{"version": "2.1.0", "$schema": "https://json.schemastore.org/sarif-2.1.0.json", "runs": [{"tool": {"driver": {"name": "Repobility", "informationUri": "https://repobility.com", "rules": [{"id": "GHSA-c3fc-8qff-9hwx", "name": "org.bouncycastle:bcprov-jdk18on: GHSA-c3fc-8qff-9hwx", "shortDescription": {"text": "org.bouncycastle:bcprov-jdk18on: GHSA-c3fc-8qff-9hwx"}, "fullDescription": {"text": "Bouncy Castle has an LDAP injection"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "medium", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GHSA-wg6q-6289-32hp", "name": "org.bouncycastle:bcpkix-jdk18on: GHSA-wg6q-6289-32hp", "shortDescription": {"text": "org.bouncycastle:bcpkix-jdk18on: GHSA-wg6q-6289-32hp"}, "fullDescription": {"text": "Bouncy Castle Crypto Package For Java: Use of a Broken or Risky Cryptographic Algorithm vulnerability in bcpkix modules"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "medium", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GHSA-7r82-7xv7-xcpj", "name": "org.apache.httpcomponents:httpclient: GHSA-7r82-7xv7-xcpj", "shortDescription": {"text": "org.apache.httpcomponents:httpclient: GHSA-7r82-7xv7-xcpj"}, "fullDescription": {"text": "Cross-site scripting in Apache HttpClient"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "medium", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GHSA-j288-q9x7-2f5v", "name": "org.apache.commons:commons-lang3: GHSA-j288-q9x7-2f5v", "shortDescription": {"text": "org.apache.commons:commons-lang3: GHSA-j288-q9x7-2f5v"}, "fullDescription": {"text": "Apache Commons Lang is vulnerable to Uncontrolled Recursion when processing long inputs"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "medium", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GHSA-6mjq-h674-j845", "name": "io.netty:netty-handler: GHSA-6mjq-h674-j845", "shortDescription": {"text": "io.netty:netty-handler: GHSA-6mjq-h674-j845"}, "fullDescription": {"text": "netty-handler SniHandler 16MB allocation"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "medium", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GHSA-xq3w-v528-46rv", "name": "io.netty:netty-common: GHSA-xq3w-v528-46rv", "shortDescription": {"text": "io.netty:netty-common: GHSA-xq3w-v528-46rv"}, "fullDescription": {"text": "Denial of Service attack on windows app using netty"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "medium", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GHSA-389x-839f-4rhx", "name": "io.netty:netty-common: GHSA-389x-839f-4rhx", "shortDescription": {"text": "io.netty:netty-common: GHSA-389x-839f-4rhx"}, "fullDescription": {"text": "Denial of Service attack on windows app using Netty"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "medium", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GHSA-5jpm-x58v-624v", "name": "io.netty:netty-codec-http: GHSA-5jpm-x58v-624v", "shortDescription": {"text": "io.netty:netty-codec-http: GHSA-5jpm-x58v-624v"}, "fullDescription": {"text": "Netty's HttpPostRequestDecoder can OOM"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "medium", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GHSA-xxqh-mfjm-7mv9", "name": "io.netty:netty-codec-http: GHSA-xxqh-mfjm-7mv9", "shortDescription": {"text": "io.netty:netty-codec-http: GHSA-xxqh-mfjm-7mv9"}, "fullDescription": {"text": "Netty HTTP/1.0 TE+CL Coexistence Bypasses Smuggling Sanitization"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "medium", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GHSA-v8h7-rr48-vmmv", "name": "io.netty:netty-codec-http: GHSA-v8h7-rr48-vmmv", "shortDescription": {"text": "io.netty:netty-codec-http: GHSA-v8h7-rr48-vmmv"}, "fullDescription": {"text": "Netty: Start-Line Injection in DefaultHttpRequest.setUri() Allows HTTP Request Smuggling and RTSP Request Injection"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "medium", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GHSA-m4cv-j2px-7723", "name": "io.netty:netty-codec-http: GHSA-m4cv-j2px-7723", "shortDescription": {"text": "io.netty:netty-codec-http: GHSA-m4cv-j2px-7723"}, "fullDescription": {"text": "Netty vulnerable to HTTP Request Smuggling due to incorrect chunk size parsing"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "medium", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GHSA-84h7-rjj3-6jx4", "name": "io.netty:netty-codec-http: GHSA-84h7-rjj3-6jx4", "shortDescription": {"text": "io.netty:netty-codec-http: GHSA-84h7-rjj3-6jx4"}, "fullDescription": {"text": "Netty has a CRLF Injection vulnerability in io.netty.handler.codec.http.HttpRequestEncoder"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "medium", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GHSA-38f8-5428-x5cv", "name": "io.netty:netty-codec-http: GHSA-38f8-5428-x5cv", "shortDescription": {"text": "io.netty:netty-codec-http: GHSA-38f8-5428-x5cv"}, "fullDescription": {"text": "Netty vulnerable to HTTP Request Smuggling due to malformed Transfer-Encoding"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "medium", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GHSA-3p8m-j85q-pgmj", "name": "io.netty:netty-codec: GHSA-3p8m-j85q-pgmj", "shortDescription": {"text": "io.netty:netty-codec: GHSA-3p8m-j85q-pgmj"}, "fullDescription": {"text": "Netty's decoders vulnerable to DoS via zip bomb style attack"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "medium", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "SEC001", "name": "[SEC001] Hardcoded Password: Hardcoded password found in source code.", "shortDescription": {"text": "[SEC001] Hardcoded Password: Hardcoded password found in source code."}, "fullDescription": {"text": "Use environment variables or a secrets manager."}, "properties": {"scanner": "repobility-threat-engine", "category": "credential_exposure", "severity": "medium", "confidence": 0.3, "cwe": "", "owasp": ""}}, {"id": "GHSA-45q3-82m4-75jr", "name": "io.netty:netty-handler-proxy: GHSA-45q3-82m4-75jr", "shortDescription": {"text": "io.netty:netty-handler-proxy: GHSA-45q3-82m4-75jr"}, "fullDescription": {"text": "Netty has HTTP Header Injection via HttpProxyHandler Disabled Validation (Incomplete Fix CVE-2025-67735)"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "low", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GHSA-fghv-69vj-qj49", "name": "io.netty:netty-codec-http: GHSA-fghv-69vj-qj49", "shortDescription": {"text": "io.netty:netty-codec-http: GHSA-fghv-69vj-qj49"}, "fullDescription": {"text": "Netty vulnerable to request smuggling due to incorrect parsing of chunk extensions"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "low", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "AIC003", "name": "Duplicated implementation block across source files", "shortDescription": {"text": "Duplicated implementation block across source files"}, "fullDescription": {"text": "Duplicated blocks are a common artifact when generated code is pasted or recreated instead of reused. They increase maintenance cost because every future bug fix must be found in multiple locations."}, "properties": {"scanner": "repobility-ai-code-hygiene", "category": "quality", "severity": "low", "confidence": 0.86, "cwe": "", "owasp": ""}}, {"id": "MINED050", "name": "[MINED050] Stub Only Function: Function declared but body is just pass, return None, raise NotImplementedError, or TODO ", "shortDescription": {"text": "[MINED050] Stub Only Function: Function declared but body is just pass, return None, raise NotImplementedError, or TODO comment."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-1188 /  for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "SEC029", "name": "[SEC029] Server-Side Request Forgery (SSRF) \u2014 outbound HTTP from user input (and 1 more): Same pattern found in 1 additi", "shortDescription": {"text": "[SEC029] Server-Side Request Forgery (SSRF) \u2014 outbound HTTP from user input (and 1 more): Same pattern found in 1 additional files. Review if needed."}, "fullDescription": {"text": "Validate the URL against an allowlist BEFORE fetching:\n  ALLOWED = {'images.example.com', 'cdn.example.com'}\n  host = urlparse(url).hostname\n  if host not in ALLOWED: abort(400)\nOr use a server-side proxy (Imgproxy / serve-files-only-from-S3) that isolates outbound network access from the request handler.\nBlock private CIDRs explicitly: 10/8, 172.16/12, 192.168/16, 169.254/16."}, "properties": {"scanner": "repobility-threat-engine", "category": "ssrf", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "MINED029", "name": "[MINED029] Kotlin Null Bang (and 1 more): Same pattern found in 1 additional files. Review if needed.", "shortDescription": {"text": "[MINED029] Kotlin Null Bang (and 1 more): Same pattern found in 1 additional files. Review if needed."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-476 /  for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "GO-2026-5039", "name": "stdlib: GO-2026-5039", "shortDescription": {"text": "stdlib: GO-2026-5039"}, "fullDescription": {"text": "Arbitrary inputs are included in errors without any escaping in net/textproto"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GO-2026-5038", "name": "stdlib: GO-2026-5038", "shortDescription": {"text": "stdlib: GO-2026-5038"}, "fullDescription": {"text": "Quadratic complexity in WordDecoder.DecodeHeader in mime"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GO-2026-5037", "name": "stdlib: GO-2026-5037", "shortDescription": {"text": "stdlib: GO-2026-5037"}, "fullDescription": {"text": "Inefficient candidate hostname parsing in crypto/x509"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GO-2026-4986", "name": "stdlib: GO-2026-4986", "shortDescription": {"text": "stdlib: GO-2026-4986"}, "fullDescription": {"text": "Quadratic string concatentation in consumeComment in net/mail"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GO-2026-4982", "name": "stdlib: GO-2026-4982", "shortDescription": {"text": "stdlib: GO-2026-4982"}, "fullDescription": {"text": "Bypass of meta content URL escaping causes XSS in html/template"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GO-2026-4981", "name": "stdlib: GO-2026-4981", "shortDescription": {"text": "stdlib: GO-2026-4981"}, "fullDescription": {"text": "Crash when handling long CNAME response in net"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GO-2026-4980", "name": "stdlib: GO-2026-4980", "shortDescription": {"text": "stdlib: GO-2026-4980"}, "fullDescription": {"text": "Escaper bypass leads to XSS in html/template"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GO-2026-4977", "name": "stdlib: GO-2026-4977", "shortDescription": {"text": "stdlib: GO-2026-4977"}, "fullDescription": {"text": "Quadratic string concatenation in consumePhrase in net/mail"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GO-2026-4976", "name": "stdlib: GO-2026-4976", "shortDescription": {"text": "stdlib: GO-2026-4976"}, "fullDescription": {"text": "ReverseProxy forwards queries with more than urlmaxqueryparams parameters in net/http/httputil"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GO-2026-4971", "name": "stdlib: GO-2026-4971", "shortDescription": {"text": "stdlib: GO-2026-4971"}, "fullDescription": {"text": "Panic in Dial and LookupPort when handling NUL byte on Windows in net"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GO-2026-4947", "name": "stdlib: GO-2026-4947", "shortDescription": {"text": "stdlib: GO-2026-4947"}, "fullDescription": {"text": "Unexpected work during chain building in crypto/x509"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GO-2026-4946", "name": "stdlib: GO-2026-4946", "shortDescription": {"text": "stdlib: GO-2026-4946"}, "fullDescription": {"text": "Inefficient policy validation in crypto/x509"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GO-2026-4918", "name": "stdlib: GO-2026-4918", "shortDescription": {"text": "stdlib: GO-2026-4918"}, "fullDescription": {"text": "Infinite loop in HTTP/2 transport when given bad SETTINGS_MAX_FRAME_SIZE in net/http/internal/http2 in golang.org/x/net"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GO-2026-4870", "name": "stdlib: GO-2026-4870", "shortDescription": {"text": "stdlib: GO-2026-4870"}, "fullDescription": {"text": "Unauthenticated TLS 1.3 KeyUpdate record can cause persistent connection retention and DoS in crypto/tls"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GO-2026-4869", "name": "stdlib: GO-2026-4869", "shortDescription": {"text": "stdlib: GO-2026-4869"}, "fullDescription": {"text": "Unbounded allocation for old GNU sparse in archive/tar"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GO-2026-4865", "name": "stdlib: GO-2026-4865", "shortDescription": {"text": "stdlib: GO-2026-4865"}, "fullDescription": {"text": "JsBraceDepth Context Tracking Bugs (XSS) in html/template"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GO-2026-4864", "name": "stdlib: GO-2026-4864", "shortDescription": {"text": "stdlib: GO-2026-4864"}, "fullDescription": {"text": "TOCTOU permits root escape on Linux via Root.Chmod in os in internal/syscall/unix"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GO-2026-4603", "name": "stdlib: GO-2026-4603", "shortDescription": {"text": "stdlib: GO-2026-4603"}, "fullDescription": {"text": "URLs in meta content attribute actions are not escaped in html/template"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GO-2026-4602", "name": "stdlib: GO-2026-4602", "shortDescription": {"text": "stdlib: GO-2026-4602"}, "fullDescription": {"text": "FileInfo can escape from a Root in os"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GO-2026-4601", "name": "stdlib: GO-2026-4601", "shortDescription": {"text": "stdlib: GO-2026-4601"}, "fullDescription": {"text": "Incorrect parsing of IPv6 host literals in net/url"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GO-2026-4342", "name": "stdlib: GO-2026-4342", "shortDescription": {"text": "stdlib: GO-2026-4342"}, "fullDescription": {"text": "Excessive CPU consumption when building archive index in archive/zip"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GO-2026-4341", "name": "stdlib: GO-2026-4341", "shortDescription": {"text": "stdlib: GO-2026-4341"}, "fullDescription": {"text": "Memory exhaustion in query parameter parsing in net/url"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GO-2026-4340", "name": "stdlib: GO-2026-4340", "shortDescription": {"text": "stdlib: GO-2026-4340"}, "fullDescription": {"text": "Handshake messages may be processed at the incorrect encryption level in crypto/tls"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GO-2026-4337", "name": "stdlib: GO-2026-4337", "shortDescription": {"text": "stdlib: GO-2026-4337"}, "fullDescription": {"text": "Unexpected session resumption in crypto/tls"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GO-2025-4175", "name": "stdlib: GO-2025-4175", "shortDescription": {"text": "stdlib: GO-2025-4175"}, "fullDescription": {"text": "Improper application of excluded DNS name constraints when verifying wildcard names in crypto/x509"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GO-2025-4155", "name": "stdlib: GO-2025-4155", "shortDescription": {"text": "stdlib: GO-2025-4155"}, "fullDescription": {"text": "Excessive resource consumption when printing error string for host certificate validation in crypto/x509"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GO-2025-4015", "name": "stdlib: GO-2025-4015", "shortDescription": {"text": "stdlib: GO-2025-4015"}, "fullDescription": {"text": "Excessive CPU consumption in Reader.ReadResponse in net/textproto"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GO-2025-4014", "name": "stdlib: GO-2025-4014", "shortDescription": {"text": "stdlib: GO-2025-4014"}, "fullDescription": {"text": "Unbounded allocation when parsing GNU sparse map in archive/tar"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GO-2025-4013", "name": "stdlib: GO-2025-4013", "shortDescription": {"text": "stdlib: GO-2025-4013"}, "fullDescription": {"text": "Panic when validating certificates with DSA public keys in crypto/x509"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GO-2025-4012", "name": "stdlib: GO-2025-4012", "shortDescription": {"text": "stdlib: GO-2025-4012"}, "fullDescription": {"text": "Lack of limit when parsing cookies can cause memory exhaustion in net/http"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GO-2025-4011", "name": "stdlib: GO-2025-4011", "shortDescription": {"text": "stdlib: GO-2025-4011"}, "fullDescription": {"text": "Parsing DER payload can cause memory exhaustion in encoding/asn1"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GO-2025-4010", "name": "stdlib: GO-2025-4010", "shortDescription": {"text": "stdlib: GO-2025-4010"}, "fullDescription": {"text": "Insufficient validation of bracketed IPv6 hostnames in net/url"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GO-2025-4009", "name": "stdlib: GO-2025-4009", "shortDescription": {"text": "stdlib: GO-2025-4009"}, "fullDescription": {"text": "Quadratic complexity when parsing some invalid inputs in encoding/pem"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GO-2025-4008", "name": "stdlib: GO-2025-4008", "shortDescription": {"text": "stdlib: GO-2025-4008"}, "fullDescription": {"text": "ALPN negotiation error contains attacker controlled information in crypto/tls"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GO-2025-4007", "name": "stdlib: GO-2025-4007", "shortDescription": {"text": "stdlib: GO-2025-4007"}, "fullDescription": {"text": "Quadratic complexity when checking name constraints in crypto/x509"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GO-2025-4006", "name": "stdlib: GO-2025-4006", "shortDescription": {"text": "stdlib: GO-2025-4006"}, "fullDescription": {"text": "Excessive CPU consumption in ParseAddress in net/mail"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GO-2025-3955", "name": "stdlib: GO-2025-3955", "shortDescription": {"text": "stdlib: GO-2025-3955"}, "fullDescription": {"text": "CrossOriginProtection insecure bypass patterns not limited to exact matches in net/http"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GHSA-2363-cqg2-863c", "name": "org.jdom:jdom2: GHSA-2363-cqg2-863c", "shortDescription": {"text": "org.jdom:jdom2: GHSA-2363-cqg2-863c"}, "fullDescription": {"text": "XML External Entity (XXE) Injection in JDOM"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GHSA-p93r-85wp-75v3", "name": "org.bouncycastle:bcprov-jdk18on: GHSA-p93r-85wp-75v3", "shortDescription": {"text": "org.bouncycastle:bcprov-jdk18on: GHSA-p93r-85wp-75v3"}, "fullDescription": {"text": "Bouncy Castle Has Covert Timing Channel Vulnerability"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GHSA-3677-xxcr-wjqv", "name": "org.bitbucket.b_c:jose4j: GHSA-3677-xxcr-wjqv", "shortDescription": {"text": "org.bitbucket.b_c:jose4j: GHSA-3677-xxcr-wjqv"}, "fullDescription": {"text": "jose4j is vulnerable to DoS via compressed JWE content"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GHSA-4g8c-wm8x-jfhw", "name": "io.netty:netty-handler: GHSA-4g8c-wm8x-jfhw", "shortDescription": {"text": "io.netty:netty-handler: GHSA-4g8c-wm8x-jfhw"}, "fullDescription": {"text": "SslHandler doesn't correctly validate packets which can lead to native crash when using native SSLEngine"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GHSA-xpw8-rcwv-8f8p", "name": "io.netty:netty-codec-http2: GHSA-xpw8-rcwv-8f8p", "shortDescription": {"text": "io.netty:netty-codec-http2: GHSA-xpw8-rcwv-8f8p"}, "fullDescription": {"text": "io.netty:netty-codec-http2 vulnerable to HTTP/2 Rapid Reset Attack"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GHSA-w9fj-cfpg-grvv", "name": "io.netty:netty-codec-http2: GHSA-w9fj-cfpg-grvv", "shortDescription": {"text": "io.netty:netty-codec-http2: GHSA-w9fj-cfpg-grvv"}, "fullDescription": {"text": "Netty HTTP/2 CONTINUATION Frame Flood DoS via Zero-Byte Frame Bypass"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GHSA-prj3-ccx8-p6x4", "name": "io.netty:netty-codec-http2: GHSA-prj3-ccx8-p6x4", "shortDescription": {"text": "io.netty:netty-codec-http2: GHSA-prj3-ccx8-p6x4"}, "fullDescription": {"text": "Netty affected by MadeYouReset HTTP/2 DDoS vulnerability"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GHSA-f6hv-jmp6-3vwv", "name": "io.netty:netty-codec-http2: GHSA-f6hv-jmp6-3vwv", "shortDescription": {"text": "io.netty:netty-codec-http2: GHSA-f6hv-jmp6-3vwv"}, "fullDescription": {"text": "Netty: HttpContentDecompressor maxAllocation bypass when Content-Encoding set to br/zstd/snappy leads to decompression bomb DoS"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GHSA-pwqr-wmgm-9rr8", "name": "io.netty:netty-codec-http: GHSA-pwqr-wmgm-9rr8", "shortDescription": {"text": "io.netty:netty-codec-http: GHSA-pwqr-wmgm-9rr8"}, "fullDescription": {"text": "Netty: HTTP Request Smuggling via Chunked Extension Quoted-String Parsing"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GHSA-57rv-r2g8-2cj3", "name": "io.netty:netty-codec-http: GHSA-57rv-r2g8-2cj3", "shortDescription": {"text": "io.netty:netty-codec-http: GHSA-57rv-r2g8-2cj3"}, "fullDescription": {"text": "Netty has HttpClientCodec response desynchronization"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GHSA-mj4r-2hfc-f8p6", "name": "io.netty:netty-codec: GHSA-mj4r-2hfc-f8p6", "shortDescription": {"text": "io.netty:netty-codec: GHSA-mj4r-2hfc-f8p6"}, "fullDescription": {"text": "Netty Lz4FrameDecoder is vulnerable to resource exhaustion "}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "SEC093", "name": "[SEC093] Go: exec.Command with non-literal: exec.Command(<var>) \u2014 variable command name allows command injection. Ported", "shortDescription": {"text": "[SEC093] Go: exec.Command with non-literal: exec.Command(<var>) \u2014 variable command name allows command injection. Ported from gosec G204 (Apache-2.0)."