Public scan — anyone with this URL can view this analysis. Sign up to track your own repos privately, run scheduled re-scans, and get AI fix prompts via your dashboard.
Sign up free Scan another repo
146 of your 209 findings came from Repobility's proprietary detections. ✓ Repobility tags below mark them.

Scan timing: clone 8.91s · analysis 20.79s · 14.6 MB · GitHub API rate-limit (preflight)

TheAlgorithms/Python

https://github.com/TheAlgorithms/Python · scanned 2026-06-05 04:29 UTC (4 hours, 20 minutes ago) · 10 languages

455 findings (193 legacy + 262 scanner) 9th percentile · Python · large (100-500K LoC) Scanner says 74 (lower by 17)

File as issue Image v2 schema
UNIFIED Repobility · multi-layer engine · AI coders

Complete repo analysis

Last scanned 4 hours, 20 minutes ago · v2 · 324 findings from 2 sources. Findings combine the legacy security pipeline AND the multi-layer engine (atlas, wiring, flows, ranked) AND verified AI agent contributions.

JSON
Combined
62.3
/100
Repobility
51
193 legacy
9-layer
74
88.9% cov · 131 gaps
Critical
2
click to filter
Agents
6
0 votes
Crowd
0
reported
Score breakdown â 2026-05-18-v5
Component Sub-score Weight Contribution
structure_score 60.0 0.15 9.00
security_score 36.1 0.25 9.03
testing_score 27.0 0.20 5.40
documentation_score 100.0 0.15 15.00
practices_score 75.0 0.15 11.25
code_quality 71.5 0.10 7.15
Overall 1.00 56.8
Severity distribution — click a segment to filter
Active filters: excluding tests × Reset all
Severity: Critical 2 High 136 Medium 20 Low 100 9-Layer: Software Security Quality Integrity Frontend Hardware Data Network Cicd Source: Legacy 193 9-layer 131 Crowd 0 Layer: Quality 196 Security 10 Software 110 Cicd 3 Api 1 Hardware 3 Frontend 1
Scan summary Repository scanned at 73.7/100 with 88.9% coverage. It contains 5767 nodes across 0 cross-layer flows, written primarily in mixed languages. Engine surfaced 131 findings — concentrated in quality (72), software (50), hardware (3). Risk profile is high: 2 critical, 0 high, 7 medium. Recommended next step: open the quality layer findings first — that's where the highest-impact wins live.

Showing 254 of 324 findings. Click TP / FP to vote on a finding's accuracy — votes adjust the confidence weighting and improve detection across the platform.

high Legacy quality quality conf 1.00 ✓ Repobility Missing import: `array` used but not imported
The file uses `array.something(...)` but never imports `array`. This raises NameError at runtime the first time the line executes.
other/number_container_system.py:122 qualitylegacy
high Legacy quality quality conf 1.00 ✓ Repobility Missing import: `email` used but not imported
The file uses `email.something(...)` but never imports `email`. This raises NameError at runtime the first time the line executes.
strings/is_valid_email_address.py:79 qualitylegacy
high Legacy quality quality conf 1.00 ✓ Repobility Missing import: `html` used but not imported
The file uses `html.something(...)` but never imports `html`. This raises NameError at runtime the first time the line executes.
web_programming/download_images_from_google_query.py:53 qualitylegacy
high Legacy quality quality conf 1.00 ✓ Repobility Missing import: `queue` used but not imported
The file uses `queue.something(...)` but never imports `queue`. This raises NameError at runtime the first time the line executes.
data_structures/queues/priority_queue_using_list.py:96 qualitylegacy
high Legacy quality quality conf 1.00 ✓ Repobility Missing import: `queue` used but not imported
The file uses `queue.something(...)` but never imports `queue`. This raises NameError at runtime the first time the line executes.
data_structures/binary_tree/diff_views_of_binary_tree.py:138 qualitylegacy
high Legacy quality quality conf 1.00 ✓ Repobility Missing import: `queue` used but not imported
The file uses `queue.something(...)` but never imports `queue`. This raises NameError at runtime the first time the line executes.
data_structures/binary_tree/segment_tree_other.py:207 qualitylegacy
high Legacy quality quality conf 1.00 ✓ Repobility Missing import: `queue` used but not imported
The file uses `queue.something(...)` but never imports `queue`. This raises NameError at runtime the first time the line executes.
networking_flow/ford_fulkerson.py:44 qualitylegacy
high Legacy quality quality conf 1.00 ✓ Repobility Missing import: `queue` used but not imported
The file uses `queue.something(...)` but never imports `queue`. This raises NameError at runtime the first time the line executes.
networking_flow/minimum_cut.py:20 qualitylegacy
high Legacy quality quality conf 1.00 ✓ Repobility Missing import: `queue` used but not imported
The file uses `queue.something(...)` but never imports `queue`. This raises NameError at runtime the first time the line executes.
graphs/kahns_algorithm_topo.py:43 qualitylegacy
high Legacy quality quality conf 1.00 ✓ Repobility Missing import: `queue` used but not imported
The file uses `queue.something(...)` but never imports `queue`. This raises NameError at runtime the first time the line executes.
graphs/bidirectional_search.py:26 qualitylegacy
high Legacy quality quality conf 1.00 ✓ Repobility Missing import: `queue` used but not imported
The file uses `queue.something(...)` but never imports `queue`. This raises NameError at runtime the first time the line executes.
graphs/bi_directional_dijkstra.py:36 qualitylegacy
high Legacy quality quality conf 1.00 ✓ Repobility Missing import: `queue` used but not imported
The file uses `queue.something(...)` but never imports `queue`. This raises NameError at runtime the first time the line executes.
graphs/breadth_first_search.py:61 qualitylegacy
high Legacy quality quality conf 1.00 ✓ Repobility Missing import: `queue` used but not imported
The file uses `queue.something(...)` but never imports `queue`. This raises NameError at runtime the first time the line executes.
graphs/kahns_algorithm_long.py:16 qualitylegacy
high Legacy quality quality conf 1.00 ✓ Repobility Missing import: `queue` used but not imported
The file uses `queue.something(...)` but never imports `queue`. This raises NameError at runtime the first time the line executes.
graphs/breadth_first_search_2.py:42 qualitylegacy
high Legacy quality quality conf 1.00 ✓ Repobility Missing import: `queue` used but not imported
The file uses `queue.something(...)` but never imports `queue`. This raises NameError at runtime the first time the line executes.
graphs/check_bipatrite.py:139 qualitylegacy
high Legacy quality quality conf 1.00 ✓ Repobility Missing import: `string` used but not imported
The file uses `string.something(...)` but never imports `string`. This raises NameError at runtime the first time the line executes.
graphs/minimum_spanning_tree_boruvka.py:66 qualitylegacy
high Legacy quality quality conf 1.00 ✓ Repobility Missing import: `string` used but not imported
The file uses `string.something(...)` but never imports `string`. This raises NameError at runtime the first time the line executes.
strings/min_cost_string_conversion.py:149 qualitylegacy
high Legacy quality quality conf 1.00 ✓ Repobility Missing import: `string` used but not imported
The file uses `string.something(...)` but never imports `string`. This raises NameError at runtime the first time the line executes.
strings/is_isogram.py:22 qualitylegacy
critical 9-layer security secrets conf 1.00 Possible secret in other/password.py
Detected pattern matching password_literal. Rotate the credential and move to a secret manager.
other/password.py:84 secrets
critical 9-layer security secrets conf 1.00 Possible secret in other/password.py
Detected pattern matching password_literal. Rotate the credential and move to a secret manager.
other/password.py:86 secrets
low Legacy quality quality conf 1.00 ✓ Repobility [MINED001] Bare Except Pass: except: pass or except Exception: pass — silently swallows everything including KeyboardInterrupt and bugs.
Review and fix per the pattern semantics. See CWE-755 / for context.
data_structures/stacks/stack.py:8 qualitylegacy
low Legacy quality quality conf 1.00 ✓ Repobility [MINED001] Bare Except Pass: except: pass or except Exception: pass — silently swallows everything including KeyboardInterrupt and bugs.
Review and fix per the pattern semantics. See CWE-755 / for context.
data_structures/queues/priority_queue_using_list.py:7 qualitylegacy
low Legacy quality quality conf 1.00 ✓ Repobility [MINED001] Bare Except Pass: except: pass or except Exception: pass — silently swallows everything including KeyboardInterrupt and bugs.
Review and fix per the pattern semantics. See CWE-755 / for context.
data_structures/linked_list/has_loop.py:6 qualitylegacy
low Legacy quality quality conf 1.00 ✓ Repobility [MINED004] Weak Crypto: MD5/SHA1/DES/RC4 used for security context (not just checksums).
Review and fix per the pattern semantics. See CWE-327 / A02:2021 for context.
hashes/sha1.py:2 qualitylegacy
low Legacy quality quality conf 1.00 ✓ Repobility [MINED004] Weak Crypto: MD5/SHA1/DES/RC4 used for security context (not just checksums).
Review and fix per the pattern semantics. See CWE-327 / A02:2021 for context.
hashes/md5.py:2 qualitylegacy
low Legacy quality quality conf 1.00 ✓ Repobility [MINED004] Weak Crypto: MD5/SHA1/DES/RC4 used for security context (not just checksums).
