": "GHSA-qjqc-vqcf-5qvj", "scanner": "osv-scanner", "correlation_key": "vuln|tensorflow|CVE-2023-25660|token"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "livebench/code_runner/requirements_eval.txt"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-j5w9-hmfh-4cr6", "level": "error", "message": {"text": "tensorflow: GHSA-j5w9-hmfh-4cr6"}, "properties": {"repobilityId": 130707, "scanner": "osv-scanner", "fingerprint": "76b0d62503944a40d507f3ec652cff6e4f172290d3883ff39d2f44dd60a3986b", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["BIT-tensorflow-2023-25671", "CVE-2023-25671"], "package": "tensorflow", "rule_id": "GHSA-j5w9-hmfh-4cr6", "scanner": "osv-scanner", "correlation_key": "vuln|tensorflow|CVE-2023-25671|token"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "livebench/code_runner/requirements_eval.txt"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-gjh7-xx4r-x345", "level": "error", "message": {"text": "tensorflow: GHSA-gjh7-xx4r-x345"}, "properties": {"repobilityId": 130705, "scanner": "osv-scanner", "fingerprint": "030c3ba3813da7a0f36f5b8db79451293e85d6e201b162c14f9dc851a3ac210c", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["BIT-tensorflow-2023-33976", "CVE-2023-33976"], "package": "tensorflow", "rule_id": "GHSA-gjh7-xx4r-x345", "scanner": "osv-scanner", "correlation_key": "vuln|tensorflow|CVE-2023-33976|token"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "livebench/code_runner/requirements_eval.txt"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-gf97-q72m-7579", "level": "error", "message": {"text": "tensorflow: GHSA-gf97-q72m-7579"}, "properties": {"repobilityId": 130704, "scanner": "osv-scanner", "fingerprint": "541658b81f6e77eead3369d288aac61ab49bf974cc3903d17800ad55d904b650", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["BIT-tensorflow-2023-25674", "CVE-2023-25674"], "package": "tensorflow", "rule_id": "GHSA-gf97-q72m-7579", "scanner": "osv-scanner", "correlation_key": "vuln|tensorflow|CVE-2023-25674|token"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "livebench/code_runner/requirements_eval.txt"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-f637-vh3r-vfh2", "level": "error", "message": {"text": "tensorflow: GHSA-f637-vh3r-vfh2"}, "properties": {"repobilityId": 130701, "scanner": "osv-scanner", "fingerprint": "341f2051cf25e712ff3d9631f8acc07b40975bcae603f106c3d15697a453e159", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["BIT-tensorflow-2023-25666", "CVE-2023-25666"], "package": "tensorflow", "rule_id": "GHSA-f637-vh3r-vfh2", "scanner": "osv-scanner", "correlation_key": "vuln|tensorflow|CVE-2023-25666|token"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "livebench/code_runner/requirements_eval.txt"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-f49c-87jh-g47q", "level": "error", "message": {"text": "tensorflow: GHSA-f49c-87jh-g47q"}, "properties": {"repobilityId": 130700, "scanner": "osv-scanner", "fingerprint": "a6f291e6cfbcdc5986a91d240b2dd5cf4fd51a025f9317d1c8e7b4e6fc1a1fe4", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["BIT-tensorflow-2023-25801", "CVE-2023-25801"], "package": "tensorflow", "rule_id": "GHSA-f49c-87jh-g47q", "scanner": "osv-scanner", "correlation_key": "vuln|tensorflow|CVE-2023-25801|token"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "livebench/code_runner/requirements_eval.txt"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-94mm-g2mv-8p7r", "level": "error", "message": {"text": "tensorflow: GHSA-94mm-g2mv-8p7r"}, "properties": {"repobilityId": 130699, "scanner": "osv-scanner", "fingerprint": "601b9d2db69a52cdd69f757968353e06d125545b65f662b40116d7234883a163", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["BIT-tensorflow-2023-25672", "CVE-2023-25672"], "package": "tensorflow", "rule_id": "GHSA-94mm-g2mv-8p7r", "scanner": "osv-scanner", "correlation_key": "vuln|tensorflow|CVE-2023-25672|token"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "livebench/code_runner/requirements_eval.txt"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-93vr-9q9m-pj8p", "level": "error", "message": {"text": "tensorflow: GHSA-93vr-9q9m-pj8p"}, "properties": {"repobilityId": 130698, "scanner": "osv-scanner", "fingerprint": "c92efd179e32a5e5f2cd4fdb5995e2779cd488d0e6eeee2748dc7a68da75ce09", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["BIT-tensorflow-2023-25659", "CVE-2023-25659"], "package": "tensorflow", "rule_id": "GHSA-93vr-9q9m-pj8p", "scanner": "osv-scanner", "correlation_key": "vuln|tensorflow|CVE-2023-25659|token"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "livebench/code_runner/requirements_eval.txt"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-7x4v-9gxg-9hwj", "level": "error", "message": {"text": "tensorflow: GHSA-7x4v-9gxg-9hwj"}, "properties": {"repobilityId": 130697, "scanner": "osv-scanner", "fingerprint": "42fb2a3d7c0d5b1b0f3f0a013261dc59ab68b431f2c011c8c863b69b3cf41c85", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["BIT-tensorflow-2023-25675", "CVE-2023-25675"], "package": "tensorflow", "rule_id": "GHSA-7x4v-9gxg-9hwj", "scanner": "osv-scanner", "correlation_key": "vuln|tensorflow|CVE-2023-25675|token"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "livebench/code_runner/requirements_eval.txt"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-7jvm-xxmr-v5cw", "level": "error", "message": {"text": "tensorflow: GHSA-7jvm-xxmr-v5cw"}, "properties": {"repobilityId": 130696, "scanner": "osv-scanner", "fingerprint": "aebeed672f82332fad5b295d6e40bda3b70c79ca4b77c27a127d4bffd7c777a7", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["BIT-tensorflow-2023-25662", "CVE-2023-25662"], "package": "tensorflow", "rule_id": "GHSA-7jvm-xxmr-v5cw", "scanner": "osv-scanner", "correlation_key": "vuln|tensorflow|CVE-2023-25662|token"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "livebench/code_runner/requirements_eval.txt"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-6wfh-89q8-44jq", "level": "error", "message": {"text": "tensorflow: GHSA-6wfh-89q8-44jq"}, "properties": {"repobilityId": 130695, "scanner": "osv-scanner", "fingerprint": "e3ab1dcb2b59a8f821dc3bb8c3a83fe754c04d6c167e04c26c7d60d8d5ca4807", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["BIT-tensorflow-2023-25676", "CVE-2023-25676"], "package": "tensorflow", "rule_id": "GHSA-6wfh-89q8-44jq", "scanner": "osv-scanner", "correlation_key": "vuln|tensorflow|CVE-2023-25676|token"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "livebench/code_runner/requirements_eval.txt"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-6hg6-5c2q-7rcr", "level": "error", "message": {"text": "tensorflow: GHSA-6hg6-5c2q-7rcr"}, "properties": {"repobilityId": 130694, "scanner": "osv-scanner", "fingerprint": "7abb33999d836843e75525df8e7c6822f005d76a7e4ca913a48b2cab3fc7592d", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["BIT-tensorflow-2023-25664", "CVE-2023-25664"], "package": "tensorflow", "rule_id": "GHSA-6hg6-5c2q-7rcr", "scanner": "osv-scanner", "correlation_key": "vuln|tensorflow|CVE-2023-25664|token"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "livebench/code_runner/requirements_eval.txt"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-68v3-g9cm-rmm6", "level": "error", "message": {"text": "tensorflow: GHSA-68v3-g9cm-rmm6"}, "properties": {"repobilityId": 130693, "scanner": "osv-scanner", "fingerprint": "cbc8e6bd47ea5e60bb5235b744a725da5c9200d929ab9eaf61c10e73c8aa929a", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["BIT-tensorflow-2023-25658", "CVE-2023-25658"], "package": "tensorflow", "rule_id": "GHSA-68v3-g9cm-rmm6", "scanner": "osv-scanner", "correlation_key": "vuln|tensorflow|CVE-2023-25658|token"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "livebench/code_runner/requirements_eval.txt"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-64jg-wjww-7c5w", "level": "error", "message": {"text": "tensorflow: GHSA-64jg-wjww-7c5w"}, "properties": {"repobilityId": 130692, "scanner": "osv-scanner", "fingerprint": "66ec337d7437b5ebe18068ab74586584124b181eab48f869a37e9524e9f8b0f0", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["BIT-tensorflow-2023-25663", "CVE-2023-25663"], "package": "tensorflow", "rule_id": "GHSA-64jg-wjww-7c5w", "scanner": "osv-scanner", "correlation_key": "vuln|tensorflow|CVE-2023-25663|token"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "livebench/code_runner/requirements_eval.txt"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-647v-r7qq-24fh", "level": "error", "message": {"text": "tensorflow: GHSA-647v-r7qq-24fh"}, "properties": {"repobilityId": 130691, "scanner": "osv-scanner", "fingerprint": "d665829e09f50d67fcf4c62fa0f3deef7744e96ef5a2f9f763e1c84b93665b5b", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["BIT-tensorflow-2023-25673", "CVE-2023-25673"], "package": "tensorflow", "rule_id": "GHSA-647v-r7qq-24fh", "scanner": "osv-scanner", "correlation_key": "vuln|tensorflow|CVE-2023-25673|token"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "livebench/code_runner/requirements_eval.txt"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-5w96-866f-6rm8", "level": "error", "message": {"text": "tensorflow: GHSA-5w96-866f-6rm8"}, "properties": {"repobilityId": 130690, "scanner": "osv-scanner", "fingerprint": "1117af291eecbdf9f59dcd65d87db03f3e31dbf883da250c7cfc4d3371cb5cce", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["BIT-tensorflow-2023-27579", "CVE-2023-27579"], "package": "tensorflow", "rule_id": "GHSA-5w96-866f-6rm8", "scanner": "osv-scanner", "correlation_key": "vuln|tensorflow|CVE-2023-27579|token"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "livebench/code_runner/requirements_eval.txt"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-558h-mq8x-7q9g", "level": "error", "message": {"text": "tensorflow: GHSA-558h-mq8x-7q9g"}, "properties": {"repobilityId": 130689, "scanner": "osv-scanner", "fingerprint": "f4731245571e593baa862853891d2a778923876e414d92c8ebeefe531c7080d1", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["BIT-tensorflow-2023-25665", "CVE-2023-25665"], "package": "tensorflow", "rule_id": "GHSA-558h-mq8x-7q9g", "scanner": "osv-scanner", "correlation_key": "vuln|tensorflow|CVE-2023-25665|token"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "livebench/code_runner/requirements_eval.txt"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-49rq-hwc3-x77w", "level": "error", "message": {"text": "tensorflow: GHSA-49rq-hwc3-x77w"}, "properties": {"repobilityId": 130688, "scanner": "osv-scanner", "fingerprint": "fd38e124bfee5d7b36b803e53b976d4aa520d0cf0140da9ff9fef48fc36f8f90", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["BIT-tensorflow-2023-25670", "CVE-2023-25670"], "package": "tensorflow", "rule_id": "GHSA-49rq-hwc3-x77w", "scanner": "osv-scanner", "correlation_key": "vuln|tensorflow|CVE-2023-25670|token"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "livebench/code_runner/requirements_eval.txt"}, "region": {"startLine": 1}}}]}, {"ruleId": "PYSEC-2023-114", "level": "error", "message": {"text": "scipy: PYSEC-2023-114"}, "properties": {"repobilityId": 130687, "scanner": "osv-scanner", "fingerprint": "5fd285e8ead22a732c0c75fe1eb78183a3bc8e4055c21f383fcba184ed96ddd2", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2023-29824"], "package": "scipy", "rule_id": "PYSEC-2023-114", "scanner": "osv-scanner", "correlation_key": "vuln|scipy|CVE-2023-29824|token"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "livebench/code_runner/requirements_eval.txt"}, "region": {"startLine": 1}}}]}, {"ruleId": "PYSEC-2023-102", "level": "error", "message": {"text": "scipy: PYSEC-2023-102"}, "properties": {"repobilityId": 130686, "scanner": "osv-scanner", "fingerprint": "953d24b70c3c864d2c1bb22dc42f51ae6b8e68996998039e38b710c5df3a612f", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2023-25399"], "package": "scipy", "rule_id": "PYSEC-2023-102", "scanner": "osv-scanner", "correlation_key": "vuln|scipy|CVE-2023-25399|token"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "livebench/code_runner/requirements_eval.txt"}, "region": {"startLine": 1}}}]}, {"ruleId": "PYSEC-2024-110", "level": "error", "message": {"text": "scikit-learn: PYSEC-2024-110"}, "properties": {"repobilityId": 130685, "scanner": "osv-scanner", "fingerprint": "b1d3ac99a36b8a8d088b47c4ea3898d74ef09ef7b0c39f445c9593dea69976a6", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "Collapsed 1 duplicate scanner signal(s) for the same underlying issue.", "evidence": {"match": "", "aliases": ["CVE-2024-5206", "GHSA-jw8x-6495-233v"], "package": "scikit-learn", "rule_id": "PYSEC-2024-110", "scanner": "osv-scanner", "correlation_key": "vuln|scikit-learn|CVE-2024-5206|token", "duplicate_count": 1, "duplicate_rule_ids": ["GHSA-jw8x-6495-233v", "PYSEC-2024-110"], "duplicate_scanners": ["osv-scanner"], "duplicate_fingerprints": ["90af0ee127d8acc1291541509327ba2092e3fd4d7d9765c4238319dfa3f5813e", "b1d3ac99a36b8a8d088b47c4ea3898d74ef09ef7b0c39f445c9593dea69976a6"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "livebench/code_runner/requirements_eval.txt"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-j225-cvw7-qrx7", "level": "error", "message": {"text": "pycryptodome: GHSA-j225-cvw7-qrx7"}, "properties": {"repobilityId": 130683, "scanner": "osv-scanner", "fingerprint": "b340a32a002829765cda1a2b44e4284e48e72ba1994f45213f12e0c111a6c9b9", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2023-52323", "PYSEC-2024-3"], "package": "pycryptodome", "rule_id": "GHSA-j225-cvw7-qrx7", "scanner": "osv-scanner", "correlation_key": "vuln|pycryptodome|CVE-2023-52323|token"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "livebench/code_runner/requirements_eval.txt"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-jm6w-m3j8-898g", "level": "error", "message": {"text": "nltk: GHSA-jm6w-m3j8-898g"}, "properties": {"repobilityId": 130680, "scanner": "osv-scanner", "fingerprint": "deb38598809cabaf96b90f3cd9812b62a5e898e84b6873f5479b7c9b07fde16a", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-33231"], "package": "nltk", "rule_id": "GHSA-jm6w-m3j8-898g", "scanner": "osv-scanner", "correlation_key": "vuln|nltk|CVE-2026-33231|token"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "livebench/code_runner/requirements_eval.txt"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-469j-vmhf-r6v7", "level": "error", "message": {"text": "nltk: GHSA-469j-vmhf-r6v7"}, "properties": {"repobilityId": 130678, "scanner": "osv-scanner", "fingerprint": "76905204a3e62234af70c7ff827fafa8c950b5b8459798e66b12fa106b1f1621", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-33236"], "package": "nltk", "rule_id": "GHSA-469j-vmhf-r6v7", "scanner": "osv-scanner", "correlation_key": "vuln|nltk|CVE-2026-33236|token"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "livebench/code_runner/requirements_eval.txt"}, "region": {"startLine": 1}}}]}, {"ruleId": "PYSEC-2026-99", "level": "error", "message": {"text": "nltk: PYSEC-2026-99"}, "properties": {"repobilityId": 