← Back to scan
File as GitHub Issue repo: mem0ai/mem0

Push this scan report to mem0ai/mem0

Click the green button below to open GitHub’s new-issue form, pre-filled with the report title, summary table, top findings, and an embedded score-card image. No authentication needed — you review on GitHub before submitting. Repobility is credited as the scanner.

Embedded score card image

This image will render at the top of the issue body. Hosted on Repobility, refreshes automatically after re-scans.

Repobility score card

Issue title

React State Array Mutation

Curate findings to include

Pick exactly which findings appear in the issue body. By default the top 5 are included. Uncheck noise, check what matters.

Top 5 (default)
Severity Rule Title File:line
HIGH MINED110 [MINED110] Blocking call `input` inside async function `interactive_mode`: `input` is a s… examples/misc/healthcare_assistant_goog…:184
HIGH MINED110 [MINED110] Blocking call `input` inside async function `interactive_mode`: `input` is a s… examples/misc/healthcare_assistant_goog…:174
HIGH MINED027 [MINED027] React State Array Mutation: state.X.push/splice/sort followed by setState — Re… openmemory/ui/store/memoriesSlice.ts:67
HIGH MINED027 [MINED027] React State Array Mutation: state.X.push/splice/sort followed by setState — Re… openmemory/ui/store/filtersSlice.ts:76
HIGH MINED027 [MINED027] React State Array Mutation: state.X.push/splice/sort followed by setState — Re… openmemory/ui/store/appsSlice.ts:195
HIGH SEC135 [SEC135] Auth/permission check missing on AI-generated endpoint: Mutating HTTP endpoint g… server/routers/api_keys.py:61
HIGH SEC135 [SEC135] Auth/permission check missing on AI-generated endpoint: Mutating HTTP endpoint g… openmemory/api/app/routers/config.py:141
HIGH SEC135 [SEC135] Auth/permission check missing on AI-generated endpoint: Mutating HTTP endpoint g… openmemory/api/app/routers/apps.py:214
HIGH MINED021 [MINED021] Path Traversal Os Join: os.path.join(user_dir, filename) where filename can co… mem0-plugin/scripts/setup_coding_catego…:30
HIGH SEC103 [SEC103] LDAP injection — non-constant search filter: User input concatenated into an LDA… mem0-plugin/scripts/parse_mem0_config.py:58
HIGH MINED006 [MINED006] Overcatch Baseexception: except BaseException: ... — prevents Ctrl+C and Syste… examples/misc/voice_assistant_elevenlab…:228
HIGH SEC085 [SEC085] JS: child_process.exec with non-literal: child_process.exec with user-derived in… openclaw/filtering.ts:18
HIGH SEC085 [SEC085] JS: child_process.exec with non-literal: child_process.exec with user-derived in… examples/mem0-demo/components/mem0/mark…:191
HIGH MINED001 [MINED001] Bare Except Pass: except: pass or except Exception: pass — silently swallows e… cli/python/src/mem0_cli/config.py:192
HIGH MINED001 [MINED001] Bare Except Pass: except: pass or except Exception: pass — silently swallows e… cli/python/src/mem0_cli/commands/agent_…:100
HIGH MINED001 [MINED001] Bare Except Pass: except: pass or except Exception: pass — silently swallows e… cli/python/src/mem0_cli/backend/platfor…:352
HIGH SEC128 [SEC128] Async function without await — fire-and-forget Promise (AI mistake): Async call … mem0/configs/llms/aws_bedrock.py:90
HIGH SEC128 [SEC128] Async function without await — fire-and-forget Promise (AI mistake): Async call … mem0-plugin/scripts/auto_setup_categori…:151
HIGH SEC128 [SEC128] Async function without await — fire-and-forget Promise (AI mistake): Async call … cli/node/telemetry-sender.cjs:45
HIGH SEC029 [SEC029] Server-Side Request Forgery (SSRF) — outbound HTTP from user input: Outbound HTT… examples/multimodal-demo/src/utils/file…:6
HIGH SEC029 [SEC029] Server-Side Request Forgery (SSRF) — outbound HTTP from user input: Outbound HTT… cli/python/src/mem0_cli/telemetry_sende…:66
HIGH SEC029 [SEC029] Server-Side Request Forgery (SSRF) — outbound HTTP from user input: Outbound HTT… cli/node/telemetry-sender.cjs:24
HIGH MINED004 [MINED004] Weak Crypto: MD5/SHA1/DES/RC4 used for security context (not just checksums). mem0/memory/utils.py:209
HIGH MINED004 [MINED004] Weak Crypto: MD5/SHA1/DES/RC4 used for security context (not just checksums). cli/python/src/mem0_cli/telemetry.py:54
HIGH MINED004 [MINED004] Weak Crypto: MD5/SHA1/DES/RC4 used for security context (not just checksums). cli/node/src/telemetry.ts:68