Review and fix per the pattern semantics. See CWE-327 / A02:2021 for context.
data_structures/hashing/bloom_filter.py:62 qualitylegacy
high Legacy quality quality conf 1.00 ✓ Repobility [MINED006] Overcatch Baseexception: except BaseException: ... — prevents Ctrl+C and SystemExit from working.
Review and fix per the pattern semantics. See CWE-705 / for context.
cellular_automata/game_of_life.py:127 qualitylegacy
high Legacy quality quality conf 1.00 ✓ Repobility [MINED026] Fake Verification: assert True, expect(1).toBe(1), or other tautology used to fake passing tests.
Review and fix per the pattern semantics. See CWE-1126 / for context.
data_structures/stacks/stack.py:175 qualitylegacy
high Legacy quality quality conf 1.00 ✓ Repobility [MINED026] Fake Verification: assert True, expect(1).toBe(1), or other tautology used to fake passing tests.
Review and fix per the pattern semantics. See CWE-1126 / for context.
data_structures/linked_list/doubly_linked_list.py:203 qualitylegacy
high Legacy quality quality conf 1.00 ✓ Repobility [MINED026] Fake Verification: assert True, expect(1).toBe(1), or other tautology used to fake passing tests.
Review and fix per the pattern semantics. See CWE-1126 / for context.
data_structures/linked_list/circular_linked_list.py:165 qualitylegacy
high Legacy security path_traversal conf 0.80 [SEC013] Path Traversal — User Input in File Path: User-controlled input used in file path without sanitization. Allows reading arbitrary files.
Use os.path.realpath() and verify the path starts with your expected base directory. Use secure_filename() for uploads.
hashes/sha1.py:157 path_traversallegacy
high Legacy security path_traversal conf 0.80 [SEC013] Path Traversal — User Input in File Path: User-controlled input used in file path without sanitization. Allows reading arbitrary files.
Use os.path.realpath() and verify the path starts with your expected base directory. Use secure_filename() for uploads.
digital_image_processing/histogram_equalization/histogram_stretch.py:60 path_traversallegacy
high Legacy security path_traversal conf 0.80 [SEC013] Path Traversal — User Input in File Path: User-controlled input used in file path without sanitization. Allows reading arbitrary files.
Use os.path.realpath() and verify the path starts with your expected base directory. Use secure_filename() for uploads.
ciphers/transposition_cipher_encrypt_decrypt_file.py:25 path_traversallegacy
high Legacy software file_upload conf 1.00 [SEC032] Unrestricted File Upload — no extension/MIME validation: File upload accepts the user's filename without validating extension, content-type, or magic bytes. Attackers upload `.php`, `.jsp`, or executable files to a web-served directory, then visit the URL to trigger RCE. CWE-434. Examples: Apache Struts (CVE-2017-9805), countless WordPress plugin RCEs.
Validate THREE things server-side: 1. Extension allowlist: ALLOWED = {'.png', '.jpg', '.pdf'} ext = Path(file.filename).suffix.lower() if ext not in ALLOWED: abort(400) 2. Magic-byte check (don't trust the extension): import magic mime = magic.from_buffer(file…
sorts/external_sort.py:28 file_uploadlegacy
high Legacy quality quality conf 1.00 ✓ Repobility `self._elements` used but never assigned in __init__
Method `_elements` of class `Trie` reads `self._elements`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance.
strings/autocomplete_using_trie.py:30 qualitylegacy
high Legacy quality quality conf 1.00 ✓ Repobility `self._elements` used but never assigned in __init__
Method `find_word` of class `Trie` reads `self._elements`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance.
strings/autocomplete_using_trie.py:25 qualitylegacy
high Legacy quality quality conf 1.00 ✓ Repobility `self.blocks` used but never assigned in __init__
Method `final_hash` of class `SHA256` reads `self.blocks`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance.
hashes/sha256.py:133 qualitylegacy
high Legacy quality quality conf 1.00 ✓ Repobility `self.blocks` used but never assigned in __init__
Method `final_hash` of class `SHA256` reads `self.blocks`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance.
hashes/sha256.py:128 qualitylegacy
high Legacy quality quality conf 1.00 ✓ Repobility `self.find_next_state` used but never assigned in __init__
Method `search_in` of class `Automaton` reads `self.find_next_state`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance.
strings/aho_corasick.py:77 qualitylegacy
high Legacy quality quality conf 1.00 ✓ Repobility `self.find_next_state` used but never assigned in __init__
Method `search_in` of class `Automaton` reads `self.find_next_state`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance.
strings/aho_corasick.py:81 qualitylegacy
high Legacy quality quality conf 1.00 ✓ Repobility `self.find_next_state` used but never assigned in __init__
Method `set_fail_transitions` of class `Automaton` reads `self.find_next_state`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance.
strings/aho_corasick.py:53 qualitylegacy
high Legacy quality quality conf 1.00 ✓ Repobility `self.find_next_state` used but never assigned in __init__
Method `set_fail_transitions` of class `Automaton` reads `self.find_next_state`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance.
strings/aho_corasick.py:57 qualitylegacy
high Legacy quality quality conf 1.00 ✓ Repobility `self.find_next_state` used but never assigned in __init__
Method `add_keyword` of class `Automaton` reads `self.find_next_state`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance.
strings/aho_corasick.py:26 qualitylegacy
high Legacy quality quality conf 1.00 ✓ Repobility `self.hash` used but never assigned in __init__
Method `final_hash` of class `SHA256` reads `self.hash`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance.
hashes/sha256.py:188 qualitylegacy
high Legacy quality quality conf 1.00 ✓ Repobility `self.match_in_pattern` used but never assigned in __init__
Method `bad_character_heuristic` of class `BoyerMooreSearch` reads `self.match_in_pattern`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance.
strings/boyer_moore_search.py:94 qualitylegacy
high Legacy quality quality conf 1.00 ✓ Repobility `self.membership` used but never assigned in __init__
Method `plot` of class `FuzzySet` reads `self.membership`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance.
fuzzy_logic/fuzzy_operations.py:164 qualitylegacy
high Legacy quality quality conf 1.00 ✓ Repobility `self.mismatch_in_text` used but never assigned in __init__
Method `bad_character_heuristic` of class `BoyerMooreSearch` reads `self.mismatch_in_text`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance.
strings/boyer_moore_search.py:90 qualitylegacy
high Legacy quality quality conf 1.00 ✓ Repobility `self.patLen` used but never assigned in __init__
Method `bad_character_heuristic` of class `BoyerMooreSearch` reads `self.patLen`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance.
strings/boyer_moore_search.py:89 qualitylegacy
high Legacy quality quality conf 1.00 ✓ Repobility `self.patLen` used but never assigned in __init__
Method `mismatch_in_text` of class `BoyerMooreSearch` reads `self.patLen`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance.
strings/boyer_moore_search.py:74 qualitylegacy
high Legacy quality quality conf 1.00 ✓ Repobility `self.patLen` used but never assigned in __init__
Method `match_in_pattern` of class `BoyerMooreSearch` reads `self.patLen`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance.
strings/boyer_moore_search.py:52 qualitylegacy
high Legacy quality quality conf 1.00 ✓ Repobility `self.pattern` used but never assigned in __init__
Method `mismatch_in_text` of class `BoyerMooreSearch` reads `self.pattern`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance.
strings/boyer_moore_search.py:75 qualitylegacy
high Legacy quality quality conf 1.00 ✓ Repobility `self.pattern` used but never assigned in __init__
Method `match_in_pattern` of class `BoyerMooreSearch` reads `self.pattern`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance.
strings/boyer_moore_search.py:53 qualitylegacy
high Legacy quality quality conf 1.00 ✓ Repobility `self.ror` used but never assigned in __init__
Method `final_hash` of class `SHA256` reads `self.ror`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance.
hashes/sha256.py:146 qualitylegacy
high Legacy quality quality conf 1.00 ✓ Repobility `self.ror` used but never assigned in __init__
Method `final_hash` of class `SHA256` reads `self.ror`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance.
hashes/sha256.py:145 qualitylegacy
high Legacy quality quality conf 1.00 ✓ Repobility `self.ror` used but never assigned in __init__
Method `final_hash` of class `SHA256` reads `self.ror`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance.
hashes/sha256.py:165 qualitylegacy
high Legacy quality quality conf 1.00 ✓ Repobility `self.ror` used but never assigned in __init__
Method `final_hash` of class `SHA256` reads `self.ror`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance.
hashes/sha256.py:160 qualitylegacy
high Legacy quality quality conf 1.00 ✓ Repobility `self.text` used but never assigned in __init__
Method `bad_character_heuristic` of class `BoyerMooreSearch` reads `self.text`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance.
strings/boyer_moore_search.py:94 qualitylegacy
high Legacy quality quality conf 1.00 ✓ Repobility `self.text` used but never assigned in __init__
Method `mismatch_in_text` of class `BoyerMooreSearch` reads `self.text`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance.
strings/boyer_moore_search.py:75 qualitylegacy
high Legacy quality quality conf 1.00 ✓ Repobility `self.textLen` used but never assigned in __init__
Method `bad_character_heuristic` of class `BoyerMooreSearch` reads `self.textLen`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance.
strings/boyer_moore_search.py:89 qualitylegacy
high Legacy software dependency conf 0.90 ✓ Repobility Action `actions/checkout` pinned to mutable ref `@v6`
`uses: actions/checkout@v6` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate.
