← Back to scan
File as GitHub Issue repo: google-ai-edge/LiteRT

Push this scan report to google-ai-edge/LiteRT

Click the green button below to open GitHub’s new-issue form, pre-filled with the report title, summary table, top findings, and an embedded score-card image. No authentication needed — you review on GitHub before submitting. Repobility is credited as the scanner.

Embedded score card image

This image will render at the top of the issue body. Hosted on Repobility, refreshes automatically after re-scans.

Repobility score card

Issue title

C Strcpy

Curate findings to include

Pick exactly which findings appear in the issue body. By default the top 5 are included. Uncheck noise, check what matters.

Top 5 (default)
Severity Rule Title File:line
CRIT MINED107 [MINED107] Missing import: `operator` used but not imported: The file uses `operator.some… tflite/python/util.py:1033
CRIT MINED107 [MINED107] Missing import: `array` used but not imported: The file uses `array.something(… tflite/python/util.py:241
CRIT MINED107 [MINED107] Missing import: `array` used but not imported: The file uses `array.something(… litert/python/litert_wrapper/tensor_buf…:136
CRIT MINED107 [MINED107] Missing import: `array` used but not imported: The file uses `array.something(… tensor/examples/gemma3/gemma3_safetenso…:340
CRIT MINED022 [MINED022] C Strcpy: strcpy/strcat dont bounds-check; use strncpy or snprintf. litert/cc/internal/scoped_file_win.h:61
CRIT MINED022 [MINED022] C Strcpy: strcpy/strcat dont bounds-check; use strncpy or snprintf. litert/cc/internal/scoped_file_posix.h:41
CRIT MINED022 [MINED022] C Strcpy: strcpy/strcat dont bounds-check; use strncpy or snprintf. litert/cc/internal/litert_shared_librar…:93
HIGH MINED011 [MINED011] Scala Get On Option: Option.get throws NoSuchElementException on None. Use get… tflite/delegates/coreml/coreml_delegate…:72
HIGH MINED014 [MINED014] Disabled Tls Verify: verify=False in requests, rejectUnauthorized:false in nod… tflite/converter/quantization/lite/quan…:54
HIGH MINED014 [MINED014] Disabled Tls Verify: verify=False in requests, rejectUnauthorized:false in nod… tflite/converter/quantization/common/qu…:197
HIGH MINED014 [MINED014] Disabled Tls Verify: verify=False in requests, rejectUnauthorized:false in nod… tflite/converter/python/converter_pytho…:48
HIGH MINED003 [MINED003] Rust Unwrap In Prod: .unwrap() panics if None/Err. Acceptable in tests; risky … litert/rust/src/environment.rs:118
HIGH MINED003 [MINED003] Rust Unwrap In Prod: .unwrap() panics if None/Err. Acceptable in tests; risky … litert/rust/example/segmentation_main.rs:124
HIGH MINED021 [MINED021] Path Traversal Os Join: os.path.join(user_dir, filename) where filename can co… litert/python/aot/aot_compile.py:77
HIGH MINED029 [MINED029] Kotlin Null Bang: x!! throws NullPointerException if x is null. Bypasses Kotli… litert/kotlin/src/main/kotlin/com/googl…:81
HIGH SEC128 [SEC128] Async function without await — fire-and-forget Promise (AI mistake): Async call … litert/js/demos/selfie_multiclass/src/i…:96
HIGH SEC128 [SEC128] Async function without await — fire-and-forget Promise (AI mistake): Async call … litert/js/demos/real_esrgan/src/upscale…:142
HIGH SEC128 [SEC128] Async function without await — fire-and-forget Promise (AI mistake): Async call … litert/js/demos/depth_anything/src/dept…:79
HIGH SEC078 [SEC078] Python: requests without timeout: requests.get/post without a timeout will hang … litert/js/demos/depth_anything/convert_…:39
HIGH SEC029 [SEC029] Server-Side Request Forgery (SSRF) — outbound HTTP from user input: Outbound HTT… litert/js/demos/mobilenetv2/src/index.ts:56
HIGH SEC029 [SEC029] Server-Side Request Forgery (SSRF) — outbound HTTP from user input: Outbound HTT… litert/js/demos/depth_anything/src/inde…:104
HIGH SEC029 [SEC029] Server-Side Request Forgery (SSRF) — outbound HTTP from user input: Outbound HTT… litert/js/apps/model_tester/src/downloa…:25