}, "fullDescription": {"text": "Use a constant command name and validate args via a whitelist."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "high", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED001", "name": "[MINED001] Bare Except Pass: except: pass or except Exception: pass \u2014 silently swallows everything including KeyboardInt", "shortDescription": {"text": "[MINED001] Bare Except Pass: except: pass or except Exception: pass \u2014 silently swallows everything including KeyboardInterrupt and bugs."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-755 /  for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "high", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "SEC128", "name": "[SEC128] Async function without await \u2014 fire-and-forget Promise (AI mistake): Async call invoked without `await` returns", "shortDescription": {"text": "[SEC128] Async function without await \u2014 fire-and-forget Promise (AI mistake): Async call invoked without `await` returns an unhandled Promise. The outer function resolves before the inner work completes \u2014 DB writes lost, emails not sent, ra"}, "fullDescription": {"text": "Add `await` before each async call, or chain with `.then`. If you intentionally want fire-and-forget, prefix with `void` (TS) or assign to `_` (Python with `asyncio.create_task`) to make the intent explicit and survive lint."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "high", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED134", "name": "Binary file `gradle/wrapper/gradle-wrapper.jar` committed in source repo", "shortDescription": {"text": "Binary file `gradle/wrapper/gradle-wrapper.jar` committed in source repo"}, "fullDescription": {"text": "`gradle/wrapper/gradle-wrapper.jar` is a .jar binary (48,462 bytes) committed to a repo that otherwise has 54 source files. Trojan binaries inside otherwise-normal source repos are a known supply-chain attack: a compromised dependency or PR slips in a binary that gets executed by build scripts."}, "properties": {"scanner": "repobility-supply-chain", "category": "dependency", "severity": "high", "confidence": 0.9, "cwe": "", "owasp": ""}}, {"id": "MINED128", "name": "go.mod replaces `github.com/t3rm1n4l/go-mega` \u2014 redirects to fork `github.com/chenxiaolong/go-mega`", "shortDescription": {"text": "go.mod replaces `github.com/t3rm1n4l/go-mega` \u2014 redirects to fork `github.com/chenxiaolong/go-mega`"}, "fullDescription": {"text": "`replace github.com/t3rm1n4l/go-mega => github.com/chenxiaolong/go-mega` overrides the canonical dependency with a different source (redirects to fork `github.com/chenxiaolong/go-mega`). Local-path replaces are fine for monorepos but in published modules they can hide malicious forks from anyone who only audits the require lines."}, "properties": {"scanner": "repobility-supply-chain", "category": "dependency", "severity": "high", "confidence": 0.9, "cwe": "", "owasp": ""}}, {"id": "CORE_NO_TESTS", "name": "No test files found", "shortDescription": {"text": "No test files found"}, "fullDescription": {"text": "Add a test directory (tests/ or __tests__/) with unit tests for core functionality. Use pytest (Python), Jest (JS/TS), or go test (Go). Start with tests for critical business logic and security-sensitive functions."}, "properties": {"scanner": "repobility-core", "category": "testing", "severity": "high", "confidence": null, "cwe": "", "owasp": ""}}]}}, "automationDetails": {"id": "repobility/1309"}, "properties": {"repository": "chenxiaolong/RSAF", "repoUrl": "https://github.com/chenxiaolong/RSAF", "branch": "master"}, "results": [{"ruleId": "GHSA-c3fc-8qff-9hwx", "level": "warning", "message": {"text": "org.bouncycastle:bcprov-jdk18on: GHSA-c3fc-8qff-9hwx"}, "properties": {"repobilityId": 133745, "scanner": "osv-scanner", "fingerprint": "5df2a732543e9ebc7110bd5da64dcbcdd2f3bb785571a71e4486c9a0462243ff", "category": "dependency", "severity": "medium", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-0636"], "package": "org.bouncycastle:bcprov-jdk18on", "rule_id": "GHSA-c3fc-8qff-9hwx", "scanner": "osv-scanner", "correlation_key": "vuln|token|CVE-2026-0636|token"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "gradle/verification-metadata.xml"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-wg6q-6289-32hp", "level": "warning", "message": {"text": "org.bouncycastle:bcpkix-jdk18on: GHSA-wg6q-6289-32hp"}, "properties": {"repobilityId": 133744, "scanner": "osv-scanner", "fingerprint": "abe255c46236607e77efdaa74d887160ee3290568f4eaf7559b567711c123f1b", "category": "dependency", "severity": "medium", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-5588"], "package": "org.bouncycastle:bcpkix-jdk18on", "rule_id": "GHSA-wg6q-6289-32hp", "scanner": "osv-scanner", "correlation_key": "vuln|token|CVE-2026-5588|token"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "gradle/verification-metadata.xml"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-7r82-7xv7-xcpj", "level": "warning", "message": {"text": "org.apache.httpcomponents:httpclient: GHSA-7r82-7xv7-xcpj"}, "properties": {"repobilityId": 133742, "scanner": "osv-scanner", "fingerprint": "6e48bd40cbc2f45852066770aac34814eba3ff8851074d3675ce703364fcf216", "category": "dependency", "severity": "medium", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2020-13956"], "package": "org.apache.httpcomponents:httpclient", "rule_id": "GHSA-7r82-7xv7-xcpj", "scanner": "osv-scanner", "correlation_key": "vuln|token|CVE-2020-13956|token"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "gradle/verification-metadata.xml"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-j288-q9x7-2f5v", "level": "warning", "message": {"text": "org.apache.commons:commons-lang3: GHSA-j288-q9x7-2f5v"}, "properties": {"repobilityId": 133741, "scanner": "osv-scanner", "fingerprint": "ae6715a8734a03fc0f870a7e0b306ac31c2777e6e90a57aa879372926a3be9c1", "category": "dependency", "severity": "medium", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2025-48924"], "package": "org.apache.commons:commons-lang3", "rule_id": "GHSA-j288-q9x7-2f5v", "scanner": "osv-scanner", "correlation_key": "vuln|token|CVE-2025-48924|token"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "gradle/verification-metadata.xml"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-6mjq-h674-j845", "level": "warning", "message": {"text": "io.netty:netty-handler: GHSA-6mjq-h674-j845"}, "properties": {"repobilityId": 133739, "scanner": "osv-scanner", "fingerprint": "709bfebf009669107f2b89e85958500658cf724c8e78e68e85c390018bdae430", "category": "dependency", "severity": "medium", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2023-34462"], "package": "io.netty:netty-handler", "rule_id": "GHSA-6mjq-h674-j845", "scanner": "osv-scanner", "correlation_key": "vuln|io.netty:netty-handler|CVE-2023-34462|token"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "gradle/verification-metadata.xml"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-xq3w-v528-46rv", "level": "warning", "message": {"text": "io.netty:netty-common: GHSA-xq3w-v528-46rv"}, "properties": {"repobilityId": 133737, "scanner": "osv-scanner", "fingerprint": "e69bc807e9609554c27ebe387881865694819694e3a4c7661834c6924d6fdb7a", "category": "dependency", "severity": "medium", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2024-47535"], "package": "io.netty:netty-common", "rule_id": "GHSA-xq3w-v528-46rv", "scanner": "osv-scanner", "correlation_key": "vuln|io.netty:netty-common|CVE-2024-47535|token"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "gradle/verification-metadata.xml"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-389x-839f-4rhx", "level": "warning", "message": {"text": "io.netty:netty-common: GHSA-389x-839f-4rhx"}, "properties": {"repobilityId": 133736, "scanner": "osv-scanner", "fingerprint": "9e298be8f69128bf65e457443e5d8a1a7febec5483b333ad60c29e7edb6f77e2", "category": "dependency", "severity": "medium", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2025-25193"], "package": "io.netty:netty-common", "rule_id": "GHSA-389x-839f-4rhx", "scanner": "osv-scanner", "correlation_key": "vuln|io.netty:netty-common|CVE-2025-25193|token"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "gradle/verification-metadata.xml"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-5jpm-x58v-624v", "level": "warning", "message": {"text": "io.netty:netty-codec-http: GHSA-5jpm-x58v-624v"}, "properties": {"repobilityId": 133731, "scanner": "osv-scanner", "fingerprint": "e9621eda6a5044110323fe6fcc71a05bfacb63fd574198d2d6d0bcfb558bb007", "category": "dependency", "severity": "medium", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2024-29025"], "package": "io.netty:netty-codec-http", "rule_id": "GHSA-5jpm-x58v-624v", "scanner": "osv-scanner", "correlation_key": "vuln|io.netty:netty-codec-http|CVE-2024-29025|token"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "gradle/verification-metadata.xml"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-xxqh-mfjm-7mv9", "level": "warning", "message": {"text": "io.netty:netty-codec-http: GHSA-xxqh-mfjm-7mv9"}, "properties": {"repobilityId": 