130677, "scanner": "osv-scanner", "fingerprint": "3747a10eb92cfd23fba72c2aca23b30713d2c1c8912799890ec0df8ac4ee8f3f", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-0848"], "package": "nltk", "rule_id": "PYSEC-2026-99", "scanner": "osv-scanner", "correlation_key": "vuln|nltk|CVE-2026-0848|token"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "livebench/code_runner/requirements_eval.txt"}, "region": {"startLine": 1}}}]}, {"ruleId": "PYSEC-2026-98", "level": "error", "message": {"text": "nltk: PYSEC-2026-98"}, "properties": {"repobilityId": 130676, "scanner": "osv-scanner", "fingerprint": "e221a8d5ef494e83bcb843f1180bd271fe7d8a592cd0a25ae1b71db2c8fd8d2e", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "Collapsed 1 duplicate scanner signal(s) for the same underlying issue.", "evidence": {"match": "", "aliases": ["CVE-2026-0847", "GHSA-68j8-pq59-fqgm"], "package": "nltk", "rule_id": "PYSEC-2026-98", "scanner": "osv-scanner", "correlation_key": "vuln|nltk|CVE-2026-0847|token", "duplicate_count": 1, "duplicate_rule_ids": ["GHSA-68j8-pq59-fqgm", "PYSEC-2026-98"], "duplicate_scanners": ["osv-scanner"], "duplicate_fingerprints": ["5e43e860aecb1db57944b66d4c8f2caecb2597f6b556f1018856a8b27d1044a0", "e221a8d5ef494e83bcb843f1180bd271fe7d8a592cd0a25ae1b71db2c8fd8d2e"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "livebench/code_runner/requirements_eval.txt"}, "region": {"startLine": 1}}}]}, {"ruleId": "PYSEC-2026-97", "level": "error", "message": {"text": "nltk: PYSEC-2026-97"}, "properties": {"repobilityId": 130675, "scanner": "osv-scanner", "fingerprint": "30f4fa920bf3c10d6eaf88729ee9fced1e849087b87dc64b8221c290b4f0b2a9", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "Collapsed 1 duplicate scanner signal(s) for the same underlying issue.", "evidence": {"match": "", "aliases": ["CVE-2026-0846", "GHSA-h8wq-7xc4-p3qx"], "package": "nltk", "rule_id": "PYSEC-2026-97", "scanner": "osv-scanner", "correlation_key": "vuln|nltk|CVE-2026-0846|token", "duplicate_count": 1, "duplicate_rule_ids": ["GHSA-h8wq-7xc4-p3qx", "PYSEC-2026-97"], "duplicate_scanners": ["osv-scanner"], "duplicate_fingerprints": ["30f4fa920bf3c10d6eaf88729ee9fced1e849087b87dc64b8221c290b4f0b2a9", "da7494f72506c08e3cb133d78cfdac006d411d2535a570b86503fd9e36de7a52"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "livebench/code_runner/requirements_eval.txt"}, "region": {"startLine": 1}}}]}, {"ruleId": "PYSEC-2024-167", "level": "error", "message": {"text": "nltk: PYSEC-2024-167"}, "properties": {"repobilityId": 130673, "scanner": "osv-scanner", "fingerprint": "7cefbed1b381f21f15f0d944a417535217d5123ff75ad6bb836b50ccb30af37b", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "Collapsed 1 duplicate scanner signal(s) for the same underlying issue.", "evidence": {"match": "", "aliases": ["CVE-2024-39705", "GHSA-cgvx-9447-vcch"], "package": "nltk", "rule_id": "PYSEC-2024-167", "scanner": "osv-scanner", "correlation_key": "vuln|nltk|CVE-2024-39705|token", "duplicate_count": 1, "duplicate_rule_ids": ["GHSA-cgvx-9447-vcch", "PYSEC-2024-167"], "duplicate_scanners": ["osv-scanner"], "duplicate_fingerprints": ["7cefbed1b381f21f15f0d944a417535217d5123ff75ad6bb836b50ccb30af37b", "b70825fe21c9bc7833908020e9ad7e026f50c2638324ce38571d705f973649aa"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "livebench/code_runner/requirements_eval.txt"}, "region": {"startLine": 1}}}]}, {"ruleId": "PYSEC-2026-87", "level": "error", "message": {"text": "lxml: PYSEC-2026-87"}, "properties": {"repobilityId": 130672, "scanner": "osv-scanner", "fingerprint": "9b5bc4ad7946b8fd432144f14499fbe8e367dc25fa660b985fd2c078ccb6e99a", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "Collapsed 1 duplicate scanner signal(s) for the same underlying issue.", "evidence": {"match": "", "aliases": ["CVE-2026-41066", "GHSA-vfmq-68hx-4jfw"], "package": "lxml", "rule_id": "PYSEC-2026-87", "scanner": "osv-scanner", "correlation_key": "vuln|lxml|CVE-2026-41066|token", "duplicate_count": 1, "duplicate_rule_ids": ["GHSA-vfmq-68hx-4jfw", "PYSEC-2026-87"], "duplicate_scanners": ["osv-scanner"], "duplicate_fingerprints": ["0aa4e99eec0c302f3d3395bf926865c458998a62d59569aede7e722334399beb", "9b5bc4ad7946b8fd432144f14499fbe8e367dc25fa660b985fd2c078ccb6e99a"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "livebench/code_runner/requirements_eval.txt"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-hjqc-jx6g-rwp9", "level": "error", "message": {"text": "keras: GHSA-hjqc-jx6g-rwp9"}, "properties": {"repobilityId": 130669, "scanner": "osv-scanner", "fingerprint": "5a5b16082092275f079e78ef86fcbb1f1c12a24ac6ada4cc5842b1c6608b573f", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2025-12060"], "package": "keras", "rule_id": "GHSA-hjqc-jx6g-rwp9", "scanner": "osv-scanner", "correlation_key": "vuln|keras|CVE-2025-12060|token"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "livebench/code_runner/requirements_eval.txt"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-4f3f-g24h-fr8m", "level": "error", "message": {"text": "keras: GHSA-4f3f-g24h-fr8m"}, "properties": {"repobilityId": 130668, "scanner": "osv-scanner", "fingerprint": "eb35ea135b5d4bb2e3113d69cb479a3314372121c680f5d55bf9d05bfc24a15f", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-1462"], "package": "keras", "rule_id": "GHSA-4f3f-g24h-fr8m", "scanner": "osv-scanner", "correlation_key": "vuln|keras|CVE-2026-1462|token"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "livebench/code_runner/requirements_eval.txt"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-36fq-jgmw-4r9c", "level": "error", "message": {"text": "keras: GHSA-36fq-jgmw-4r9c"}, "properties": {"repobilityId": 130667, "scanner": "osv-scanner", "fingerprint": "79572c44e4ecd9aa8cf982785af7747a3ac2bca1735b5a5a791ca69e3299cd7a", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2025-9906", "PYSEC-2025-76"], "package": "keras", "rule_id": "GHSA-36fq-jgmw-4r9c", "scanner": "osv-scanner", "correlation_key": "vuln|keras|CVE-2025-9906|token"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "livebench/code_runner/requirements_eval.txt"}, "region": {"startLine": 1}}}]}, {"ruleId": "PYSEC-2025-121", "level": "error", "message": {"text": "keras: PYSEC-2025-121"}, "properties": {"repobilityId": 130666, "scanner": "osv-scanner", "fingerprint": "e38dabadbe829012fc7d912103f28fa441b5b4ce4b9dcea1f5cbdbffe6ac74d7", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "Collapsed 1 duplicate scanner signal(s) for the same underlying issue.", "evidence": {"match": "", "aliases": ["CVE-2024-55459", "GHSA-cjgq-5qmw-rcj6"], "package": "keras", "rule_id": "PYSEC-2025-121", "scanner": "osv-scanner", "correlation_key": "vuln|keras|CVE-2024-55459|token", "duplicate_count": 1, "duplicate_rule_ids": ["GHSA-cjgq-5qmw-rcj6", "PYSEC-2025-121"], "duplicate_scanners": ["osv-scanner"], "duplicate_fingerprints": ["c460c3257443bc4259e2cc3cc966c9812c8d31761c123296e3e69b2a0cb9e026", "e38dabadbe829012fc7d912103f28fa441b5b4ce4b9dcea1f5cbdbffe6ac74d7"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "livebench/code_runner/requirements_eval.txt"}, "region": {"startLine": 1}}}]}, {"ruleId": "PYSEC-2026-62", "level": "error", "message": {"text": "geopandas: PYSEC-2026-62"}, "properties": {"repobilityId": 130665, "scanner": "osv-scanner", "fingerprint": "54f3d3c62b16c43255a201cb0acd609ae801393006e91dd489ed6dda857f0cdd", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "Collapsed 1 duplicate scanner signal(s) for the same underlying issue.", "evidence": {"match": "", "aliases": ["CVE-2025-69662", "GHSA-6497-prx7-gpmq"], "package": "geopandas", "rule_id": "PYSEC-2026-62", "scanner": "osv-scanner", "correlation_key": "vuln|geopandas|CVE-2025-69662|token", "duplicate_count": 1, "duplicate_rule_ids": ["GHSA-6497-prx7-gpmq", "PYSEC-2026-62"], "duplicate_scanners": ["osv-scanner"], "duplicate_fingerprints": ["403ec6031b3ec72ade54c73089d6b0ad28ab4610ff178289c44842ecda4ca676", "54f3d3c62b16c43255a201cb0acd609ae801393006e91dd489ed6dda857f0cdd"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "livebench/code_runner/requirements_eval.txt"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-x4qr-2fvf-3mr5", "level": "error", "message": {"text": "cryptography: GHSA-x4qr-2fvf-3mr5"}, "properties": {"repobilityId": 130663, "scanner": "osv-scanner", "fingerprint": "0c83093572a64b283fa53cf6e2d9d953bdebd0d0a39d26412249d3dea0545111", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2023-0286", "RUSTSEC-2023-0006"], "package": "cryptography", "rule_id": "GHSA-x4qr-2fvf-3mr5", "scanner": "osv-scanner", "correlation_key": "vuln|cryptography|CVE-2023-0286|token"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "livebench/code_runner/requirements_eval.txt"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-r6ph-v2qm-q3c2", "level": "error", "message": {"text": "cryptography: GHSA-r6ph-v2qm-q3c2"}, "properties": {"repobilityId": 130661, "scanner": "osv-scanner", "fingerprint": "280be9ed90fb4923cfb03cc3676acd666e6675e57f3403e6f1eed68e83474bf5", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-26007"], "package": "cryptography", "rule_id": "GHSA-r6ph-v2qm-q3c2", "scanner": "osv-scanner", "correlation_key": "vuln|cryptography|CVE-2026-26007|token"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "livebench/code_runner/requirements_eval.txt"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-3ww4-gg4f-jr7f", "level": "error", "message": {"text": "cryptography: GHSA-3ww4-gg4f-jr7f"}, "properties": {"repobilityId": 130656, "scanner": "osv-scanner", "fingerprint": "c2f978444a5096ac4c5c9dd0c3c06ded716f384c89588558c24d2fae64caf8e5", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2023-50782"], "package": "cryptography", "rule_id": "GHSA-3ww4-gg4f-jr7f", "scanner": "osv-scanner", "correlation_key": "vuln|cryptography|CVE-2023-50782|token"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "livebench/code_runner/requirements_eval.txt"}, "region": {"startLine": 1}}}]}, {"ruleId": "PYSEC-2026-35", "level": "error", "message": {"text": "cryptography: PYSEC-2026-35"}, "properties": {"repobilityId": 130654, "scanner": "osv-scanner", "fingerprint": "c79f4af548950a874c3378d0f7bcc8d231fc67c30b7d955be12739edf7b3be21", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "Collapsed 1 duplicate scanner signal(s) for the same underlying issue.", "evidence": {"match": "", "aliases": ["CVE-2026-34073", "GHSA-m959-cc7f-wv43"], "package": "cryptography", "rule_id": "PYSEC-2026-35", "scanner": "osv-scanner", "correlation_key": "vuln|cryptography|CVE-2026-34073|token", "duplicate_count": 1, "duplicate_rule_ids": ["GHSA-m959-cc7f-wv43", "PYSEC-2026-35"], "duplicate_scanners": ["osv-scanner"], "duplicate_fingerprints": ["580da840fd417e4749ff76c082e5ed51a361a1a38887704c6631809f2d7155e3", "c79f4af548950a874c3378d0f7bcc8d231fc67c30b7d955be12739edf7b3be21"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "livebench/code_runner/requirements_eval.txt"}, "region": {"startLine": 1}}}]}, {"ruleId": "PYSEC-2024-225", "level": "error", "message": {"text": "cryptography: PYSEC-2024-225"}, "properties": {"repobilityId": 130653, "scanner": "osv-scanner", "fingerprint": "4921a3f8e172f8f95e1502f543b84adc538ff4502bf121eee45072bd1a531218", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "Collapsed 1 duplicate scanner signal(s) for the same underlying issue.", "evidence": {"match": "", "aliases": ["CVE-2024-26130", "GHSA-6vqw-3v5j-54x4"], "package": "cryptography", "rule_id": "PYSEC-2024-225", "scanner": "osv-scanner", "correlation_key": "vuln|cryptography|CVE-2024-26130|token", "duplicate_count": 1, "duplicate_rule_ids": ["GHSA-6vqw-3v5j-54x4", "PYSEC-2024-225"], "duplicate_scanners": ["osv-scanner"], "duplicate_fingerprints": ["4921a3f8e172f8f95e1502f543b84adc538ff4502bf121eee45072bd1a531218", "8c3d7a6745f69f84969a83564f120aafcb2f5f7ee47272a855ff69f4f1e0d580"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "livebench/code_runner/requirements_eval.txt"}, "region": {"startLine": 1}}}]}, {"ruleId": "PYSEC-2023-254", "level": "error", "message": {"text": "cryptography: PYSEC-2023-254"}, "properties": {"repobilityId": 130652, "scanner": "osv-scanner", "fingerprint": "0131a36158e683643834981f160e4a0822baf64ea8bac914b45403356585b028", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "Collapsed 1 duplicate scanner signal(s) for the same underlying issue.", "evidence": {"match": "", "aliases": ["CVE-2023-49083", "GHSA-jfhm-5ghh-2f97"], "package": "cryptography", "rule_id": "PYSEC-2023-254", "scanner": "osv-scanner", "correlation_key": "vuln|cryptography|CVE-2023-49083|token", "duplicate_count": 1, "duplicate_rule_ids": ["GHSA-jfhm-5ghh-2f97", "PYSEC-2023-254"], "duplicate_scanners": ["osv-scanner"], "duplicate_fingerprints": ["0131a36158e683643834981f160e4a0822baf64ea8bac914b45403356585b028", "0abdc72a28df6c649f03e2b4791b8740bab9084e943608d51e503e96b18ecf3d"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "livebench/code_runner/requirements_eval.txt"}, "region": {"startLine": 1}}}]}, {"ruleId": "PYSEC-2023-11", "level": "error", "message": {"text": "cryptography: PYSEC-2023-11"}, "properties": {"repobilityId": 130651, "scanner": "osv-scanner", "fingerprint": "8da1da310291e73e5d0e3011a951493e00f19ad79fc6c03097467a66c4c1e131", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "Collapsed 1 duplicate scanner signal(s) for the same underlying issue.", "evidence": {"match": "", "aliases": ["CVE-2023-23931", "GHSA-w7pp-m8wf-vj6r"], "package": "cryptography", "rule_id": "PYSEC-2023-11", "scanner": "osv-scanner", "correlation_key": "vuln|cryptography|CVE-2023-23931|token", "duplicate_count": 1, "duplicate_rule_ids": ["GHSA-w7pp-m8wf-vj6r", "PYSEC-2023-11"], "duplicate_scanners": ["osv-scanner"], "duplicate_fingerprints": ["0cd91397950cc38c9fb337deb6f9add3c39ffc1b8a8f5731e5eb5113e644b70c", "8da1da310291e73e5d0e3011a951493e00f19ad79fc6c03097467a66c4c1e131"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "livebench/code_runner/requirements_eval.txt"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-2g68-c3qc-8985", "level": "error", "message": {"text": "werkzeug: GHSA-2g68-c3qc-8985"}, "properties": {"repobilityId": 130646, "scanner": "osv-scanner", "fingerprint": "a4a54f4240f729ade165db38a1eeba5f7e20115f20dbc5d0a785e75ac8f56f8c", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2024-34069"], "package": "werkzeug", "rule_id": "GHSA-2g68-c3qc-8985", "scanner": "osv-scanner", "correlation_key": "vuln|werkzeug|CVE-2024-34069|token"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "livebench/code_runner/requirements_eval.txt"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-whj4-6x5x-4v2j", "level": "error", "message": {"text": "pillow: GHSA-whj4-6x5x-4v2j"}, "properties": {"repobilityId": 130641, "scanner": "osv-scanner", "fingerprint": "b4e5d633e23bc49f1bee51297fc07b4a1a847aab2996114ea9d971cc0db7ba5f", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["BIT-pillow-2026-40192", "CVE-2026-40192"], "package": "pillow", "rule_id": "GHSA-whj4-6x5x-4v2j", "scanner": "osv-scanner", "correlation_key": "vuln|pillow|CVE-2026-40192|token"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "livebench/code_runner/requirements_eval.txt"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-pwv6-vv43-88gr", "level": "error", "message": {"text": "pillow: GHSA-pwv6-vv43-88gr"}, "properties": {"repobilityId": 