HIGH MINED001 [MINED001] Bare Except Pass: except: pass or except Exception: pass — silently swallows e… litert/python/aot/vendors/intel_openvin…:51
HIGH MINED001 [MINED001] Bare Except Pass: except: pass or except Exception: pass — silently swallows e… litert/python/aot/core/apply_plugin.py:170
HIGH MINED001 [MINED001] Bare Except Pass: except: pass or except Exception: pass — silently swallows e… ci/tools/python/vendor_sdk/intel/ai_edg…:125
HIGH SEC080 [SEC080] Python: tarfile.extractall without filter: tarfile.extract*() without filter='da… ci/tools/python/vendor_sdk/qualcomm/set…:166
HIGH SEC080 [SEC080] Python: tarfile.extractall without filter: tarfile.extract*() without filter='da… ci/tools/python/vendor_sdk/mediatek/set…:163
HIGH SEC080 [SEC080] Python: tarfile.extractall without filter: tarfile.extract*() without filter='da… ci/tools/python/vendor_sdk/google_tenso…:200
HIGH COMP001 [COMP001] High cognitive complexity: Function `_download_and_extract` has cognitive compl… ci/tools/python/vendor_sdk/google_tenso…:60
HIGH MINED134 [MINED134] Binary file `tflite/java/ovic/demo/gradle/wrapper/gradle-wrapper.jar` committe… tflite/java/ovic/demo/gradle/wrapper/gr…:1
HIGH MINED134 [MINED134] Binary file `tflite/java/demo/gradle/wrapper/gradle-wrapper.jar` committed in … tflite/java/demo/gradle/wrapper/gradle-…:1
HIGH MINED126 [MINED126] Workflow container/services image `us-docker.pkg.dev/ml-oss-artifacts-publishe… .github/workflows/cmake_android_linux_x…:30
HIGH MINED126 [MINED126] Workflow container/services image `us-docker.pkg.dev/ml-oss-artifacts-publishe… .github/workflows/clang_tidy.yml:21
HIGH MINED126 [MINED126] Workflow container/services image `us-docker.pkg.dev/ml-oss-artifacts-publishe… .github/workflows/linux_nightly_wheel.y…:24
HIGH MINED115 [MINED115] Action `actions/cache/restore` pinned to mutable ref `@v4`: `uses: actions/cac… .github/workflows/ios-arm64.yml:76
HIGH MINED115 [MINED115] Action `actions/setup-python` pinned to mutable ref `@v5`: `uses: actions/setu… .github/workflows/ios-arm64.yml:39
HIGH MINED115 [MINED115] Action `actions/checkout` pinned to mutable ref `@v4`: `uses: actions/checkout… .github/workflows/ios-arm64.yml:36
HIGH MINED115 [MINED115] Action `actions/github-script` pinned to mutable ref `@v7`: `uses: actions/git… .github/workflows/auto-assignment.yml:17
HIGH MINED115 [MINED115] Action `actions/checkout` pinned to mutable ref `@v4`: `uses: actions/checkout… .github/workflows/auto-assignment.yml:16
HIGH MINED115 [MINED115] Action `actions/download-artifact` pinned to mutable ref `@v4`: `uses: actions… .github/workflows/windows_wheel_release…:163
HIGH MINED115 [MINED115] Action `actions/setup-python` pinned to mutable ref `@v5`: `uses: actions/setu… .github/workflows/windows_wheel_release…:155
HIGH MINED115 [MINED115] Action `actions/cache/save` pinned to mutable ref `@v4`: `uses: actions/cache/… .github/workflows/windows_wheel_release…:142
HIGH MINED115 [MINED115] Action `actions/upload-artifact` pinned to mutable ref `@v4`: `uses: actions/u… .github/workflows/windows_wheel_release…:136
HIGH MINED115 [MINED115] Action `actions/cache/restore` pinned to mutable ref `@v4`: `uses: actions/cac… .github/workflows/windows_wheel_release…:97
HIGH MINED115 [MINED115] Action `actions/setup-python` pinned to mutable ref `@v5`: `uses: actions/setu… .github/workflows/windows_wheel_release…:42
HIGH MINED115 [MINED115] Action `bazelbuild/setup-bazelisk` pinned to mutable ref `@v3`: `uses: bazelbu… .github/workflows/windows_wheel_release…:39
HIGH MINED115 [MINED115] Action `actions/checkout` pinned to mutable ref `@v4`: `uses: actions/checkout… .github/workflows/windows_wheel_release…:33
HIGH MINED115 [MINED115] Action `actions/download-artifact` pinned to mutable ref `@v4`: `uses: actions… .github/workflows/windows_nightly_wheel…:159