.github/workflows/build.yml:13 dependencylegacy
high Legacy software dependency conf 0.90 ✓ Repobility Action `actions/checkout` pinned to mutable ref `@v6`
`uses: actions/checkout@v6` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate.
.github/workflows/sphinx.yml:35 dependencylegacy
high Legacy software dependency conf 0.90 ✓ Repobility Action `actions/checkout` pinned to mutable ref `@v6`
`uses: actions/checkout@v6` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate.
.github/workflows/directory_writer.yml:9 dependencylegacy
high Legacy software dependency conf 0.90 ✓ Repobility Action `actions/checkout` pinned to mutable ref `@v6`
`uses: actions/checkout@v6` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate.
.github/workflows/ruff.yml:14 dependencylegacy
high Legacy software dependency conf 0.90 ✓ Repobility Action `actions/checkout` pinned to mutable ref `@v6`
`uses: actions/checkout@v6` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate.
.github/workflows/project_euler.yml:42 dependencylegacy
high Legacy software dependency conf 0.90 ✓ Repobility Action `actions/checkout` pinned to mutable ref `@v6`
`uses: actions/checkout@v6` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate.
.github/workflows/project_euler.yml:24 dependencylegacy
high Legacy software dependency conf 0.90 ✓ Repobility Action `actions/checkout` pinned to mutable ref `@v6`
`uses: actions/checkout@v6` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate.
.github/workflows/devcontainer_ci.yml:15 dependencylegacy
high Legacy software dependency conf 0.90 ✓ Repobility Action `actions/configure-pages` pinned to mutable ref `@v6`
`uses: actions/configure-pages@v6` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate.
.github/workflows/sphinx.yml:42 dependencylegacy
high Legacy software dependency conf 0.90 ✓ Repobility Action `actions/deploy-pages` pinned to mutable ref `@v5`
`uses: actions/deploy-pages@v5` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate.
.github/workflows/sphinx.yml:56 dependencylegacy
high Legacy software dependency conf 0.90 ✓ Repobility Action `actions/setup-python` pinned to mutable ref `@v6`
`uses: actions/setup-python@v6` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate.
.github/workflows/build.yml:18 dependencylegacy
high Legacy software dependency conf 0.90 ✓ Repobility Action `actions/setup-python` pinned to mutable ref `@v6`
`uses: actions/setup-python@v6` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate.
.github/workflows/sphinx.yml:37 dependencylegacy
high Legacy software dependency conf 0.90 ✓ Repobility Action `actions/setup-python` pinned to mutable ref `@v6`
`uses: actions/setup-python@v6` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate.
.github/workflows/directory_writer.yml:12 dependencylegacy
high Legacy software dependency conf 0.90 ✓ Repobility Action `actions/setup-python` pinned to mutable ref `@v6`
`uses: actions/setup-python@v6` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate.
.github/workflows/project_euler.yml:44 dependencylegacy
high Legacy software dependency conf 0.90 ✓ Repobility Action `actions/setup-python` pinned to mutable ref `@v6`
`uses: actions/setup-python@v6` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate.
.github/workflows/project_euler.yml:26 dependencylegacy
high Legacy software dependency conf 0.90 ✓ Repobility Action `actions/upload-pages-artifact` pinned to mutable ref `@v5`
`uses: actions/upload-pages-artifact@v5` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate.
.github/workflows/sphinx.yml:44 dependencylegacy
high Legacy software dependency conf 0.90 ✓ Repobility Action `astral-sh/setup-uv` pinned to mutable ref `@v7`
`uses: astral-sh/setup-uv@v7` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate.
.github/workflows/build.yml:14 dependencylegacy
high Legacy software dependency conf 0.90 ✓ Repobility Action `astral-sh/setup-uv` pinned to mutable ref `@v7`
`uses: astral-sh/setup-uv@v7` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate.
.github/workflows/sphinx.yml:36 dependencylegacy
high Legacy software dependency conf 0.90 ✓ Repobility Action `astral-sh/setup-uv` pinned to mutable ref `@v7`
`uses: astral-sh/setup-uv@v7` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate.
.github/workflows/ruff.yml:15 dependencylegacy
high Legacy software dependency conf 0.90 ✓ Repobility Action `astral-sh/setup-uv` pinned to mutable ref `@v7`
`uses: astral-sh/setup-uv@v7` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate.
.github/workflows/project_euler.yml:43 dependencylegacy
high Legacy software dependency conf 0.90 ✓ Repobility Action `astral-sh/setup-uv` pinned to mutable ref `@v7`
`uses: astral-sh/setup-uv@v7` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate.
.github/workflows/project_euler.yml:25 dependencylegacy
high Legacy software dependency conf 0.90 ✓ Repobility Action `devcontainers/ci` pinned to mutable ref `@v0.3`
`uses: devcontainers/[email protected]` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate.
.github/workflows/devcontainer_ci.yml:16 dependencylegacy
high Legacy software dependency conf 0.90 ✓ Repobility Dockerfile FROM `mcr.microsoft.com/vscode/devcontainers/python (no tag)` not pinned by digest
`FROM mcr.microsoft.com/vscode/devcontainers/python (no tag)` resolves the tag at build time. The registry CAN re-push a different image for the same tag, so every build is potentially different. Production images should pin to `image@sha256:...` for reproducibility + supply-chain integrity.
.devcontainer/Dockerfile:3 dependencylegacy
high Legacy software dependency conf 0.88 keras: GHSA-36fq-jgmw-4r9c
Keras is vulnerable to Deserialization of Untrusted Data
uv.lock dependencylegacy
high Legacy software dependency conf 0.88 keras: GHSA-3m4q-jmj6-r34q
Keras has a Local File Disclosure via HDF5 External Storage During Keras Weight Loading
uv.lock dependencylegacy
high Legacy software dependency conf 0.88 keras: GHSA-4f3f-g24h-fr8m
Keras has an untrusted deserialization vulnerability
uv.lock dependencylegacy
high Legacy software dependency conf 0.88 keras: GHSA-c9rc-mg46-23w3
Keras vulnerable to CVE-2025-1550 bypass via reuse of internal functionality
uv.lock dependencylegacy
high Legacy software dependency conf 0.88 keras: GHSA-hjqc-jx6g-rwp9
Keras Directory Traversal Vulnerability
uv.lock dependencylegacy
high Legacy software dependency conf 0.88 keras: PYSEC-2025-123
The Keras Model.load_model method can be exploited to achieve arbitrary code execution, even with safe_mode=True. One can create a specially crafted .h5/.hdf5 model archive that, when loaded via Model.load_model, will trigger arbitrary code to be executed. This is achieved by crafting a special .…
uv.lock dependencylegacy
high Legacy software dependency conf 0.88 keras: PYSEC-2026-73
Allocation of Resources Without Limits or Throttling in the HDF5 weight loading component in Google Keras 3.0.0 through 3.13.0 on all platforms allows a remote attacker to cause a Denial of Service (DoS) through memory exhaustion and a crash of the Python interpreter via a crafted .keras archive co…
uv.lock dependencylegacy
high Legacy software dependency conf 0.88 lxml: PYSEC-2026-87
lxml is a library for processing XML and HTML in the Python language. Prior to 6.1.0, using either of the two parsers in the default configuration (with resolve_entities=True) allows untrusted XML input to read local files. Setting the resolve_entities option explicitly to resolve_entities='interna…
uv.lock dependencylegacy
high Legacy quality quality conf 1.00 ✓ Repobility Phantom test coverage: test_add_and_remove_edges_repeatedly
Test function `test_add_and_remove_edges_repeatedly` runs code but contains no assert / expect / should call — it passes regardless of behaviour. Adds line coverage without verifying anything.
graphs/graph_adjacency_matrix.py:487 qualitylegacy
high Legacy quality quality conf 1.00 ✓ Repobility Phantom test coverage: test_add_and_remove_edges_repeatedly
Test function `test_add_and_remove_edges_repeatedly` runs code but contains no assert / expect / should call — it passes regardless of behaviour. Adds line coverage without verifying anything.
graphs/graph_adjacency_list.py:475 qualitylegacy
high Legacy quality quality conf 1.00 ✓ Repobility Phantom test coverage: test_add_and_remove_vertices_repeatedly
Test function `test_add_and_remove_vertices_repeatedly` runs code but contains no assert / expect / should call — it passes regardless of behaviour. Adds line coverage without verifying anything.
graphs/graph_adjacency_matrix.py:375 qualitylegacy
high Legacy quality quality conf 1.00 ✓ Repobility Phantom test coverage: test_add_and_remove_vertices_repeatedly
Test function `test_add_and_remove_vertices_repeatedly` runs code but contains no assert / expect / should call — it passes regardless of behaviour. Adds line coverage without verifying anything.
graphs/graph_adjacency_list.py:363 qualitylegacy
high Legacy quality quality conf 1.00 ✓ Repobility Phantom test coverage: test_add_edge
Test function `test_add_edge` runs code but contains no assert / expect / should call — it passes regardless of behaviour. Adds line coverage without verifying anything.