130639, "scanner": "osv-scanner", "fingerprint": "dba2d19487bc4e983dbf8f59ee063db34ddde4d7ad2b09b4b2589b46c07fc4d5", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["BIT-pillow-2026-42311", "CVE-2026-42311"], "package": "pillow", "rule_id": "GHSA-pwv6-vv43-88gr", "scanner": "osv-scanner", "correlation_key": "vuln|pillow|CVE-2026-42311|token"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "livebench/code_runner/requirements_eval.txt"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-cfh3-3jmp-rvhc", "level": "error", "message": {"text": "pillow: GHSA-cfh3-3jmp-rvhc"}, "properties": {"repobilityId": 130638, "scanner": "osv-scanner", "fingerprint": "0b62ff6793849695e0b8f802681c42a0b17a125c85fbb272e6a630fedcc03fef", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["BIT-pillow-2026-25990", "CVE-2026-25990"], "package": "pillow", "rule_id": "GHSA-cfh3-3jmp-rvhc", "scanner": "osv-scanner", "correlation_key": "vuln|pillow|CVE-2026-25990|token"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "livebench/code_runner/requirements_eval.txt"}, "region": {"startLine": 1}}}]}, {"ruleId": "PYSEC-2026-165", "level": "error", "message": {"text": "pillow: PYSEC-2026-165"}, "properties": {"repobilityId": 130637, "scanner": "osv-scanner", "fingerprint": "fb23c7a3e0565b51c1bacb4ea0f06a8ed784938551493791524052dff5c8c1f0", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "Collapsed 1 duplicate scanner signal(s) for the same underlying issue.", "evidence": {"match": "", "aliases": ["BIT-pillow-2026-42308", "CVE-2026-42308", "GHSA-wjx4-4jcj-g98j"], "package": "pillow", "rule_id": "PYSEC-2026-165", "scanner": "osv-scanner", "correlation_key": "vuln|pillow|CVE-2026-42308|token", "duplicate_count": 1, "duplicate_rule_ids": ["GHSA-wjx4-4jcj-g98j", "PYSEC-2026-165"], "duplicate_scanners": ["osv-scanner"], "duplicate_fingerprints": ["98bec6a5d8b55573692a918b247f01a8a7b2d17149aef6256b1f6d3ae2448533", "fb23c7a3e0565b51c1bacb4ea0f06a8ed784938551493791524052dff5c8c1f0"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "livebench/code_runner/requirements_eval.txt"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-8p8v-wh79-9r56", "level": "error", "message": {"text": "django: GHSA-8p8v-wh79-9r56"}, "properties": {"repobilityId": 130632, "scanner": "osv-scanner", "fingerprint": "14fb434c9d377402897f665d89b26194926dde1053e5d184e141bcdb1067205c", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["BIT-django-2026-25673", "CVE-2026-25673"], "package": "django", "rule_id": "GHSA-8p8v-wh79-9r56", "scanner": "osv-scanner", "correlation_key": "vuln|django|CVE-2026-25673|token"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "livebench/code_runner/requirements_eval.txt"}, "region": {"startLine": 1}}}]}, {"ruleId": "PYSEC-2026-53", "level": "error", "message": {"text": "django: PYSEC-2026-53"}, "properties": {"repobilityId": 130631, "scanner": "osv-scanner", "fingerprint": "98ffeb6671a5e0f195e258b7eb59d825f8b7f60f954d01e672d44ca39c378fa3", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "Collapsed 1 duplicate scanner signal(s) for the same underlying issue.", "evidence": {"match": "", "aliases": ["BIT-django-2026-4292", "CVE-2026-4292", "GHSA-mmwr-2jhp-mc7j"], "package": "django", "rule_id": "PYSEC-2026-53", "scanner": "osv-scanner", "correlation_key": "vuln|django|CVE-2026-4292|token", "duplicate_count": 1, "duplicate_rule_ids": ["GHSA-mmwr-2jhp-mc7j", "PYSEC-2026-53"], "duplicate_scanners": ["osv-scanner"], "duplicate_fingerprints": ["10d26c05743d0a95c7bab0aaad4dadc720a03790f0e9dfcd4706a3df284d27c0", "98ffeb6671a5e0f195e258b7eb59d825f8b7f60f954d01e672d44ca39c378fa3"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "livebench/code_runner/requirements_eval.txt"}, "region": {"startLine": 1}}}]}, {"ruleId": "PYSEC-2026-52", "level": "error", "message": {"text": "django: PYSEC-2026-52"}, "properties": {"repobilityId": 130630, "scanner": "osv-scanner", "fingerprint": "ff54789d04255b0dad0054898f8d6a6a5dfcdf87136f98f96b4d18cf5e9d31fe", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "Collapsed 1 duplicate scanner signal(s) for the same underlying issue.", "evidence": {"match": "", "aliases": ["BIT-django-2026-4277", "CVE-2026-4277", "GHSA-pwjp-ccjc-ghwg"], "package": "django", "rule_id": "PYSEC-2026-52", "scanner": "osv-scanner", "correlation_key": "vuln|django|CVE-2026-4277|token", "duplicate_count": 1, "duplicate_rule_ids": ["GHSA-pwjp-ccjc-ghwg", "PYSEC-2026-52"], "duplicate_scanners": ["osv-scanner"], "duplicate_fingerprints": ["4c101e02856f75bae611e40534f0181d10050192cc3accab67c38490c627204d", "ff54789d04255b0dad0054898f8d6a6a5dfcdf87136f98f96b4d18cf5e9d31fe"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "livebench/code_runner/requirements_eval.txt"}, "region": {"startLine": 1}}}]}, {"ruleId": "PYSEC-2026-51", "level": "error", "message": {"text": "django: PYSEC-2026-51"}, "properties": {"repobilityId": 130629, "scanner": "osv-scanner", "fingerprint": "1d902c6ad34f84b073240796108c1b715deb4fe2aabf4246b4c057d79aa8ebbc", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "Collapsed 1 duplicate scanner signal(s) for the same underlying issue.", "evidence": {"match": "", "aliases": ["BIT-django-2026-3902", "CVE-2026-3902", "GHSA-mvfq-ggxm-9mc5"], "package": "django", "rule_id": "PYSEC-2026-51", "scanner": "osv-scanner", "correlation_key": "vuln|django|CVE-2026-3902|token", "duplicate_count": 1, "duplicate_rule_ids": ["GHSA-mvfq-ggxm-9mc5", "PYSEC-2026-51"], "duplicate_scanners": ["osv-scanner"], "duplicate_fingerprints": ["1d902c6ad34f84b073240796108c1b715deb4fe2aabf4246b4c057d79aa8ebbc", "73c60c172e8e06910c451e11750ba046b2b72c6920e078d467f7253a0aa2f28d"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "livebench/code_runner/requirements_eval.txt"}, "region": {"startLine": 1}}}]}, {"ruleId": "PYSEC-2026-49", "level": "error", "message": {"text": "django: PYSEC-2026-49"}, "properties": {"repobilityId": 130628, "scanner": "osv-scanner", "fingerprint": "ebd0a290db3340e7f36a8ffaab820953cc3a2c5420c2e7932db150f758ac14ad", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "Collapsed 1 duplicate scanner signal(s) for the same underlying issue.", "evidence": {"match": "", "aliases": ["BIT-django-2026-33034", "CVE-2026-33034", "GHSA-933h-hp56-hf7m"], "package": "django", "rule_id": "PYSEC-2026-49", "scanner": "osv-scanner", "correlation_key": "vuln|django|CVE-2026-33034|token", "duplicate_count": 1, "duplicate_rule_ids": ["GHSA-933h-hp56-hf7m", "PYSEC-2026-49"], "duplicate_scanners": ["osv-scanner"], "duplicate_fingerprints": ["c958cda18ce89bc4f5daa5af9b939fc99dd53f7211b128fdd0a507b7f078dec0", "ebd0a290db3340e7f36a8ffaab820953cc3a2c5420c2e7932db150f758ac14ad"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "livebench/code_runner/requirements_eval.txt"}, "region": {"startLine": 1}}}]}, {"ruleId": "PYSEC-2026-48", "level": "error", "message": {"text": "django: PYSEC-2026-48"}, "properties": {"repobilityId": 130627, "scanner": "osv-scanner", "fingerprint": "63007ea095a52238e949b58473eae3b552d82ff6f023f6819760ce535827f2d8", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "Collapsed 1 duplicate scanner signal(s) for the same underlying issue.", "evidence": {"match": "", "aliases": ["BIT-django-2026-33033", "CVE-2026-33033", "GHSA-5mf9-h53q-7mhq"], "package": "django", "rule_id": "PYSEC-2026-48", "scanner": "osv-scanner", "correlation_key": "vuln|django|CVE-2026-33033|token", "duplicate_count": 1, "duplicate_rule_ids": ["GHSA-5mf9-h53q-7mhq", "PYSEC-2026-48"], "duplicate_scanners": ["osv-scanner"], "duplicate_fingerprints": ["63007ea095a52238e949b58473eae3b552d82ff6f023f6819760ce535827f2d8", "b24ee5df847f2ec3b20cb4438bc8cd60fb44f0eb6655c107e05b9580da536840"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "livebench/code_runner/requirements_eval.txt"}, "region": {"startLine": 1}}}]}, {"ruleId": "PYSEC-2026-47", "level": "error", "message": {"text": "django: PYSEC-2026-47"}, "properties": {"repobilityId": 130626, "scanner": "osv-scanner", "fingerprint": "2e1d62726535053dc3e5592cf2185a3db5fda38222fa000f9c4857a69db1fa6f", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "Collapsed 1 duplicate scanner signal(s) for the same underlying issue.", "evidence": {"match": "", "aliases": ["BIT-django-2026-1312", "CVE-2026-1312", "GHSA-6426-9fv3-65x8"], "package": "django", "rule_id": "PYSEC-2026-47", "scanner": "osv-scanner", "correlation_key": "vuln|django|CVE-2026-1312|token", "duplicate_count": 1, "duplicate_rule_ids": ["GHSA-6426-9fv3-65x8", "PYSEC-2026-47"], "duplicate_scanners": ["osv-scanner"], "duplicate_fingerprints": ["2e1d62726535053dc3e5592cf2185a3db5fda38222fa000f9c4857a69db1fa6f", "52b21a8ef1bbd6f45ba3211f30b265c35f1f116287d4b9e44e6f8e844bc48ef3"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "livebench/code_runner/requirements_eval.txt"}, "region": {"startLine": 1}}}]}, {"ruleId": "PYSEC-2026-46", "level": "error", "message": {"text": "django: PYSEC-2026-46"}, "properties": {"repobilityId": 130625, "scanner": "osv-scanner", "fingerprint": "adb68dfe1d1e0e9861c4d077cd6ab162a5c4bfde56a43685ac53cceadd290454", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "Collapsed 1 duplicate scanner signal(s) for the same underlying issue.", "evidence": {"match": "", "aliases": ["BIT-django-2026-1287", "CVE-2026-1287", "GHSA-gvg8-93h5-g6qq"], "package": "django", "rule_id": "PYSEC-2026-46", "scanner": "osv-scanner", "correlation_key": "vuln|django|CVE-2026-1287|token", "duplicate_count": 1, "duplicate_rule_ids": ["GHSA-gvg8-93h5-g6qq", "PYSEC-2026-46"], "duplicate_scanners": ["osv-scanner"], "duplicate_fingerprints": ["14764902033c1633c4767c884f1ec0f331374e42fdebc0d8303496e456a1dcc7", "adb68dfe1d1e0e9861c4d077cd6ab162a5c4bfde56a43685ac53cceadd290454"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "livebench/code_runner/requirements_eval.txt"}, "region": {"startLine": 1}}}]}, {"ruleId": "PYSEC-2026-45", "level": "error", "message": {"text": "django: PYSEC-2026-45"}, "properties": {"repobilityId": 130624, "scanner": "osv-scanner", "fingerprint": "91ef31f4084b61846f0d854d20e7626668335daecf03bdf990cdfc014436a706", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "Collapsed 1 duplicate scanner signal(s) for the same underlying issue.", "evidence": {"match": "", "aliases": ["BIT-django-2026-1285", "CVE-2026-1285", "GHSA-4rrr-2h4v-f3j9"], "package": "django", "rule_id": "PYSEC-2026-45", "scanner": "osv-scanner", "correlation_key": "vuln|django|CVE-2026-1285|token", "duplicate_count": 1, "duplicate_rule_ids": ["GHSA-4rrr-2h4v-f3j9", "PYSEC-2026-45"], "duplicate_scanners": ["osv-scanner"], "duplicate_fingerprints": ["91ef31f4084b61846f0d854d20e7626668335daecf03bdf990cdfc014436a706", "ea2a98457531cfe2b784004af818cbe50810a1fb17bdd8f768490e78831e5a56"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "livebench/code_runner/requirements_eval.txt"}, "region": {"startLine": 1}}}]}, {"ruleId": "PYSEC-2026-44", "level": "error", "message": {"text": "django: PYSEC-2026-44"}, "properties": {"repobilityId": 130623, "scanner": "osv-scanner", "fingerprint": "bc53d1db8e6f75cbbf83f4b4a9fa190a4e01bc82197dbcb093d73a646e3f09c2", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "Collapsed 1 duplicate scanner signal(s) for the same underlying issue.", "evidence": {"match": "", "aliases": ["BIT-django-2026-1207", "CVE-2026-1207", "GHSA-mwm9-4648-f68q"], "package": "django", "rule_id": "PYSEC-2026-44", "scanner": "osv-scanner", "correlation_key": "vuln|django|CVE-2026-1207|token", "duplicate_count": 1, "duplicate_rule_ids": ["GHSA-mwm9-4648-f68q", "PYSEC-2026-44"], "duplicate_scanners": ["osv-scanner"], "duplicate_fingerprints": ["58a2418f8913c8f0b36db72b8a20dea2cf2e8a1b401caa9702ff60f7dd41d736", "bc53d1db8e6f75cbbf83f4b4a9fa190a4e01bc82197dbcb093d73a646e3f09c2"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "livebench/code_runner/requirements_eval.txt"}, "region": {"startLine": 1}}}]}, {"ruleId": "PYSEC-2026-43", "level": "error", "message": {"text": "django: PYSEC-2026-43"}, "properties": {"repobilityId": 130622, "scanner": "osv-scanner", "fingerprint": "7c0fe4e2a98d471714243759ecf72c1701b052450a5f1ead259b50cefe4e9893", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "Collapsed 1 duplicate scanner signal(s) for the same underlying issue.", "evidence": {"match": "", "aliases": ["BIT-django-2025-14550", "CVE-2025-14550", "GHSA-33mw-q7rj-mjwj"], "package": "django", "rule_id": "PYSEC-2026-43", "scanner": "osv-scanner", "correlation_key": "vuln|django|CVE-2025-14550|token", "duplicate_count": 1, "duplicate_rule_ids": ["GHSA-33mw-q7rj-mjwj", "PYSEC-2026-43"], "duplicate_scanners": ["osv-scanner"], "duplicate_fingerprints": ["001dde13841c36030d44ec38a18864aa6e9bdd72467e0e112e672f6c51fcff39", "7c0fe4e2a98d471714243759ecf72c1701b052450a5f1ead259b50cefe4e9893"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "livebench/code_runner/requirements_eval.txt"}, "region": {"startLine": 1}}}]}, {"ruleId": "PYSEC-2026-42", "level": "error", "message": {"text": "django: PYSEC-2026-42"}, "properties": {"repobilityId": 130621, "scanner": "osv-scanner", "fingerprint": "abf3c7749c0cdf667244dc11c35adca056d5f48f7e918cd884e7a1948913574e", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "Collapsed 1 duplicate scanner signal(s) for the same underlying issue.", "evidence": {"match": "", "aliases": ["BIT-django-2025-13473", "CVE-2025-13473", "GHSA-2mcm-79hx-8fxw"], "package": "django", "rule_id": "PYSEC-2026-42", "scanner": "osv-scanner", "correlation_key": "vuln|django|CVE-2025-13473|token", "duplicate_count": 1, "duplicate_rule_ids": ["GHSA-2mcm-79hx-8fxw", "PYSEC-2026-42"], "duplicate_scanners": ["osv-scanner"], "duplicate_fingerprints": ["4a631bde31a19029a753da199db2f3c8775785d715677427799b898c3dbfd679", "abf3c7749c0cdf667244dc11c35adca056d5f48f7e918cd884e7a1948913574e"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "livebench/code_runner/requirements_eval.txt"}, "region": {"startLine": 1}}}]}, {"ruleId": "PYSEC-2025-47", "level": "error", "message": {"text": "django: PYSEC-2025-47"}, "properties": {"repobilityId": 130620, "scanner": "osv-scanner", "fingerprint": "b022ec7243dbbd64f26644228af3f38ae482582fb55ea28970c1e93a09a3f401", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "Collapsed 1 duplicate scanner signal(s) for the same underlying issue.", "evidence": {"match": "", "aliases": ["BIT-django-2025-48432", "CVE-2025-48432", "GHSA-7xr5-9hcq-chf9"], "package": "django", "rule_id": "PYSEC-2025-47", "scanner": "osv-scanner", "correlation_key": "vuln|django|CVE-2025-48432|token", "duplicate_count": 1, "duplicate_rule_ids": ["GHSA-7xr5-9hcq-chf9", "PYSEC-2025-47"], "duplicate_scanners": ["osv-scanner"], "duplicate_fingerprints": ["12855dea254d8233bf5e59ceac3ac339aba53fdf2e6926fc4b3b91db5f4b820d", "b022ec7243dbbd64f26644228af3f38ae482582fb55ea28970c1e93a09a3f401"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "livebench/code_runner/requirements_eval.txt"}, "region": {"startLine": 1}}}]}, {"ruleId": "PYSEC-2025-37", "level": "error", "message": {"text": "django: PYSEC-2025-37"}, "properties": {"repobilityId": 130619, "scanner": "osv-scanner", "fingerprint": "e656d9264bb36d99a40f9a0fcbe6a4eaffd478de7577f04ea0a4e07476308445", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "Collapsed 1 duplicate scanner signal(s) for the same underlying