Public scan — anyone with this URL can view this analysis. Sign up to track your own repos privately, run scheduled re-scans, and get AI fix prompts via your dashboard.
Sign up free Scan another repo
151 of your 391 findings came from Repobility's proprietary detections. ✓ Repobility tags below mark them.

Scan timing: clone 1.98s · analysis 67.9s · 3.8 MB · GitHub API rate-limit (preflight)

aws/deep-learning-containers

https://github.com/aws/deep-learning-containers · scanned 2026-06-05 21:30 UTC (4 days, 11 hours ago) · 10 languages

1102 raw signals (318 security + 784 graph) 40th percentile · Python · small (2-20K LoC) System graph score 70 (lower by 8)

File as issue Image
UNIFIED Repobility · multi-layer engine · AI coders

Complete repo analysis

Last scanned 4 days, 11 hours ago · v2 · 198 actionable findings from 2 signal sources. 489 repeated signals grouped for readability. Security checks, system graph analysis, and verified AI-agent feedback are merged into one review queue.

JSON
Combined
56.2
/100
Security checks
42
135 findings
System graph
70
100.0% cov · 63 findings
Critical
0
click to filter
Agents
6
0 votes
Crowd
0
reported
Score breakdown â 2026-05-18-v5
Component Sub-score Weight Contribution
structure_score 60.0 0.15 9.00
security_score 4.0 0.25 1.00
testing_score 100.0 0.20 20.00
documentation_score 100.0 0.15 15.00
practices_score 74.0 0.15 11.10
code_quality 62.8 0.10 6.28
Overall 1.00 62.4
Severity distribution — click a segment to filter
Active filters: excluding tests × Reset all
Severity: Critical 0 High 42 Medium 60 Low 54 9-Layer: Software Security Quality Integrity Frontend Hardware Data Network Cicd Source: Security checks 135 System graph 63 Crowd 0 Layer: Software 96 Cicd 12 Security 8 Quality 55 Network 8 Hardware 17 Frontend 1 Api 1
Scan summary Quality grade C+ (62/100). Dimensions: security 4, maintainability 60. 318 findings (154 security). 16,087 lines analyzed.

Showing 134 of 198 actionable findings. 687 raw detector signals were grouped into reader-sized issues. Click TP / FP to vote on a finding's accuracy — votes adjust the confidence weighting and improve detection across the platform.