HIGH SEC040 [SEC040] innerHTML XSS — template literal with server-supplied data: Setting .innerHTML w… examples/multimodal-demo/useChat.ts:153
HIGH SEC040 [SEC040] innerHTML XSS — template literal with server-supplied data: Setting .innerHTML w… examples/multimodal-demo/src/hooks/useC…:153
HIGH SEC040 [SEC040] innerHTML XSS — template literal with server-supplied data: Setting .innerHTML w… cli/node/src/output.ts:389
HIGH MINED115 [MINED115] Action `pnpm/action-setup` pinned to mutable ref `@v4`: `uses: pnpm/action-set… .github/workflows/ts-sdk-cd.yml:21
HIGH MINED115 [MINED115] Action `actions/checkout` pinned to mutable ref `@v4`: `uses: actions/checkout… .github/workflows/ts-sdk-cd.yml:18
HIGH MINED115 [MINED115] Action `pypa/gh-action-pypi-publish` pinned to mutable ref `@release/v1`: `use… .github/workflows/cli-python-cd.yml:32
HIGH MINED115 [MINED115] Action `actions/setup-python` pinned to mutable ref `@v5`: `uses: actions/setu… .github/workflows/cli-python-cd.yml:21
HIGH MINED115 [MINED115] Action `actions/checkout` pinned to mutable ref `@v4`: `uses: actions/checkout… .github/workflows/cli-python-cd.yml:18
HIGH MINED115 [MINED115] Action `pypa/gh-action-pypi-publish` pinned to mutable ref `@release/v1`: `use… .github/workflows/cd.yml:43
HIGH MINED115 [MINED115] Action `actions/setup-python` pinned to mutable ref `@v2`: `uses: actions/setu… .github/workflows/cd.yml:18
HIGH MINED115 [MINED115] Action `actions/checkout` pinned to mutable ref `@v2`: `uses: actions/checkout… .github/workflows/cd.yml:15
HIGH MINED115 [MINED115] Action `actions/checkout` pinned to mutable ref `@v4`: `uses: actions/checkout… .github/workflows/docs-llms-txt-check.y…:26
HIGH MINED115 [MINED115] Action `actions/setup-node` pinned to mutable ref `@v4`: `uses: actions/setup-… .github/workflows/cli-node-cd.yml:26
HIGH MINED115 [MINED115] Action `pnpm/action-setup` pinned to mutable ref `@v4`: `uses: pnpm/action-set… .github/workflows/cli-node-cd.yml:21
HIGH MINED115 [MINED115] Action `actions/checkout` pinned to mutable ref `@v4`: `uses: actions/checkout… .github/workflows/cli-node-cd.yml:18
HIGH MINED115 [MINED115] Action `actions/setup-node` pinned to mutable ref `@v4`: `uses: actions/setup-… .github/workflows/cli-node-ci.yml:84
HIGH MINED115 [MINED115] Action `pnpm/action-setup` pinned to mutable ref `@v4`: `uses: pnpm/action-set… .github/workflows/cli-node-ci.yml:79
HIGH MINED115 [MINED115] Action `actions/checkout` pinned to mutable ref `@v4`: `uses: actions/checkout… .github/workflows/cli-node-ci.yml:76
HIGH MINED115 [MINED115] Action `actions/setup-node` pinned to mutable ref `@v4`: `uses: actions/setup-… .github/workflows/cli-node-ci.yml:59
HIGH MINED115 [MINED115] Action `pnpm/action-setup` pinned to mutable ref `@v4`: `uses: pnpm/action-set… .github/workflows/cli-node-ci.yml:54
HIGH MINED115 [MINED115] Action `actions/checkout` pinned to mutable ref `@v4`: `uses: actions/checkout… .github/workflows/cli-node-ci.yml:51
HIGH MINED115 [MINED115] Action `actions/setup-node` pinned to mutable ref `@v4`: `uses: actions/setup-… .github/workflows/cli-node-ci.yml:27
HIGH MINED115 [MINED115] Action `pnpm/action-setup` pinned to mutable ref `@v4`: `uses: pnpm/action-set… .github/workflows/cli-node-ci.yml:22
HIGH MINED115 [MINED115] Action `actions/checkout` pinned to mutable ref `@v4`: `uses: actions/checkout… .github/workflows/cli-node-ci.yml:19
HIGH MINED115 [MINED115] Action `redhat-plumbers-in-action/advanced-issue-labeler` pinned to mutable re… .github/workflows/issue-labeler.yml:32
HIGH MINED115 [MINED115] Action `stefanbuck/github-issue-parser` pinned to mutable ref `@v3`: `uses: st… .github/workflows/issue-labeler.yml:26
HIGH MINED115 [MINED115] Action `redhat-plumbers-in-action/advanced-issue-labeler` pinned to mutable re… .github/workflows/issue-labeler.yml:19
HIGH MINED115 [MINED115] Action `stefanbuck/github-issue-parser` pinned to mutable ref `@v3`: `uses: st… .github/workflows/issue-labeler.yml:15
HIGH MINED118 [MINED118] Dockerfile FROM `node:20-alpine` not pinned by digest: `FROM node:20-alpine` r… server/dashboard/Dockerfile:1
HIGH MINED118 [MINED118] Dockerfile FROM `python:3.12-slim` not pinned by digest: `FROM python:3.12-sli… openmemory/api/Dockerfile:1