issue.", "evidence": {"match": "", "aliases": ["BIT-django-2025-32873", "CVE-2025-32873", "GHSA-8j24-cjrq-gr2m"], "package": "django", "rule_id": "PYSEC-2025-37", "scanner": "osv-scanner", "correlation_key": "vuln|django|CVE-2025-32873|token", "duplicate_count": 1, "duplicate_rule_ids": ["GHSA-8j24-cjrq-gr2m", "PYSEC-2025-37"], "duplicate_scanners": ["osv-scanner"], "duplicate_fingerprints": ["d14cacf02759d7165ed557b5d87c1ede782d30cb44532d285c5cc8df01bb3d3d", "e656d9264bb36d99a40f9a0fcbe6a4eaffd478de7577f04ea0a4e07476308445"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "livebench/code_runner/requirements_eval.txt"}, "region": {"startLine": 1}}}]}, {"ruleId": "PYSEC-2025-13", "level": "error", "message": {"text": "django: PYSEC-2025-13"}, "properties": {"repobilityId": 130618, "scanner": "osv-scanner", "fingerprint": "28bca6410f4dbf5569d5657d7b2b7a6cbfa519e3d771b8d6dcab8a68c77a4f3c", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "Collapsed 1 duplicate scanner signal(s) for the same underlying issue.", "evidence": {"match": "", "aliases": ["BIT-django-2025-26699", "CVE-2025-26699", "GHSA-p3fp-8748-vqfq"], "package": "django", "rule_id": "PYSEC-2025-13", "scanner": "osv-scanner", "correlation_key": "vuln|django|CVE-2025-26699|token", "duplicate_count": 1, "duplicate_rule_ids": ["GHSA-p3fp-8748-vqfq", "PYSEC-2025-13"], "duplicate_scanners": ["osv-scanner"], "duplicate_fingerprints": ["28bca6410f4dbf5569d5657d7b2b7a6cbfa519e3d771b8d6dcab8a68c77a4f3c", "344f5ba18448db6bf9d89ca2b8cad41175c52a812fed42f4c7c5e29e148d7ada"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "livebench/code_runner/requirements_eval.txt"}, "region": {"startLine": 1}}}]}, {"ruleId": "PYSEC-2025-109", "level": "error", "message": {"text": "django: PYSEC-2025-109"}, "properties": {"repobilityId": 130617, "scanner": "osv-scanner", "fingerprint": "dc3b376a6630c3e64bb5bbdf1710a1aa5e56e85101be7a6809560aa11b592447", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "Collapsed 1 duplicate scanner signal(s) for the same underlying issue.", "evidence": {"match": "", "aliases": ["BIT-django-2025-64460", "CVE-2025-64460", "GHSA-vrcr-9hj9-jcg6"], "package": "django", "rule_id": "PYSEC-2025-109", "scanner": "osv-scanner", "correlation_key": "vuln|django|CVE-2025-64460|token", "duplicate_count": 1, "duplicate_rule_ids": ["GHSA-vrcr-9hj9-jcg6", "PYSEC-2025-109"], "duplicate_scanners": ["osv-scanner"], "duplicate_fingerprints": ["43dd79b9e33e5448d096fa7a57c8860025c2231b6ae0236be8801cf853f3565a", "dc3b376a6630c3e64bb5bbdf1710a1aa5e56e85101be7a6809560aa11b592447"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "livebench/code_runner/requirements_eval.txt"}, "region": {"startLine": 1}}}]}, {"ruleId": "PYSEC-2025-107", "level": "error", "message": {"text": "django: PYSEC-2025-107"}, "properties": {"repobilityId": 130615, "scanner": "osv-scanner", "fingerprint": "52582bfc7f37a144e8159b948b7534d460bfb3721c6d83a005752a38ac912423", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "Collapsed 1 duplicate scanner signal(s) for the same underlying issue.", "evidence": {"match": "", "aliases": ["BIT-django-2025-64458", "CVE-2025-64458", "GHSA-qw25-v68c-qjf3"], "package": "django", "rule_id": "PYSEC-2025-107", "scanner": "osv-scanner", "correlation_key": "vuln|django|CVE-2025-64458|token", "duplicate_count": 1, "duplicate_rule_ids": ["GHSA-qw25-v68c-qjf3", "PYSEC-2025-107"], "duplicate_scanners": ["osv-scanner"], "duplicate_fingerprints": ["52582bfc7f37a144e8159b948b7534d460bfb3721c6d83a005752a38ac912423", "585ecadb42b5f4f3232b31c09e60335b133de0486c4a1a1e4ffb0c4a5d46ae3a"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "livebench/code_runner/requirements_eval.txt"}, "region": {"startLine": 1}}}]}, {"ruleId": "PYSEC-2025-106", "level": "error", "message": {"text": "django: PYSEC-2025-106"}, "properties": {"repobilityId": 130614, "scanner": "osv-scanner", "fingerprint": "82c710ec4558de0df0aff1167372aa3cc47c4ddbc684351c09ba9d1ed4757ba3", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "Collapsed 1 duplicate scanner signal(s) for the same underlying issue.", "evidence": {"match": "", "aliases": ["BIT-django-2025-59681", "CVE-2025-59681", "GHSA-hpr9-3m2g-3j9p"], "package": "django", "rule_id": "PYSEC-2025-106", "scanner": "osv-scanner", "correlation_key": "vuln|django|CVE-2025-59681|token", "duplicate_count": 1, "duplicate_rule_ids": ["GHSA-hpr9-3m2g-3j9p", "PYSEC-2025-106"], "duplicate_scanners": ["osv-scanner"], "duplicate_fingerprints": ["194e62cb9a41b4d8a27f773762d728196da0947dd9aec9bdea9d0d1998a6308f", "82c710ec4558de0df0aff1167372aa3cc47c4ddbc684351c09ba9d1ed4757ba3"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "livebench/code_runner/requirements_eval.txt"}, "region": {"startLine": 1}}}]}, {"ruleId": "PYSEC-2025-105", "level": "error", "message": {"text": "django: PYSEC-2025-105"}, "properties": {"repobilityId": 130613, "scanner": "osv-scanner", "fingerprint": "91cf8b824520caece272bab76b0ebd75bbcf0d2356c6552259b3bb9ef7a75913", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "Collapsed 1 duplicate scanner signal(s) for the same underlying issue.", "evidence": {"match": "", "aliases": ["BIT-django-2025-57833", "CVE-2025-57833", "GHSA-6w2r-r2m5-xq5w"], "package": "django", "rule_id": "PYSEC-2025-105", "scanner": "osv-scanner", "correlation_key": "vuln|django|CVE-2025-57833|token", "duplicate_count": 1, "duplicate_rule_ids": ["GHSA-6w2r-r2m5-xq5w", "PYSEC-2025-105"], "duplicate_scanners": ["osv-scanner"], "duplicate_fingerprints": ["10778faf8b6d2a2dea72ffcfc1b7fb4223379eed81d373a7f0b1092f8e281ed5", "91cf8b824520caece272bab76b0ebd75bbcf0d2356c6552259b3bb9ef7a75913"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "livebench/code_runner/requirements_eval.txt"}, "region": {"startLine": 1}}}]}, {"ruleId": "PYSEC-2025-104", "level": "error", "message": {"text": "django: PYSEC-2025-104"}, "properties": {"repobilityId": 130612, "scanner": "osv-scanner", "fingerprint": "cbc6b875c23dc9c36ed18dc6c0276737709c5247b023f518c50dbf5f57e266c7", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "Collapsed 1 duplicate scanner signal(s) for the same underlying issue.", "evidence": {"match": "", "aliases": ["BIT-django-2025-13372", "CVE-2025-13372", "GHSA-rqw2-ghq9-44m7"], "package": "django", "rule_id": "PYSEC-2025-104", "scanner": "osv-scanner", "correlation_key": "vuln|django|CVE-2025-13372|token", "duplicate_count": 1, "duplicate_rule_ids": ["GHSA-rqw2-ghq9-44m7", "PYSEC-2025-104"], "duplicate_scanners": ["osv-scanner"], "duplicate_fingerprints": ["cbc6b875c23dc9c36ed18dc6c0276737709c5247b023f518c50dbf5f57e266c7", "edda64054b6afa65fe1bdf1c428ad67254c081f055289e50a084c6b2cf8474d3"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "livebench/code_runner/requirements_eval.txt"}, "region": {"startLine": 1}}}]}, {"ruleId": "PYSEC-2025-1", "level": "error", "message": {"text": "django: PYSEC-2025-1"}, "properties": {"repobilityId": 130611, "scanner": "osv-scanner", "fingerprint": "fb91b7d8a93b3bcc31b503330287e42f0f75fa79e4519814062a1443391fe311", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "Collapsed 1 duplicate scanner signal(s) for the same underlying issue.", "evidence": {"match": "", "aliases": ["BIT-django-2024-56374", "CVE-2024-56374", "GHSA-qcgg-j2x8-h9g8"], "package": "django", "rule_id": "PYSEC-2025-1", "scanner": "osv-scanner", "correlation_key": "vuln|django|CVE-2024-56374|token", "duplicate_count": 1, "duplicate_rule_ids": ["GHSA-qcgg-j2x8-h9g8", "PYSEC-2025-1"], "duplicate_scanners": ["osv-scanner"], "duplicate_fingerprints": ["4a653749bf43efc95202085af02849642388607a7eeaca40556c6a864e4ea6c0", "fb91b7d8a93b3bcc31b503330287e42f0f75fa79e4519814062a1443391fe311"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "livebench/code_runner/requirements_eval.txt"}, "region": {"startLine": 1}}}]}, {"ruleId": "PYSEC-2024-69", "level": "error", "message": {"text": "django: PYSEC-2024-69"}, "properties": {"repobilityId": 130609, "scanner": "osv-scanner", "fingerprint": "21d6992920d8376863baba4292bb7a847578381364bab0afed6bc2d545f212ce", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "Collapsed 1 duplicate scanner signal(s) for the same underlying issue.", "evidence": {"match": "", "aliases": ["BIT-django-2024-41991", "CVE-2024-41991", "GHSA-r836-hh6v-rg5g"], "package": "django", "rule_id": "PYSEC-2024-69", "scanner": "osv-scanner", "correlation_key": "vuln|django|CVE-2024-41991|token", "duplicate_count": 1, "duplicate_rule_ids": ["GHSA-r836-hh6v-rg5g", "PYSEC-2024-69"], "duplicate_scanners": ["osv-scanner"], "duplicate_fingerprints": ["21d6992920d8376863baba4292bb7a847578381364bab0afed6bc2d545f212ce", "b64df70311e31f2b323c65558eabe25426de2c4459b3b4e7b8bc86f80afd0726"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "livebench/code_runner/requirements_eval.txt"}, "region": {"startLine": 1}}}]}, {"ruleId": "PYSEC-2024-68", "level": "error", "message": {"text": "django: PYSEC-2024-68"}, "properties": {"repobilityId": 130608, "scanner": "osv-scanner", "fingerprint": "217dc90878d36d2d53a6dd130dce02c449c3ac72d87466a112c3a068e0daa129", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "Collapsed 1 duplicate scanner signal(s) for the same underlying issue.", "evidence": {"match": "", "aliases": ["BIT-django-2024-41990", "CVE-2024-41990", "GHSA-795c-9xpc-xw6g"], "package": "django", "rule_id": "PYSEC-2024-68", "scanner": "osv-scanner", "correlation_key": "vuln|django|CVE-2024-41990|token", "duplicate_count": 1, "duplicate_rule_ids": ["GHSA-795c-9xpc-xw6g", "PYSEC-2024-68"], "duplicate_scanners": ["osv-scanner"], "duplicate_fingerprints": ["217dc90878d36d2d53a6dd130dce02c449c3ac72d87466a112c3a068e0daa129", "d94db13f0a1e2a0e639cb9521f90e0d251d81d00b0c920d0ec63f8eb97fd55bc"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "livebench/code_runner/requirements_eval.txt"}, "region": {"startLine": 1}}}]}, {"ruleId": "PYSEC-2024-67", "level": "error", "message": {"text": "django: PYSEC-2024-67"}, "properties": {"repobilityId": 130607, "scanner": "osv-scanner", "fingerprint": "f8692367576428c0e18511c908b89a249a4a103f9badcdea8c51345d7ab1667a", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "Collapsed 1 duplicate scanner signal(s) for the same underlying issue.", "evidence": {"match": "", "aliases": ["BIT-django-2024-41989", "CVE-2024-41989", "GHSA-jh75-99hh-qvx9"], "package": "django", "rule_id": "PYSEC-2024-67", "scanner": "osv-scanner", "correlation_key": "vuln|django|CVE-2024-41989|token", "duplicate_count": 1, "duplicate_rule_ids": ["GHSA-jh75-99hh-qvx9", "PYSEC-2024-67"], "duplicate_scanners": ["osv-scanner"], "duplicate_fingerprints": ["f8692367576428c0e18511c908b89a249a4a103f9badcdea8c51345d7ab1667a", "fb8d852c945a2981aeeaefc85db356964d43b128042e94e90dc40350b1ee4fca"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "livebench/code_runner/requirements_eval.txt"}, "region": {"startLine": 1}}}]}, {"ruleId": "PYSEC-2024-59", "level": "error", "message": {"text": "django: PYSEC-2024-59"}, "properties": {"repobilityId": 130606, "scanner": "osv-scanner", "fingerprint": "f1a40583a239bb753bf416a34f97d123278bf2766eb51fee35ea758055c87f30", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "Collapsed 1 duplicate scanner signal(s) for the same underlying issue.", "evidence": {"match": "", "aliases": ["BIT-django-2024-39614", "CVE-2024-39614", "GHSA-f6f8-9mx6-9mx2"], "package": "django", "rule_id": "PYSEC-2024-59", "scanner": "osv-scanner", "correlation_key": "vuln|django|CVE-2024-39614|token", "duplicate_count": 1, "duplicate_rule_ids": ["GHSA-f6f8-9mx6-9mx2", "PYSEC-2024-59"], "duplicate_scanners": ["osv-scanner"], "duplicate_fingerprints": ["7d073b8d39944ef333cf9680853a3ddd754cf7217a5b9682344c7fdcc07e114c", "f1a40583a239bb753bf416a34f97d123278bf2766eb51fee35ea758055c87f30"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "livebench/code_runner/requirements_eval.txt"}, "region": {"startLine": 1}}}]}, {"ruleId": "PYSEC-2024-58", "level": "error", "message": {"text": "django: PYSEC-2024-58"}, "properties": {"repobilityId": 130605, "scanner": "osv-scanner", "fingerprint": "70dc6490e30d3f85f9f8aedc67abc45810aa222ebadf5da267ab3546060c75db", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "Collapsed 1 duplicate scanner signal(s) for the same underlying issue.", "evidence": {"match": "", "aliases": ["BIT-django-2024-39330", "CVE-2024-39330", "GHSA-9jmf-237g-qf46"], "package": "django", "rule_id": "PYSEC-2024-58", "scanner": "osv-scanner", "correlation_key": "vuln|django|CVE-2024-39330|token", "duplicate_count": 1, "duplicate_rule_ids": ["GHSA-9jmf-237g-qf46", "PYSEC-2024-58"], "duplicate_scanners": ["osv-scanner"], "duplicate_fingerprints": ["70dc6490e30d3f85f9f8aedc67abc45810aa222ebadf5da267ab3546060c75db", "c82909099fdf8b30d4fe926397ddd713258b3d827ab3696dac38e1a09d9d3b9c"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "livebench/code_runner/requirements_eval.txt"}, "region": {"startLine": 1}}}]}, {"ruleId": "PYSEC-2024-57", "level": "error", "message": {"text": "django: PYSEC-2024-57"}, "properties": {"repobilityId": 130604, "scanner": "osv-scanner", "fingerprint": "acb6e1258cf362016d49b399f637961bcb7c79be0676f73b20a7da85442459f8", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "Collapsed 1 duplicate scanner signal(s) for the same underlying issue.", "evidence": {"match": "", "aliases": ["BIT-django-2024-39329", "CVE-2024-39329", "GHSA-x7q2-wr7g-xqmf"], "package": "django", "rule_id": "PYSEC-2024-57", "scanner": "osv-scanner", "correlation_key": "vuln|django|CVE-2024-39329|token", "duplicate_count": 1, "duplicate_rule_ids": ["GHSA-x7q2-wr7g-xqmf", "PYSEC-2024-57"], "duplicate_scanners": ["osv-scanner"], "duplicate_fingerprints": ["3d41b7e613a8a8fdba2e7256968db7914ba0bdcfadffd6e0df613243ac3a51b1", "acb6e1258cf362016d49b399f637961bcb7c79be0676f73b20a7da85442459f8"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "livebench/code_runner/requirements_eval.txt"}, "region": {"startLine": 1}}}]}, {"ruleId": "PYSEC-2024-56", "level": "error", "message": {"text": "django: PYSEC-2024-56"}, "properties": {"repobilityId": 130603, "scanner": "osv-scanner", "fingerprint": "8ca4e5385ca648e0505313cdbe4dc067b14037889b9b5b6d8aadb8f22c5f290e", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "Collapsed 1 duplicate scanner signal(s) for the same underlying issue.", "evidence": {"match": "", "aliases": ["BIT-django-2024-38875", "CVE-2024-38875", "GHSA-qg2p-9jwr-mmqf"], "package": "django", "rule_id": "PYSEC-2024-56", "scanner": "osv-scanner", "correlation_key": "vuln|django|CVE-2024-38875|token", "duplicate_count": 1, "duplicate_rule_ids": ["GHSA-qg2p-9jwr-mmqf", "PYSEC-2024-56"], "duplicate_scanners": ["osv-scanner"], "duplicate_fingerprints": ["8ca4e5385ca648e0505313cdbe4dc067b14037889b9b5b6d8aadb8f22c5f290e", "a0277345f6efafa7ca9a2743ef2a7f6cd85f492be94b4c8c9e5b8a94dd727a75"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "livebench/code_runner/requirements_eval.txt"}, "region": {"startLine": 1}}}]}, {"ruleId": "PYSEC-2024-47", "level": "error", "message": {"text": "django: PYSEC-2024-47"}, "properties": {"repobilityId": 