graphs/graph_adjacency_matrix.py:446 qualitylegacy
high Legacy quality quality conf 1.00 ✓ Repobility Phantom test coverage: test_add_edge
Test function `test_add_edge` runs code but contains no assert / expect / should call — it passes regardless of behaviour. Adds line coverage without verifying anything.
graphs/graph_adjacency_list.py:434 qualitylegacy
high Legacy quality quality conf 1.00 ✓ Repobility Phantom test coverage: test_add_edge_exception_check
Test function `test_add_edge_exception_check` runs code but contains no assert / expect / should call — it passes regardless of behaviour. Adds line coverage without verifying anything.
graphs/graph_adjacency_list.py:538 qualitylegacy
high Legacy quality quality conf 1.00 ✓ Repobility Phantom test coverage: test_add_vertex_exception_check
Test function `test_add_vertex_exception_check` runs code but contains no assert / expect / should call — it passes regardless of behaviour. Adds line coverage without verifying anything.
graphs/graph_adjacency_matrix.py:521 qualitylegacy
high Legacy quality quality conf 1.00 ✓ Repobility Phantom test coverage: test_add_vertex_exception_check
Test function `test_add_vertex_exception_check` runs code but contains no assert / expect / should call — it passes regardless of behaviour. Adds line coverage without verifying anything.
graphs/graph_adjacency_list.py:509 qualitylegacy
high Legacy quality quality conf 1.00 ✓ Repobility Phantom test coverage: test_add_vertices
Test function `test_add_vertices` runs code but contains no assert / expect / should call — it passes regardless of behaviour. Adds line coverage without verifying anything.
graphs/graph_adjacency_matrix.py:327 qualitylegacy
high Legacy quality quality conf 1.00 ✓ Repobility Phantom test coverage: test_add_vertices
Test function `test_add_vertices` runs code but contains no assert / expect / should call — it passes regardless of behaviour. Adds line coverage without verifying anything.
graphs/graph_adjacency_list.py:315 qualitylegacy
high Legacy quality quality conf 1.00 ✓ Repobility Phantom test coverage: test_contains_edge
Test function `test_contains_edge` runs code but contains no assert / expect / should call — it passes regardless of behaviour. Adds line coverage without verifying anything.
graphs/graph_adjacency_matrix.py:412 qualitylegacy
high Legacy quality quality conf 1.00 ✓ Repobility Phantom test coverage: test_contains_edge
Test function `test_contains_edge` runs code but contains no assert / expect / should call — it passes regardless of behaviour. Adds line coverage without verifying anything.
graphs/graph_adjacency_list.py:400 qualitylegacy
high Legacy quality quality conf 1.00 ✓ Repobility Phantom test coverage: test_contains_edge_exception_check
Test function `test_contains_edge_exception_check` runs code but contains no assert / expect / should call — it passes regardless of behaviour. Adds line coverage without verifying anything.
graphs/graph_adjacency_list.py:576 qualitylegacy
high Legacy quality quality conf 1.00 ✓ Repobility Phantom test coverage: test_end_to_end
Test function `test_end_to_end` runs code but contains no assert / expect / should call — it passes regardless of behaviour. Adds line coverage without verifying anything.
ciphers/shuffled_shift_cipher.py:172 qualitylegacy
high Legacy quality quality conf 1.00 ✓ Repobility Phantom test coverage: test_greedy
Test function `test_greedy` runs code but contains no assert / expect / should call — it passes regardless of behaviour. Adds line coverage without verifying anything.
other/greedy.py:42 qualitylegacy
high Legacy quality quality conf 1.00 ✓ Repobility Phantom test coverage: test_remove_edge
Test function `test_remove_edge` runs code but contains no assert / expect / should call — it passes regardless of behaviour. Adds line coverage without verifying anything.
graphs/graph_adjacency_matrix.py:467 qualitylegacy
high Legacy quality quality conf 1.00 ✓ Repobility Phantom test coverage: test_remove_edge
Test function `test_remove_edge` runs code but contains no assert / expect / should call — it passes regardless of behaviour. Adds line coverage without verifying anything.
graphs/graph_adjacency_list.py:455 qualitylegacy
high Legacy quality quality conf 1.00 ✓ Repobility Phantom test coverage: test_remove_edge_exception_check
Test function `test_remove_edge_exception_check` runs code but contains no assert / expect / should call — it passes regardless of behaviour. Adds line coverage without verifying anything.
graphs/graph_adjacency_list.py:552 qualitylegacy
high Legacy quality quality conf 1.00 ✓ Repobility Phantom test coverage: test_remove_vertex_exception_check
Test function `test_remove_vertex_exception_check` runs code but contains no assert / expect / should call — it passes regardless of behaviour. Adds line coverage without verifying anything.
graphs/graph_adjacency_list.py:523 qualitylegacy
high Legacy quality quality conf 1.00 ✓ Repobility Phantom test coverage: test_remove_vertices
Test function `test_remove_vertices` runs code but contains no assert / expect / should call — it passes regardless of behaviour. Adds line coverage without verifying anything.
graphs/graph_adjacency_matrix.py:351 qualitylegacy
high Legacy quality quality conf 1.00 ✓ Repobility Phantom test coverage: test_remove_vertices
Test function `test_remove_vertices` runs code but contains no assert / expect / should call — it passes regardless of behaviour. Adds line coverage without verifying anything.
graphs/graph_adjacency_list.py:339 qualitylegacy
high Legacy quality quality conf 1.00 ✓ Repobility Phantom test coverage: test_running_key_encrypt
Test function `test_running_key_encrypt` runs code but contains no assert / expect / should call — it passes regardless of behaviour. Adds line coverage without verifying anything.
ciphers/running_key_cipher.py:52 qualitylegacy
high Legacy quality quality conf 1.00 ✓ Repobility Phantom test coverage: test_vector
Test function `test_vector` runs code but contains no assert / expect / should call — it passes regardless of behaviour. Adds line coverage without verifying anything.
graphs/prim.py:118 qualitylegacy
high Legacy quality quality conf 1.00 ✓ Repobility Phantom test coverage: test_vector
Test function `test_vector` runs code but contains no assert / expect / should call — it passes regardless of behaviour. Adds line coverage without verifying anything.
graphs/boruvka.py:141 qualitylegacy
high Legacy software dependency conf 0.88 pillow: GHSA-cfh3-3jmp-rvhc
Pillow affected by out-of-bounds write when loading PSD images
uv.lock dependencylegacy
high Legacy software dependency conf 0.88 pillow: GHSA-pwv6-vv43-88gr
Pillow has an OOB Write with Invalid PSD Tile Extents (Integer Overflow)
uv.lock dependencylegacy
high Legacy software dependency conf 0.88 pillow: GHSA-whj4-6x5x-4v2j
FITS GZIP decompression bomb in Pillow
uv.lock dependencylegacy
high Legacy software dependency conf 0.88 pillow: PYSEC-2025-61
Pillow is a Python imaging library. In versions 11.2.0 to before 11.3.0, there is a heap buffer overflow when writing a sufficiently large (>64k encoded with default settings) image in the DDS format due to writing into a buffer without checking for available space. This only affects users who save…
uv.lock dependencylegacy
high Legacy software dependency conf 0.88 pillow: PYSEC-2026-165
Pillow is a Python imaging library. Prior to version 12.2.0, if a font advances for each glyph by an exceeding large amount, when Pillow keeps track of the current position, it may lead to an integer overflow. This issue has been patched in version 12.2.0.
uv.lock dependencylegacy
high Legacy software dependency conf 0.90 ✓ Repobility pre-commit hook `https://github.com/abravalheri/validate-pyproject` pinned to mutable rev `v0.25`
`.pre-commit-config.yaml` references `https://github.com/abravalheri/validate-pyproject` at `rev: v0.25`. If `{rev}` is a branch or version tag, the repo owner can push new code there and `pre-commit install --install-hooks` will fetch it on every developer's machine.
.pre-commit-config.yaml:46 dependencylegacy
high Legacy software dependency conf 0.90 ✓ Repobility pre-commit hook `https://github.com/astral-sh/ruff-pre-commit` pinned to mutable rev `v0.15.15`
`.pre-commit-config.yaml` references `https://github.com/astral-sh/ruff-pre-commit` at `rev: v0.15.15`. If `{rev}` is a branch or version tag, the repo owner can push new code there and `pre-commit install --install-hooks` will fetch it on every developer's machine.
.pre-commit-config.yaml:20 dependencylegacy
high Legacy software dependency conf 0.90 ✓ Repobility pre-commit hook `https://github.com/codespell-project/codespell` pinned to mutable rev `v2.4.2`
`.pre-commit-config.yaml` references `https://github.com/codespell-project/codespell` at `rev: v2.4.2`. If `{rev}` is a branch or version tag, the repo owner can push new code there and `pre-commit install --install-hooks` will fetch it on every developer's machine.
.pre-commit-config.yaml:26 dependencylegacy
high Legacy software dependency conf 0.90 ✓ Repobility pre-commit hook `https://github.com/MarcoGorelli/auto-walrus` pinned to mutable rev `0.4.1`
`.pre-commit-config.yaml` references `https://github.com/MarcoGorelli/auto-walrus` at `rev: 0.4.1`. If `{rev}` is a branch or version tag, the repo owner can push new code there and `pre-commit install --install-hooks` will fetch it on every developer's machine.
