← Back to scan
File as GitHub Issue repo: SREGym/SREGym

Push this scan report to SREGym/SREGym

Click the green button below to open GitHub’s new-issue form, pre-filled with the report title, summary table, top findings, and an embedded score-card image. No authentication needed — you review on GitHub before submitting. Repobility is credited as the scanner.

Embedded score card image

This image will render at the top of the issue body. Hosted on Repobility, refreshes automatically after re-scans.

Repobility score card

Issue title

stdlib: GO-2026-4982

Curate findings to include

Pick exactly which findings appear in the issue body. By default the top 5 are included. Uncheck noise, check what matters.

Top 5 (default)
Severity Rule Title File:line
HIGH GO-2026-5039 stdlib: GO-2026-5039 visualizer/interactive_deployment/go.mod
HIGH GO-2026-5038 stdlib: GO-2026-5038 visualizer/interactive_deployment/go.mod
HIGH GO-2026-5037 stdlib: GO-2026-5037 visualizer/interactive_deployment/go.mod
HIGH GO-2026-4986 stdlib: GO-2026-4986 visualizer/interactive_deployment/go.mod
HIGH GO-2026-4982 stdlib: GO-2026-4982 visualizer/interactive_deployment/go.mod
HIGH GO-2026-4981 stdlib: GO-2026-4981 visualizer/interactive_deployment/go.mod
HIGH GO-2026-4980 stdlib: GO-2026-4980 visualizer/interactive_deployment/go.mod
HIGH GO-2026-4977 stdlib: GO-2026-4977 visualizer/interactive_deployment/go.mod
HIGH GO-2026-4976 stdlib: GO-2026-4976 visualizer/interactive_deployment/go.mod
HIGH GO-2026-4971 stdlib: GO-2026-4971 visualizer/interactive_deployment/go.mod
HIGH GO-2026-4947 stdlib: GO-2026-4947 visualizer/interactive_deployment/go.mod
HIGH GO-2026-4946 stdlib: GO-2026-4946 visualizer/interactive_deployment/go.mod
HIGH GO-2026-4918 stdlib: GO-2026-4918 visualizer/interactive_deployment/go.mod
HIGH GO-2026-4870 stdlib: GO-2026-4870 visualizer/interactive_deployment/go.mod
HIGH GO-2026-4869 stdlib: GO-2026-4869 visualizer/interactive_deployment/go.mod
HIGH GO-2026-4865 stdlib: GO-2026-4865 visualizer/interactive_deployment/go.mod
HIGH GO-2026-4864 stdlib: GO-2026-4864 visualizer/interactive_deployment/go.mod
HIGH GO-2026-4603 stdlib: GO-2026-4603 visualizer/interactive_deployment/go.mod
HIGH GO-2026-4602 stdlib: GO-2026-4602 visualizer/interactive_deployment/go.mod
HIGH GO-2026-4601 stdlib: GO-2026-4601 visualizer/interactive_deployment/go.mod
HIGH GO-2026-4342 stdlib: GO-2026-4342 visualizer/interactive_deployment/go.mod
HIGH GO-2026-4341 stdlib: GO-2026-4341 visualizer/interactive_deployment/go.mod
HIGH GO-2026-4340 stdlib: GO-2026-4340 visualizer/interactive_deployment/go.mod
HIGH GO-2026-4337 stdlib: GO-2026-4337 visualizer/interactive_deployment/go.mod
HIGH GO-2025-4175 stdlib: GO-2025-4175 visualizer/interactive_deployment/go.mod
HIGH GO-2025-4155 stdlib: GO-2025-4155 visualizer/interactive_deployment/go.mod
HIGH GO-2025-4015 stdlib: GO-2025-4015 visualizer/interactive_deployment/go.mod
HIGH GO-2025-4014 stdlib: GO-2025-4014 visualizer/interactive_deployment/go.mod
HIGH GO-2025-4013 stdlib: GO-2025-4013 visualizer/interactive_deployment/go.mod
HIGH GO-2025-4012 stdlib: GO-2025-4012 visualizer/interactive_deployment/go.mod
HIGH GO-2025-4011 stdlib: GO-2025-4011 visualizer/interactive_deployment/go.mod
HIGH GO-2025-4010 stdlib: GO-2025-4010 visualizer/interactive_deployment/go.mod
HIGH GO-2025-4009 stdlib: GO-2025-4009 visualizer/interactive_deployment/go.mod
HIGH GO-2025-4008 stdlib: GO-2025-4008 visualizer/interactive_deployment/go.mod
HIGH GO-2025-4007 stdlib: GO-2025-4007 visualizer/interactive_deployment/go.mod
HIGH GO-2025-4006 stdlib: GO-2025-4006 visualizer/interactive_deployment/go.mod
HIGH GO-2025-3955 stdlib: GO-2025-3955 visualizer/interactive_deployment/go.mod
HIGH GO-2026-5024 golang.org/x/sys: GO-2026-5024 visualizer/interactive_deployment/go.mod
HIGH PYSEC-2026-142 urllib3: PYSEC-2026-142 uv.lock
HIGH PYSEC-2026-141 urllib3: PYSEC-2026-141 uv.lock