130602, "scanner": "osv-scanner", "fingerprint": "099e33c2e0bf2017f62aff7b700251a0eff383e5eae483070faa51d793069a36", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["BIT-django-2024-27351", "CVE-2024-27351", "GHSA-vm8q-m57g-pff3"], "package": "django", "rule_id": "PYSEC-2024-47", "scanner": "osv-scanner", "correlation_key": "vuln|django|CVE-2019-14232|token"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "livebench/code_runner/requirements_eval.txt"}, "region": {"startLine": 1}}}]}, {"ruleId": "PYSEC-2024-28", "level": "error", "message": {"text": "django: PYSEC-2024-28"}, "properties": {"repobilityId": 130601, "scanner": "osv-scanner", "fingerprint": "6e2829680fc12ca63b3907e76984e565e5f3bbe4a64bde47ef57cb1007944685", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "Collapsed 1 duplicate scanner signal(s) for the same underlying issue.", "evidence": {"match": "", "aliases": ["BIT-django-2024-24680", "CVE-2024-24680", "GHSA-xxj9-f6rv-m3x4"], "package": "django", "rule_id": "PYSEC-2024-28", "scanner": "osv-scanner", "correlation_key": "vuln|django|CVE-2024-24680|token", "duplicate_count": 1, "duplicate_rule_ids": ["GHSA-xxj9-f6rv-m3x4", "PYSEC-2024-28"], "duplicate_scanners": ["osv-scanner"], "duplicate_fingerprints": ["6e2829680fc12ca63b3907e76984e565e5f3bbe4a64bde47ef57cb1007944685", "d3859d9f7f2e6b818dde8535ed0f28e2f3a8518d61072bfd385ff1516e46ffaf"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "livebench/code_runner/requirements_eval.txt"}, "region": {"startLine": 1}}}]}, {"ruleId": "PYSEC-2024-157", "level": "error", "message": {"text": "django: PYSEC-2024-157"}, "properties": {"repobilityId": 130600, "scanner": "osv-scanner", "fingerprint": "3bd5303cd1fb4276d15d504522f07858e49fdef2cfa40f1ba223464a8dc38968", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "Collapsed 1 duplicate scanner signal(s) for the same underlying issue.", "evidence": {"match": "", "aliases": ["BIT-django-2024-53908", "CVE-2024-53908", "GHSA-m9g8-fxxm-xg86"], "package": "django", "rule_id": "PYSEC-2024-157", "scanner": "osv-scanner", "correlation_key": "vuln|django|CVE-2024-53908|token", "duplicate_count": 1, "duplicate_rule_ids": ["GHSA-m9g8-fxxm-xg86", "PYSEC-2024-157"], "duplicate_scanners": ["osv-scanner"], "duplicate_fingerprints": ["0ee483d9d2b1ebed81a97d404ede0e262d6130af736035e945de3d6735bab3cf", "3bd5303cd1fb4276d15d504522f07858e49fdef2cfa40f1ba223464a8dc38968"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "livebench/code_runner/requirements_eval.txt"}, "region": {"startLine": 1}}}]}, {"ruleId": "PYSEC-2024-156", "level": "error", "message": {"text": "django: PYSEC-2024-156"}, "properties": {"repobilityId": 130599, "scanner": "osv-scanner", "fingerprint": "a5a889849b020e8ac9f64fe408277d19b8ad112aab15cb19f97e8d216f6d666d", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "Collapsed 1 duplicate scanner signal(s) for the same underlying issue.", "evidence": {"match": "", "aliases": ["BIT-django-2024-53907", "CVE-2024-53907", "GHSA-8498-2h75-472j"], "package": "django", "rule_id": "PYSEC-2024-156", "scanner": "osv-scanner", "correlation_key": "vuln|django|CVE-2024-53907|token", "duplicate_count": 1, "duplicate_rule_ids": ["GHSA-8498-2h75-472j", "PYSEC-2024-156"], "duplicate_scanners": ["osv-scanner"], "duplicate_fingerprints": ["7ce557ba25f7a0739beb2a62509b2ac84afc1e50b91cb238b9323c3c839033f1", "a5a889849b020e8ac9f64fe408277d19b8ad112aab15cb19f97e8d216f6d666d"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "livebench/code_runner/requirements_eval.txt"}, "region": {"startLine": 1}}}]}, {"ruleId": "PYSEC-2024-102", "level": "error", "message": {"text": "django: PYSEC-2024-102"}, "properties": {"repobilityId": 130598, "scanner": "osv-scanner", "fingerprint": "d8db304ba5afc1a079d0cdfaaf2a7802050edfe5909ff1b5c41797bf1688ec53", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "Collapsed 1 duplicate scanner signal(s) for the same underlying issue.", "evidence": {"match": "", "aliases": ["BIT-django-2024-45230", "CVE-2024-45230", "GHSA-5hgc-2vfp-mqvc"], "package": "django", "rule_id": "PYSEC-2024-102", "scanner": "osv-scanner", "correlation_key": "vuln|django|CVE-2024-45230|token", "duplicate_count": 1, "duplicate_rule_ids": ["GHSA-5hgc-2vfp-mqvc", "PYSEC-2024-102"], "duplicate_scanners": ["osv-scanner"], "duplicate_fingerprints": ["d4b28c8d6563c31e06b20eb630e473eb5f2b70c54ee9daf98682662cd91058eb", "d8db304ba5afc1a079d0cdfaaf2a7802050edfe5909ff1b5c41797bf1688ec53"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "livebench/code_runner/requirements_eval.txt"}, "region": {"startLine": 1}}}]}, {"ruleId": "SEC013", "level": "error", "message": {"text": "[SEC013] Path Traversal \u2014 User Input in File Path: User-controlled input used in file path without sanitization. Allows reading arbitrary files."}, "properties": {"repobilityId": 130579, "scanner": "repobility-threat-engine", "fingerprint": "24234d6a306fc9056d951ac25f240ce71e973e714933295d4d6952bc097aa7c1", "category": "path_traversal", "severity": "high", "confidence": 0.8, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "User-controlled input detected in file path construction", "evidence": {"match": "open(input", "reason": "User-controlled input detected in file path construction", "rule_id": "SEC013", "scanner": "repobility-threat-engine", "confidence": 0.8, "correlation_key": "code|path_traversal|token|11|sec013"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "livebench/scripts/answer_csv_to_jsonl.py"}, "region": {"startLine": 11}}}]}, {"ruleId": "SEC013", "level": "error", "message": {"text": "[SEC013] Path Traversal \u2014 User Input in File Path: User-controlled input used in file path without sanitization. Allows reading arbitrary files."}, "properties": {"repobilityId": 130578, "scanner": "repobility-threat-engine", "fingerprint": "7ea258337a086bae1ad2579cba067af1bab22a49f335abbb3ef23eb5e2626f9d", "category": "path_traversal", "severity": "high", "confidence": 0.8, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "User-controlled input detected in file path construction", "evidence": {"match": "open(input", "reason": "User-controlled input detected in file path construction", "rule_id": "SEC013", "scanner": "repobility-threat-engine", "confidence": 0.8, "correlation_key": "code|path_traversal|token|191|sec013"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "livebench/if_runner/instruction_following_eval/evaluation_main.py"}, "region": {"startLine": 191}}}]}, {"ruleId": "SEC013", "level": "error", "message": {"text": "[SEC013] Path Traversal \u2014 User Input in File Path: User-controlled input used in file path without sanitization. Allows reading arbitrary files."}, "properties": {"repobilityId": 130577, "scanner": "repobility-threat-engine", "fingerprint": "610920a982d9790c1f2bf8c1ed5cbfb7fce85a2e8a8f161ac82d675390aa1671", "category": "path_traversal", "severity": "high", "confidence": 0.8, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "User-controlled input detected in file path construction", "evidence": {"match": "open(input", "reason": "User-controlled input detected in file path construction", "rule_id": "SEC013", "scanner": "repobility-threat-engine", "confidence": 0.8, "correlation_key": "code|path_traversal|token|45|sec013"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "livebench/if_runner/ifbench/evaluation_lib.py"}, "region": {"startLine": 45}}}]}, {"ruleId": "SEC085", "level": "error", "message": {"text": "[SEC085] JS: child_process.exec with non-literal: child_process.exec with user-derived input enables command injection. Ported from eslint-plugin-security detect-child-process (Apache-2.0)."}, "properties": {"repobilityId": 130574, "scanner": "repobility-threat-engine", "fingerprint": "0f979c39a5099a85dfba933ac3dedacc7ee298309713e71d18395ff8e10400cb", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "exec(compile", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC085", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|0f979c39a5099a85dfba933ac3dedacc7ee298309713e71d18395ff8e10400cb"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "livebench/code_runner/eval/__init__.py"}, "region": {"startLine": 158}}}]}, {"ruleId": "SEC128", "level": "error", "message": {"text": "[SEC128] Async function without await \u2014 fire-and-forget Promise (AI mistake): Async call invoked without `await` returns an unhandled Promise. The outer function resolves before the inner work completes \u2014 DB writes lost, emails not sent, race conditions. This is one of the top-3 errors AI coders make: they understand async-shape but drop the await keyword when chaining multiple ops. Surfaces as flaky tests or silently dropped data in production."}, "properties": {"repobilityId": 130571, "scanner": "repobility-threat-engine", "fingerprint": "d45dd3be94a30cba24eb2dbec0b5d1cee86ac38dba1a4a020672524e7f7e917f", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "pbar.update(1)", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC128", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|d45dd3be94a30cba24eb2dbec0b5d1cee86ac38dba1a4a020672524e7f7e917f"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "livebench/lcb_runner/evaluation/compute_code_generation_metrics.py"}, "region": {"startLine": 147}}}]}, {"ruleId": "SEC128", "level": "error", "message": {"text": "[SEC128] Async function without await \u2014 fire-and-forget Promise (AI mistake): Async call invoked without `await` returns an unhandled Promise. The outer function resolves before the inner work completes \u2014 DB writes lost, emails not sent, race conditions. This is one of the top-3 errors AI coders make: they understand async-shape but drop the await keyword when chaining multiple ops. Surfaces as flaky tests or silently dropped data in production."}, "properties": {"repobilityId": 130570, "scanner": "repobility-threat-engine", "fingerprint": "99d046fe275eb7a1ac4a63044184deadf30df9cc7cf11a9afb19e97812b8c201", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "new_module.__dict__.update({\n            '__builtins__': builtins,\n            '__file__': f", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC128", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|99d046fe275eb7a1ac4a63044184deadf30df9cc7cf11a9afb19e97812b8c201"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "livebench/code_runner/eval/__init__.py"}, "region": {"startLine": 137}}}]}, {"ruleId": "SEC128", "level": "error", "message": {"text": "[SEC128] Async function without await \u2014 fire-and-forget Promise (AI mistake): Async call invoked without `await` returns an unhandled Promise. The outer function resolves before the inner work completes \u2014 DB writes lost, emails not sent, race conditions. This is one of the top-3 errors AI coders make: they understand async-shape but drop the await keyword when chaining multiple ops. Surfaces as flaky tests or silently dropped data in production."}, "properties": {"repobilityId": 130569, "scanner": "repobility-threat-engine", "fingerprint": "d3765bfdbb82162e9a7a1458362dc391b31ff91abb88a43957ebce9e9e02b5ad", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "api_kwargs.update(model_api_kwargs)", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC128", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|d3765bfdbb82162e9a7a1458362dc391b31ff91abb88a43957ebce9e9e02b5ad"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "livebench/agentic_code_runner/minisweagent/run_inference.py"}, "region": {"startLine": 71}}}]}, {"ruleId": "MINED001", "level": "error", "message": {"text": "[MINED001] Bare Except Pass: except: pass or except Exception: pass \u2014 silently swallows everything including KeyboardInterrupt and bugs."}, "properties": {"repobilityId": 130567, "scanner": "repobility-threat-engine", "fingerprint": "47cb36550ee95c61db54c7072fc5a44860b2532773153cf18e9a5fd0ef445aab", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "bare-except-pass", "owasp": null, "cwe_ids": ["CWE-755"], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347744+00:00", "triaged_in_corpus": 15, "observations_count": 1550824, "ai_coder_pattern_id": 6}, "scanner": "repobility-threat-engine", "correlation_key": "fp|47cb36550ee95c61db54c7072fc5a44860b2532773153cf18e9a5fd0ef445aab"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "livebench/code_runner/eval/utils.py"}, "region": {"startLine": 143}}}]}, {"ruleId": "MINED001", "level": "error", "message": {"text": "[MINED001] Bare Except Pass: except: pass or except Exception: pass \u2014 silently swallows everything including KeyboardInterrupt and bugs."}, "properties": {"repobilityId": 130566, "scanner": "repobility-threat-engine", "fingerprint": "ae9c277dd3f0818bab16df4458d9d7fbcf0c16327fad1e0de4cf72e5e789bf93", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "bare-except-pass", "owasp": null, "cwe_ids": ["CWE-755"], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347744+00:00", "triaged_in_corpus": 15, "observations_count": 1550824, "ai_coder_pattern_id": 6}, "scanner": "repobility-threat-engine", "correlation_key": "fp|ae9c277dd3f0818bab16df4458d9d7fbcf0c16327fad1e0de4cf72e5e789bf93"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "livebench/agentic_code_runner/minisweagent/run/run_batch.py"}, "region": {"startLine": 192}}}]}, {"ruleId": "MINED001", "level": "error", "message": {"text": "[MINED001] Bare Except Pass: except: pass or except Exception: pass \u2014 silently swallows everything including KeyboardInterrupt and bugs."}, "properties": {"repobilityId": 130565, "scanner": "repobility-threat-engine", "fingerprint": "2d946e32119c532b61d228f685e4d2d0f966648f600f5802aded5234b65e3ea0", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "bare-except-pass", "owasp": null, "cwe_ids": ["CWE-755"], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347744+00:00", "triaged_in_corpus": 15, "observations_count": 1550824, "ai_coder_pattern_id": 6}, "scanner": "repobility-threat-engine", "correlation_key": "fp|2d946e32119c532b61d228f685e4d2d0f966648f600f5802aded5234b65e3ea0"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "livebench/agentic_code_runner/minisweagent/run/batch_progress.py"}, "region": {"startLine": 172}}}]}, {"ruleId": "MINED034", "level": "error", "message": {"text": "[MINED034] Python Subprocess Shell True: subprocess(..., shell=True) enables command injection."}, "properties": {"repobilityId": 130564, "scanner": "repobility-threat-engine", "fingerprint": "0a85e13173af8877f469e3ad01cfeb717d7742d6be67c6cb47a116867af7b3f1", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "python-subprocess-shell-true", "owasp": null, "cwe_ids": ["CWE-78"], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347977+00:00", "triaged_in_corpus": 15, "observations_count": 3478, "ai_coder_pattern_id": 118}, "scanner": "repobility-threat-engine", "correlation_key": "fp|0a85e13173af8877f469e3ad01cfeb717d7742d6be67c6cb47a116867af7b3f1"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "livebench/agentic_code_runner/minisweagent/environments/local.py"}, "region": {"startLine": 23}}}]}, {"ruleId": "MINED034", "level": "error", "message": {"text": "[MINED034] Python Subprocess Shell True: subprocess(..., shell=True) enables command injection."