HIGH MINED115 [MINED115] Action `actions/setup-python` pinned to mutable ref `@v5`: `uses: actions/setu… .github/workflows/windows_nightly_wheel…:151
HIGH MINED115 [MINED115] Action `actions/cache/save` pinned to mutable ref `@v4`: `uses: actions/cache/… .github/workflows/windows_nightly_wheel…:138
HIGH MINED115 [MINED115] Action `actions/upload-artifact` pinned to mutable ref `@v4`: `uses: actions/u… .github/workflows/windows_nightly_wheel…:132
HIGH MINED115 [MINED115] Action `actions/cache/restore` pinned to mutable ref `@v4`: `uses: actions/cac… .github/workflows/windows_nightly_wheel…:93
HIGH MINED115 [MINED115] Action `actions/setup-python` pinned to mutable ref `@v5`: `uses: actions/setu… .github/workflows/windows_nightly_wheel…:32
HIGH MINED115 [MINED115] Action `bazelbuild/setup-bazelisk` pinned to mutable ref `@v3`: `uses: bazelbu… .github/workflows/windows_nightly_wheel…:29
HIGH MINED115 [MINED115] Action `actions/checkout` pinned to mutable ref `@v4`: `uses: actions/checkout… .github/workflows/windows_nightly_wheel…:26
HIGH MINED126 [MINED126] Workflow container/services image `us-docker.pkg.dev/ml-oss-artifacts-publishe… .github/workflows/linux_x86_64.yml:27
HIGH MINED115 [MINED115] Action `actions/cache/save` pinned to mutable ref `@v4`: `uses: actions/cache/… .github/workflows/linux_x86_64.yml:147
HIGH MINED115 [MINED115] Action `actions/cache/restore` pinned to mutable ref `@v4`: `uses: actions/cac… .github/workflows/linux_x86_64.yml:88
HIGH MINED115 [MINED115] Action `actions/setup-python` pinned to mutable ref `@v5`: `uses: actions/setu… .github/workflows/linux_x86_64.yml:48
HIGH MINED115 [MINED115] Action `actions/checkout` pinned to mutable ref `@v4`: `uses: actions/checkout… .github/workflows/linux_x86_64.yml:43
HIGH MINED118 [MINED118] Dockerfile FROM `tensorflow/build:latest-python3.11` not pinned by digest: `FR… tflite/tools/tflite-android.Dockerfile:1
HIGH MINED118 [MINED118] Dockerfile FROM `ubuntu:24.04` not pinned by digest: `FROM ubuntu:24.04` resol… docker_build/hermetic_build.Dockerfile:16
HIGH MINED118 [MINED118] Dockerfile FROM `us-docker.pkg.dev/ml-oss-artifacts-published/ml-public-contai… ci/tflite-py3-arm64.Dockerfile:1
HIGH MINED118 [MINED118] Dockerfile FROM `us-docker.pkg.dev/ml-oss-artifacts-published/ml-public-contai… ci/tflite-py3.Dockerfile:1
HIGH MINED118 [MINED118] Dockerfile FROM `us-docker.pkg.dev/ml-oss-artifacts-published/ml-public-contai… ci/tflite-android.Dockerfile:1
HIGH SEC013 [SEC013] Path Traversal — User Input in File Path: User-controlled input used in file pat… litert/js/demos/depth_anything/convert_…:39
MED MINED111 [MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that r… tflite/python/lite.py:2882
MED MINED111 [MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that r… tflite/python/lite.py:2547
MED MINED111 [MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that r… tflite/python/lite.py:1902
MED MINED111 [MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that r… tflite/python/lite.py:1681
MED MINED111 [MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that r… tflite/python/util.py:1151
MED MINED111 [MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that r… ci/tools/python/vendor_sdk/google_tenso…:61
MED MINED111 [MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that r… ci/tools/python/vendor_sdk/qualcomm/ai_…:57
MED MINED111 [MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that r… ci/tools/python/vendor_sdk/mediatek/ai_…:78
MED MINED111 [MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that r… ci/tools/python/vendor_sdk/samsung/ai_e…:59
MED MINED111 [MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that r… ci/tools/python/vendor_sdk/intel/setup.…:342
MED MINED111 [MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that r… ci/tools/python/vendor_sdk/intel/setup.…:319
MED MINED111 [MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that r… ci/tools/python/vendor_sdk/samsung/setu…:73