HIGH GHSA-7f5h-v6xp-fcq8 starlette: GHSA-7f5h-v6xp-fcq8 uv.lock
HIGH PYSEC-2026-161 starlette: PYSEC-2026-161 uv.lock
HIGH GHSA-wp53-j4wj-2cfg python-multipart: GHSA-wp53-j4wj-2cfg uv.lock
MED SEC014 [SEC014] SSL Verification Disabled: SSL certificate verification is disabled, allowing ma… sregym/resources/trainticket/locustfile…:11
MED SEC136 [SEC136] AI-typical over-broad exception handler swallowing all errors: Catch-all excepti… sregym/conductor/problems/silent_data_c…:150
MED SEC015 [SEC015] Insecure Randomness for Security: Weak PRNG used in security-sensitive context. … sregym/service/apps/social_network.py:34
MED SEC015 [SEC015] Insecure Randomness for Security: Weak PRNG used in security-sensitive context. … mcp_server/utils.py:48
MED ERR001 [ERR001] Silent Exception Swallowing: Silently swallowing all exceptions hides bugs. Even… sregym/agent_launcher.py:244
MED ERR001 [ERR001] Silent Exception Swallowing: Silently swallowing all exceptions hides bugs. Even… llm_backend/get_llm_backend.py:163
MED ERR001 [ERR001] Silent Exception Swallowing: Silently swallowing all exceptions hides bugs. Even… clients/stratus/weak_oracles/alert_orac…:25
MED SEC034 [SEC034] Log Injection / Log Forging — unsanitized user input in log: User input is logge… clients/geminicli/driver.py:219
MED SEC034 [SEC034] Log Injection / Log Forging — unsanitized user input in log: User input is logge… clients/codex/driver.py:270
MED SEC034 [SEC034] Log Injection / Log Forging — unsanitized user input in log: User input is logge… clients/claudecode/driver.py:259
MED SEC045 [SEC045] eval()/exec() on stored or user-supplied data: eval() and exec() on data — even … sregym/conductor/problems/edge_request_…:205
MED SEC045 [SEC045] eval()/exec() on stored or user-supplied data: eval() and exec() on data — even … sregym/conductor/oracles/dns_resolution…:24
MED SEC045 [SEC045] eval()/exec() on stored or user-supplied data: eval() and exec() on data — even … cli.py:102
MED MINED111 Bare except continues silently tests/results_preliminary/process.py:743
MED MINED111 Bare except continues silently tests/results_preliminary/process.py:49
MED MINED111 Bare except continues silently tests/results_preliminary/process.py:118
MED MINED111 Bare except continues silently sregym/agent_launcher.py:107
MED MINED111 Bare except continues silently visualizer/generate_trajectories.py:93
MED MINED111 Bare except continues silently visualizer/queries.py:230
MED MINED111 Bare except continues silently visualizer/queries.py:164
MED MINED111 Bare except continues silently visualizer/queries.py:32
MED MINED111 Bare except continues silently visualizer/queries.py:1019
MED MINED111 Bare except continues silently visualizer/queries.py:995
MED MINED111 Bare except continues silently visualizer/queries.py:629
MED MINED111 Bare except continues silently visualizer/process.py:544
MED MINED111 Bare except continues silently visualizer/process.py:1256
MED MINED111 Bare except continues silently visualizer/process.py:583
MED MINED111 Bare except continues silently visualizer/process.py:565
MED MINED111 Bare except continues silently visualizer/process.py:487
MED MINED111 Bare except continues silently visualizer/process.py:141
MED MINED111 Bare except continues silently visualizer/process.py:1948
MED MINED111 Bare except continues silently visualizer/process.py:996
MED MINED111 Bare except continues silently visualizer/process.py:52
MED MINED111 Bare except continues silently visualizer/process.py:345
MED MINED111 Bare except continues silently cli.py:103
MED MINED111 Bare except continues silently cli.py:121
MED MINED111 Bare except continues silently cli.py:113
MED COMP001 [COMP001] High cognitive complexity: Function `run_demo_agent` has cognitive complexity 2… clients/demo/driver.py:103
MED COMP001 [COMP001] High cognitive complexity: Function `select_mode` has cognitive complexity 15 (… cli.py:66
MED COMP001 [COMP001] High cognitive complexity: Function `interactive_loop` has cognitive complexity… cli.py:88