HIGH MINED118 [MINED118] Dockerfile FROM `node:18-alpine` not pinned by digest: `FROM node:18-alpine` r… openmemory/ui/Dockerfile:4
HIGH MINED118 [MINED118] Dockerfile FROM `python:3.12` not pinned by digest: `FROM python:3.12` resolve… server/dev.Dockerfile:1
HIGH MINED118 [MINED118] Dockerfile FROM `python:3.12-slim` not pinned by digest: `FROM python:3.12-sli… server/Dockerfile:1
HIGH SEC020 [SEC020] Secret Printed to Logs: Debug or diagnostic code appears to print a credential-b… server/scripts/seed.sh:7
HIGH AGT002 LLM memory extraction can be prompt-injected into storing fake facts mem0/configs/prompts.py:116
HIGH MINED112 [MINED112] FastAPI POST /{client_name}/sse/{user_id}/messages/ has no auth: Handler `hand… openmemory/api/app/mcp_server.py:471
HIGH MINED112 [MINED112] FastAPI POST /messages/ has no auth: Handler `handle_get_message` is registere… openmemory/api/app/mcp_server.py:466
HIGH SEC013 [SEC013] Path Traversal — User Input in File Path: User-controlled input used in file pat… mem0-plugin/scripts/telemetry.py:105
MED MINED109 [MINED109] Mutable default argument in `__init__` (dict): `def __init__(... = []/{}/set()… mem0/configs/embeddings/base.py:15
MED MINED111 [MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that r… mem0/client/main.py:159
MED MINED111 [MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that r… mem0/vector_stores/pinecone.py:277
MED MINED111 [MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that r… mem0/vector_stores/turbopuffer.py:332
MED MINED111 [MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that r… mem0/vector_stores/turbopuffer.py:290
MED MINED111 [MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that r… mem0/vector_stores/databricks.py:384
MED MINED111 [MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that r… mem0/vector_stores/opensearch.py:107
MED MINED109 [MINED109] Mutable default argument in `create` (list): `def create(... = []/{}/set())` —… mem0/proxy/main.py:52
MED MINED111 [MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that r… mem0/embeddings/vertexai.py:32
MED MINED111 [MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that r… mem0/memory/main.py:2309
MED MINED111 [MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that r… mem0/memory/main.py:894
MED MINED111 [MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that r… mem0/memory/main.py:2304
MED MINED111 [MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that r… mem0/memory/main.py:888
MED MINED111 [MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that r… mem0/memory/main.py:199
MED MINED111 [MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that r… mem0/llms/aws_bedrock.py:712
MED MINED111 [MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that r… openmemory/api/app/utils/memory.py:488
MED MINED111 [MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that r… openmemory/api/app/utils/memory.py:457
MED MINED111 [MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that r… openmemory/api/app/utils/memory.py:497
MED MINED111 [MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that r… openmemory/api/app/routers/backup.py:458
MED MINED111 [MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that r… openmemory/api/app/routers/backup.py:350
MED MINED111 [MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that r… openmemory/api/app/routers/backup.py:49
MED MINED111 [MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that r… openmemory/api/app/routers/backup.py:403
MED MINED111 [MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that r… openmemory/api/app/routers/backup.py:37
MED MINED111 [MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that r… openmemory/api/app/routers/backup.py:46
MED MINED111 [MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that r… openmemory/api/app/models.py:225
MED MINED111 [MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that r… server/main.py:71
MED MINED111 [MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that r… server/server_state.py:34
MED SEC046 [SEC046] Client-side open redirect — window.location = server-supplied URL: Assigning win… server/dashboard/src/utils/api.ts:20
MED SEC015 [SEC015] Insecure Randomness for Security: Weak PRNG used in security-sensitive context. … server/routers/api_keys.py:62