high Security checks quality Quality conf 1.00 ✓ Repobility Missing import: `stat` used but not imported
The file uses `stat.something(...)` but never imports `stat`. This raises NameError at runtime the first time the line executes.
.github/actions/download-model/evict_models.py:20
low Security checks cicd CI/CD security conf 0.35 ✓ Repobility Workflow references repository secrets in a pull_request workflow
Fork pull_request runs do not receive normal repository secrets on GitHub Actions. Review this as a reliability/intent signal, not as direct fork-secret exfiltration. Raise severity only for pull_request_target or another trusted-context path that runs untrusted PR code with secrets.
.github/workflows/prcheck-detect-versions.yml:30 CI/CD securityworkflow secretsGitHub Actions
high Security checks security path traversal conf 0.80 [SEC013] Path Traversal — User Input in File Path: User-controlled input used in file path without sanitization. Allows reading arbitrary files.
Use os.path.realpath() and verify the path starts with your expected base directory. Use secure_filename() for uploads.
examples/ray/tabular-model/deployment.py:34
low Security checks security Injection conf 1.00 3 occurrences [SEC103] LDAP injection — non-constant search filter: User input concatenated into an LDAP search filter. Attackers inject `*)(uid=*` style payloads to bypass auth or enumerate accounts.
Escape with javax.naming.ldap.Rdn.escapeValue or equivalent. For python-ldap, use ldap.filter.escape_filter_chars. Better: use parameterized search APIs (Spring LdapTemplate filter encoders).
3 files, 3 locations
docs/src/sorter.py:31
scripts/vllm/omni_sagemaker_serve.py:40
scripts/vllm/sagemaker_serve.py:28
high Security checks software dependencies conf 0.90 ✓ Repobility Binary file `docker/xgboost/resources/mms/endpoints-1.0.jar` committed in source repo
`docker/xgboost/resources/mms/endpoints-1.0.jar` is a .jar binary (5,972 bytes) committed to a repo that otherwise has 207 source files. Trojan binaries inside otherwise-normal source repos are a known supply-chain attack: a compromised dependency or PR slips in a binary that gets executed by build…
docker/xgboost/resources/mms/endpoints-1.0.jar:1
high Security checks quality Quality conf 1.00 ✓ Repobility 3 occurrences Blocking call `requests.append` inside async function `run_benchmark`
`requests.append` is a synchronous (blocking) call. When invoked inside an `async def` it stalls the event loop, preventing every other coroutine in the process from making progress.
3 files, 3 locations
test/vllm-omni/scripts/benchmark/image_benchmark_client.py:112
test/vllm-omni/scripts/benchmark/tts_benchmark_client.py:147
test/vllm-omni/scripts/benchmark/video_benchmark_client.py:143
high Security checks software dependencies conf 0.90 ✓ Repobility 25 occurrences Dockerfile FROM `nvidia/cuda:12.9.1-base-amzn2023` not pinned by digest
`FROM nvidia/cuda:12.9.1-base-amzn2023` resolves the tag at build time. The registry CAN re-push a different image for the same tag, so every build is potentially different. Production images should pin to `image@sha256:...` for reproducibility + supply-chain integrity.
8 files, 25 locations
docker/vllm/Dockerfile.amzn2023:10, 41, 160, 249, 260 (5 hits)
docker/vllm_omni/Dockerfile.amzn2023:10, 41, 166, 253, 336 (5 hits)
docker/base/v1/Dockerfile:4, 20, 75 (3 hits)
docker/base/v2/Dockerfile:4, 20, 77 (3 hits)
docker/ray/Dockerfile.gpu:7, 48, 82 (3 hits)
docker/ray/Dockerfile.cpu:7, 53 (2 hits)
docker/sglang/Dockerfile.amzn2023:6, 164 (2 hits)
docker/xgboost/Dockerfile:15, 40 (2 hits)
high Security checks cicd CI/CD security conf 0.92 9 occurrences Dockerfile pipes a remote script into a shell
Piping downloaded code directly into a shell bypasses checksum verification and makes builds dependent on mutable remote content.
3 files, 9 locations
docker/sglang/Dockerfile.amzn2023:51, 81, 215 (3 hits)
docker/vllm/Dockerfile.amzn2023:57, 176, 272 (3 hits)
docker/vllm_omni/Dockerfile.amzn2023:57, 182, 266 (3 hits)
CI/CD securitycontainers
high Security checks quality Quality conf 0.80 ✓ Repobility FastAPI POST /invocations has no auth
Handler `invocations` is registered with router/app.post(...) but no Depends/Security parameter is declared and no auth marker appears in the function body.
scripts/ray/sagemaker_serve.py:119
high Security checks software dependencies conf 0.88 flask: PYSEC-2023-62
Flask is a lightweight WSGI web application framework. When all of the following conditions are met, a response containing data intended for one client may be cached and subsequently sent by the proxy to other clients. If the proxy also caches `Set-Cookie` headers, it may send one client's `session…
docker/xgboost/3.0-5/requirements.txt
low Security checks cicd CI/CD security conf 0.90 ✓ Repobility 304 occurrences GitHub Action is tag-pinned rather than SHA-pinned
Action `actions/create-github-app-token` pinned to mutable ref `@v1` uses a mutable tag or branch. Pin external actions to a reviewed full commit SHA when the workflow is security-sensitive.
12 files, 96 locations
.github/workflows/reusable-sagemaker-xgboost-integ-tests.yml:61, 82, 117, 152, 206, 247 (12 hits)
.github/workflows/pr-ray-ec2-cpu.yml:38, 54, 108, 111, 191, 224 (9 hits)
.github/workflows/pr-sagemaker-xgboost.yml:34, 61, 102, 105, 144, 164, 167, 212, +1 more (9 hits)
.github/workflows/dispatch-release-lambda.yml:24, 37, 50, 78, 213, 239, 281, 323 (8 hits)
.github/workflows/reusable-release-image.yml:80, 193, 209, 217, 277, 323, 329, 351 (8 hits)
.github/workflows/scheduled-check-upstream-releases.yml:44, 50, 77, 102 (8 hits)
.github/workflows/autorelease-vllm-omni.yml:46, 88, 130, 223, 390, 414, 433 (7 hits)