MED AUC001 [AUC001] No Repobility access matrix policy found: The repository uses web/API frameworks…
MED DKR007 Docker build context has no .dockerignore .dockerignore
MED DEPCUR-PY Python package `rich` is 2 major version(s) behind (13.9.4 -> 15.0.0) docker/agents/requirements-container.txt:17
MED DEPCUR-PY Python package `kubernetes` is 6 major version(s) behind (30.1.0 -> 36.0.2) docker/agents/requirements-container.txt:15
MED DEPCUR-PY Python package `pandas` is 1 major version(s) behind (2.2.3 -> 3.0.3) docker/agents/requirements-container.txt:14
MED GHSA-2c2j-9gv5-cj73 starlette: GHSA-2c2j-9gv5-cj73 uv.lock
MED GHSA-gc5v-m9x4-r6x2 requests: GHSA-gc5v-m9x4-r6x2 uv.lock
MED GHSA-mj87-hwqh-73pj python-multipart: GHSA-mj87-hwqh-73pj uv.lock
MED GHSA-mf9w-mj56-hr94 python-dotenv: GHSA-mf9w-mj56-hr94 uv.lock
MED GHSA-6w46-j5rx-g56g pytest: GHSA-6w46-j5rx-g56g uv.lock
MED GHSA-mrfv-m5wm-5w6w pynacl: GHSA-mrfv-m5wm-5w6w uv.lock
MED GHSA-rr7j-v2q5-chgv langsmith: GHSA-rr7j-v2q5-chgv uv.lock
MED GHSA-926x-3r5x-gfhw langchain-core: GHSA-926x-3r5x-gfhw uv.lock
MED GHSA-65pc-fj4g-8rjx idna: GHSA-65pc-fj4g-8rjx uv.lock
MED GHSA-w853-jp5j-5j7f filelock: GHSA-w853-jp5j-5j7f uv.lock
MED GHSA-qmgc-5h2g-mvrw filelock: GHSA-qmgc-5h2g-mvrw uv.lock
MED GHSA-rj5c-58rq-j5g5 fastmcp: GHSA-rj5c-58rq-j5g5 uv.lock
MED GHSA-mxxr-jv3v-6pgc fastmcp: GHSA-mxxr-jv3v-6pgc uv.lock
MED GHSA-m8x7-r2rg-vh5g fastmcp: GHSA-m8x7-r2rg-vh5g uv.lock
MED GHSA-w8v5-vhqr-4h9v diskcache: GHSA-w8v5-vhqr-4h9v uv.lock
MED GHSA-w2fm-2cpv-w7v5 aiohttp: GHSA-w2fm-2cpv-w7v5 uv.lock
MED GHSA-p998-jp59-783m aiohttp: GHSA-p998-jp59-783m uv.lock
MED GHSA-m5qp-6w8w-w647 aiohttp: GHSA-m5qp-6w8w-w647 uv.lock
MED GHSA-jg22-mg44-37j8 aiohttp: GHSA-jg22-mg44-37j8 uv.lock
MED GHSA-hg6j-4rv6-33pg aiohttp: GHSA-hg6j-4rv6-33pg uv.lock
MED GHSA-c427-h43c-vf67 aiohttp: GHSA-c427-h43c-vf67 uv.lock
MED GHSA-gc5v-m9x4-r6x2 requests: GHSA-gc5v-m9x4-r6x2 docker/agents/requirements-container.txt
MED GHSA-9hjg-9r4m-mvj7 requests: GHSA-9hjg-9r4m-mvj7 docker/agents/requirements-container.txt
MED GHSA-mf9w-mj56-hr94 python-dotenv: GHSA-mf9w-mj56-hr94 docker/agents/requirements-container.txt
MED GHSA-rr7j-v2q5-chgv langsmith: GHSA-rr7j-v2q5-chgv docker/agents/requirements-container.txt
MED GHSA-rj5c-58rq-j5g5 fastmcp: GHSA-rj5c-58rq-j5g5 docker/agents/requirements-container.txt
MED GHSA-mxxr-jv3v-6pgc fastmcp: GHSA-mxxr-jv3v-6pgc docker/agents/requirements-container.txt
MED GHSA-m8x7-r2rg-vh5g fastmcp: GHSA-m8x7-r2rg-vh5g docker/agents/requirements-container.txt
MED DKR001 Docker final stage has no non-root USER mcp_server/Dockerfile:1
MED DKR001 Docker final stage has no non-root USER kind/Dockerfile:1
MED DKR001 Docker final stage has no non-root USER docker/agents/Dockerfile:1
MED WEB003 Public web service has no security.txt .well-known/security.txt
MED AUC002 [AUC002] Low visible authorization coverage in route inventory: Only 33.3% of discovered …
MED AGT014 Codex auth.json is read or copied without visible secret-file hardening clients/codex/driver.py:25
MED AGT014 Codex auth.json is read or copied without visible secret-file hardening clients/codex/codex_agent.py:15
MED AGT016 Codex session log reader may expose prompts or tool-call content visualizer/process.py:129
MED AUC012 [AUC012] FastAPI interactive docs may be exposed by framework defaults: FastAPI exposes /…
MED AGT012 Agent control bridge may listen on a network interface without visible auth sregym/service/mcp_server.py:68
MED AGT012 Agent control bridge may listen on a network interface without visible auth sregym/observer/prometheus/prometheus/c…:70
MED AGT012 Agent control bridge may listen on a network interface without visible auth sregym/conductor/conductor_api.py:7
MED AGT012 Agent control bridge may listen on a network interface without visible auth mcp_server/sregym_mcp_server.py:4