MED SEC015 [SEC015] Insecure Randomness for Security: Weak PRNG used in security-sensitive context. … server/auth.py:39
MED SEC139 [SEC139] AI-generated migration/route without companion test file: Route or migration tou… server/alembic/versions/006_request_log…:21
MED SEC136 [SEC136] AI-typical over-broad exception handler swallowing all errors: Catch-all excepti… mem0-plugin/scripts/_search.py:55
MED SEC041 [SEC041] Tabnabbing — target="_blank" without rel="noopener noreferrer": <a target="_blan… examples/yt-assistant-chrome/src/popup.…:95
MED SEC034 [SEC034] Log Injection / Log Forging — unsanitized user input in log: User input is logge… examples/misc/personalized_search.py:67
MED SEC045 [SEC045] eval()/exec() on stored or user-supplied data: eval() and exec() on data — even … openclaw/filtering.ts:18
MED SEC045 [SEC045] eval()/exec() on stored or user-supplied data: eval() and exec() on data — even … mem0-ts/src/oss/src/storage/SQLiteManag…:18
MED SEC045 [SEC045] eval()/exec() on stored or user-supplied data: eval() and exec() on data — even … examples/mem0-demo/components/mem0/mark…:191
MED ERR001 [ERR001] Silent Exception Swallowing: Silently swallowing all exceptions hides bugs. Even… cli/python/src/mem0_cli/telemetry_sende…:72
MED ERR001 [ERR001] Silent Exception Swallowing: Silently swallowing all exceptions hides bugs. Even… cli/python/src/mem0_cli/telemetry.py:65
MED ERR001 [ERR001] Silent Exception Swallowing: Silently swallowing all exceptions hides bugs. Even… cli/python/src/mem0_cli/config.py:192
MED ERR002 [ERR002] Empty Catch Block: Empty catch blocks hide errors. mem0-ts/src/oss/src/llms/langchain.ts:130
MED ERR002 [ERR002] Empty Catch Block: Empty catch blocks hide errors. mem0-ts/src/client/telemetry.ts:14
MED ERR002 [ERR002] Empty Catch Block: Empty catch blocks hide errors. cli/node/telemetry-sender.cjs:129
MED DKR003 Compose service `openmemory-ui` image uses the latest tag openmemory/docker-compose.yml:23
MED AUC001 [AUC001] No Repobility access matrix policy found: The repository uses web/API frameworks…
MED MINED124 [MINED124] requirements.txt: `cryptography>46.0.4` has no version pin: Unpinned pip requi… server/requirements.txt:20
MED MINED124 [MINED124] requirements.txt: `mem0ai` has no version pin: Unpinned pip requirement means … mem0-plugin/requirements.txt:1
MED DKR002 Compose service `openmemory-mcp` image has no explicit tag openmemory/docker-compose.yml:7
MED DKR002 Compose service `mem0_store` image has no explicit tag openmemory/docker-compose.yml:1
MED DKR007 Docker build context has no .dockerignore .dockerignore
MED DKR001 Docker final stage has no non-root USER server/Dockerfile:1
MED DKR001 Docker final stage has no non-root USER openmemory/api/Dockerfile:1
MED SEC017 [SEC017] Unbounded Input to LLM/External API: User input is passed to an LLM or external … examples/misc/multillm_memory.py:79
MED JRN003 Frontend API reference is not matched by discovered backend routes server/dashboard/src/middleware.ts:7
MED AUC002 [AUC002] Low visible authorization coverage in route inventory: Only 0.0% of discovered r…
MED AGT015 Remote install command pipes network code directly to a shell docs/integrations/hermes.mdx:39
MED AUC009 [AUC009] Sensitive function route lacks elevated authorization evidence: A route appears … server/dashboard/src/app/api/auth/refre…:57
MED AUC009 [AUC009] Sensitive function route lacks elevated authorization evidence: A route appears … server/dashboard/src/app/api/auth/refre…:42
MED AUC009 [AUC009] Sensitive function route lacks elevated authorization evidence: A route appears … server/dashboard/src/app/api/auth/refre…:15
LOW COMP001 [COMP001] High cognitive complexity: Function `_build_filters` has cognitive complexity 1… cli/python/src/mem0_cli/backend/platfor…:116
LOW COMP001 [COMP001] High cognitive complexity: Function `add` has cognitive complexity 11 (SonarSou… cli/python/src/mem0_cli/backend/platfor…:72
LOW COMP001 [COMP001] High cognitive complexity: Function `_request` has cognitive complexity 11 (Son… cli/python/src/mem0_cli/backend/platfor…:32
LOW AIC003 Duplicated implementation block across source files mem0/configs/llms/openai.py:7
LOW AIC003 Duplicated implementation block across source files mem0/configs/llms/ollama.py:34