MED MINED111 [MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that r… ci/tools/python/vendor_sdk/mediatek/set…:71
MED MINED111 [MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that r… ci/tools/python/vendor_sdk/qualcomm/set…:78
MED MINED111 [MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that r… ci/tools/python/wheel/converter_setup_w…:71
MED MINED111 [MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that r… ci/tools/python/wheel/setup_with_binary…:131
MED MINED111 [MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that r… ci/tools/python/wheel/setup_with_binary…:80
MED SEC014 [SEC014] SSL Verification Disabled: SSL certificate verification is disabled, allowing ma… tflite/converter/quantization/lite/quan…:54
MED SEC014 [SEC014] SSL Verification Disabled: SSL certificate verification is disabled, allowing ma… tflite/converter/quantization/common/qu…:197
MED SEC014 [SEC014] SSL Verification Disabled: SSL certificate verification is disabled, allowing ma… tflite/converter/python/converter_pytho…:48
MED SEC127 [SEC127] AI agent stub — TODO: implement / pass placeholder body: Function body left as T… litert/python/aot/vendors/google_tensor…:97
MED SEC127 [SEC127] AI agent stub — TODO: implement / pass placeholder body: Function body left as T… litert/python/aot/vendors/fallback_back…:80
MED SEC127 [SEC127] AI agent stub — TODO: implement / pass placeholder body: Function body left as T… litert/python/aot/vendors/example/examp…:110
MED SEC041 [SEC041] Tabnabbing — target="_blank" without rel="noopener noreferrer": <a target="_blan… litert/js/demos/real_esrgan/src/image_u…:39
MED SEC041 [SEC041] Tabnabbing — target="_blank" without rel="noopener noreferrer": <a target="_blan… litert/js/demos/depth_anything/src/inde…:236
MED SEC045 [SEC045] eval()/exec() on stored or user-supplied data: eval() and exec() on data — even … tflite/async/backend_async_kernel_inter…:184
MED SEC045 [SEC045] eval()/exec() on stored or user-supplied data: eval() and exec() on data — even … tflite/async/backend_async_kernel_inter…:133
MED SEC045 [SEC045] eval()/exec() on stored or user-supplied data: eval() and exec() on data — even … litert/runtime/dispatch/dispatch_delega…:66
MED SEC134 [SEC134] AI scaffold leftover — Lorem ipsum / example.com / John Doe in code: Lorem ipsum… litert/cc/internal/scoped_file_test.cc:62
MED SEC012 [SEC012] ZipSlip — Archive Path Traversal: Archive extraction without path validation all… ci/tools/python/vendor_sdk/qualcomm/set…:166
MED SEC012 [SEC012] ZipSlip — Archive Path Traversal: Archive extraction without path validation all… ci/tools/python/vendor_sdk/mediatek/set…:163
MED SEC012 [SEC012] ZipSlip — Archive Path Traversal: Archive extraction without path validation all… ci/tools/python/vendor_sdk/google_tenso…:200
MED AUC001 [AUC001] No Repobility access matrix policy found: The repository uses web/API frameworks…
MED DKR007 Docker build context has no .dockerignore .dockerignore
MED DKR001 Docker final stage has no non-root USER tflite/tools/pip_package/Dockerfile.py3:16
LOW COMP001 [COMP001] High cognitive complexity: Function `_ensure_compiler_in_openvino_libs` has cog… ci/tools/python/vendor_sdk/intel/ai_edg…:80
LOW COMP001 [COMP001] High cognitive complexity: Function `run` has cognitive complexity 12 (SonarSou… ci/tools/python/vendor_sdk/google_tenso…:235
LOW AIC003 Duplicated implementation block across source files litert/python/aot/vendors/qualcomm/targ…:33
LOW AIC003 Duplicated implementation block across source files litert/python/aot/vendors/qualcomm/qual…:47
LOW AIC003 Duplicated implementation block across source files litert/python/aot/vendors/mediatek/medi…:74
LOW AIC003 Duplicated implementation block across source files litert/python/aot/vendors/intel_openvin…:27
LOW AIC003 Duplicated implementation block across source files litert/python/aot/vendors/google_tensor…:49