133730, "scanner": "osv-scanner", "fingerprint": "0c15e8cc71c51b1bb9974ddf54f9311ea0e0230513777543de880818505dffae", "category": "dependency", "severity": "medium", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-42581"], "package": "io.netty:netty-codec-http", "rule_id": "GHSA-xxqh-mfjm-7mv9", "scanner": "osv-scanner", "correlation_key": "vuln|io.netty:netty-codec-http|CVE-2026-42581|token"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "gradle/verification-metadata.xml"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-v8h7-rr48-vmmv", "level": "warning", "message": {"text": "io.netty:netty-codec-http: GHSA-v8h7-rr48-vmmv"}, "properties": {"repobilityId": 133729, "scanner": "osv-scanner", "fingerprint": "f56f7fb83f011f7c46fb757a302ace4ff20d78585d7db2707314c6979747ecaa", "category": "dependency", "severity": "medium", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-41417"], "package": "io.netty:netty-codec-http", "rule_id": "GHSA-v8h7-rr48-vmmv", "scanner": "osv-scanner", "correlation_key": "vuln|io.netty:netty-codec-http|CVE-2026-41417|token"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "gradle/verification-metadata.xml"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-m4cv-j2px-7723", "level": "warning", "message": {"text": "io.netty:netty-codec-http: GHSA-m4cv-j2px-7723"}, "properties": {"repobilityId": 133727, "scanner": "osv-scanner", "fingerprint": "3225f61e354d6ad67c47b7953e70c15418a35c844438a2a8c2db3ccc306f9e09", "category": "dependency", "severity": "medium", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-42580"], "package": "io.netty:netty-codec-http", "rule_id": "GHSA-m4cv-j2px-7723", "scanner": "osv-scanner", "correlation_key": "vuln|io.netty:netty-codec-http|CVE-2026-42580|token"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "gradle/verification-metadata.xml"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-84h7-rjj3-6jx4", "level": "warning", "message": {"text": "io.netty:netty-codec-http: GHSA-84h7-rjj3-6jx4"}, "properties": {"repobilityId": 133724, "scanner": "osv-scanner", "fingerprint": "1b7459a8cbd0a0433c882074f90edf65a063db8d2f034131451f6e7363e6fad3", "category": "dependency", "severity": "medium", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2025-67735"], "package": "io.netty:netty-codec-http", "rule_id": "GHSA-84h7-rjj3-6jx4", "scanner": "osv-scanner", "correlation_key": "vuln|io.netty:netty-codec-http|CVE-2025-67735|token"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "gradle/verification-metadata.xml"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-38f8-5428-x5cv", "level": "warning", "message": {"text": "io.netty:netty-codec-http: GHSA-38f8-5428-x5cv"}, "properties": {"repobilityId": 133722, "scanner": "osv-scanner", "fingerprint": "0c45063bbf630a438b37ab0afe21bfd95b44c7fd4062db5137ad4b4b6835aafd", "category": "dependency", "severity": "medium", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-42585"], "package": "io.netty:netty-codec-http", "rule_id": "GHSA-38f8-5428-x5cv", "scanner": "osv-scanner", "correlation_key": "vuln|io.netty:netty-codec-http|CVE-2026-42585|token"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "gradle/verification-metadata.xml"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-3p8m-j85q-pgmj", "level": "warning", "message": {"text": "io.netty:netty-codec: GHSA-3p8m-j85q-pgmj"}, "properties": {"repobilityId": 133720, "scanner": "osv-scanner", "fingerprint": "ee11f6ea1cf6c25b563aa7058bec0ae38215e16d89eae827077e49a814187c34", "category": "dependency", "severity": "medium", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2025-58057"], "package": "io.netty:netty-codec", "rule_id": "GHSA-3p8m-j85q-pgmj", "scanner": "osv-scanner", "correlation_key": "vuln|io.netty:netty-codec|CVE-2025-58057|token"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "gradle/verification-metadata.xml"}, "region": {"startLine": 1}}}]}, {"ruleId": "SEC001", "level": "warning", "message": {"text": "[SEC001] Hardcoded Password: Hardcoded password found in source code."}, "properties": {"repobilityId": 133716, "scanner": "repobility-threat-engine", "fingerprint": "ceb64fd7f22206db55598e1c31fd381417af6b723b9ef1705f260f00a3972c29", "category": "credential_exposure", "severity": "medium", "confidence": 0.3, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Low entropy value (3.6 bits) \u2014 may be placeholder or common string", "evidence": {"match": "PASSWORD = \"<redacted> allowed to ask for password\"", "reason": "Low entropy value (3.6 bits) \u2014 may be placeholder or common string", "rule_id": "SEC001", "scanner": "repobility-threat-engine", "confidence": 0.3, "correlation_key": "secret|token|3|password redacted allowed to ask for password"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "app/src/main/java/com/chiller3/rsaf/rclone/RcloneConfig.kt"}, "region": {"startLine": 36}}}]}, {"ruleId": "GHSA-45q3-82m4-75jr", "level": "note", "message": {"text": "io.netty:netty-handler-proxy: GHSA-45q3-82m4-75jr"}, "properties": {"repobilityId": 133740, "scanner": "osv-scanner", "fingerprint": "0719388a2210c67922dae871e8aca7d82171dea594d0fc8bb0412088eb8c83ae", "category": "dependency", "severity": "low", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-42578"], "package": "io.netty:netty-handler-proxy", "rule_id": "GHSA-45q3-82m4-75jr", "scanner": "osv-scanner", "correlation_key": "vuln|token|CVE-2025-67735|token"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "gradle/verification-metadata.xml"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-fghv-69vj-qj49", "level": "note", "message": {"text": "io.netty:netty-codec-http: GHSA-fghv-69vj-qj49"}, "properties": {"repobilityId": 133726, "scanner": "osv-scanner", "fingerprint": "034276d4c24fb1038f24eae848527f8f08e9d9a783617d9b7e3e5b77478603ed", "category": "dependency", "severity": "low", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2025-58056"], "package": "io.netty:netty-codec-http", "rule_id": "GHSA-fghv-69vj-qj49", "scanner": "osv-scanner", "correlation_key": "vuln|io.netty:netty-codec-http|CVE-2025-58056|token"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "gradle/verification-metadata.xml"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 133704, "scanner": "repobility-ai-code-hygiene", "fingerprint": "2da0c13978d58c699e0ef6762e5b45838556fa0516f99ff90ef9c4c43cc63643", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "app/src/main/java/com/chiller3/rsaf/settings/PasswordDialog.kt", "duplicate_line": 71, "correlation_key": "fp|2da0c13978d58c699e0ef6762e5b45838556fa0516f99ff90ef9c4c43cc63643"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "app/src/main/java/com/chiller3/rsaf/settings/VfsOptionsDialog.kt"}, "region": {"startLine": 116}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 133703, "scanner": "repobility-ai-code-hygiene", "fingerprint": "0b5fb6220c6a7119c2433fe4014a4066fca1ce88bfdb2aa34094c00d5b039959", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "app/src/main/java/com/chiller3/rsaf/settings/InactivityTimeoutDialog.kt", "duplicate_line": 58, "correlation_key": "fp|0b5fb6220c6a7119c2433fe4014a4066fca1ce88bfdb2aa34094c00d5b039959"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "app/src/main/java/com/chiller3/rsaf/settings/VfsOptionsDialog.kt"}, "region": {"startLine": 114}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 133702, "scanner": "repobility-ai-code-hygiene", "fingerprint": "e96f9e13943d81ba1c79e390fa45f2b5e453063fcb0733fde9e28685569e46f5", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "app/src/main/java/com/chiller3/rsaf/settings/EditRemoteScreen.kt", "duplicate_line": 91, "correlation_key": "fp|e96f9e13943d81ba1c79e390fa45f2b5e453063fcb0733fde9e28685569e46f5"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "app/src/main/java/com/chiller3/rsaf/settings/SettingsScreen.kt"}, "region": {"startLine": 173}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 133701, "scanner": "repobility-ai-code-hygiene", "fingerprint": "11e0670b0b1210c7d3ccf872dded9550b4f1862e1e85def7f802dd0a8d579ba2", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "app/src/main/java/com/chiller3/rsaf/settings/PasswordDialog.kt", "duplicate_line": 71, "correlation_key": "fp|11e0670b0b1210c7d3ccf872dded9550b4f1862e1e85def7f802dd0a8d579ba2"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "app/src/main/java/com/chiller3/rsaf/settings/RemoteNameDialog.kt"}, "region": {"startLine": 81}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 133700, "scanner": "repobility-ai-code-hygiene", "fingerprint": "23194cc04b9c3b0c02566cb1b344c8c98402bf87e4e8f03dd2eae7eb7a9f87f2", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "app/src/main/java/com/chiller3/rsaf/settings/InactivityTimeoutDialog.kt", "duplicate_line": 56, "correlation_key": "fp|23194cc04b9c3b0c02566cb1b344c8c98402bf87e4e8f03dd2eae7eb7a9f87f2"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "app/src/main/java/com/chiller3/rsaf/settings/RemoteNameDialog.kt"}, "region": {"startLine": 77}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 133699, "scanner": "repobility-ai-code-hygiene", "fingerprint": "4e701626f5d6ae187d41ac1c43980e4f79cb5e136b1a1e0159b0ee6d7fc26017", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "app/src/main/java/com/chiller3/rsaf/settings/InteractiveConfigurationScreen.kt", "duplicate_line": 322, "correlation_key": "fp|4e701626f5d6ae187d41ac1c43980e4f79cb5e136b1a1e0159b0ee6d7fc26017"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "app/src/main/java/com/chiller3/rsaf/settings/PasswordDialog.kt"}, "region": {"startLine": 95}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 133698, "scanner": "repobility-ai-code-hygiene", "fingerprint": "e460c07d60f20531d235ed44d2f4d4dfddbced8b12639ce1b72cc16b4c132c92", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "app/src/main/java/com/chiller3/rsaf/settings/InactivityTimeoutDialog.kt", "duplicate_line": 56, "correlation_key": "fp|e460c07d60f20531d235ed44d2f4d4dfddbced8b12639ce1b72cc16b4c132c92"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "app/src/main/java/com/chiller3/rsaf/settings/PasswordDialog.kt"}, "region": {"startLine": 67}}}]}, {"ruleId": "MINED050", "level": "none", "message": {"text": "[MINED050] Stub Only Function: Function declared but body is just pass, return None, raise NotImplementedError, or TODO comment."