MED AGT012 Agent control bridge may listen on a network interface without visible auth mcp_server/configs/mcp_server_cfg.py:12
MED AGT012 Agent control bridge may listen on a network interface without visible auth main.py:78
MED SEC005 [SEC005] Command Injection Risk: Unsafe shell execution or eval of user input. mcp_server/kubectl_server_helper/kubect…:256
MED SEC005 [SEC005] Command Injection Risk: Unsafe shell execution or eval of user input. clients/stratus/tools/compile/compile_t…:48
MED SEC005 [SEC005] Command Injection Risk: Unsafe shell execution or eval of user input. clients/geminicli/geminicli_agent.py:251
LOW DEPCUR-PY Python package `tiktoken` is minor version(s) behind (0.7.0 -> 0.13.0) docker/agents/requirements-container.txt:19
LOW DEPCUR-PY Python package `pydantic` is minor version(s) behind (2.11.5 -> 2.13.4) docker/agents/requirements-container.txt:16
LOW DEPCUR-PY Python package `python-dotenv` is minor version(s) behind (1.1.0 -> 1.2.2) docker/agents/requirements-container.txt:4
LOW GHSA-5239-wwwm-4pmq pygments: GHSA-5239-wwwm-4pmq uv.lock
LOW GHSA-mwh4-6h8g-pg8w aiohttp: GHSA-mwh4-6h8g-pg8w uv.lock
LOW GHSA-hcc4-c3v8-rx92 aiohttp: GHSA-hcc4-c3v8-rx92 uv.lock
LOW GHSA-966j-vmvw-g2g9 aiohttp: GHSA-966j-vmvw-g2g9 uv.lock
LOW GHSA-63hf-3vf5-4wqf aiohttp: GHSA-63hf-3vf5-4wqf uv.lock
LOW GHSA-3wq7-rqq7-wx6j aiohttp: GHSA-3wq7-rqq7-wx6j uv.lock
LOW GHSA-2vrm-gr82-f7m5 aiohttp: GHSA-2vrm-gr82-f7m5 uv.lock
LOW AIC003 Duplicated implementation block across source files sregym/conductor/problems/load_spike_rp…:33
LOW AIC003 Duplicated implementation block across source files sregym/conductor/problems/admission_web…:259
LOW AIC003 Duplicated implementation block across source files sregym/conductor/oracles/target_port_mi…:29
LOW AIC003 Duplicated implementation block across source files sregym/conductor/oracles/operator_misop…:33
LOW AIC003 Duplicated implementation block across source files sregym/conductor/oracles/operator_misop…:32
LOW AIC003 Duplicated implementation block across source files sregym/conductor/oracles/operator_misop…:7
LOW AIC003 Duplicated implementation block across source files sregym/conductor/oracles/operator_misop…:5
LOW AIC003 Duplicated implementation block across source files sregym/conductor/oracles/operator_misop…:33
LOW AIC003 Duplicated implementation block across source files sregym/conductor/oracles/operator_misop…:32
LOW AIC003 Duplicated implementation block across source files sregym/conductor/oracles/operator_misop…:7
LOW AIC003 Duplicated implementation block across source files sregym/conductor/oracles/operator_misop…:33
LOW AIC003 Duplicated implementation block across source files sregym/conductor/oracles/operator_misop…:10
LOW AIC003 Duplicated implementation block across source files sregym/conductor/oracles/operator_misop…:5
LOW AIC003 Duplicated implementation block across source files sregym/conductor/oracles/mitigation.py:47
LOW AIC003 Duplicated implementation block across source files sregym/conductor/oracles/mitigation.py:16
LOW AIC003 Duplicated implementation block across source files sregym/conductor/oracles/mitigation.py:9
LOW AIC003 Duplicated implementation block across source files sregym/conductor/oracles/missing_env_va…:36
LOW AIC003 Duplicated implementation block across source files sregym/conductor/oracles/deployment_rea…:22
LOW AIC003 Duplicated implementation block across source files clients/stratus/tools/text_editing/inse…:47
LOW AIC003 Duplicated implementation block across source files clients/stratus/tools/text_editing/inse…:10
LOW AIC003 Duplicated implementation block across source files clients/stratus/tools/text_editing/file…:170
LOW AIC003 Duplicated implementation block across source files clients/stratus/tools/submit_tool.py:28
LOW AIC003 Duplicated implementation block across source files clients/opencode/opencode_agent.py:280
LOW AIC003 Duplicated implementation block across source files clients/opencode/driver.py:110