.pre-commit-config.yaml:15 dependencylegacy
high Legacy software dependency conf 0.90 ✓ Repobility pre-commit hook `https://github.com/pre-commit/mirrors-prettier` pinned to mutable rev `v4.0.0-alpha.8`
`.pre-commit-config.yaml` references `https://github.com/pre-commit/mirrors-prettier` at `rev: v4.0.0-alpha.8`. If `{rev}` is a branch or version tag, the repo owner can push new code there and `pre-commit install --install-hooks` will fetch it on every developer's machine.
.pre-commit-config.yaml:61 dependencylegacy
high Legacy software dependency conf 0.90 ✓ Repobility pre-commit hook `https://github.com/pre-commit/pre-commit-hooks` pinned to mutable rev `v6.0.0`
`.pre-commit-config.yaml` references `https://github.com/pre-commit/pre-commit-hooks` at `rev: v6.0.0`. If `{rev}` is a branch or version tag, the repo owner can push new code there and `pre-commit install --install-hooks` will fetch it on every developer's machine.
.pre-commit-config.yaml:5 dependencylegacy
high Legacy software dependency conf 0.90 ✓ Repobility pre-commit hook `https://github.com/tox-dev/pyproject-fmt` pinned to mutable rev `v2.23.0`
`.pre-commit-config.yaml` references `https://github.com/tox-dev/pyproject-fmt` at `rev: v2.23.0`. If `{rev}` is a branch or version tag, the repo owner can push new code there and `pre-commit install --install-hooks` will fetch it on every developer's machine.
.pre-commit-config.yaml:33 dependencylegacy
high Legacy software dependency conf 0.88 urllib3: GHSA-2xpw-w6gg-jr37
urllib3 streaming API improperly handles highly compressed data
uv.lock dependencylegacy
high Legacy software dependency conf 0.88 urllib3: GHSA-38jv-5279-wg99
Decompression-bomb safeguards bypassed when following HTTP redirects (streaming API)
uv.lock dependencylegacy
high Legacy software dependency conf 0.88 urllib3: GHSA-gm62-xv2j-4w53
urllib3 allows an unbounded number of links in the decompression chain
uv.lock dependencylegacy
high Legacy software dependency conf 0.88 urllib3: PYSEC-2026-141
urllib3 is an HTTP client library for Python. From 1.23 to before 2.7.0, cross-origin redirects followed from the low-level API via ProxyManager.connection_from_url().urlopen(..., assert_same_host=False) still forward these sensitive headers. This vulnerability is fixed in 2.7.0.
uv.lock dependencylegacy
medium Legacy security auth conf 0.92 [AUC001] No Repobility access matrix policy found: The repository uses web/API frameworks but does not define .repobility/access.yml or equivalent authorization documentation.
The repository uses web/API frameworks but does not define .repobility/access.yml or equivalent authorization documentation.
authlegacy
high Legacy quality quality conf 1.00 ✓ Repobility Bare except continues silently
Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose.
physics/newtons_second_law_of_motion.py:77 qualitylegacy
high Legacy quality quality conf 1.00 ✓ Repobility Bare except continues silently
Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose.
hashes/enigma_machine.py:49 qualitylegacy
medium Legacy cicd docker conf 0.90 Docker build context has no .dockerignore
Without .dockerignore, build context can include source history, local env files, dependencies, and generated artifacts.
.dockerignore dockerlegacy
high Legacy cicd docker conf 0.82 Docker final stage has no non-root USER
Docker images run as root unless the image or Dockerfile switches to a non-root user.
.devcontainer/Dockerfile:3 dockerlegacy
medium Legacy software dependency conf 0.88 fonttools: GHSA-768j-98cg-p3fv
fontTools is Vulnerable to Arbitrary File Write and XML injection in fontTools.varLib
uv.lock dependencylegacy
medium Legacy software dependency conf 0.88 idna: GHSA-65pc-fj4g-8rjx
Internationalized Domain Names in Applications (IDNA): Specially crafted inputs to idna.encode() can bypass CVE-2024-3651 fix
uv.lock dependencylegacy
medium Legacy software dependency conf 0.88 keras: GHSA-mq84-hjqx-cwf2
Keras is vulnerable to arbitrary local file loading and Server-Side Request Forgery
uv.lock dependencylegacy
medium Legacy software dependency conf 0.88 pillow: GHSA-5xmw-vc9v-4wf2
Pillow has a heap buffer overflow with nested list coordinates
uv.lock dependencylegacy
medium Legacy software dependency conf 0.88 pillow: GHSA-r73j-pqj5-w3x7
Pillow has a PDF Parsing Trailer Infinite Loop (DoS)
uv.lock dependencylegacy
medium Legacy quality quality conf 0.78 Public web service has no security.txt
security.txt gives researchers and customers a safe disclosure channel. Public web apps and APIs should publish it under /.well-known/security.txt.
.well-known/security.txt qualitylegacy
medium Legacy software dependency conf 0.88 pytest: GHSA-6w46-j5rx-g56g
pytest has vulnerable tmpdir handling
uv.lock dependencylegacy
medium Legacy software dependency conf 0.88 requests: GHSA-9hjg-9r4m-mvj7
Requests vulnerable to .netrc credentials leak via malicious URLs
uv.lock dependencylegacy
medium Legacy software dependency conf 0.88 requests: GHSA-gc5v-m9x4-r6x2
Requests has Insecure Temp File Reuse in its extract_zipped_paths() utility function
uv.lock dependencylegacy
medium Legacy software dependency conf 0.88 urllib3: GHSA-48p4-8xcf-vxj5
urllib3 does not control redirects in browsers and Node.js
uv.lock dependencylegacy
medium Legacy software dependency conf 0.88 urllib3: GHSA-pq67-6m6q-mj2v
urllib3 redirects are not disabled when retries are disabled on PoolManager instantiation
uv.lock dependencylegacy
medium 9-layer hardware security conf 1.00 Dockerfile runs as root: .devcontainer/Dockerfile
No non-root USER set. Containers running as root expand the blast radius of any vulnerability inside the image.
securitycontainer
medium 9-layer cicd supply-chain conf 1.00 GitHub Actions workflow grants broad write permissions
CI tokens with write permissions increase blast radius when an action, dependency, or PR workflow is compromised. Prefer job-level least-privilege permissions.
.github/workflows/sphinx.yml supply-chaingithub-actionsleast-privilege
medium 9-layer quality integrity conf 1.00 Network/subprocess call without timeout or try/except — machine_learning/sequential_minimum_optimization.py:458
`urllib.request.urlopen(...)` here lacks both a `timeout=` arg and an enclosing try/except. This is exactly the class of bug that took down our git-clone earlier (HTTP/2 stream cancel surfaced as a fatal). Add a `timeout=` and wrap in try/except, or use a wrapper that retries.
integrityfragile-runtimerobustness
medium 9-layer quality integrity conf 1.00 Network/subprocess call without timeout or try/except — maths/allocation_number.py:6
`requests.get(...)` here lacks both a `timeout=` arg and an enclosing try/except. This is exactly the class of bug that took down our git-clone earlier (HTTP/2 stream cancel surfaced as a fatal). Add a `timeout=` and wrap in try/except, or use a wrapper that retries.
integrityfragile-runtimerobustness
medium 9-layer quality integrity conf 1.00 Network/subprocess call without timeout or try/except — neural_network/input_data.py:262
`urllib.request.urlretrieve(...)` here lacks both a `timeout=` arg and an enclosing try/except. This is exactly the class of bug that took down our git-clone earlier (HTTP/2 stream cancel surfaced as a fatal). Add a `timeout=` and wrap in try/except, or use a wrapper that retries.
integrityfragile-runtimerobustness
medium 9-layer security coverage conf 1.00 No auth library detected
The scanner did not find any standard auth library (JWT, OAuth, NextAuth, Auth0, etc.). Either auth lives in custom code, in a separate service, or is missing.
coverageauth
medium 9-layer quality tests conf 1.00 Very low test-to-source ratio
34 test file(s) for 1351 source file(s) (ratio 0.03). Consider adding integration or unit tests for critical paths.
testscoverage
high Legacy quality quality conf 0.86 Duplicated implementation block across source files
Duplicated blocks are a common artifact when generated code is pasted or recreated instead of reused. They increase maintenance cost because every future bug fix must be found in multiple locations.
divide_and_conquer/heaps_algorithm_iterative.py:11 qualitylegacy
high Legacy quality quality conf 0.86 Duplicated implementation block across source files
Duplicated blocks are a common artifact when generated code is pasted or recreated instead of reused. They increase maintenance cost because every future bug fix must be found in multiple locations.
digital_image_processing/morphological_operations/erosion_operation.py:1 qualitylegacy
high Legacy quality quality conf 0.86 Duplicated implementation block across source files
Duplicated blocks are a common artifact when generated code is pasted or recreated instead of reused. They increase maintenance cost because every future bug fix must be found in multiple locations.
data_structures/queues/queue_by_two_stacks.py:39 qualitylegacy
high Legacy quality quality conf 0.86 Duplicated implementation block across source files
Duplicated blocks are a common artifact when generated code is pasted or recreated instead of reused. They increase maintenance cost because every future bug fix must be found in multiple locations.
data_structures/linked_list/singly_linked_list.py:341 qualitylegacy
high Legacy quality quality conf 0.86 Duplicated implementation block across source files
Duplicated blocks are a common artifact when generated code is pasted or recreated instead of reused. They increase maintenance cost because every future bug fix must be found in multiple locations.