}, "properties": {"repobilityId": 133718, "scanner": "repobility-threat-engine", "fingerprint": "2d8b5858452dc42d8a2f83a65649af5a6d40aa817b9d90685423e448008ae5a8", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "stub-only-function", "owasp": null, "cwe_ids": ["CWE-1188"], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348017+00:00", "triaged_in_corpus": 12, "observations_count": 633513, "ai_coder_pattern_id": 2}, "scanner": "repobility-threat-engine", "correlation_key": "fp|2d8b5858452dc42d8a2f83a65649af5a6d40aa817b9d90685423e448008ae5a8"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "gradle/update_verification.py"}, "region": {"startLine": 103}}}]}, {"ruleId": "SEC029", "level": "none", "message": {"text": "[SEC029] Server-Side Request Forgery (SSRF) \u2014 outbound HTTP from user input (and 1 more): Same pattern found in 1 additional files. Review if needed."}, "properties": {"repobilityId": 133714, "scanner": "repobility-threat-engine", "fingerprint": "8f4ed64e85e23651a781f801f20cbe7cf192b517efa4818df0dde258906a2c2b", "category": "ssrf", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 1 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"reason": "Deduplicated summary only: 1 additional occurrences found. The top occurrences remain visible as actionable findings.", "rule_id": "SEC029", "scanner": "repobility-threat-engine", "confidence": 0.2, "correlation_key": "fp|8f4ed64e85e23651a781f801f20cbe7cf192b517efa4818df0dde258906a2c2b"}}}, {"ruleId": "MINED029", "level": "none", "message": {"text": "[MINED029] Kotlin Null Bang (and 1 more): Same pattern found in 1 additional files. Review if needed."}, "properties": {"repobilityId": 133710, "scanner": "repobility-threat-engine", "fingerprint": "fdf2cc92321a5bb0109250e8263f1ad530f46d08526634305ccaa51cd9d0e53c", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 1 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"mined": true, "mining": {"slug": "kotlin-null-bang", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["kotlin"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347966+00:00", "triaged_in_corpus": 15, "observations_count": 7344, "ai_coder_pattern_id": 155}, "scanner": "repobility-threat-engine", "aggregated": true, "correlation_key": "fp|fdf2cc92321a5bb0109250e8263f1ad530f46d08526634305ccaa51cd9d0e53c", "aggregated_count": 1}}}, {"ruleId": "GO-2026-5039", "level": "error", "message": {"text": "stdlib: GO-2026-5039"}, "properties": {"repobilityId": 133784, "scanner": "osv-scanner", "fingerprint": "29024f95a4a6af3172dd5e2bf0b803fb684870f1aed8f4579f6895ba71877cd5", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["BIT-golang-2026-42507", "CVE-2026-42507"], "package": "stdlib", "rule_id": "GO-2026-5039", "scanner": "osv-scanner", "correlation_key": "vuln|stdlib|CVE-2026-42507|rcbridge/go.mod"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "rcbridge/go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2026-5038", "level": "error", "message": {"text": "stdlib: GO-2026-5038"}, "properties": {"repobilityId": 133783, "scanner": "osv-scanner", "fingerprint": "a627e8467225ed873345e8da3f69f091800b95dda10bb8f9e883dd0cb7e46c95", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["BIT-golang-2026-42504", "CVE-2026-42504"], "package": "stdlib", "rule_id": "GO-2026-5038", "scanner": "osv-scanner", "correlation_key": "vuln|stdlib|CVE-2026-42504|rcbridge/go.mod"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "rcbridge/go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2026-5037", "level": "error", "message": {"text": "stdlib: GO-2026-5037"}, "properties": {"repobilityId": 133782, "scanner": "osv-scanner", "fingerprint": "386287376c3008698681d85e4ae1490c728fd178ef7d5d1fa3c6c424f0211e33", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["BIT-golang-2026-27145", "CVE-2026-27145"], "package": "stdlib", "rule_id": "GO-2026-5037", "scanner": "osv-scanner", "correlation_key": "vuln|stdlib|CVE-2026-27145|rcbridge/go.mod"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "rcbridge/go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2026-4986", "level": "error", "message": {"text": "stdlib: GO-2026-4986"}, "properties": {"repobilityId": 133781, "scanner": "osv-scanner", "fingerprint": "f99bf8d2702fc8912a5e6722cb81cf2f2adb524b37c1bf2bc874ddbf77653a49", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["BIT-golang-2026-39820", "CVE-2026-39820"], "package": "stdlib", "rule_id": "GO-2026-4986", "scanner": "osv-scanner", "correlation_key": "vuln|stdlib|CVE-2026-39820|rcbridge/go.mod"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "rcbridge/go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2026-4982", "level": "error", "message": {"text": "stdlib: GO-2026-4982"}, "properties": {"repobilityId": 133780, "scanner": "osv-scanner", "fingerprint": "511c129ab7168e7a651ab243aaf6c60e964a0718e6a1466021e1a395cf9f42d9", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["BIT-golang-2026-39823", "CVE-2026-39823"], "package": "stdlib", "rule_id": "GO-2026-4982", "scanner": "osv-scanner", "correlation_key": "vuln|stdlib|CVE-2026-39823|rcbridge/go.mod"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "rcbridge/go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2026-4981", "level": "error", "message": {"text": "stdlib: GO-2026-4981"}, "properties": {"repobilityId": 133779, "scanner": "osv-scanner", "fingerprint": "23eb18f385d624da8299c007852cf7c4432aca9a939bf758bdde6237ad2db700", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["BIT-golang-2026-33811", "CVE-2026-33811"], "package": "stdlib", "rule_id": "GO-2026-4981", "scanner": "osv-scanner", "correlation_key": "vuln|stdlib|CVE-2026-33811|rcbridge/go.mod"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "rcbridge/go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2026-4980", "level": "error", "message": {"text": "stdlib: GO-2026-4980"}, "properties": {"repobilityId": 133778, "scanner": "osv-scanner", "fingerprint": "b6a53cc5d2285f30ce505495501d66e26b6a699fedd940e9d4ee4a59b96621d9", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["BIT-golang-2026-39826", "CVE-2026-39826"], "package": "stdlib", "rule_id": "GO-2026-4980", "scanner": "osv-scanner", "correlation_key": "vuln|stdlib|CVE-2026-39826|rcbridge/go.mod"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "rcbridge/go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2026-4977", "level": "error", "message": {"text": "stdlib: GO-2026-4977"}, "properties": {"repobilityId": 133777, "scanner": "osv-scanner", "fingerprint": "6069509d7763fce473dced0423777ae21013f4b40fc0263e71de894fe9e8973f", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["BIT-golang-2026-42499", "CVE-2026-42499"], "package": "stdlib", "rule_id": "GO-2026-4977", "scanner": "osv-scanner", "correlation_key": "vuln|stdlib|CVE-2026-42499|rcbridge/go.mod"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "rcbridge/go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2026-4976", "level": "error", "message": {"text": "stdlib: GO-2026-4976"}, "properties": {"repobilityId": 133776, "scanner": "osv-scanner", "fingerprint": "e120b9925e33682c5f2485e69cbbd2a0cd2b07692d8c71cf908d54da40101ea6", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["BIT-golang-2026-39825", "CVE-2026-39825"], "package": "stdlib", "rule_id": "GO-2026-4976", "scanner": "osv-scanner", "correlation_key": "vuln|stdlib|CVE-2026-39825|rcbridge/go.mod"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "rcbridge/go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2026-4971", "level": "error", "message": {"text": "stdlib: GO-2026-4971"}, "properties": {"repobilityId": 133775, "scanner": "osv-scanner", "fingerprint": "1d50b2e62c7e96b468ddb4332e926ecb916d8b0a510fed934adcd996985e6afe", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["BIT-golang-2026-39836", "CVE-2026-39836"], "package": "stdlib", "rule_id": "GO-2026-4971", "scanner": "osv-scanner", "correlation_key": "vuln|stdlib|CVE-2026-39836|rcbridge/go.mod"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "rcbridge/go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2026-4947", "level": "error", "message": {"text": "stdlib: GO-2026-4947"}, "properties": {"repobilityId": 133774, "scanner": "osv-scanner", "fingerprint": "a3f2597a5945f8debd80a5b39fcdb541204a51d625d64ba83ffb4f5fb12c5190", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["BIT-golang-2026-32280", "CVE-2026-32280"], "package": "stdlib", "rule_id": "GO-2026-4947", "scanner": "osv-scanner", "correlation_key": "vuln|stdlib|CVE-2026-32280|rcbridge/go.mod"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "rcbridge/go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2026-4946", "level": "error", "message": {"text": "stdlib: GO-2026-4946"}, "properties": {"repobilityId": 133773, "scanner": "osv-scanner", "fingerprint": "a2ddd0e0b48fbd8d4b4081f36e5142942827e1350ab3c08a850e18f642e0a6af", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["BIT-golang-2026-32281", "CVE-2026-32281"], "package": "stdlib", "rule_id": "GO-2026-4946", "scanner": "osv-scanner", "correlation_key": "vuln|stdlib|CVE-2026-32281|rcbridge/go.mod"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "rcbridge/go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2026-4918", "level": "error", "message": {"text": "stdlib: GO-2026-4918"}, "properties": {"repobilityId": 133772, "scanner": "osv-scanner", "fingerprint": "6cbe80be469217bf536b5d7c955ed3c49bd834b8e56632af63efcda753e458a0", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["BIT-golang-2026-33814", "CVE-2026-33814"], "package": "stdlib", "rule_id": "GO-2026-4918", "scanner": "osv-scanner", "correlation_key": "vuln|stdlib|CVE-2026-33814|rcbridge/go.mod"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "rcbridge/go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2026-4870", "level": "error", "message": {"text": "stdlib: GO-2026-4870"}, "properties": {"repobilityId": 133771, "scanner": "osv-scanner", "fingerprint": "ff4a0000ada1720a5aa3c46028580bb97fb0dfd22def4699eebb48f13a6307e3", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["BIT-golang-2026-32283", "CVE-2026-32283"], "package": "stdlib", "rule_id": "GO-2026-4870", "scanner": "osv-scanner", "correlation_key": "vuln|stdlib|CVE-2026-32283|rcbridge/go.mod"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "rcbridge/go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2026-4869", "level": "error", "message": {"text": "stdlib: GO-2026-4869"}, "properties": {"repobilityId": 133770, "scanner": "osv-scanner", "fingerprint": "b4711b5da688f248e121f25bd2a545ba40721241ee09f60a449648eb2d5a20ae", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["BIT-golang-2026-32288", "CVE-2026-32288"], "package": "stdlib", "rule_id": "GO-2026-4869", "scanner": "osv-scanner", "correlation_key": "vuln|stdlib|CVE-2026-32288|rcbridge/go.mod"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "rcbridge/go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2026-4865", "level": "error", "message": {"text": "stdlib: GO-2026-4865"}, "properties": {"repobilityId": 133769, "scanner": "osv-scanner", "fingerprint": "ca7b7d2a73aaf38607024389585f0efecf4be713397978cb295b80a0a9b8d8dc", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["BIT-golang-2026-32289", "CVE-2026-32289"], "package": "stdlib", "rule_id": "GO-2026-4865", "scanner": "osv-scanner", "correlation_key": "vuln|stdlib|CVE-2026-32289|rcbridge/go.mod"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "rcbridge/go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2026-4864", "level": "error", "message": {"text": "stdlib: GO-2026-4864"}, "properties": {"repobilityId": 133768, "scanner": "osv-scanner", "fingerprint": "d378fdfaf1a250f653ee7d65f18457e0f052e6799464a2cd1e217d6e5f3d85f6", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["BIT-golang-2026-32282", "CVE-2026-32282"], "package": "stdlib", "rule_id": "GO-2026-4864", "scanner": "osv-scanner", "correlation_key": "vuln|stdlib|CVE-2026-32282|rcbridge/go.mod"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "rcbridge/go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2026-4603", "level": "error", "message": {"text": "stdlib: GO-2026-4603"}, "properties": {"repobilityId": 133767, "scanner": "osv-scanner", "fingerprint": "d6792f8e244e0cb695c345c725bf439a6d3a4c40fcb0921602ad85d137a7d1cd", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["BIT-golang-2026-27142", "CVE-2026-27142"], "package": "stdlib", "rule_id": "GO-2026-4603", "scanner": "osv-scanner", "correlation_key": "vuln|stdlib|CVE-2026-27142|rcbridge/go.mod"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "rcbridge/go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2026-4602", "level": "error", "message": {"text": "stdlib: GO-2026-4602"}, "properties": {"repobilityId": 133766, "scanner": "osv-scanner", "fingerprint": "f3b0d2791f6ee84a7ead4b65d6ed0cb6d3d7ed28e7cc453b527f05c60aaac114", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["BIT-golang-2026-27139", "CVE-2026-27139"], "package": "stdlib", "rule_id": "GO-2026-4602", "scanner": "osv-scanner", "correlation_key": "vuln|stdlib|CVE-2026-27139|rcbridge/go.mod"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "rcbridge/go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2026-4601", "level": "error", "message": {"text": "stdlib: GO-2026-4601"}, "properties": {"repobilityId": 133765, "scanner": "osv-scanner", "fingerprint": "073acf9c2aacc2cd15abb4881dd911f4ef0459b7b5dd106c693aeb7c9aff3df4", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["BIT-golang-2026-25679", "CVE-2026-25679"], "package": "stdlib", "rule_id": "GO-2026-4601", "scanner": "osv-scanner", "correlation_key": "vuln|stdlib|CVE-2026-25679|rcbridge/go.mod"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "rcbridge/go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2026-4342", "level": "error", "message": {"text": "stdlib: GO-2026-4342"}, "properties": {"repobilityId": 133764, "scanner": "osv-scanner", "fingerprint": "fa5bb3e9ad05e9120a4df7613649f97185e666941e26aa548bde2125837916f5", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["BIT-golang-2025-61728", "CVE-2025-61728"], "package": "stdlib", "rule_id": "GO-2026-4342", "scanner": "osv-scanner", "correlation_key": "vuln|stdlib|CVE-2025-61728|rcbridge/go.mod"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "rcbridge/go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2026-4341", "level": "error", "message": {"text": "stdlib: GO-2026-4341"}, "properties": {"repobilityId": 133763, "scanner": "osv-scanner", "fingerprint": "91eef6908f35d4cfa4711f2615d90bf6b5e18146b8a6b8842e7e038f1133c1ac", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["BIT-golang-2025-61726", "CVE-2025-61726"], "package": "stdlib", "rule_id": "GO-2026-4341", "scanner": "osv-scanner", "correlation_key": "vuln|stdlib|CVE-2025-61726|rcbridge/go.mod"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "rcbridge/go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2026-4340", "level": "error", "message": {"text": "stdlib: GO-2026-4340"}, "properties": {"repobilityId": 133762, "scanner": "osv-scanner", "fingerprint": "1f8b4e25a1e5d23b6dcefa4e0de85bf5500f480f89d572b29f441e76a88cd7b9", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["BIT-golang-2025-61730", "CVE-2025-61730"], "package": "stdlib", "rule_id": "GO-2026-4340", "scanner": "osv-scanner", "correlation_key": "vuln|stdlib|CVE-2025-61730|rcbridge/go.mod"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "rcbridge/go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2026-4337", "level": "error", "message": {"text": "stdlib: GO-2026-4337"}, "properties": {"repobilityId": 133761, "scanner": "osv-scanner", "fingerprint": "bba07107023bb4a79abccaa811d94fbd78227bfc0e9646043221e2d0232ca3bc", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["BIT-golang-2025-68121", "CVE-2025-68121"], "package": "stdlib", "rule_id": "GO-2026-4337", "scanner": "osv-scanner", "correlation_key": "vuln|stdlib|CVE-2025-68121|rcbridge/go.mod"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "rcbridge/go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2025-4175", "level": "error", "message": {"text": "stdlib: GO-2025-4175"}, "properties": {"repobilityId": 133760, "scanner": "osv-scanner", "fingerprint": "4261f1ecb1c4a8d291eff1fcd45ff3063e40ca6e4238d2627997ffe8f893f88e", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["BIT-golang-2025-61727", "CVE-2025-61727"], "package": "stdlib", "rule_id": "GO-2025-4175", "scanner": "osv-scanner", "correlation_key": "vuln|stdlib|CVE-2025-61727|rcbridge/go.mod"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "rcbridge/go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2025-4155", "level": "error", "message": {"text": "stdlib: GO-2025-4155"}, "properties": {"repobilityId": 133759, "scanner": "osv-scanner", "fingerprint": "8397cd600ab406d9a5abf1c9c2767593db6bae92fe27d5e1825d9dee99649afe", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["BIT-golang-2025-61729", "CVE-2025-61729"], "package": "stdlib", "rule_id": "GO-2025-4155", "scanner": "osv-scanner", "correlation_key": "vuln|stdlib|CVE-2025-61729|rcbridge/go.mod"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "rcbridge/go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2025-4015", "level": "error", "message": {"text": "stdlib: GO-2025-4015"}, "properties": {"repobilityId": 133758, "scanner": "osv-scanner", "fingerprint": "46e40ca141f9ead06371749a8f8f1128212d38b45ca1e6ac4bc830818ad798bf", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["BIT-golang-2025-61724", "CVE-2025-61724"], "package": "stdlib", "rule_id": "GO-2025-4015", "scanner": "osv-scanner", "correlation_key": "vuln|stdlib|CVE-2025-61724|rcbridge/go.mod"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "rcbridge/go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2025-4014", "level": "error", "message": {"text": "stdlib: GO-2025-4014"}, "properties": {"repobilityId": 133757, "scanner": "osv-scanner", "fingerprint": "cb67da5af8cb24f8f6ed01a046b153c5578b61f27ace07612c62614dad89bcde", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["BIT-golang-2025-58183", "CVE-2025-58183"], "package": "stdlib", "rule_id": "GO-2025-4014", "scanner": "osv-scanner", "correlation_key": "vuln|stdlib|CVE-2025-58183|rcbridge/go.mod"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "rcbridge/go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2025-4013", "level": "error", "message": {"text": "stdlib: GO-2025-4013"}, "properties": {"repobilityId": 133756, "scanner": "osv-scanner", "fingerprint": "b221072aa0b276e973b20995d4edfb396e5ea73a240227088c0f6dfb55dbfc68", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["BIT-golang-2025-58188", "CVE-2025-58188"], "package": "stdlib", "rule_id": "GO-2025-4013", "scanner": "osv-scanner", "correlation_key": "vuln|stdlib|CVE-2025-58188|rcbridge/go.mod"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "rcbridge/go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2025-4012", "level": "error", "message": {"text": "stdlib: GO-2025-4012"}, "properties": {"repobilityId": 133755, "scanner": "osv-scanner", "fingerprint": "a3ad5959b5a0ac77982f87e7e5c46067416a29a460642dd91df67986ac49683f", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["BIT-golang-2025-58186", "CVE-2025-58186"], "package": "stdlib", "rule_id": "GO-2025-4012", "scanner": "osv-scanner", "correlation_key": "vuln|stdlib|CVE-2025-58186|rcbridge/go.mod"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "rcbridge/go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2025-4011", "level": "error", "message": {"text": "stdlib: GO-2025-4011"}, "properties": {"repobilityId": 133754, "scanner": "osv-scanner", "fingerprint": "8ed6c7338aa93b12465d855e21eacffc370bffc37fb842b049810dcdb12525b7", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["BIT-golang-2025-58185", "CVE-2025-58185"], "package": "stdlib", "rule_id": "GO-2025-4011", "scanner": "osv-scanner", "correlation_key": "vuln|stdlib|CVE-2025-58185|rcbridge/go.mod"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "rcbridge/go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2025-4010", "level": "error", "message": {"text": "stdlib: GO-2025-4010"}, "properties": {"repobilityId": 133753, "scanner": "osv-scanner", "fingerprint": "0815e320f89e9f825019c73cfa17498283f8f1a57f788ba5345d04781cd4f611", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["BIT-golang-2025-47912", "CVE-2025-47912"], "package": "stdlib", "rule_id": "GO-2025-4010", "scanner": "osv-scanner", "correlation_key": "vuln|stdlib|CVE-2025-47912|rcbridge/go.mod"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "rcbridge/go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2025-4009", "level": "error", "message": {"text": "stdlib: GO-2025-4009"}, "properties": {"repobilityId": 133752, "scanner": "osv-scanner", "fingerprint": "07d0ce0ba81c4e4d37b85b4417ea63e5894d2d833f87f714a6f9cd542f5439fb", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["BIT-golang-2025-61723", "CVE-2025-61723"], "package": "stdlib", "rule_id": "GO-2025-4009", "scanner": "osv-scanner", "correlation_key": "vuln|stdlib|CVE-2025-61723|rcbridge/go.mod"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "rcbridge/go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2025-4008", "level": "error", "message": {"text": "stdlib: GO-2025-4008"}, "properties": {"repobilityId": 133751, "scanner": "osv-scanner", "fingerprint": "59c7cc485f5561f074a87c5e30e382fbe80d55f6c0aeb908644a41ce5ec854bf", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["BIT-golang-2025-58189", "CVE-2025-58189"], "package": "stdlib", "rule_id": "GO-2025-4008", "scanner": "osv-scanner", "correlation_key": "vuln|stdlib|CVE-2025-58189|rcbridge/go.mod"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "rcbridge/go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2025-4007", "level": "error", "message": {"text": "stdlib: GO-2025-4007"}, "properties": {"repobilityId": 133750, "scanner": "osv-scanner", "fingerprint": "87febaf91c1a50ba2cd2eb2ced7d0006dc4d97a205a1d5ebec32cd690fcbc4c2", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["BIT-golang-2025-58187", "CVE-2025-58187"], "package": "stdlib", "rule_id": "GO-2025-4007", "scanner": "osv-scanner", "correlation_key": "vuln|stdlib|CVE-2025-58187|rcbridge/go.mod"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "rcbridge/go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2025-4006", "level": "error", "message": {"text": "stdlib: GO-2025-4006"}, "properties": {"repobilityId": 133749, "scanner": "osv-scanner", "fingerprint": "49ff52ed3ad210cb2e222dca2ea38c289b1c1c6079a475248a6363cd56fa12b0", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["BIT-golang-2025-61725", "CVE-2025-61725"], "package": "stdlib", "rule_id": "GO-2025-4006", "scanner": "osv-scanner", "correlation_key": "vuln|stdlib|CVE-2025-61725|rcbridge/go.mod"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "rcbridge/go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2025-3955", "level": "error", "message": {"text": "stdlib: GO-2025-3955"}, "properties": {"repobilityId": 133748, "scanner": "osv-scanner", "fingerprint": "9a82e4ef09fe2ec087120e32517e951288dddeb5d8cac5aa79239d9074b7da3e", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["BIT-golang-2025-47910", "CVE-2025-47910"], "package": "stdlib", "rule_id": "GO-2025-3955", "scanner": "osv-scanner", "correlation_key": "vuln|stdlib|CVE-2025-47910|rcbridge/go.mod"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "rcbridge/go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-2363-cqg2-863c", "level": "error", "message": {"text": "org.jdom:jdom2: GHSA-2363-cqg2-863c"}, "properties": {"repobilityId": 133747, "scanner": "osv-scanner", "fingerprint": "fe07a14de6c987fea3ee8e1e463d229f0849ce3d9ab8216c5e1942747e3ead63", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["BIT-solr-2021-33813", "CVE-2021-33813"], "package": "org.jdom:jdom2", "rule_id": "GHSA-2363-cqg2-863c", "scanner": "osv-scanner", "correlation_key": "vuln|org.jdom:jdom2|CVE-2021-33813|token"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "gradle/verification-metadata.xml"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-p93r-85wp-75v3", "level": "error", "message": {"text": "org.bouncycastle:bcprov-jdk18on: GHSA-p93r-85wp-75v3"}, "properties": {"repobilityId": 133746, "scanner": "osv-scanner", "fingerprint": "cfdb9b9bfde8b92688fb4002a2b179a7e2ab7bc111956e28621a3bdacca7c367", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-5598"], "package": "org.bouncycastle:bcprov-jdk18on", "rule_id": "GHSA-p93r-85wp-75v3", "scanner": "osv-scanner", "correlation_key": "vuln|token|CVE-2026-5598|token"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "gradle/verification-metadata.xml"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-3677-xxcr-wjqv", "level": "error", "message": {"text": "org.bitbucket.b_c:jose4j: GHSA-3677-xxcr-wjqv"}, "properties": {"repobilityId": 133743, "scanner": "osv-scanner", "fingerprint": "28afd6aab53b7627cc971bfd12626503831540f20b83b315d848f69a5e25dd0d", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2024-29371"], "package": "org.bitbucket.b_c:jose4j", "rule_id": "GHSA-3677-xxcr-wjqv", "scanner": "osv-scanner", "correlation_key": "vuln|org.bitbucket.b_c:jose4j|CVE-2024-29371|token"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "gradle/verification-metadata.xml"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-4g8c-wm8x-jfhw", "level": "error", "message": {"text": "io.netty:netty-handler: GHSA-4g8c-wm8x-jfhw"}, "properties": {"repobilityId": 133738, "scanner": "osv-scanner", "fingerprint": "7c07f8839b3b177264e31a7cc180a91302bd11c0cb9f44b6fa2279080709d0e8", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2025-24970"], "package": "io.netty:netty-handler", "rule_id": "GHSA-4g8c-wm8x-jfhw", "scanner": "osv-scanner", "correlation_key": "vuln|io.netty:netty-handler|CVE-2025-24970|token"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "gradle/verification-metadata.xml"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-xpw8-rcwv-8f8p", "level": "error", "message": {"text": "io.netty:netty-codec-http2: GHSA-xpw8-rcwv-8f8p"}, "properties": {"repobilityId": 133735, "scanner": "osv-scanner", "fingerprint": "691814f2ea2fa799a50e1226933684df992b1e12956a03ed7f038491d115ae7d", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "package": "io.netty:netty-codec-http2", "rule_id": "GHSA-xpw8-rcwv-8f8p", "scanner": "osv-scanner", "correlation_key": "vuln|io.netty:netty-codec-http2|GHSA-XPW8-RCWV-8F8P|token"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "gradle/verification-metadata.xml"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-w9fj-cfpg-grvv", "level": "error", "message": {"text": "io.netty:netty-codec-http2: GHSA-w9fj-cfpg-grvv"}, "properties": {"repobilityId": 133734, "scanner": "osv-scanner", "fingerprint": "101a8e8851794c6c749f0a2168b416408b72214d34515aaf8bf4a7b833f9db6f", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-33871"], "package": "io.netty:netty-codec-http2", "rule_id": "GHSA-w9fj-cfpg-grvv", "scanner": "osv-scanner", "correlation_key": "vuln|io.netty:netty-codec-http2|CVE-2026-33871|token"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "gradle/verification-metadata.xml"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-prj3-ccx8-p6x4", "level": "error", "message": {"text": "io.netty:netty-codec-http2: GHSA-prj3-ccx8-p6x4"}, "properties": {"repobilityId": 133733, "scanner": "osv-scanner", "fingerprint": "16585665780c6f1c0de5f4d28945691cc33f7f0f3a37887be8fb035b4d722554", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2025-55163"], "package": "io.netty:netty-codec-http2", "rule_id": "GHSA-prj3-ccx8-p6x4", "scanner": "osv-scanner", "correlation_key": "vuln|io.netty:netty-codec-http2|CVE-2025-55163|token"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "gradle/verification-metadata.xml"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-f6hv-jmp6-3vwv", "level": "error", "message": {"text": "io.netty:netty-codec-http2: GHSA-f6hv-jmp6-3vwv"}, "properties": {"repobilityId": 133732, "scanner": "osv-scanner", "fingerprint": "24fd22ccf41d950f4e232c2fce8452d128d7c67928fc80f266f72ce7ee62d99c", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-42587"], "package": "io.netty:netty-codec-http2", "rule_id": "GHSA-f6hv-jmp6-3vwv", "scanner": "osv-scanner", "correlation_key": "vuln|io.netty:netty-codec-http2|CVE-2026-42587|token"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "gradle/verification-metadata.xml"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-pwqr-wmgm-9rr8", "level": "error", "message": {"text": "io.netty:netty-codec-http: GHSA-pwqr-wmgm-9rr8"}, "properties": {"repobilityId": 133728, "scanner": "osv-scanner", "fingerprint": "13e0ef7ef9e62ab7efde90a4902db940e686a1c78f2e860d899a3d8e9b6baadc", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-33870"], "package": "io.netty:netty-codec-http", "rule_id": "GHSA-pwqr-wmgm-9rr8", "scanner": "osv-scanner", "correlation_key": "vuln|io.netty:netty-codec-http|CVE-2026-33870|token"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "gradle/verification-metadata.xml"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-f6hv-jmp6-3vwv", "level": "error", "message": {"text": "io.netty:netty-codec-http: GHSA-f6hv-jmp6-3vwv"}, "properties": {"repobilityId": 133725, "scanner": "osv-scanner", "fingerprint": "81b21ee33d2e22bd0e65ae465540184dceb385d8fce252d1151b598a806a8615", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-42587"], "package": "io.netty:netty-codec-http", "rule_id": "GHSA-f6hv-jmp6-3vwv", "scanner": "osv-scanner", "correlation_key": "vuln|io.netty:netty-codec-http|CVE-2026-42587|token"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "gradle/verification-metadata.xml"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-57rv-r2g8-2cj3", "level": "error", "message": {"text": "io.netty:netty-codec-http: GHSA-57rv-r2g8-2cj3"}, "properties": {"repobilityId": 133723, "scanner": "osv-scanner", "fingerprint": "9c9c391acfa05995a0d290c43383cb1457571bcd6dde35ea3fde5df4aa166e2a", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-42584"], "package": "io.netty:netty-codec-http", "rule_id": "GHSA-57rv-r2g8-2cj3", "scanner": "osv-scanner", "correlation_key": "vuln|io.netty:netty-codec-http|CVE-2026-42584|token"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "gradle/verification-metadata.xml"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-mj4r-2hfc-f8p6", "level": "error", "message": {"text": "io.netty:netty-codec: GHSA-mj4r-2hfc-f8p6"}, "properties": {"repobilityId": 133721, "scanner": "osv-scanner", "fingerprint": "eb1abe957e04eb3bd2ab530900623fc2b52f18dd2de71a7284a31cc56bdf3bde", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-42583"], "package": "io.netty:netty-codec", "rule_id": "GHSA-mj4r-2hfc-f8p6", "scanner": "osv-scanner", "correlation_key": "vuln|io.netty:netty-codec|CVE-2026-42583|token"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "gradle/verification-metadata.xml"}, "region": {"startLine": 1}}}]}, {"ruleId": "SEC093", "level": "error", "message": {"text": "[SEC093] Go: exec.Command with non-literal: exec.Command(<var>) \u2014 variable command name allows command injection. Ported from gosec G204 (Apache-2.0)."