LOW AIC003 Duplicated implementation block across source files litert/kotlin/src/copied_from_tflite/ja…:1
LOW AIC003 Duplicated implementation block across source files litert/kotlin/src/copied_from_tflite/ja…:1
LOW AIC003 Duplicated implementation block across source files litert/kotlin/src/copied_from_tflite/ja…:1
LOW AIC003 Duplicated implementation block across source files litert/kotlin/src/copied_from_tflite/ja…:1
LOW AIC003 Duplicated implementation block across source files ci/tools/python/wheel/utils/wheel_build…:89
LOW AIC003 Duplicated implementation block across source files ci/tools/python/wheel/setup_with_binary…:114
LOW AIC003 Duplicated implementation block across source files ci/tools/python/wheel/setup_with_binary…:30
LOW AIC003 Duplicated implementation block across source files ci/tools/python/wheel/converter_setup_w…:62
LOW AIC003 Duplicated implementation block across source files ci/tools/python/vendor_sdk/samsung/setu…:152
LOW AIC003 Duplicated implementation block across source files ci/tools/python/vendor_sdk/samsung/setu…:66
LOW AIC003 Duplicated implementation block across source files ci/tools/python/vendor_sdk/samsung/setu…:39
LOW AIC003 Duplicated implementation block across source files ci/tools/python/vendor_sdk/samsung/setu…:36
LOW AIC003 Duplicated implementation block across source files ci/tools/python/vendor_sdk/samsung/ai_e…:22
LOW AIC003 Duplicated implementation block across source files ci/tools/python/vendor_sdk/samsung/ai_e…:21
LOW AIC003 Duplicated implementation block across source files ci/tools/python/vendor_sdk/qualcomm/set…:148
LOW AIC003 Duplicated implementation block across source files ci/tools/python/vendor_sdk/qualcomm/set…:66
LOW AIC003 Duplicated implementation block across source files ci/tools/python/vendor_sdk/qualcomm/set…:30
LOW AIC003 Duplicated implementation block across source files ci/tools/python/vendor_sdk/qualcomm/ai_…:22
LOW AIC003 Duplicated implementation block across source files ci/tools/python/vendor_sdk/qualcomm/ai_…:21
LOW AIC003 Duplicated implementation block across source files ci/tools/python/vendor_sdk/mediatek/set…:154
LOW AIC003 Duplicated implementation block across source files ci/tools/python/vendor_sdk/mediatek/set…:70
LOW AIC003 Duplicated implementation block across source files ci/tools/python/vendor_sdk/mediatek/ai_…:40
LOW AIC003 Duplicated implementation block across source files ci/tools/python/vendor_sdk/intel/setup.…:296
LOW AIC003 Duplicated implementation block across source files ci/tools/python/vendor_sdk/intel/setup.…:295
LOW AIC003 Duplicated implementation block across source files ci/tools/python/vendor_sdk/google_tenso…:200
LOW DKR010 Dockerfile leaves apt package indexes in the image layer tflite/tools/pip_package/Dockerfile.py3:43
LOW DKR010 Dockerfile leaves apt package indexes in the image layer tflite/tools/pip_package/Dockerfile.py3:23
LOW DKR011 Dockerfile installs recommended OS packages tflite/tools/pip_package/Dockerfile.py3:43
LOW DKR011 Dockerfile installs recommended OS packages tflite/tools/pip_package/Dockerfile.py3:23
LOW DKC010 Compose service lacks no-new-privileges hardening docker_build/docker-compose.yml:18
LOW AIC002 Source file name looks like an AI patch artifact tflite/testing/op_tests/tensor_scatter_…:1
LOW DKC006 Compose service does not declare a runtime user docker_build/docker-compose.yml:18
INFO MINED048 [MINED048] Php Error Suppress: @function() suppresses errors silently. Hides real issues. tflite/delegates/coreml/coreml_executor…:47
INFO MINED048 [MINED048] Php Error Suppress: @function() suppresses errors silently. Hides real issues. tflite/delegates/coreml/coreml_delegate…:64
INFO MINED068 [MINED068] Rust Unsafe Block: unsafe { ... } block. Compiler safety guarantees disabled i… litert/rust/src/helper_funs.rs:30
INFO MINED068 [MINED068] Rust Unsafe Block: unsafe { ... } block. Compiler safety guarantees disabled i… litert/rust/src/environment.rs:184