}, "properties": {"repobilityId": 130563, "scanner": "repobility-threat-engine", "fingerprint": "14c5535cd6a10d7a2c47cad5d7dc59a8021ef01b5f610ca05a8b56522a32e8b0", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "python-subprocess-shell-true", "owasp": null, "cwe_ids": ["CWE-78"], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347977+00:00", "triaged_in_corpus": 15, "observations_count": 3478, "ai_coder_pattern_id": 118}, "scanner": "repobility-threat-engine", "correlation_key": "fp|14c5535cd6a10d7a2c47cad5d7dc59a8021ef01b5f610ca05a8b56522a32e8b0"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "livebench/agentic_code_runner/minisweagent/environments/docker.py"}, "region": {"startLine": 106}}}]}, {"ruleId": "MINED006", "level": "error", "message": {"text": "[MINED006] Overcatch Baseexception: except BaseException: ... \u2014 prevents Ctrl+C and SystemExit from working."}, "properties": {"repobilityId": 130558, "scanner": "repobility-threat-engine", "fingerprint": "4905622bb17f5f67310a88508c0a3f317373b3c8b46198cdd403d8c6e735c31a", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "overcatch-baseexception", "owasp": null, "cwe_ids": ["CWE-705"], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347911+00:00", "triaged_in_corpus": 15, "observations_count": 230624, "ai_coder_pattern_id": 8}, "scanner": "repobility-threat-engine", "correlation_key": "fp|4905622bb17f5f67310a88508c0a3f317373b3c8b46198cdd403d8c6e735c31a"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "livebench/agentic_code_runner/minisweagent/run_inference.py"}, "region": {"startLine": 189}}}]}, {"ruleId": "MINED006", "level": "error", "message": {"text": "[MINED006] Overcatch Baseexception: except BaseException: ... \u2014 prevents Ctrl+C and SystemExit from working."}, "properties": {"repobilityId": 130557, "scanner": "repobility-threat-engine", "fingerprint": "35620d4ca1b51367bdc0bf5f34cb8ffa23840502bf25f9c16ab9e3c5d1417aa3", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "overcatch-baseexception", "owasp": null, "cwe_ids": ["CWE-705"], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347911+00:00", "triaged_in_corpus": 15, "observations_count": 230624, "ai_coder_pattern_id": 8}, "scanner": "repobility-threat-engine", "correlation_key": "fp|35620d4ca1b51367bdc0bf5f34cb8ffa23840502bf25f9c16ab9e3c5d1417aa3"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "livebench/agentic_code_runner/minisweagent/run/run_batch.py"}, "region": {"startLine": 209}}}]}, {"ruleId": "MINED006", "level": "error", "message": {"text": "[MINED006] Overcatch Baseexception: except BaseException: ... \u2014 prevents Ctrl+C and SystemExit from working."}, "properties": {"repobilityId": 130556, "scanner": "repobility-threat-engine", "fingerprint": "f843f1904fa1a00bc491e75c021b17e5ad13536a1ca836dcf4c81d3c20874bc4", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "overcatch-baseexception", "owasp": null, "cwe_ids": ["CWE-705"], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347911+00:00", "triaged_in_corpus": 15, "observations_count": 230624, "ai_coder_pattern_id": 8}, "scanner": "repobility-threat-engine", "correlation_key": "fp|f843f1904fa1a00bc491e75c021b17e5ad13536a1ca836dcf4c81d3c20874bc4"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "livebench/agentic_code_runner/minisweagent/agents/interactive.py"}, "region": {"startLine": 73}}}]}, {"ruleId": "SEC020", "level": "error", "message": {"text": "[SEC020] Secret Printed to Logs: Debug or diagnostic code appears to print a credential-bearing value. This is a frequent AI-assisted coding failure: the helper exposes the exact value needed for troubleshooting."}, "properties": {"repobilityId": 130552, "scanner": "repobility-threat-engine", "fingerprint": "a0ed6922cada9035b811a37cf96a864313f8386032e7c18eb53bacc65cf0eafb", "category": "credential_exposure", "severity": "high", "confidence": 0.85, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Credential-bearing variable appears to be printed or logged", "evidence": {"match": "print(f\"Total output tokens: {total_output_tokens}\")", "reason": "Credential-bearing variable appears to be printed or logged", "rule_id": "SEC020", "scanner": "repobility-threat-engine", "confidence": 0.85, "correlation_key": "secret|token|7|print f total output tokens: total_output_tokens"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "livebench/scripts/rerun_failed_questions.py"}, "region": {"startLine": 73}}}]}, {"ruleId": "MINED009", "level": "error", "message": {"text": "[MINED009] Floats For Money: Variable named price/amount/cost typed as float instead of Decimal."}, "properties": {"repobilityId": 130551, "scanner": "repobility-threat-engine", "fingerprint": "0c940de2b7379108f682cf32393546429cd4c8704af6aeb529a0fad5e71d14fd", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "floats-for-money", "owasp": null, "cwe_ids": ["CWE-682"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347918+00:00", "triaged_in_corpus": 15, "observations_count": 208571, "ai_coder_pattern_id": 20}, "scanner": "repobility-threat-engine", "correlation_key": "fp|0c940de2b7379108f682cf32393546429cd4c8704af6aeb529a0fad5e71d14fd"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "livebench/agentic_code_runner/minisweagent/models/__init__.py"}, "region": {"startLine": 25}}}]}, {"ruleId": "MINED009", "level": "error", "message": {"text": "[MINED009] Floats For Money: Variable named price/amount/cost typed as float instead of Decimal."}, "properties": {"repobilityId": 130550, "scanner": "repobility-threat-engine", "fingerprint": "c85a61636f8769c0a1cb51f14397c4caa2fd61b2014071a9c57cec3b8b91a993", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "floats-for-money", "owasp": null, "cwe_ids": ["CWE-682"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347918+00:00", "triaged_in_corpus": 15, "observations_count": 208571, "ai_coder_pattern_id": 20}, "scanner": "repobility-threat-engine", "correlation_key": "fp|c85a61636f8769c0a1cb51f14397c4caa2fd61b2014071a9c57cec3b8b91a993"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "livebench/agentic_code_runner/minisweagent/__init__.py"}, "region": {"startLine": 45}}}]}, {"ruleId": "MINED012", "level": "error", "message": {"text": "[MINED012] Curl Pipe Bash: curl ... | sh / bash \u2014 runs unverified network code."}, "properties": {"repobilityId": 130549, "scanner": "repobility-threat-engine", "fingerprint": "98f58b76af6ae0e6f0ec3b1e3d57497e2f3cc3122e3eb93111ff0da6130b1ad5", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "curl-pipe-bash", "owasp": "A08:2021", "cwe_ids": ["CWE-494"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347926+00:00", "triaged_in_corpus": 15, "observations_count": 135001, "ai_coder_pattern_id": 25}, "scanner": "repobility-threat-engine", "correlation_key": "fp|98f58b76af6ae0e6f0ec3b1e3d57497e2f3cc3122e3eb93111ff0da6130b1ad5"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "livebench/agentic_code_runner/eval/harness/repos/typescript/ant_design/ant_design.py"}, "region": {"startLine": 52}}}]}, {"ruleId": "MINED012", "level": "error", "message": {"text": "[MINED012] Curl Pipe Bash: curl ... | sh / bash \u2014 runs unverified network code."}, "properties": {"repobilityId": 130548, "scanner": "repobility-threat-engine", "fingerprint": "60e38fa309c70ddde716992c1ab14e96bcfa26f1985f99afbc5a82b94d1e3a0c", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "curl-pipe-bash", "owasp": "A08:2021", "cwe_ids": ["CWE-494"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347926+00:00", "triaged_in_corpus": 15, "observations_count": 135001, "ai_coder_pattern_id": 25}, "scanner": "repobility-threat-engine", "correlation_key": "fp|60e38fa309c70ddde716992c1ab14e96bcfa26f1985f99afbc5a82b94d1e3a0c"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "livebench/agentic_code_runner/eval/harness/repos/javascript/sveltejs/svelte.py"}, "region": {"startLine": 51}}}]}, {"ruleId": "MINED012", "level": "error", "message": {"text": "[MINED012] Curl Pipe Bash: curl ... | sh / bash \u2014 runs unverified network code."}, "properties": {"repobilityId": 130547, "scanner": "repobility-threat-engine", "fingerprint": "2f1a4a077021833971f3155f57bf4f2a2d67f58c60cf9fc8533fa9d7ca714dbf", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "curl-pipe-bash", "owasp": "A08:2021", "cwe_ids": ["CWE-494"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347926+00:00", "triaged_in_corpus": 15, "observations_count": 135001, "ai_coder_pattern_id": 25}, "scanner": "repobility-threat-engine", "correlation_key": "fp|2f1a4a077021833971f3155f57bf4f2a2d67f58c60cf9fc8533fa9d7ca714dbf"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "livebench/agentic_code_runner/eval/harness/repos/javascript/axios/axios.py"}, "region": {"startLine": 59}}}]}, {"ruleId": "SEC103", "level": "error", "message": {"text": "[SEC103] LDAP injection \u2014 non-constant search filter: User input concatenated into an LDAP search filter. Attackers inject `*)(uid=*` style payloads to bypass auth or enumerate accounts."}, "properties": {"repobilityId": 130542, "scanner": "repobility-threat-engine", "fingerprint": "cf4c7c9f8d3d048804a4fbe9d448cfe4091883d205adaf5dc61b8ffccd0b0382", "category": "injection", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": ".search(r'\\(\\s*(-?\\d+)", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC103", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "code|injection|token|28|sec103"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "livebench/process_results/reasoning/logic_with_navigation/utils.py"}, "region": {"startLine": 28}}}]}, {"ruleId": "SEC103", "level": "error", "message": {"text": "[SEC103] LDAP injection \u2014 non-constant search filter: User input concatenated into an LDAP search filter. Attackers inject `*)(uid=*` style payloads to bypass auth or enumerate accounts."}, "properties": {"repobilityId": 130541, "scanner": "repobility-threat-engine", "fingerprint": "8ed409bf810148e7fac6be5ae03919f97565e62f18491637b693a1452a56471c", "category": "injection", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": ".search(r\"Total:\\s*(\\d+)", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC103", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "code|injection|token|423|sec103"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "livebench/agentic_code_runner/eval/harness/repos/c/mruby/mruby.py"}, "region": {"startLine": 423}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "Phantom test coverage: test_patch_run"}, "properties": {"repobilityId": 130511, "scanner": "repobility-ast-engine", "fingerprint": "79211381ab0250e7b2705b1c3de78934b69f03368bd8acf50d006f6d6a875ea8", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|79211381ab0250e7b2705b1c3de78934b69f03368bd8acf50d006f6d6a875ea8"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "livebench/agentic_code_runner/eval/harness/repos/rust/BurntSushi/ripgrep.py"}, "region": {"startLine": 219}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "Phantom test coverage: test_patch_run"}, "properties": {"repobilityId": 130510, "scanner": "repobility-ast-engine", "fingerprint": "cd053d606b2933ec8ebd2a55957722751c2d4158712f57c4ce2f47dc4adee007", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|cd053d606b2933ec8ebd2a55957722751c2d4158712f57c4ce2f47dc4adee007"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "livebench/agentic_code_runner/eval/harness/repos/rust/nushell/nushell.py"}, "region": {"startLine": 219}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "Phantom test coverage: test_patch_run"}, "properties": {"repobilityId": 130509, "scanner": "repobility-ast-engine", "fingerprint": "15d4ad70fcc133184d3ae5f7de4623d02320b0693017c0307a743fae39a7711c", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|15d4ad70fcc133184d3ae5f7de4623d02320b0693017c0307a743fae39a7711c"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "livebench/agentic_code_runner/eval/harness/repos/rust/alacritty/alacritty.py"}, "region": {"startLine": 221}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "Phantom test coverage: test_patch_run"}, "properties": {"repobilityId": 130508, "scanner": "repobility-ast-engine", "fingerprint": "dcf7f493fdf3d6c2204d7f69e0183dbce02fa9af954688f7ae5c684ffbde6a37", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|dcf7f493fdf3d6c2204d7f69e0183dbce02fa9af954688f7ae5c684ffbde6a37"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "livebench/agentic_code_runner/eval/harness/repos/rust/clap_rs/clap.py"}, "region": {"startLine": 219}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "Phantom test coverage: test_patch_run"}, "properties": {"repobilityId": 130507, "scanner": "repobility-ast-engine", "fingerprint": "d669d0c553d97632556a82510983449c73f79a2f72f892523b5a344108984684", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|d669d0c553d97632556a82510983449c73f79a2f72f892523b5a344108984684"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "livebench/agentic_code_runner/eval/harness/repos/rust/rusqlite/rusqlite.py"}, "region": {"startLine": 219}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "Phantom test coverage: test_patch_run"}, "properties": {"repobilityId": 130506, "scanner": "repobility-ast-engine", "fingerprint": "082ccecac71176b2e91b5fbad1b18009d78da16474d1cbd9fcdda5086466ab7c", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|082ccecac71176b2e91b5fbad1b18009d78da16474d1cbd9fcdda5086466ab7c"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "livebench/agentic_code_runner/eval/harness/repos/rust/rust_lang/mdBook.py"}, "region": {"startLine": 219}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "Phantom test coverage: test_patch_run"}, "properties": {"repobilityId": 130505, "scanner": "repobility-ast-engine", "fingerprint": "f7aa1d06e90fafdd89fe3d6259a5b0cc298fdec913b3419ccd07d088ff0c927b", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|f7aa1d06e90fafdd89fe3d6259a5b0cc298fdec913b3419ccd07d088ff0c927b"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "livebench/agentic_code_runner/eval/harness/repos/rust/fish_shell/fish_shell.py"}, "region": {"startLine": 221}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "Phantom test coverage: test_patch_run"}, "properties": {"repobilityId": 130504, "scanner": "repobility-ast-engine", "fingerprint": "968c1549716c1d3dd6846a8908845715c409f6eeeacd9152d5dd8b2af0c45912", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|968c1549716c1d3dd6846a8908845715c409f6eeeacd9152d5dd8b2af0c45912"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "livebench/agentic_code_runner/eval/harness/repos/rust/rayon_rs/rayon.py"}, "region": {"startLine": 219}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "Phantom test coverage: test_patch_run"}, "properties": {"repobilityId": 130503, "scanner": "repobility-ast-engine", "fingerprint": "9009bbfacf4b7996e7f14acea29d11d8815c72e34b47bc722ce696f78c15b785", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|9009bbfacf4b7996e7f14acea29d11d8815c72e34b47bc722ce696f78c15b785"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "livebench/agentic_code_runner/eval/harness/repos/rust/serde_rs/serde.py"}, "region": {"startLine": 219}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "Phantom test coverage: test_patch_run"}, "properties": {"repobilityId": 