data_compression/lempel_ziv_decompress.py:6 qualitylegacy
high Legacy quality quality conf 0.86 Duplicated implementation block across source files
Duplicated blocks are a common artifact when generated code is pasted or recreated instead of reused. They increase maintenance cost because every future bug fix must be found in multiple locations.
conversions/prefix_conversions_string.py:21 qualitylegacy
high Legacy quality quality conf 0.86 Duplicated implementation block across source files
Duplicated blocks are a common artifact when generated code is pasted or recreated instead of reused. They increase maintenance cost because every future bug fix must be found in multiple locations.
computer_vision/mosaic_augmentation.py:44 qualitylegacy
low Legacy software dependency conf 0.88 pygments: GHSA-5239-wwwm-4pmq
Pygments has Regular Expression Denial of Service (ReDoS) due to Inefficient Regex for GUID Matching
uv.lock dependencylegacy
low 9-layer hardware coverage conf 1.00 Containers defined but no K8s/orchestration manifest found
Repo has Dockerfiles/compose but no Kubernetes/Nomad manifests. If the target deployment is K8s, the manifests may live in a separate ops repo.
coveragedeployment
low 9-layer hardware supply-chain conf 1.00 Docker base image is tag-pinned but not digest-pinned: mcr.microsoft.com/vscode/devcontainers/python:${VARIANT}
Container tags can be retagged upstream. Pin production base images to a reviewed digest (`image@sha256:...`) when reproducibility and supply-chain integrity matter.
.devcontainer/Dockerfile:3 supply-chaindockerpinned-dependencies
low 9-layer software dead-code-candidate conf 1.00 File has no detected symbols: computer_vision/cnn_classification.py
Source file with no class/function declarations — possible config, dead code, or scratch file.
dead-code-candidate
low 9-layer software dead-code-candidate conf 1.00 File has no detected symbols: digital_image_processing/filters/local_binary_pattern.py
Source file with no class/function declarations — possible config, dead code, or scratch file.
dead-code-candidate
low 9-layer software dead-code-candidate conf 1.00 File has no detected symbols: divide_and_conquer/convex_hull.py
Source file with no class/function declarations — possible config, dead code, or scratch file.
dead-code-candidate
low 9-layer software dead-code-candidate conf 1.00 File has no detected symbols: docs/conf.py
Source file with no class/function declarations — possible config, dead code, or scratch file.
dead-code-candidate
low 9-layer software dead-code-candidate conf 1.00 File has no detected symbols: dynamic_programming/catalan_numbers.py
Source file with no class/function declarations — possible config, dead code, or scratch file.
dead-code-candidate
low 9-layer software dead-code-candidate conf 1.00 File has no detected symbols: machine_learning/lstm/lstm_prediction.py
Source file with no class/function declarations — possible config, dead code, or scratch file.
dead-code-candidate
low 9-layer software dead-code-candidate conf 1.00 File has no detected symbols: maths/greatest_common_divisor.py
Source file with no class/function declarations — possible config, dead code, or scratch file.
dead-code-candidate
low 9-layer software dead-code-candidate conf 1.00 File has no detected symbols: maths/test_prime_check.py
Source file with no class/function declarations — possible config, dead code, or scratch file.
dead-code-candidate
low 9-layer software dead-code-candidate conf 1.00 File has no detected symbols: other/quine.py
Source file with no class/function declarations — possible config, dead code, or scratch file.
dead-code-candidate
low 9-layer software dead-code-candidate conf 1.00 File has no detected symbols: project_euler/problem_002/sol4.py
Source file with no class/function declarations — possible config, dead code, or scratch file.
dead-code-candidate
low 9-layer software dead-code-candidate conf 1.00 File has no detected symbols: project_euler/problem_003/sol1.py
Source file with no class/function declarations — possible config, dead code, or scratch file.
dead-code-candidate
low 9-layer software dead-code-candidate conf 1.00 File has no detected symbols: project_euler/problem_003/sol2.py
Source file with no class/function declarations — possible config, dead code, or scratch file.
dead-code-candidate
low 9-layer software dead-code-candidate conf 1.00 File has no detected symbols: project_euler/problem_003/sol3.py
Source file with no class/function declarations — possible config, dead code, or scratch file.
dead-code-candidate
low 9-layer software dead-code-candidate conf 1.00 File has no detected symbols: project_euler/problem_005/sol1.py
Source file with no class/function declarations — possible config, dead code, or scratch file.
dead-code-candidate
low 9-layer software dead-code-candidate conf 1.00 File has no detected symbols: project_euler/problem_007/sol2.py
Source file with no class/function declarations — possible config, dead code, or scratch file.
dead-code-candidate
low 9-layer software dead-code-candidate conf 1.00 File has no detected symbols: scripts/validate_filenames.py
Source file with no class/function declarations — possible config, dead code, or scratch file.
dead-code-candidate
low 9-layer software dead-code-candidate conf 1.00 File has no detected symbols: web_programming/crawl_google_results.py
Source file with no class/function declarations — possible config, dead code, or scratch file.
dead-code-candidate
low 9-layer software dead-code-candidate conf 1.00 File has no detected symbols: web_programming/fetch_well_rx_price.py
Source file with no class/function declarations — possible config, dead code, or scratch file.
dead-code-candidate
low 9-layer software dead-code-candidate conf 1.00 File has no detected symbols: web_programming/instagram_crawler.py
Source file with no class/function declarations — possible config, dead code, or scratch file.
dead-code-candidate
low 9-layer software dead-code-candidate conf 1.00 File has no detected symbols: web_programming/open_google_results.py
Source file with no class/function declarations — possible config, dead code, or scratch file.
dead-code-candidate
low 9-layer quality integrity conf 1.00 Legacy-named symbol `b_old` in machine_learning/sequential_minimum_optimization.py:122
Names with suffixes like `_old`, `_v1`, `_deprecated` usually indicate replaced-but-not-removed code (typical AI-coder leftover). Confirm and delete, or rename if it's the active version.
integritylegacy-markerdead-code
low 9-layer quality integrity conf 1.00 Legacy-named symbol `graph_copy` in graphs/karger.py:47
Names with suffixes like `_old`, `_v1`, `_deprecated` usually indicate replaced-but-not-removed code (typical AI-coder leftover). Confirm and delete, or rename if it's the active version.
integritylegacy-markerdead-code
low 9-layer quality integrity conf 1.00 Legacy-named symbol `items_copy` in other/greedy.py:31
Names with suffixes like `_old`, `_v1`, `_deprecated` usually indicate replaced-but-not-removed code (typical AI-coder leftover). Confirm and delete, or rename if it's the active version.
integritylegacy-markerdead-code
low 9-layer quality integrity conf 1.00 Legacy-named symbol `list_copy` in project_euler/problem_054/test_poker_hand.py:189
Names with suffixes like `_old`, `_v1`, `_deprecated` usually indicate replaced-but-not-removed code (typical AI-coder leftover). Confirm and delete, or rename if it's the active version.
integritylegacy-markerdead-code
low 9-layer quality integrity conf 1.00 Legacy-named symbol `num_copy` in maths/is_int_palindrome.py:22
Names with suffixes like `_old`, `_v1`, `_deprecated` usually indicate replaced-but-not-removed code (typical AI-coder leftover). Confirm and delete, or rename if it's the active version.
integritylegacy-markerdead-code
low 9-layer quality integrity conf 1.00 Legacy-named symbol `test_copy` in linear_algebra/src/test_linear_algebra.py:111
Names with suffixes like `_old`, `_v1`, `_deprecated` usually indicate replaced-but-not-removed code (typical AI-coder leftover). Confirm and delete, or rename if it's the active version.
integritylegacy-markerdead-code
low 9-layer quality integrity conf 1.00 Legacy-named symbol `years_old` in web_programming/get_top_billionaires.py:30
Names with suffixes like `_old`, `_v1`, `_deprecated` usually indicate replaced-but-not-removed code (typical AI-coder leftover). Confirm and delete, or rename if it's the active version.
integritylegacy-markerdead-code
low 9-layer quality integrity conf 1.00 Near-duplicate function bodies in 2 places
Functions with the same first-5-line body hash: dynamic_programming/min_distance_up_bottom.py:min_distance_up_bottom, dynamic_programming/min_distance_up_bottom.py:min_distance This is *the* AI-coder failure mode (4× more duplication in vibe-coded repos — see https://jw.hn/ai-code-hygiene). Consol…
integrityduplicatedry
low 9-layer quality integrity conf 1.00 Near-duplicate function bodies in 2 places
Functions with the same first-5-line body hash: computer_vision/mosaic_augmentation.py:main, computer_vision/flip_augmentation.py:main This is *the* AI-coder failure mode (4× more duplication in vibe-coded repos — see https://jw.hn/ai-code-hygiene). Consolidate or document why they're separate.