LOW AIC003 Duplicated implementation block across source files mem0/configs/llms/ollama.py:7
LOW AIC003 Duplicated implementation block across source files mem0/configs/llms/minimax.py:34
LOW AIC003 Duplicated implementation block across source files mem0/configs/llms/minimax.py:7
LOW AIC003 Duplicated implementation block across source files mem0/configs/llms/lmstudio.py:36
LOW AIC003 Duplicated implementation block across source files mem0/configs/llms/lmstudio.py:7
LOW AIC003 Duplicated implementation block across source files mem0/configs/llms/deepseek.py:34
LOW AIC003 Duplicated implementation block across source files mem0-ts/src/oss/src/vector_stores/vecto…:210
LOW AIC003 Duplicated implementation block across source files mem0-ts/src/oss/src/vector_stores/supab…:189
LOW AIC003 Duplicated implementation block across source files mem0-ts/src/oss/src/vector_stores/qdran…:298
LOW AIC003 Duplicated implementation block across source files mem0-ts/src/oss/src/utils/telemetry.typ…:7
LOW AIC003 Duplicated implementation block across source files mem0-ts/src/oss/src/utils/telemetry.ts:45
LOW AIC003 Duplicated implementation block across source files mem0-ts/src/oss/src/storage/SupabaseHis…:2
LOW AIC003 Duplicated implementation block across source files mem0-ts/src/oss/src/llms/openai_structu…:48
LOW AIC003 Duplicated implementation block across source files mem0-ts/src/oss/src/llms/openai_structu…:5
LOW AIC003 Duplicated implementation block across source files mem0-ts/src/oss/src/llms/openai.ts:21
LOW AIC003 Duplicated implementation block across source files mem0-ts/src/oss/src/llms/ollama.ts:63
LOW AIC003 Duplicated implementation block across source files mem0-ts/src/oss/src/embeddings/openai.ts:18
LOW AIC003 Duplicated implementation block across source files mem0-plugin/scripts/on_pre_compact.py:207
LOW AIC003 Duplicated implementation block across source files mem0-plugin/scripts/on_pre_compact.py:43
LOW AIC003 Duplicated implementation block across source files mem0-plugin/scripts/import_competing_to…:61
LOW AIC003 Duplicated implementation block across source files mem0-plugin/scripts/import_competing_to…:57
LOW AIC003 Duplicated implementation block across source files mem0-plugin/scripts/capture_compact_sum…:41
LOW AIC003 Duplicated implementation block across source files mem0-plugin/scripts/auto_import.py:204
LOW AIC003 Duplicated implementation block across source files evaluation/src/zep/search.py:61
LOW AIC003 Duplicated implementation block across source files evaluation/src/openai/predict.py:12
LOW AIC003 Duplicated implementation block across source files cli/python/src/mem0_cli/backend/platfor…:56
LOW AIC003 Duplicated implementation block across source files cli/python/src/mem0_cli/commands/memory…:556
LOW AIC003 Duplicated implementation block across source files cli/node/src/commands/memory.ts:523
LOW DKC012 Compose service performs heavy setup work on every startup server/docker-compose.yaml:3
LOW DKR012 Dockerfile keeps pip download cache openmemory/api/Dockerfile:8
LOW DKC010 Compose service lacks no-new-privileges hardening server/docker-compose.yaml:51
LOW DKC010 Compose service lacks no-new-privileges hardening server/docker-compose.yaml:3
LOW DKC010 Compose service lacks no-new-privileges hardening openmemory/docker-compose.yml:23
LOW DKC010 Compose service lacks no-new-privileges hardening openmemory/docker-compose.yml:7
LOW DKC010 Compose service lacks no-new-privileges hardening openmemory/docker-compose.yml:1
LOW AIC002 Source file name looks like an AI patch artifact openclaw/tools/memory-update.ts:1
LOW DKC006 Compose service does not declare a runtime user server/docker-compose.yaml:51
LOW DKC006 Compose service does not declare a runtime user server/docker-compose.yaml:31
LOW DKC006 Compose service does not declare a runtime user server/docker-compose.yaml:3
LOW DKC006 Compose service does not declare a runtime user openmemory/docker-compose.yml:23
LOW DKC006 Compose service does not declare a runtime user openmemory/docker-compose.yml:7
LOW DKC006 Compose service does not declare a runtime user openmemory/docker-compose.yml:1
INFO MINED058 [MINED058] React Dangerously Set Html: dangerouslySetInnerHTML bypasses Reacts JSX escapi… openmemory/ui/components/ui/chart.tsx:81