INFO MINED068 [MINED068] Rust Unsafe Block: unsafe { ... } block. Compiler safety guarantees disabled i… litert/rust/src/compiled_model.rs:55
INFO MINED059 [MINED059] Rust Expect In Prod: .expect(...) panics same as unwrap with a custom message. litert/rust/src/environment.rs:156
INFO MINED059 [MINED059] Rust Expect In Prod: .expect(...) panics same as unwrap with a custom message. litert/rust/example/segmentation_main.rs:72
INFO MINED072 [MINED072] Python Pass Only Class: class Foo: pass — stub waiting to be filled in. litert/python/tools/model_utils/match/_…:22
INFO MINED064 [MINED064] Python Input Call: input() blocks for stdin. Inappropriate in services. litert/python/tools/model_utils/dialect…:69
INFO MINED054 [MINED054] Ts As Any: Casting to any (as any) bypasses type checking entirely. litert/js/packages/core/src/wasm_featur…:82
INFO MINED054 [MINED054] Ts As Any: Casting to any (as any) bypasses type checking entirely. litert/js/demos/selfie_multiclass/src/i…:60
INFO MINED067 [MINED067] Python Requests No Timeout: requests.get/post/etc. without timeout= can hang f… litert/js/demos/depth_anything/convert_…:39
INFO MINED045 [MINED045] Ts Non Null Assertion: x! asserts not null - bypasses null checks - TypeError … litert/js/packages/core/src/gpu_copy_fu…:162
INFO MINED045 [MINED045] Ts Non Null Assertion: x! asserts not null - bypasses null checks - TypeError … litert/js/demos/mobilenetv2/src/index.ts:135
INFO MINED045 [MINED045] Ts Non Null Assertion: x! asserts not null - bypasses null checks - TypeError … litert/js/apps/model_tester/src/model_r…:122
INFO MINED075 [MINED075] C Malloc No Check: malloc/calloc/realloc return value used without checking fo… tflite/core/async/async_signature_runne…:65
INFO MINED075 [MINED075] C Malloc No Check: malloc/calloc/realloc return value used without checking fo… litert/runtime/tensor_buffer_registry_t…:78
INFO MINED075 [MINED075] C Malloc No Check: malloc/calloc/realloc return value used without checking fo… litert/cc/litert_opaque_options_test.cc:88
INFO MINED042 [MINED042] Cpp New Without Delete: C++ raw new without RAII / unique_ptr — memory leak ri… litert/kotlin/src/main/jni/litert_envir…:101
INFO MINED042 [MINED042] Cpp New Without Delete: C++ raw new without RAII / unique_ptr — memory leak ri… litert/cc/litert_opaque_options_test.cc:48
INFO MINED042 [MINED042] Cpp New Without Delete: C++ raw new without RAII / unique_ptr — memory leak ri… litert/c/internal/litert_logging.cc:335
INFO MINED050 [MINED050] Stub Only Function: Function declared but body is just pass, return None, rais… ci/tools/python/vendor_sdk/mediatek/ai_…:40
INFO MINED050 [MINED050] Stub Only Function: Function declared but body is just pass, return None, rais… ci/tools/python/vendor_sdk/intel/ai_edg…:113
INFO MINED050 [MINED050] Stub Only Function: Function declared but body is just pass, return None, rais… ci/tools/python/vendor_sdk/google_tenso…:46
INFO MINED043 [MINED043] Http Not Https: Hardcoded http:// (not localhost) for endpoints that handle cr… litert/core/model/ops/one_hot.h:7
INFO MINED043 [MINED043] Http Not Https: Hardcoded http:// (not localhost) for endpoints that handle cr… cmake_example/tflite_minimal.cc:7
INFO MINED043 [MINED043] Http Not Https: Hardcoded http:// (not localhost) for endpoints that handle cr… ci/build_android_package.sh:80
INFO MINED044 [MINED044] Js Console Log Prod: console.log left in code. Should be replaced with logger … litert/js/apps/model_tester/serve.js:53
INFO MINED044 [MINED044] Js Console Log Prod: console.log left in code. Should be replaced with logger … litert/js/apps/model_tester/scripts/dev…:67
INFO MINED044 [MINED044] Js Console Log Prod: console.log left in code. Should be replaced with logger … .github/workflows/auto-assignment.js:32
Reset to top 5 170 findings available (after auto-suppression of test files + won't-fix)