LOW AIC003 Duplicated implementation block across source files clients/opencode/driver.py:77
LOW AIC003 Duplicated implementation block across source files clients/opencode/driver.py:21
LOW AIC003 Duplicated implementation block across source files clients/geminicli/driver.py:77
LOW AIC003 Duplicated implementation block across source files clients/geminicli/driver.py:21
LOW AIC003 Duplicated implementation block across source files clients/codex/driver.py:52
LOW AIC003 Duplicated implementation block across source files clients/codex/codex_agent.py:256
LOW AUC005 [AUC005] No authorization-focused tests detected: No test files with common authorization…
LOW DKR010 Dockerfile leaves apt package indexes in the image layer kind/Dockerfile:4
LOW DKR011 Dockerfile installs recommended OS packages mcp_server/Dockerfile:6
LOW DKR011 Dockerfile installs recommended OS packages kind/Dockerfile:4
LOW DKR012 Dockerfile keeps pip download cache docker/agents/Dockerfile:41
LOW DKR012 Dockerfile keeps pip download cache docker/agents/Dockerfile:27
INFO MINED071 [MINED071] Go Panic Call: panic() crashes the process. Should return error in most cases. visualizer/interactive_deployment/app.go:428
INFO MINED063 [MINED063] Toctou Os Path Exists: if os.path.exists(p): open(p) — file can be replaced/de… sregym/utils/cache.py:11
INFO MINED053 [MINED053] Placeholder Default Username: [email protected] / [email protected] / admin/admin… sregym/generators/workload/trainticket_…:46
INFO MINED062 [MINED062] Python Dataclass No Fields: @dataclass over an empty class — unfinished model. sregym/conductor/oracles/llm_as_a_judge…:8
INFO MINED055 [MINED055] Npm Install No Lockfile: Production image runs npm install (resolves new versi… docker/agents/install-scripts/install-g…:6
INFO MINED055 [MINED055] Npm Install No Lockfile: Production image runs npm install (resolves new versi… docker/agents/install-scripts/install-c…:6
INFO MINED055 [MINED055] Npm Install No Lockfile: Production image runs npm install (resolves new versi… docker/agents/install-scripts/install-c…:6
INFO MINED050 [MINED050] Stub Only Function: Function declared but body is just pass, return None, rais… clients/stratus/tools/text_editing/flak…:14
INFO MINED050 [MINED050] Stub Only Function: Function declared but body is just pass, return None, rais… clients/stratus/tools/text_editing/edit…:16
INFO MINED050 [MINED050] Stub Only Function: Function declared but body is just pass, return None, rais… clients/stratus/tools/kubectl_tools.py:106
INFO MINED049 [MINED049] Print Pii: Logging password/token/email/ssn directly to stdout. sregym/conductor/oracles/valkey_auth_mi…:35
INFO MINED049 [MINED049] Print Pii: Logging password/token/email/ssn directly to stdout. sregym/conductor/oracles/priority_preem…:168
INFO MINED049 [MINED049] Print Pii: Logging password/token/email/ssn directly to stdout. clients/codex/driver.py:40
INFO MINED067 [MINED067] Python Requests No Timeout: requests.get/post/etc. without timeout= can hang f… clients/geminicli/driver.py:44
INFO MINED067 [MINED067] Python Requests No Timeout: requests.get/post/etc. without timeout= can hang f… clients/codex/driver.py:86
INFO MINED067 [MINED067] Python Requests No Timeout: requests.get/post/etc. without timeout= can hang f… clients/claudecode/driver.py:69
INFO MINED043 [MINED043] Http Not Https: Hardcoded http:// (not localhost) for endpoints that handle cr… clients/codex/driver.py:77
INFO MINED043 [MINED043] Http Not Https: Hardcoded http:// (not localhost) for endpoints that handle cr… clients/claudecode/driver.py:60
INFO MINED043 [MINED043] Http Not Https: Hardcoded http:// (not localhost) for endpoints that handle cr… clients/autosubmit/autosubmit_agent.py:7
INFO DEPCUR-PY Python package `pyyaml` is patch version(s) behind (6.0.2 -> 6.0.3) docker/agents/requirements-container.txt:3
Reset to top 5 200 findings available (after auto-suppression of test files + won't-fix)