}, "properties": {"repobilityId": 133719, "scanner": "repobility-threat-engine", "fingerprint": "3180b49c4bd8469bf9bac64c77e9f5dd36b7ce0b86be54596ce1c9e57b97dabc", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "exec.Command(goExecutable,", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC093", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|3180b49c4bd8469bf9bac64c77e9f5dd36b7ce0b86be54596ce1c9e57b97dabc"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "rcbridge/gowrapper/go.go"}, "region": {"startLine": 106}}}]}, {"ruleId": "MINED001", "level": "error", "message": {"text": "[MINED001] Bare Except Pass: except: pass or except Exception: pass \u2014 silently swallows everything including KeyboardInterrupt and bugs."}, "properties": {"repobilityId": 133717, "scanner": "repobility-threat-engine", "fingerprint": "63298b8222e391ae6fc1c9cf9afe9c2e7eab7406667e63d232321eb129294b15", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "bare-except-pass", "owasp": null, "cwe_ids": ["CWE-755"], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347744+00:00", "triaged_in_corpus": 15, "observations_count": 1550824, "ai_coder_pattern_id": 6}, "scanner": "repobility-threat-engine", "correlation_key": "fp|63298b8222e391ae6fc1c9cf9afe9c2e7eab7406667e63d232321eb129294b15"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "gradle/update_verification.py"}, "region": {"startLine": 102}}}]}, {"ruleId": "SEC128", "level": "error", "message": {"text": "[SEC128] Async function without await \u2014 fire-and-forget Promise (AI mistake): Async call invoked without `await` returns an unhandled Promise. The outer function resolves before the inner work completes \u2014 DB writes lost, emails not sent, race conditions. This is one of the top-3 errors AI coders make: they understand async-shape but drop the await keyword when chaining multiple ops. Surfaces as flaky tests or silently dropped data in production."}, "properties": {"repobilityId": 133715, "scanner": "repobility-threat-engine", "fingerprint": "c8718adf2cb39e9bfcad97de41aa14b6d07d27fb1288e9def0bbaa2127b000d3", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "logcat.destroy()", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC128", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|c8718adf2cb39e9bfcad97de41aa14b6d07d27fb1288e9def0bbaa2127b000d3"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "app/src/main/java/com/chiller3/rsaf/rclone/Authorizer.kt"}, "region": {"startLine": 93}}}]}, {"ruleId": "SEC029", "level": "error", "message": {"text": "[SEC029] Server-Side Request Forgery (SSRF) \u2014 outbound HTTP from user input: Outbound HTTP request to a user-controlled URL without allowlist validation. Attackers can probe internal services (169.254.169.254 metadata, internal Kubernetes endpoints, file:// URIs), exfiltrate data, or pivot through your network. SSRF is OWASP A10:2021 and a frequent foothold in cloud breaches."}, "properties": {"repobilityId": 133713, "scanner": "repobility-threat-engine", "fingerprint": "a461a0e43ead918b1d94228fcfa9a2ba883ced606b63d967eced3b21a4692da5", "category": "ssrf", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "Url(u", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC029", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|a461a0e43ead918b1d94228fcfa9a2ba883ced606b63d967eced3b21a4692da5"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "app/src/main/java/com/chiller3/rsaf/settings/AuthorizeViewModel.kt"}, "region": {"startLine": 69}}}]}, {"ruleId": "SEC029", "level": "error", "message": {"text": "[SEC029] Server-Side Request Forgery (SSRF) \u2014 outbound HTTP from user input: Outbound HTTP request to a user-controlled URL without allowlist validation. Attackers can probe internal services (169.254.169.254 metadata, internal Kubernetes endpoints, file:// URIs), exfiltrate data, or pivot through your network. SSRF is OWASP A10:2021 and a frequent foothold in cloud breaches."}, "properties": {"repobilityId": 133712, "scanner": "repobility-threat-engine", "fingerprint": "542266cd90f6d940d8e7294c471037061ee176fa30841fd055d594e6cfc0c92f", "category": "ssrf", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "Url(u", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC029", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|542266cd90f6d940d8e7294c471037061ee176fa30841fd055d594e6cfc0c92f"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "app/src/main/java/com/chiller3/rsaf/settings/AuthorizeDialog.kt"}, "region": {"startLine": 93}}}]}, {"ruleId": "SEC029", "level": "error", "message": {"text": "[SEC029] Server-Side Request Forgery (SSRF) \u2014 outbound HTTP from user input: Outbound HTTP request to a user-controlled URL without allowlist validation. Attackers can probe internal services (169.254.169.254 metadata, internal Kubernetes endpoints, file:// URIs), exfiltrate data, or pivot through your network. SSRF is OWASP A10:2021 and a frequent foothold in cloud breaches."}, "properties": {"repobilityId": 133711, "scanner": "repobility-threat-engine", "fingerprint": "fe17164bf28184f0e1ece3697c5ecd64b5a774f4e6d65446d2a2804e2c3538c0", "category": "ssrf", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "Url(u", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC029", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|fe17164bf28184f0e1ece3697c5ecd64b5a774f4e6d65446d2a2804e2c3538c0"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "app/src/main/java/com/chiller3/rsaf/rclone/Authorizer.kt"}, "region": {"startLine": 151}}}]}, {"ruleId": "MINED029", "level": "error", "message": {"text": "[MINED029] Kotlin Null Bang: x!! throws NullPointerException if x is null. Bypasses Kotlins null safety."}, "properties": {"repobilityId": 133709, "scanner": "repobility-threat-engine", "fingerprint": "940d9f343a727bdb238267367b672cc1880080f07ab9f4c11894a76818458c4d", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "kotlin-null-bang", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["kotlin"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347966+00:00", "triaged_in_corpus": 15, "observations_count": 7344, "ai_coder_pattern_id": 155}, "scanner": "repobility-threat-engine", "correlation_key": "fp|940d9f343a727bdb238267367b672cc1880080f07ab9f4c11894a76818458c4d"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "app/src/main/java/com/chiller3/rsaf/settings/SettingsViewModel.kt"}, "region": {"startLine": 135}}}]}, {"ruleId": "MINED029", "level": "error", "message": {"text": "[MINED029] Kotlin Null Bang: x!! throws NullPointerException if x is null. Bypasses Kotlins null safety."}, "properties": {"repobilityId": 133708, "scanner": "repobility-threat-engine", "fingerprint": "dc24508025eeed7df2be874391612fc9dcffe34397207bdca9c5b2e531f61fe4", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "kotlin-null-bang", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["kotlin"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347966+00:00", "triaged_in_corpus": 15, "observations_count": 7344, "ai_coder_pattern_id": 155}, "scanner": "repobility-threat-engine", "correlation_key": "fp|dc24508025eeed7df2be874391612fc9dcffe34397207bdca9c5b2e531f61fe4"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "app/src/main/java/com/chiller3/rsaf/rclone/KeepAliveService.kt"}, "region": {"startLine": 117}}}]}, {"ruleId": "MINED029", "level": "error", "message": {"text": "[MINED029] Kotlin Null Bang: x!! throws NullPointerException if x is null. Bypasses Kotlins null safety."}, "properties": {"repobilityId": 133707, "scanner": "repobility-threat-engine", "fingerprint": "be050ffe7e6c576db950af7a7ac6eec759f72ef24ddf09d8288a1b088fb1ca0b", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "kotlin-null-bang", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["kotlin"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347966+00:00", "triaged_in_corpus": 15, "observations_count": 7344, "ai_coder_pattern_id": 155}, "scanner": "repobility-threat-engine", "correlation_key": "fp|be050ffe7e6c576db950af7a7ac6eec759f72ef24ddf09d8288a1b088fb1ca0b"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "app/src/androidTest/java/com/chiller3/rsaf/ImportExportTest.kt"}, "region": {"startLine": 43}}}]}, {"ruleId": "MINED134", "level": "error", "message": {"text": "Binary file `gradle/wrapper/gradle-wrapper.jar` committed in source repo"}, "properties": {"repobilityId": 133706, "scanner": "repobility-supply-chain", "fingerprint": "e2b2941256bb00bcea86f3210c442cc86a6e12532e912731b9d72756a556437f", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "suspicious-binary-in-src", "owasp": null, "cwe_ids": ["CWE-506"], "languages": ["any"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|e2b2941256bb00bcea86f3210c442cc86a6e12532e912731b9d72756a556437f"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "gradle/wrapper/gradle-wrapper.jar"}, "region": {"startLine": 1}}}]}, {"ruleId": "MINED128", "level": "error", "message": {"text": "go.mod replaces `github.com/t3rm1n4l/go-mega` \u2014 redirects to fork `github.com/chenxiaolong/go-mega`"}, "properties": {"repobilityId": 133705, "scanner": "repobility-supply-chain", "fingerprint": "bad5eb0baebc4117f6a9645b5a60edaca0f16c03cbd8b60bd69411802cf0289d", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gomod-replace-local", "owasp": null, "cwe_ids": ["CWE-829"], "languages": ["go"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|bad5eb0baebc4117f6a9645b5a60edaca0f16c03cbd8b60bd69411802cf0289d"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "rcbridge/go.mod"}, "region": {"startLine": 12}}}]}, {"ruleId": "CORE_NO_TESTS", "level": "error", "message": {"text": "No test files found"}, "properties": {"repobilityId": 133697, "scanner": "repobility-core", "fingerprint": "0200e9918bc2a7bf9c116d0907e50ac3df640c758b93852cf1890ec6e14d870d", "category": "testing", "severity": "high", "confidence": null, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"rule_id": "CORE_NO_TESTS", "scanner": "repobility-core", "correlation_key": "repo|testing|core_no_tests"}}}]}]}