integrityduplicatedry
low 9-layer quality integrity conf 1.00 Near-duplicate function bodies in 2 places
Functions with the same first-5-line body hash: computer_vision/mosaic_augmentation.py:get_dataset, computer_vision/flip_augmentation.py:get_dataset This is *the* AI-coder failure mode (4× more duplication in vibe-coded repos — see https://jw.hn/ai-code-hygiene). Consolidate or document why they'r…
integrityduplicatedry
low 9-layer quality integrity conf 1.00 Near-duplicate function bodies in 2 places
Functions with the same first-5-line body hash: computer_vision/mosaic_augmentation.py:random_chars, computer_vision/flip_augmentation.py:random_chars This is *the* AI-coder failure mode (4× more duplication in vibe-coded repos — see https://jw.hn/ai-code-hygiene). Consolidate or document why they…
integrityduplicatedry
low 9-layer quality integrity conf 1.00 Near-duplicate function bodies in 2 places
Functions with the same first-5-line body hash: data_compression/lempel_ziv.py:read_file_binary, data_compression/lempel_ziv_decompress.py:read_file_binary This is *the* AI-coder failure mode (4× more duplication in vibe-coded repos — see https://jw.hn/ai-code-hygiene). Consolidate or document why…
integrityduplicatedry
low 9-layer quality integrity conf 1.00 Near-duplicate function bodies in 2 places
Functions with the same first-5-line body hash: data_compression/lempel_ziv.py:compress_data, data_compression/lempel_ziv.py:compress This is *the* AI-coder failure mode (4× more duplication in vibe-coded repos — see https://jw.hn/ai-code-hygiene). Consolidate or document why they're separate.
integrityduplicatedry
low 9-layer quality integrity conf 1.00 Near-duplicate function bodies in 2 places
Functions with the same first-5-line body hash: data_compression/lempel_ziv.py:write_file_binary, data_compression/lempel_ziv_decompress.py:write_file_binary This is *the* AI-coder failure mode (4× more duplication in vibe-coded repos — see https://jw.hn/ai-code-hygiene). Consolidate or document w…
integrityduplicatedry
low 9-layer quality integrity conf 1.00 Near-duplicate function bodies in 2 places
Functions with the same first-5-line body hash: data_compression/coordinate_compression.py:compress_coordinates, data_compression/coordinate_compression.py:compress This is *the* AI-coder failure mode (4× more duplication in vibe-coded repos — see https://jw.hn/ai-code-hygiene). Consolidate or doc…
integrityduplicatedry
low 9-layer quality integrity conf 1.00 Near-duplicate function bodies in 2 places
Functions with the same first-5-line body hash: matrix/pascal_triangle.py:benchmark, maths/sum_of_digits.py:benchmark This is *the* AI-coder failure mode (4× more duplication in vibe-coded repos — see https://jw.hn/ai-code-hygiene). Consolidate or document why they're separate.
integrityduplicatedry
low 9-layer quality integrity conf 1.00 Near-duplicate function bodies in 2 places
Functions with the same first-5-line body hash: matrix/largest_square_area_in_matrix.py:largest_square_area_in_matrix_top_down_approch, matrix/largest_square_area_in_matrix.py:largest_square_area_in_matrix_top_down_approch_with_dp This is *the* AI-coder failure mode (4× more duplication in vibe-co…
integrityduplicatedry
low 9-layer quality integrity conf 1.00 Near-duplicate function bodies in 2 places
Functions with the same first-5-line body hash: divide_and_conquer/closest_pair_of_points.py:closest_pair_of_points_sqr, divide_and_conquer/closest_pair_of_points.py:closest_pair_of_points This is *the* AI-coder failure mode (4× more duplication in vibe-coded repos — see https://jw.hn/ai-code-hygi…
integrityduplicatedry
low 9-layer quality integrity conf 1.00 Near-duplicate function bodies in 2 places
Functions with the same first-5-line body hash: searches/simulated_annealing.py:simulated_annealing, searches/hill_climbing.py:hill_climbing This is *the* AI-coder failure mode (4× more duplication in vibe-coded repos — see https://jw.hn/ai-code-hygiene). Consolidate or document why they're separa…
integrityduplicatedry
low 9-layer quality integrity conf 1.00 Near-duplicate function bodies in 2 places
Functions with the same first-5-line body hash: maths/perfect_number.py:perfect, maths/special_numbers/perfect_number.py:perfect This is *the* AI-coder failure mode (4× more duplication in vibe-coded repos — see https://jw.hn/ai-code-hygiene). Consolidate or document why they're separate.
integrityduplicatedry
low 9-layer quality integrity conf 1.00 Near-duplicate function bodies in 2 places
Functions with the same first-5-line body hash: maths/persistence.py:multiplicative_persistence, maths/persistence.py:additive_persistence This is *the* AI-coder failure mode (4× more duplication in vibe-coded repos — see https://jw.hn/ai-code-hygiene). Consolidate or document why they're separate.
integrityduplicatedry
low 9-layer quality integrity conf 1.00 Near-duplicate function bodies in 2 places
Functions with the same first-5-line body hash: maths/primelib.py:get_prime_numbers, maths/primelib.py:get_prime This is *the* AI-coder failure mode (4× more duplication in vibe-coded repos — see https://jw.hn/ai-code-hygiene). Consolidate or document why they're separate.
integrityduplicatedry
low 9-layer quality integrity conf 1.00 Near-duplicate function bodies in 3 places
Functions with the same first-5-line body hash: audio_filters/butterworth_filter.py:make_peak, audio_filters/butterworth_filter.py:make_lowshelf, audio_filters/butterworth_filter.py:make_highshelf This is *the* AI-coder failure mode (4× more duplication in vibe-coded repos — see https://jw.hn/ai-c…
integrityduplicatedry
low 9-layer quality integrity conf 1.00 Near-duplicate function bodies in 3 places
Functions with the same first-5-line body hash: maths/line_length.py:line_length, maths/area_under_curve.py:trapezoidal_area, maths/numerical_analysis/numerical_integration.py:trapezoidal_area This is *the* AI-coder failure mode (4× more duplication in vibe-coded repos — see https://jw.hn/ai-code-…
integrityduplicatedry
low 9-layer quality integrity conf 1.00 Near-duplicate function bodies in 4 places
Functions with the same first-5-line body hash: audio_filters/butterworth_filter.py:make_lowpass, audio_filters/butterworth_filter.py:make_highpass, audio_filters/butterworth_filter.py:make_bandpass, audio_filters/butterworth_filter.py:make_allpass This is *the* AI-coder failure mode (4× more dupl…
integrityduplicatedry
low 9-layer quality integrity conf 1.00 Near-duplicate function bodies in 7 places
Functions with the same first-5-line body hash: maths/prime_check.py:is_prime, project_euler/problem_049/sol1.py:is_prime, project_euler/problem_046/sol1.py:is_prime, project_euler/problem_037/sol1.py:is_prime This is *the* AI-coder failure mode (4× more duplication in vibe-coded repos — see https…
integrityduplicatedry
low 9-layer quality integrity conf 1.00 Near-duplicate function bodies in 8 places
Functions with the same first-5-line body hash: searches/binary_tree_traversal.py:pre_order, searches/binary_tree_traversal.py:in_order, searches/binary_tree_traversal.py:post_order, searches/binary_tree_traversal.py:level_order This is *the* AI-coder failure mode (4× more duplication in vibe-code…
integrityduplicatedry
low 9-layer software dead-code conf 1.00 Possibly dead Python function: abbr
No callers detected by AST scan in this repo. Could be exported for external callers or a framework handler.
dynamic_programming/abbreviation.py:15 dead-code
low 9-layer software dead-code conf 1.00 Possibly dead Python function: climb_stairs
No callers detected by AST scan in this repo. Could be exported for external callers or a framework handler.
dynamic_programming/climbing_stairs.py:4 dead-code
low 9-layer software dead-code conf 1.00 Possibly dead Python function: combination_sum_iv_bottom_up
No callers detected by AST scan in this repo. Could be exported for external callers or a framework handler.
dynamic_programming/combination_sum_iv.py:75 dead-code
low 9-layer software dead-code conf 1.00 Possibly dead Python function: combination_sum_iv_dp_array
No callers detected by AST scan in this repo. Could be exported for external callers or a framework handler.
dynamic_programming/combination_sum_iv.py:45 dead-code
low 9-layer software dead-code conf 1.00 Possibly dead Python function: dp_count
No callers detected by AST scan in this repo. Could be exported for external callers or a framework handler.
dynamic_programming/minimum_coin_change.py:10 dead-code
low 9-layer software dead-code conf 1.00 Possibly dead Python function: dp_match
No callers detected by AST scan in this repo. Could be exported for external callers or a framework handler.
dynamic_programming/regex_match.py:52 dead-code
low 9-layer software dead-code conf 1.00 Possibly dead Python function: find_min
No callers detected by AST scan in this repo. Could be exported for external callers or a framework handler.
dynamic_programming/minimum_partition.py:6 dead-code
low 9-layer software dead-code conf 1.00 Possibly dead Python function: fizz_buzz
No callers detected by AST scan in this repo. Could be exported for external callers or a framework handler.
dynamic_programming/fizz_buzz.py:4 dead-code
low 9-layer software dead-code conf 1.00 Possibly dead Python function: is_sum_subset
No callers detected by AST scan in this repo. Could be exported for external callers or a framework handler.
dynamic_programming/sum_of_subset.py:1 dead-code
low 9-layer software dead-code conf 1.00 Possibly dead Python function: list_of_submasks
No callers detected by AST scan in this repo. Could be exported for external callers or a framework handler.