INFO MINED056 [MINED056] React Key As Index: key={index} in map() — re-renders the wrong elements on re… openmemory/ui/components/shared/categor…:193
INFO MINED056 [MINED056] React Key As Index: key={index} in map() — re-renders the wrong elements on re… openmemory/ui/app/apps/components/AppGr…:27
INFO MINED056 [MINED056] React Key As Index: key={index} in map() — re-renders the wrong elements on re… openmemory/ui/app/apps/[appId]/page.tsx:67
INFO MINED067 [MINED067] Python Requests No Timeout: requests.get/post/etc. without timeout= can hang f… mem0/llms/sarvam.py:76
INFO MINED054 [MINED054] Ts As Any: Casting to any (as any) bypasses type checking entirely. mem0-ts/src/oss/src/embeddings/langchai…:18
INFO MINED054 [MINED054] Ts As Any: Casting to any (as any) bypasses type checking entirely. mem0-ts/src/client/config.ts:33
INFO MINED054 [MINED054] Ts As Any: Casting to any (as any) bypasses type checking entirely. mem0-ts/jest.setup.ts:3
INFO MINED043 [MINED043] Http Not Https: Hardcoded http:// (not localhost) for endpoints that handle cr… openmemory/api/app/routers/config.py:17
INFO MINED043 [MINED043] Http Not Https: Hardcoded http:// (not localhost) for endpoints that handle cr… mem0-plugin/scripts/_project.sh:38
INFO MINED043 [MINED043] Http Not Https: Hardcoded http:// (not localhost) for endpoints that handle cr… mem0-plugin/scripts/_project.py:155
INFO MINED055 [MINED055] Npm Install No Lockfile: Production image runs npm install (resolves new versi… examples/misc/vllm_example.py:6
INFO MINED049 [MINED049] Print Pii: Logging password/token/email/ssn directly to stdout. mem0-plugin/scripts/auto_setup_categori…:83
INFO MINED049 [MINED049] Print Pii: Logging password/token/email/ssn directly to stdout. mem0-plugin/.opencode-plugin/cli.ts:203
INFO MINED049 [MINED049] Print Pii: Logging password/token/email/ssn directly to stdout. examples/misc/vllm_example.py:125
INFO MINED064 [MINED064] Python Input Call: input() blocks for stdin. Inappropriate in services. mem0/embeddings/ollama.py:11
INFO MINED064 [MINED064] Python Input Call: input() blocks for stdin. Inappropriate in services. examples/misc/healthcare_assistant_goog…:174
INFO MINED052 [MINED052] Ts Any Typed: : any used as type annotation. Defeats TypeScript type safety. examples/vercel-ai-sdk-chat-app/src/typ…:15
INFO MINED052 [MINED052] Ts Any Typed: : any used as type annotation. Defeats TypeScript type safety. examples/multimodal-demo/src/types.ts:15
INFO MINED052 [MINED052] Ts Any Typed: : any used as type annotation. Defeats TypeScript type safety. examples/mem0-demo/app/api/chat/route.ts:57
INFO MINED072 [MINED072] Python Pass Only Class: class Foo: pass — stub waiting to be filled in. server/db.py:21
INFO MINED072 [MINED072] Python Pass Only Class: class Foo: pass — stub waiting to be filled in. cli/python/src/mem0_cli/backend/platfor…:352
INFO MINED050 [MINED050] Stub Only Function: Function declared but body is just pass, return None, rais… cli/python/src/mem0_cli/config.py:193
INFO MINED050 [MINED050] Stub Only Function: Function declared but body is just pass, return None, rais… cli/python/src/mem0_cli/commands/agent_…:101
INFO MINED050 [MINED050] Stub Only Function: Function declared but body is just pass, return None, rais… cli/python/src/mem0_cli/backend/platfor…:353
INFO MINED045 [MINED045] Ts Non Null Assertion: x! asserts not null - bypasses null checks - TypeError … mem0-ts/src/oss/src/embeddings/google.ts:26
INFO MINED045 [MINED045] Ts Non Null Assertion: x! asserts not null - bypasses null checks - TypeError … mem0-plugin/.opencode-plugin/cli.ts:74
INFO MINED045 [MINED045] Ts Non Null Assertion: x! asserts not null - bypasses null checks - TypeError … cli/node/src/plugin-sync.ts:67
INFO MINED044 [MINED044] Js Console Log Prod: console.log left in code. Should be replaced with logger … cli/node/src/commands/agent-rush.ts:69
INFO MINED044 [MINED044] Js Console Log Prod: console.log left in code. Should be replaced with logger … cli/node/src/commands/agent-mode.ts:141
INFO MINED044 [MINED044] Js Console Log Prod: console.log left in code. Should be replaced with logger … cli/node/src/branding.ts:74
Reset to top 5 200 findings available (after auto-suppression of test files + won't-fix)