Issue body (markdown)

## Code-quality scan: `google-ai-edge/LiteRT`

**Score: 72/100 (B-)**  ·  224 findings  ·  scanned 2026-06-05 19:08 UTC  ·  391,526 LOC

| Severity | Count |
|---|---|
| CRITICAL | 7 |
| HIGH | 59 |
| MEDIUM | 35 |
| LOW | 39 |

📊 [Full filterable report](https://repobility.com/scan/c821ada3-5fc9-43d2-8dc4-4379e80cef2e/)  ·  ![scorecard](https://repobility.com/scan/c821ada3-5fc9-43d2-8dc4-4379e80cef2e/report.png?v=1780686489-s2)

### Top findings

1. **CRITICAL** `MINED107` — Missing import: `operator` used but not imported
   `tflite/python/util.py:1033` · ✓ Repobility
2. **CRITICAL** `MINED107` — Missing import: `array` used but not imported
   `tflite/python/util.py:241` · ✓ Repobility
3. **CRITICAL** `MINED107` — Missing import: `array` used but not imported
   `litert/python/litert_wrapper/tensor_buffer_wrapper/tensor_buffer.py:136` · ✓ Repobility
4. **CRITICAL** `MINED107` — Missing import: `array` used but not imported
   `tensor/examples/gemma3/gemma3_safetensor_quantizer.py:340` · ✓ Repobility
5. **CRITICAL** `MINED022` — C Strcpy
   `litert/cc/internal/scoped_file_win.h:61` · CWE-120 · ✓ Repobility

---

_Filed automatically. Close this issue if not useful — we won't refile. Full report: https://repobility.com/scan/c821ada3-5fc9-43d2-8dc4-4379e80cef2e/_
Already filed
This repo publishes a SECURITY.md policy and the scan contains 11 Critical/High security finding(s). Public issue filing would violate coordinated disclosure. Submit privately via the project's security reporting channel.
Megaproject â high spam risk
Could not determine 'google-ai-edge/LiteRT' star count (GitHub API rate-limited or unreachable). When in doubt about repo size, prefer opening a focused PR or a discussion rather than an issue.
Already filed
127/239 findings (53%) on this scan are already flagged as test-file, won't-fix, or suppressed. The scan is too noisy to file as a single issue. Curate down to specific actionable findings, or address the FP source first.
I read the warnings â override Cancel

The button opens GitHubâs new-issue page in a new tab. You will see the title + body pre-filled â review, edit if you want, then click GitHubâs "Submit new issue" button. Repobility never posts anything on your behalf.

For real security findings on big repos: use the project's SECURITY.md or private advisory flow instead of a public issue.