dynamic_programming/iterating_through_submasks.py:12 dead-code
low 9-layer software dead-code conf 1.00 Possibly dead Python function: longest_common_substring
No callers detected by AST scan in this repo. Could be exported for external callers or a framework handler.
dynamic_programming/longest_common_substring.py:13 dead-code
low 9-layer software dead-code conf 1.00 Possibly dead Python function: longest_increasing_subsequence_length
No callers detected by AST scan in this repo. Could be exported for external callers or a framework handler.
dynamic_programming/longest_increasing_subsequence_o_nlogn.py:20 dead-code
low 9-layer software dead-code conf 1.00 Possibly dead Python function: longest_palindromic_subsequence
No callers detected by AST scan in this repo. Could be exported for external callers or a framework handler.
dynamic_programming/longest_palindromic_subsequence.py:11 dead-code
low 9-layer software dead-code conf 1.00 Possibly dead Python function: make_highpass
No callers detected by AST scan in this repo. Could be exported for external callers or a framework handler.
audio_filters/butterworth_filter.py:43 dead-code
low 9-layer software dead-code conf 1.00 Possibly dead Python function: make_lowpass
No callers detected by AST scan in this repo. Could be exported for external callers or a framework handler.
audio_filters/butterworth_filter.py:13 dead-code
low 9-layer software dead-code conf 1.00 Possibly dead Python function: max_product_subarray
No callers detected by AST scan in this repo. Could be exported for external callers or a framework handler.
dynamic_programming/max_product_subarray.py:1 dead-code
low 9-layer software dead-code conf 1.00 Possibly dead Python function: maximum_non_adjacent_sum
No callers detected by AST scan in this repo. Could be exported for external callers or a framework handler.
dynamic_programming/max_non_adjacent_sum.py:6 dead-code
low 9-layer software dead-code conf 1.00 Possibly dead Python function: min_distance_up_bottom
No callers detected by AST scan in this repo. Could be exported for external callers or a framework handler.
dynamic_programming/min_distance_up_bottom.py:14 dead-code
low 9-layer software dead-code conf 1.00 Possibly dead Python function: min_steps_to_one
No callers detected by AST scan in this repo. Could be exported for external callers or a framework handler.
dynamic_programming/minimum_steps_to_one.py:30 dead-code
low 9-layer software dead-code conf 1.00 Possibly dead Python function: mincost_tickets
No callers detected by AST scan in this repo. Could be exported for external callers or a framework handler.
dynamic_programming/minimum_tickets_cost.py:28 dead-code
low 9-layer software dead-code conf 1.00 Possibly dead Python function: minimum_cost_path
No callers detected by AST scan in this repo. Could be exported for external callers or a framework handler.
dynamic_programming/minimum_cost_path.py:6 dead-code
low 9-layer software dead-code conf 1.00 Possibly dead Python function: minimum_squares_to_represent_a_number
No callers detected by AST scan in this repo. Could be exported for external callers or a framework handler.
dynamic_programming/minimum_squares_to_represent_a_number.py:5 dead-code
low 9-layer software dead-code conf 1.00 Possibly dead Python function: minimum_subarray_sum
No callers detected by AST scan in this repo. Could be exported for external callers or a framework handler.
dynamic_programming/minimum_size_subarray_sum.py:4 dead-code
low 9-layer software dead-code conf 1.00 Possibly dead Python function: prefix_sum
No callers detected by AST scan in this repo. Could be exported for external callers or a framework handler.
dynamic_programming/range_sum_query.py:64 dead-code
low 9-layer software dead-code conf 1.00 Possibly dead Python function: show_frequency_response
No callers detected by AST scan in this repo. Could be exported for external callers or a framework handler.
audio_filters/show_response.py:38 dead-code
low 9-layer software dead-code conf 1.00 Possibly dead Python function: show_phase_response
No callers detected by AST scan in this repo. Could be exported for external callers or a framework handler.
audio_filters/show_response.py:70 dead-code
low 9-layer software dead-code conf 1.00 Possibly dead Python function: tf_k_means_cluster
No callers detected by AST scan in this repo. Could be exported for external callers or a framework handler.
dynamic_programming/k_means_clustering_tensorflow.py:7 dead-code
low 9-layer software dead-code conf 1.00 Possibly dead Python function: tribonacci
No callers detected by AST scan in this repo. Could be exported for external callers or a framework handler.
dynamic_programming/tribonacci.py:4 dead-code
low 9-layer software dead-code conf 1.00 Possibly dead Python function: viterbi
No callers detected by AST scan in this repo. Could be exported for external callers or a framework handler.
dynamic_programming/viterbi.py:4 dead-code
low 9-layer software dead-code conf 1.00 Possibly dead Python function: word_break
No callers detected by AST scan in this repo. Could be exported for external callers or a framework handler.
dynamic_programming/word_break.py:27 dead-code
low 9-layer quality integrity conf 1.00 Stub function `_algorithm` (body is just `pass`/`return`) — graphs/edmonds_karp_multiple_source_and_sink.py:77
Likely an AI scaffold that was never filled in. Remove or implement.
integrityempty-handlerdead-code
low Legacy quality quality conf 1.00 ✓ Repobility [MINED043] Http Not Https: Hardcoded http:// (not localhost) for endpoints that handle credentials or data.
Review and fix per the pattern semantics. See CWE-319 / A02:2021 for context.
computer_vision/horn_schunck.py:9 qualitylegacy
low Legacy quality quality conf 1.00 ✓ Repobility [MINED043] Http Not Https: Hardcoded http:// (not localhost) for endpoints that handle credentials or data.
Review and fix per the pattern semantics. See CWE-319 / A02:2021 for context.
ciphers/fractionated_morse_cipher.py:9 qualitylegacy
low Legacy quality quality conf 1.00 ✓ Repobility [MINED043] Http Not Https: Hardcoded http:// (not localhost) for endpoints that handle credentials or data.
Review and fix per the pattern semantics. See CWE-319 / A02:2021 for context.
ciphers/a1z26.py:6 qualitylegacy
low Legacy quality quality conf 1.00 ✓ Repobility [MINED049] Print Pii: Logging password/token/email/ssn directly to stdout.
Review and fix per the pattern semantics. See CWE-532 / A09:2021 for context.
other/password.py:88 qualitylegacy
low Legacy quality quality conf 1.00 ✓ Repobility [MINED049] Print Pii: Logging password/token/email/ssn directly to stdout.
Review and fix per the pattern semantics. See CWE-532 / A09:2021 for context.
hashes/enigma_machine.py:56 qualitylegacy
low Legacy quality quality conf 1.00 ✓ Repobility [MINED049] Print Pii: Logging password/token/email/ssn directly to stdout.
Review and fix per the pattern semantics. See CWE-532 / A09:2021 for context.
ciphers/diffie.py:52 qualitylegacy
low Legacy quality quality conf 1.00 ✓ Repobility [MINED062] Python Dataclass No Fields: @dataclass over an empty class — unfinished model.
Review and fix per the pattern semantics.
data_structures/binary_tree/serialize_deserialize_binary_tree.py:7 qualitylegacy
low Legacy quality quality conf 1.00 ✓ Repobility [MINED062] Python Dataclass No Fields: @dataclass over an empty class — unfinished model.
Review and fix per the pattern semantics.
data_structures/binary_tree/mirror_binary_tree.py:13 qualitylegacy
low Legacy quality quality conf 1.00 ✓ Repobility [MINED062] Python Dataclass No Fields: @dataclass over an empty class — unfinished model.
Review and fix per the pattern semantics.
data_compression/lz77.py:37 qualitylegacy
low Legacy quality quality conf 1.00 ✓ Repobility [MINED064] Python Input Call: input() blocks for stdin. Inappropriate in services.
Review and fix per the pattern semantics.
cellular_automata/one_dimensional.py:67 qualitylegacy
low Legacy quality quality conf 1.00 ✓ Repobility [MINED064] Python Input Call: input() blocks for stdin. Inappropriate in services.
Review and fix per the pattern semantics.
boolean_algebra/quine_mc_cluskey.py:140 qualitylegacy
low Legacy quality quality conf 1.00 ✓ Repobility [MINED064] Python Input Call: input() blocks for stdin. Inappropriate in services.
Review and fix per the pattern semantics.
backtracking/all_permutations.py:81 qualitylegacy
low Legacy quality quality conf 1.00 ✓ Repobility [MINED067] Python Requests No Timeout: requests.get/post/etc. without timeout= can hang forever.
Review and fix per the pattern semantics. See CWE-400 / for context.
maths/allocation_number.py:6 qualitylegacy
For AI agents: Voting guide (TP/FP) MCP manifest Stdio wrapper SARIF Integrate Findings queue Vote TP/FP on findings to calibrate the engine.
For AI agents + API integrations
Email me when this repo regresses
Free. We re-scan periodically; new criticals → your inbox. No signup required for the scan itself.
API access

This page is publicly accessible at: https://repobility.com/scan/de615caa-c97e-4a70-9ad4-c734875232af/

To check status programmatically (no auth required): 

curl -s https://repobility.com/api/v1/public/scan/de615caa-c97e-4a70-9ad4-c734875232af/

Important — please don't re-submit the same URL repeatedly. The submission endpoint is idempotent: re-submitting the same git URL returns this same scan_token, not a new one. To re-scan this repo, sign up free and use the dashboard.