130502, "scanner": "repobility-ast-engine", "fingerprint": "f7fc74e64e6796b5dac72ee944d1c1556e6f0df135f4e430ec70e541a9f4485f", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|f7fc74e64e6796b5dac72ee944d1c1556e6f0df135f4e430ec70e541a9f4485f"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "livebench/agentic_code_runner/eval/harness/repos/rust/tokio_rs/tokio.py"}, "region": {"startLine": 219}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "Phantom test coverage: test_patch_run"}, "properties": {"repobilityId": 130501, "scanner": "repobility-ast-engine", "fingerprint": "7f5f1445968f8c4d2ede14e3377a75d9ced7c55a148f8dfae3b91fc4790c55d7", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|7f5f1445968f8c4d2ede14e3377a75d9ced7c55a148f8dfae3b91fc4790c55d7"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "livebench/agentic_code_runner/eval/harness/repos/rust/tokio_rs/bytes.py"}, "region": {"startLine": 219}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "Phantom test coverage: test_patch_run"}, "properties": {"repobilityId": 130500, "scanner": "repobility-ast-engine", "fingerprint": "0dcb8f78a899a31119980fc4f6bc7615cf60b6408f8b4570d91cc2cbf06956f2", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|0dcb8f78a899a31119980fc4f6bc7615cf60b6408f8b4570d91cc2cbf06956f2"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "livebench/agentic_code_runner/eval/harness/repos/rust/tokio_rs/tracing.py"}, "region": {"startLine": 219}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "Phantom test coverage: test_patch_run"}, "properties": {"repobilityId": 130499, "scanner": "repobility-ast-engine", "fingerprint": "1d197182a0e6fbaa61a8987740d7924bb149a950f7717d69986dba16b042ae18", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|1d197182a0e6fbaa61a8987740d7924bb149a950f7717d69986dba16b042ae18"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "livebench/agentic_code_runner/eval/harness/repos/c/php/phpsrc.py"}, "region": {"startLine": 229}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "Phantom test coverage: test_patch_run"}, "properties": {"repobilityId": 130498, "scanner": "repobility-ast-engine", "fingerprint": "71b963bdb211f56ad158c341519ce539b9de5a43f259769f0ed0105bf053b6ab", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|71b963bdb211f56ad158c341519ce539b9de5a43f259769f0ed0105bf053b6ab"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "livebench/agentic_code_runner/eval/harness/repos/c/mruby/mruby.py"}, "region": {"startLine": 368}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "Phantom test coverage: test_patch_run"}, "properties": {"repobilityId": 130497, "scanner": "repobility-ast-engine", "fingerprint": "f3a743bf30350c01d9ccdb75aecd74b1e6618080787aab463000e67bfd05d2d8", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|f3a743bf30350c01d9ccdb75aecd74b1e6618080787aab463000e67bfd05d2d8"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "livebench/agentic_code_runner/eval/harness/repos/c/facebook/zstd.py"}, "region": {"startLine": 230}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "Phantom test coverage: test_patch_run"}, "properties": {"repobilityId": 130496, "scanner": "repobility-ast-engine", "fingerprint": "ea6bc9a069ffc534e0edb660e5ba089efdca3746ba8fc84adf7ca7726cda5a7b", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|ea6bc9a069ffc534e0edb660e5ba089efdca3746ba8fc84adf7ca7726cda5a7b"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "livebench/agentic_code_runner/eval/harness/repos/c/jqlang/jq.py"}, "region": {"startLine": 237}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "Phantom test coverage: test_patch_run"}, "properties": {"repobilityId": 130495, "scanner": "repobility-ast-engine", "fingerprint": "24029fc9f6e58993830d59bac3eff9abdd6ba1abf5f69b78efe68c7b722728f3", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|24029fc9f6e58993830d59bac3eff9abdd6ba1abf5f69b78efe68c7b722728f3"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "livebench/agentic_code_runner/eval/harness/repos/c/libsdlorg/SDL.py"}, "region": {"startLine": 229}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "Phantom test coverage: test_patch_run"}, "properties": {"repobilityId": 130494, "scanner": "repobility-ast-engine", "fingerprint": "0ddaacb1e0027e1e8b46f7abe8b0c68f47555140ad34ab40f94dce8aeb4f5fc0", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|0ddaacb1e0027e1e8b46f7abe8b0c68f47555140ad34ab40f94dce8aeb4f5fc0"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "livebench/agentic_code_runner/eval/harness/repos/c/redis/redis.py"}, "region": {"startLine": 226}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "Phantom test coverage: test_patch_run"}, "properties": {"repobilityId": 130493, "scanner": "repobility-ast-engine", "fingerprint": "07189a269d8b0ce6eaf4033d198512f7db9f7116b6fd55b2f1168c8e13e48c64", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|07189a269d8b0ce6eaf4033d198512f7db9f7116b6fd55b2f1168c8e13e48c64"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "livebench/agentic_code_runner/eval/harness/repos/c/OpenMathLib/OpenBLAS.py"}, "region": {"startLine": 229}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "Phantom test coverage: test_patch_run"}, "properties": {"repobilityId": 130492, "scanner": "repobility-ast-engine", "fingerprint": "c398d006939e57d7dfd07a698c9f47873c8bb176d8c44fd59a2e1e865fb3e653", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|c398d006939e57d7dfd07a698c9f47873c8bb176d8c44fd59a2e1e865fb3e653"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "livebench/agentic_code_runner/eval/harness/repos/c/valkey_io/valkey.py"}, "region": {"startLine": 227}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "Phantom test coverage: test_patch_run"}, "properties": {"repobilityId": 130491, "scanner": "repobility-ast-engine", "fingerprint": "84f41640a7249ba4bbdbab52ae8327d80611616d4bdf50edfd1fd598c71adbf2", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|84f41640a7249ba4bbdbab52ae8327d80611616d4bdf50edfd1fd598c71adbf2"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "livebench/agentic_code_runner/eval/harness/repos/c/fluent/fluentbit.py"}, "region": {"startLine": 282}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "Phantom test coverage: test_patch_run"}, "properties": {"repobilityId": 130490, "scanner": "repobility-ast-engine", "fingerprint": "0e85d5c1ce969a662c2662d9814964310ea2814315e96afaf343f6c8036c3298", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|0e85d5c1ce969a662c2662d9814964310ea2814315e96afaf343f6c8036c3298"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "livebench/agentic_code_runner/eval/harness/repos/c/libgit2/libgit2.py"}, "region": {"startLine": 402}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "Phantom test coverage: test_patch_run"}, "properties": {"repobilityId": 130489, "scanner": "repobility-ast-engine", "fingerprint": "af64ed0ff03b138246db1b0b760233047228b4191117cf0c06c3ee0277fb6c4d", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|af64ed0ff03b138246db1b0b760233047228b4191117cf0c06c3ee0277fb6c4d"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "livebench/agentic_code_runner/eval/harness/repos/c/ponylang/ponyc.py"}, "region": {"startLine": 592}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "Phantom test coverage: test_patch_run_log"}, "properties": {"repobilityId": 130487, "scanner": "repobility-ast-engine", "fingerprint": "6de594806a4929c8fcc658df9825086937afdc2a4f19c61ff4a0e69b9ba00530", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|6de594806a4929c8fcc658df9825086937afdc2a4f19c61ff4a0e69b9ba00530"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "livebench/agentic_code_runner/eval/harness/report.py"}, "region": {"startLine": 216}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "Phantom test coverage: test_patch_run"}, "properties": {"repobilityId": 130486, "scanner": "repobility-ast-engine", "fingerprint": "54e8806bf1eb8158e41303e708b308558ac397800781820db61ef471312c359a", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|54e8806bf1eb8158e41303e708b308558ac397800781820db61ef471312c359a"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "livebench/agentic_code_runner/eval/harness/instance.py"}, "region": {"startLine": 56}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self.ask_confirmation` used but never assigned in __init__"}, "properties": {"repobilityId": 130485, "scanner": "repobility-ast-engine", "fingerprint": "018b0b54601ab80dd3a3dea7f40dbcf1b3595d0a0ea7e57037105a205b5876b6", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|018b0b54601ab80dd3a3dea7f40dbcf1b3595d0a0ea7e57037105a205b5876b6"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "livebench/agentic_code_runner/minisweagent/agents/interactive.py"}, "region": {"startLine": 87}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self.should_ask_confirmation` used but never assigned in __init__"}, "properties": {"repobilityId": 130484, "scanner": "repobility-ast-engine", "fingerprint": "1089797b8c3d2344bce056df1f7973276b2901e78105eead5220dc92a538a086", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|1089797b8c3d2344bce056df1f7973276b2901e78105eead5220dc92a538a086"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "livebench/agentic_code_runner/minisweagent/agents/interactive.py"}, "region": {"startLine": 86}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self._prompt_and_handle_special` used but never assigned in __init__"}, "properties": {"repobilityId": 130483, "scanner": "repobility-ast-engine", "fingerprint": "d9e91e081018f249b24cce7a8874ed52dad024cbcb0cad1da4b847a802b9db79", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|d9e91e081018f249b24cce7a8874ed52dad024cbcb0cad1da4b847a802b9db79"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "livebench/agentic_code_runner/minisweagent/agents/interactive.py"}, "region": {"startLine": 75}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self.add_message` used but never assigned in __init__"}, "properties": {"repobilityId": 130482, "scanner": "repobility-ast-engine", "fingerprint": "acdcc155372dd9de4b189ee36e7f4a2d9501a8ba2417231708b792c4a7774ba1", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|acdcc155372dd9de4b189ee36e7f4a2d9501a8ba2417231708b792c4a7774ba1"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "livebench/agentic_code_runner/minisweagent/agents/interactive.py"}, "region": {"startLine": 63}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self._prompt_and_handle_special` used but never assigned in __init__"}, "properties": {"repobilityId": 130481, "scanner": "repobility-ast-engine", "fingerprint": "174ae37b0031a47c7104d37cbd85d437c4ce81f0dbae55de5b6a381ca34f64a6", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|174ae37b0031a47c7104d37cbd85d437c4ce81f0dbae55de5b6a381ca34f64a6"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "livebench/agentic_code_runner/minisweagent/agents/interactive.py"}, "region": {"startLine": 58}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self.config` used but never assigned in __init__"}, "properties": {"repobilityId": 130480, "scanner": "repobility-ast-engine", "fingerprint": "d1af88bddb77e897ea5ab0036b25624738053be70dfff7fdd3d6ad4fe8d62f7f", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|d1af88bddb77e897ea5ab0036b25624738053be70dfff7fdd3d6ad4fe8d62f7f"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "livebench/agentic_code_runner/minisweagent/agents/interactive.py"}, "region": {"startLine": 57}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self.model` used but never assigned in __init__"}, "properties": {"repobilityId": 130479, "scanner": "repobility-ast-engine", "fingerprint": "b69f7e1159e62d811463b4aa5c55a526354a033ae29f666d2e04f9204b6faa55", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|b69f7e1159e62d811463b4aa5c55a526354a033ae29f666d2e04f9204b6faa55"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "livebench/agentic_code_runner/minisweagent/agents/interactive.py"}, "region": {"startLine": 47}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self.model` used but never assigned in __init__"}, "properties": {"repobilityId": 130478, "scanner": "repobility-ast-engine", "fingerprint": "932aeac99747e8ca1793fbf83cdd074a99c3c060c4090cc014cb32ae8197db93", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|932aeac99747e8ca1793fbf83cdd074a99c3c060c4090cc014cb32ae8197db93"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "livebench/agentic_code_runner/minisweagent/agents/replay.py"}, "region": {"startLine": 62}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self.model` used but never assigned in __init__"}, "properties": {"repobilityId": 130477, "scanner": "repobility-ast-engine", "fingerprint": "9db16cabd8f8318ce2c1b2e2d65ac4b0d4cc6a90a40669b94c95906146f479f6", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|9db16cabd8f8318ce2c1b2e2d65ac4b0d4cc6a90a40669b94c95906146f479f6"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "livebench/agentic_code_runner/minisweagent/agents/replay.py"}, "region": {"startLine": 79}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self.add_message` used but never assigned in __init__"}, "properties": {"repobilityId": 130476, "scanner": "repobility-ast-engine", "fingerprint": "a6af0f107f8b1d76155cb34ff6cff3b47c9ceb313c72c06eb1ddc2114b01bf8f", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|a6af0f107f8b1d76155cb34ff6cff3b47c9ceb313c72c06eb1ddc2114b01bf8f"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "livebench/agentic_code_runner/minisweagent/agents/replay.py"}, "region": {"startLine": 78}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self._get_overview_data` used but never assigned in __init__"}, "properties": {"repobilityId": 130475, "scanner": "repobility-ast-engine", "fingerprint": "54933db1f7e24596d4fe40789c3ff22e458a1b2502a36a6e6c076130586d926a", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|54933db1f7e24596d4fe40789c3ff22e458a1b2502a36a6e6c076130586d926a"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "livebench/agentic_code_runner/minisweagent/run/batch_progress.py"}, "region": {"startLine": 200}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self.on_instance_end` used but never assigned in __init__"}, "properties": {"repobilityId": 130474, "scanner": "repobility-ast-engine", "fingerprint": "de3a980c43899c95f2bd815686efd54761ca467aa6480fbe79000e47da83f398", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|de3a980c43899c95f2bd815686efd54761ca467aa6480fbe79000e47da83f398"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "livebench/agentic_code_runner/minisweagent/run/batch_progress.py"}, "region": {"startLine": 181}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self._get_eta_text` used but never assigned in __init__"}, "properties": {"repobilityId": 130473, "scanner": "repobility-ast-engine", "fingerprint": "36395a2e95ef8b42b7ac060789824aa0c613b3592abad904b2175920ea8654ec", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|36395a2e95ef8b42b7ac060789824aa0c613b3592abad904b2175920ea8654ec"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "livebench/agentic_code_runner/minisweagent/run/batch_progress.py"}, "region": {"startLine": 174}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self._save_overview_data_yaml` used but never assigned in __init__"}, "properties": {"repobilityId": 130472, "scanner": "repobility-ast-engine", "fingerprint": "d46bb2db5337911548d6027d2f51fa131847d855eb7465358fae13b5136a798c", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|d46bb2db5337911548d6027d2f51fa131847d855eb7465358fae13b5136a798c"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "livebench/agentic_code_runner/minisweagent/run/batch_progress.py"}, "region": {"startLine": 178}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self._update_total_costs` used but never assigned in __init__"}, "properties": {"repobilityId": 130471, "scanner": "repobility-ast-engine", "fingerprint": "27b6a880351722bc0671fa76e2fc3bc9a9b9eb33d713d95bc40cec4596bbbb42", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|27b6a880351722bc0671fa76e2fc3bc9a9b9eb33d713d95bc40cec4596bbbb42"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "livebench/agentic_code_runner/minisweagent/run/batch_progress.py"}, "region": {"startLine": 176}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self.update_exit_status_table` used but never assigned in __init__"}, "properties": {"repobilityId": 130470, "scanner": "repobility-ast-engine", "fingerprint": "a13e658bc875d6ef1d1c7ac3948253cad2706b0aebbdf3a0fdb134ce25702680", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|a13e658bc875d6ef1d1c7ac3948253cad2706b0aebbdf3a0fdb134ce25702680"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "livebench/agentic_code_runner/minisweagent/run/batch_progress.py"}, "region": {"startLine": 175}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self._update_total_costs` used but never assigned in __init__"}, "properties": {"repobilityId": 130469, "scanner": "repobility-ast-engine", "fingerprint": "5f88098ba838d47510d52b6d750915eff11f95d1fddf72e895bc58e3bbb7045e", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|5f88098ba838d47510d52b6d750915eff11f95d1fddf72e895bc58e3bbb7045e"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "livebench/agentic_code_runner/minisweagent/run/batch_progress.py"}, "region": {"startLine": 155}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self._get_eta_text` used but never assigned in __init__"}, "properties": {"repobilityId": 130468, "scanner": "repobility-ast-engine", "fingerprint": "c985b17fc77b436dc45d6528bf1d872bc6bf40b79ebd265fd8c423d2a1c1d324", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|c985b17fc77b436dc45d6528bf1d872bc6bf40b79ebd265fd8c423d2a1c1d324"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "livebench/agentic_code_runner/minisweagent/run/batch_progress.py"}, "region": {"startLine": 140}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self.n_completed` used but never assigned in __init__"}, "properties": {"repobilityId": 130467, "scanner": "repobility-ast-engine", "fingerprint": "b0a76b4d24e961699a0aeced364a7001396e070378bd23740686a59d2200bbfa", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|b0a76b4d24e961699a0aeced364a7001396e070378bd23740686a59d2200bbfa"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "livebench/agentic_code_runner/minisweagent/run/batch_progress.py"}, "region": {"startLine": 111}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self.model` used but never assigned in __init__"}, "properties": {"repobilityId": 130466, "scanner": "repobility-ast-engine", "fingerprint": "60ab1f6651dcca39ba2244c06d67a0eedbe2c0f8214aa00742fe36226ad3fb24", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|60ab1f6651dcca39ba2244c06d67a0eedbe2c0f8214aa00742fe36226ad3fb24"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "livebench/agentic_code_runner/minisweagent/run/run_batch.py"}, "region": {"startLine": 48}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self.cleanup` used but never assigned in __init__"}, "properties": {"repobilityId": 130465, "scanner": "repobility-ast-engine", "fingerprint": "cd27a4654eea762308e2e5f7069b6f0ece1dac372b95e5dbe530e1257a6c25d0", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|cd27a4654eea762308e2e5f7069b6f0ece1dac372b95e5dbe530e1257a6c25d0"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "livebench/agentic_code_runner/minisweagent/environments/docker.py"}, "region": {"startLine": 110}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self.pid` used but never assigned in __init__"}, "properties": {"repobilityId": 130462, "scanner": "repobility-ast-engine", "fingerprint": "766fe67c9b6a16aa60b2530911b39c3cd3288c1d8321a9c3d23f434e0f3b5fb9", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|766fe67c9b6a16aa60b2530911b39c3cd3288c1d8321a9c3d23f434e0f3b5fb9"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "livebench/code_runner/eval/utils.py"}, "region": {"startLine": 195}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self.pid` used but never assigned in __init__"}, "properties": {"repobilityId": 130461, "scanner": "repobility-ast-engine", "fingerprint": "3f756dc19daa7ad5c5b8c4d2c650c53d543f0b0412c9830710293bf9c2236828", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|3f756dc19daa7ad5c5b8c4d2c650c53d543f0b0412c9830710293bf9c2236828"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "livebench/code_runner/eval/utils.py"}, "region": {"startLine": 196}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self.pid` used but never assigned in __init__"}, "properties": {"repobilityId": 130460, "scanner": "repobility-ast-engine", "fingerprint": "909d81edbb5ea5e867dfa3ea970caf4741809a3418854d970a8a8a77aa8bf4ba", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|909d81edbb5ea5e867dfa3ea970caf4741809a3418854d970a8a8a77aa8bf4ba"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "livebench/code_runner/eval/utils.py"}, "region": {"startLine": 191}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self.pid` used but never assigned in __init__"}, "properties": {"repobilityId": 130459, "scanner": "repobility-ast-engine", "fingerprint": "20a659753c2762dcd52492720abd7dbce1ff2afa9892e8565f772f54b19cd2c4", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|20a659753c2762dcd52492720abd7dbce1ff2afa9892e8565f772f54b19cd2c4"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "livebench/code_runner/eval/utils.py"}, "region": {"startLine": 192}}}]}, {"ruleId": "GHSA-gw97-ff7c-9v96", "level": "error", "message": {"text": "tensorflow: GHSA-gw97-ff7c-9v96"}, "properties": {"repobilityId": 130706, "scanner": "osv-scanner", "fingerprint": "0f595dd2e7947c4c5de867d29c9b02ff8f86148ea6b1ceae6af6d70d1340fcb2", "category": "dependency", "severity": "critical", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["BIT-tensorflow-2023-25668", "CVE-2023-25668"], "package": "tensorflow", "rule_id": "GHSA-gw97-ff7c-9v96", "scanner": "osv-scanner", "correlation_key": "vuln|tensorflow|CVE-2023-25668|token"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "livebench/code_runner/requirements_eval.txt"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-7p94-766c-hgjp", "level": "error", "message": {"text": "nltk: GHSA-7p94-766c-hgjp"}, "properties": {"repobilityId": 130674, "scanner": "osv-scanner", "fingerprint": "c43b8f1b4accdffd10c94469e5f026e440161b16ca402e4ef0d6d339a3369203", "category": "dependency", "severity": "critical", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "Collapsed 1 duplicate scanner signal(s) for the same underlying issue.", "evidence": {"match": "", "aliases": ["CVE-2025-14009", "PYSEC-2026-96"], "package": "nltk", "rule_id": "GHSA-7p94-766c-hgjp", "scanner": "osv-scanner", "correlation_key": "vuln|nltk|CVE-2025-14009|token", "duplicate_count": 1, "duplicate_rule_ids": ["GHSA-7p94-766c-hgjp", "PYSEC-2026-96"], "duplicate_scanners": ["osv-scanner"], "duplicate_fingerprints": ["492fa3e9f454b1bc15e048e14e09df4e87af6740f74380b75e45310a972535a9", "c43b8f1b4accdffd10c94469e5f026e440161b16ca402e4ef0d6d339a3369203"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "livebench/code_runner/requirements_eval.txt"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-x4wf-678h-2pmq", "level": "error", "message": {"text": "keras: GHSA-x4wf-678h-2pmq"}, "properties": {"repobilityId": 130671, "scanner": "osv-scanner", "fingerprint": "05f5e994acc8ce98114ab36a78e78ba7f5ba89e0bdbbc3779e64586432233293", "category": "dependency", "severity": "critical", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2024-3660"], "package": "keras", "rule_id": "GHSA-x4wf-678h-2pmq", "scanner": "osv-scanner", "correlation_key": "vuln|keras|CVE-2024-3660|token"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "livebench/code_runner/requirements_eval.txt"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-frmv-pr5f-9mcr", "level": "error", "message": {"text": "django: GHSA-frmv-pr5f-9mcr"}, "properties": {"repobilityId": 130616, "scanner": "osv-scanner", "fingerprint": "0195c4327563b2257396f88a30a792395652e1504403c3d4161972f2b00fe9b4", "category": "dependency", "severity": "critical", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "Collapsed 1 duplicate scanner signal(s) for the same underlying issue.", "evidence": {"match": "", "aliases": ["BIT-django-2025-64459", "CVE-2025-64459", "PYSEC-2025-108"], "package": "django", "rule_id": "GHSA-frmv-pr5f-9mcr", "scanner": "osv-scanner", "correlation_key": "vuln|django|CVE-2025-64459|token", "duplicate_count": 1, "duplicate_rule_ids": ["GHSA-frmv-pr5f-9mcr", "PYSEC-2025-108"], "duplicate_scanners": ["osv-scanner"], "duplicate_fingerprints": ["0195c4327563b2257396f88a30a792395652e1504403c3d4161972f2b00fe9b4", "ce751b8d541052cd3dedc37645aef3cfb2bc1c2ec8b447b38b501752b43226a5"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "livebench/code_runner/requirements_eval.txt"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-pv4p-cwwg-4rph", "level": "error", "message": {"text": "django: GHSA-pv4p-cwwg-4rph"}, "properties": {"repobilityId": 130610, "scanner": "osv-scanner", "fingerprint": "f13655fdd2a866977b659890218982491db02e3f9d02539a3caf6cc140977cf0", "category": "dependency", "severity": "critical", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "Collapsed 1 duplicate scanner signal(s) for the same underlying issue.", "evidence": {"match": "", "aliases": ["BIT-django-2024-42005", "CVE-2024-42005", "PYSEC-2024-70"], "package": "django", "rule_id": "GHSA-pv4p-cwwg-4rph", "scanner": "osv-scanner", "correlation_key": "vuln|django|CVE-2024-42005|token", "duplicate_count": 1, "duplicate_rule_ids": ["GHSA-pv4p-cwwg-4rph", "PYSEC-2024-70"], "duplicate_scanners": ["osv-scanner"], "duplicate_fingerprints": ["d4dd5eab9ca7002cb4d0e7dc715254905df327391d2aa956281597906c4e606c", "f13655fdd2a866977b659890218982491db02e3f9d02539a3caf6cc140977cf0"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "livebench/code_runner/requirements_eval.txt"}, "region": {"startLine": 1}}}]}, {"ruleId": "MINED107", "level": "error", "message": {"text": "Missing import: `logging` used but not imported"}, "properties": {"repobilityId": 130518, "scanner": "repobility-ast-engine", "fingerprint": "6bac5f1e687c6148c73c7c44ba6a860e341f1404b9c8c41f080684684f71f1e7", "category": "quality", "severity": "critical", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "missing-import-python", "owasp": "A06:2021", "cwe_ids": ["CWE-1075"], "languages": ["python"], "observations_count": 2192}, "scanner": "repobility-ast-engine", "correlation_key": "fp|6bac5f1e687c6148c73c7c44ba6a860e341f1404b9c8c41f080684684f71f1e7"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "livebench/if_runner/instruction_following_eval/instructions.py"}, "region": {"startLine": 162}}}]}, {"ruleId": "MINED107", "level": "error", "message": {"text": "Missing import: `string` used but not imported"}, "properties": {"repobilityId": 130515, "scanner": "repobility-ast-engine", "fingerprint": "5d93c1712f195460f87a29db172c5948f7d754dcf347420d3c9f45f5c02b9a92", "category": "quality", "severity": "critical", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "missing-import-python", "owasp": "A06:2021", "cwe_ids": ["CWE-1075"], "languages": ["python"], "observations_count": 2192}, "scanner": "repobility-ast-engine", "correlation_key": "fp|5d93c1712f195460f87a29db172c5948f7d754dcf347420d3c9f45f5c02b9a92"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "livebench/process_results/math/olympiad/utils.py"}, "region": {"startLine": 63}}}]}, {"ruleId": "MINED107", "level": "error", "message": {"text": "Missing import: `queue` used but not imported"}, "properties": {"repobilityId": 130514, "scanner": "repobility-ast-engine", "fingerprint": "a4da49acdd80bf530274048f2b9f10c69f9a7984496f07f0f7d837bb82ccdaad", "category": "quality", "severity": "critical", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "missing-import-python", "owasp": "A06:2021", "cwe_ids": ["CWE-1075"], "languages": ["python"], "observations_count": 2192}, "scanner": "repobility-ast-engine", "correlation_key": "fp|a4da49acdd80bf530274048f2b9f10c69f9a7984496f07f0f7d837bb82ccdaad"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "livebench/process_results/math/AMPS_Hard/utils.py"}, "region": {"startLine": 49}}}]}, {"ruleId": "MINED107", "level": "error", "message": {"text": "Missing import: `math` used but not imported"}, "properties": {"repobilityId": 130513, "scanner": "repobility-ast-engine", "fingerprint": "4e6e52871781602609445c097799408b6758dc4033413b71c1d7331146220518", "category": "quality", "severity": "critical", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "missing-import-python", "owasp": "A06:2021", "cwe_ids": ["CWE-1075"], "languages": ["python"], "observations_count": 2192}, "scanner": "repobility-ast-engine", "correlation_key": "fp|4e6e52871781602609445c097799408b6758dc4033413b71c1d7331146220518"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "livebench/process_results/math/AMPS_Hard/utils.py"}, "region": {"startLine": 98}}}]}, {"ruleId": "MINED107", "level": "error", "message": {"text": "Missing import: `stat` used but not imported"}, "properties": {"repobilityId": 130456, "scanner": "repobility-ast-engine", "fingerprint": "dcd015961823b31e4463c00d1cf0154013924c46012a23cc5adcc9a69b4b9757", "category": "quality", "severity": "critical", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "missing-import-python", "owasp": "A06:2021", "cwe_ids": ["CWE-1075"], "languages": ["python"], "observations_count": 2192}, "scanner": "repobility-ast-engine", "correlation_key": "fp|dcd015961823b31e4463c00d1cf0154013924c46012a23cc5adcc9a69b4b9757"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "livebench/code_runner/eval/__init__.py"}, "region": {"startLine": 240}}}]}, {"ruleId": "MINED107", "level": "error", "message": {"text": "Missing import: `string` used but not imported"}, "properties": {"repobilityId": 130440, "scanner": "repobility-ast-engine", "fingerprint": "9872d13a918c3afe8211cb3ae9fdd90e5bc2d64035970176cdaedd7cd5d9355d", "category": "quality", "severity": "critical", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "missing-import-python", "owasp": "A06:2021", "cwe_ids": ["CWE-1075"], "languages": ["python"], "observations_count": 2192}, "scanner": "repobility-ast-engine", "correlation_key": "fp|9872d13a918c3afe8211cb3ae9fdd90e5bc2d64035970176cdaedd7cd5d9355d"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "livebench/process_results/util.py"}, "region": {"startLine": 7}}}]}]}]}