Issue body (markdown)

## Code-quality scan: `SREGym/SREGym`

**Score: 55/100 (D+)**  ·  344 findings  ·  scanned 2026-06-05 23:42 UTC  ·  52,274 LOC

| Severity | Count |
|---|---|
| CRITICAL | 13 |
| HIGH | 163 |
| MEDIUM | 91 |
| LOW | 46 |

📊 [Full filterable report](https://repobility.com/scan/337beb47-d253-40ad-92fe-c1cc6096b5c8/)  ·  ![scorecard](https://repobility.com/scan/337beb47-d253-40ad-92fe-c1cc6096b5c8/report.png?v=1780702965-s2)

### Top findings

1. **HIGH** `GO-2026-5039` — stdlib: GO-2026-5039
   `visualizer/interactive_deployment/go.mod`
2. **HIGH** `GO-2026-5038` — stdlib: GO-2026-5038
   `visualizer/interactive_deployment/go.mod`
3. **HIGH** `GO-2026-5037` — stdlib: GO-2026-5037
   `visualizer/interactive_deployment/go.mod`
4. **HIGH** `GO-2026-4986` — stdlib: GO-2026-4986
   `visualizer/interactive_deployment/go.mod`
5. **HIGH** `GO-2026-4982` — stdlib: GO-2026-4982
   `visualizer/interactive_deployment/go.mod`

---

_Filed automatically. Close this issue if not useful — we won't refile. Full report: https://repobility.com/scan/337beb47-d253-40ad-92fe-c1cc6096b5c8/_
Megaproject â high spam risk
Could not determine 'SREGym/SREGym' star count (GitHub API rate-limited or unreachable). When in doubt about repo size, prefer opening a focused PR or a discussion rather than an issue.
Open in GitHub to file this issue Cancel

The button opens GitHubâs new-issue page in a new tab. You will see the title + body pre-filled â review, edit if you want, then click GitHubâs "Submit new issue" button. Repobility never posts anything on your behalf.

For real security findings on big repos: use the project's SECURITY.md or private advisory flow instead of a public issue.