Issue body (markdown)

## Code-quality scan: `mem0ai/mem0`

**Score: 65/100 (A-)**  ·  277 findings  ·  scanned 2026-05-31 01:24 UTC  ·  150,037 LOC

| Severity | Count |
|---|---|
| CRITICAL | 10 |
| HIGH | 73 |
| MEDIUM | 59 |
| LOW | 47 |

📊 [Full filterable report](https://repobility.com/scan/ca6b0b99-4c4e-4439-b664-2839dc2344fa/)  ·  ![scorecard](https://repobility.com/scan/ca6b0b99-4c4e-4439-b664-2839dc2344fa/report.png?v=1780190693-s2)

### Top findings

1. **HIGH** `MINED110` — Blocking call `input` inside async function `interactive_mode`
   `examples/misc/healthcare_assistant_google_adk.py:184` · ✓ Repobility
2. **HIGH** `MINED110` — Blocking call `input` inside async function `interactive_mode`
   `examples/misc/healthcare_assistant_google_adk.py:174` · ✓ Repobility
3. **HIGH** `MINED027` — React State Array Mutation
   `openmemory/ui/store/memoriesSlice.ts:67` · CWE-682 · ✓ Repobility
4. **HIGH** `MINED027` — React State Array Mutation
   `openmemory/ui/store/filtersSlice.ts:76` · CWE-682 · ✓ Repobility
5. **HIGH** `MINED027` — React State Array Mutation
   `openmemory/ui/store/appsSlice.ts:195` · CWE-682 · ✓ Repobility

---

_Filed automatically. Close this issue if not useful — we won't refile. Full report: https://repobility.com/scan/ca6b0b99-4c4e-4439-b664-2839dc2344fa/_
Megaproject â high spam risk
Could not determine 'mem0ai/mem0' star count (GitHub API rate-limited or unreachable). When in doubt about repo size, prefer opening a focused PR or a discussion rather than an issue.
Already filed
143/372 findings (38%) on this scan are already flagged as test-file, won't-fix, or suppressed. The scan is too noisy to file as a single issue. Curate down to specific actionable findings, or address the FP source first.
I read the warnings â override Cancel

The button opens GitHubâs new-issue page in a new tab. You will see the title + body pre-filled â review, edit if you want, then click GitHubâs "Submit new issue" button. Repobility never posts anything on your behalf.

For real security findings on big repos: use the project's SECURITY.md or private advisory flow instead of a public issue.