.github/workflows/dispatch-sglang-benchmark.yml:37, 73, 136, 160, 223, 244, 247 (7 hits)
CI/CD securitySupply chainGitHub Actions
high Security checks software dependencies conf 0.88 3 occurrences pip: PYSEC-2026-196
pip would treat console_scripts and gui_scripts as paths instead of file names without sanitizing the resolved absolute path to the installation directory, leading to entry points being installed outside the installation directory.
3 files, 3 locations
docker/pytorch/2.11/cpu/uv.lock
docker/ray/uv.lock
docker/xgboost/uv.lock
high Security checks software dependencies conf 0.90 ✓ Repobility 9 occurrences pre-commit hook `https://github.com/pre-commit/pre-commit-hooks` pinned to mutable rev `v6.0.0`
`.pre-commit-config.yaml` references `https://github.com/pre-commit/pre-commit-hooks` at `rev: v6.0.0`. If `{rev}` is a branch or version tag, the repo owner can push new code there and `pre-commit install --install-hooks` will fetch it on every developer's machine.
lines 15, 51, 62, 71, 85, 91, 111, 124, +1 more
.pre-commit-config.yaml:15, 51, 62, 71, 85, 91, 111, 124, +1 more (9 hits)
high Security checks software dependencies conf 0.88 protobuf: GHSA-7gcm-g887-7qv7
protobuf affected by a JSON recursion depth bypass
docker/xgboost/uv.lock
high Security checks software dependencies conf 0.88 protobuf: GHSA-8qvm-5x2c-j2w7
protobuf-python has a potential Denial of Service issue
docker/xgboost/uv.lock
high Security checks software dependencies conf 0.88 pyarrow: PYSEC-2026-113
Use After Free vulnerability in Apache Arrow C++. This issue affects Apache Arrow C++ from 15.0.0 through 23.0.0. It can be triggered when reading an Arrow IPC file (but not an IPC stream) with pre-buffering enabled, if the IPC file contains data with variadic buffers (such as Binary View and Stri…
docker/xgboost/uv.lock
high Security checks software dependencies conf 0.88 starlette: PYSEC-2026-161
BadHost: Missing Host header validation poisons request.url.path, bypassing path-based security checks
docker/ray/uv.lock
high Security checks software dependencies conf 0.88 starlette: PYSEC-2026-161
BadHost: Missing Host header validation poisons request.url.path, bypassing path-based security checks
docker/pytorch/2.11/cpu/uv.lock
high Security checks software dependencies conf 0.88 torch: PYSEC-2026-139
A vulnerability was identified in PyTorch 2.10.0. The affected element is an unknown function of the component pt2 Loading Handler. The manipulation leads to deserialization. The attack can only be performed from a local environment. The exploit is publicly available and might be used. The project …
docker/ray/uv.lock
high Security checks software dependencies conf 0.88 urllib3: GHSA-2xpw-w6gg-jr37
urllib3 streaming API improperly handles highly compressed data
docker/xgboost/3.0-5/requirements.txt
high Security checks software dependencies conf 0.88 urllib3: GHSA-38jv-5279-wg99
Decompression-bomb safeguards bypassed when following HTTP redirects (streaming API)
docker/xgboost/3.0-5/requirements.txt
high Security checks software dependencies conf 0.88 urllib3: GHSA-gm62-xv2j-4w53
urllib3 allows an unbounded number of links in the decompression chain
docker/xgboost/3.0-5/requirements.txt
high Security checks software dependencies conf 0.88 urllib3: PYSEC-2026-141
urllib3 is an HTTP client library for Python. From 1.23 to before 2.7.0, cross-origin redirects followed from the low-level API via ProxyManager.connection_from_url().urlopen(..., assert_same_host=False) still forward these sensitive headers. This vulnerability is fixed in 2.7.0.
docker/xgboost/3.0-5/requirements.txt
high Security checks software dependencies conf 0.88 werkzeug: GHSA-2g68-c3qc-8985
Werkzeug debugger vulnerable to remote execution when interacting with attacker controlled domain
docker/xgboost/3.0-5/requirements.txt
high Security checks software dependencies conf 0.88 werkzeug: PYSEC-2022-203
** DISPUTED ** Improper parsing of HTTP requests in Pallets Werkzeug v2.1.0 and below allows attackers to perform HTTP Request Smuggling using a crafted HTTP request with multiple requests included inside the body. NOTE: the vendor's position is that this behavior can only occur in unsupported conf…
docker/xgboost/3.0-5/requirements.txt
high Security checks software dependencies conf 0.88 werkzeug: PYSEC-2023-221
Werkzeug is a comprehensive WSGI web application library. If an upload of a file that starts with CR or LF and then is followed by megabytes of data without these characters: all of these bytes are appended chunk by chunk into internal bytearray and lookup for boundary is performed on growing buffe…
docker/xgboost/3.0-5/requirements.txt
high Security checks software dependencies conf 0.88 werkzeug: PYSEC-2023-57
Werkzeug is a comprehensive WSGI web application library. Browsers may allow "nameless" cookies that look like `=value` instead of `key=value`. A vulnerable browser may allow a compromised application on an adjacent subdomain to exploit this to set a cookie like `=__Host-test=bad` for another subdo…
docker/xgboost/3.0-5/requirements.txt
high Security checks software dependencies conf 0.88 werkzeug: PYSEC-2023-58
Werkzeug is a comprehensive WSGI web application library. Prior to version 2.2.3, Werkzeug's multipart form data parser will parse an unlimited number of parts, including file parts. Parts can be a small amount of bytes, but each requires CPU time to parse and may use more memory as Python data. If…
docker/xgboost/3.0-5/requirements.txt
high Security checks software dependencies conf 0.88 wheel: GHSA-8rrh-rw8j-w5fx
Wheel Affected by Arbitrary File Permission Modification via Path Traversal in wheel unpack
docker/xgboost/3.0-5/requirements.txt
high System graph security auth conf 1.00 FastAPI POST `invocations` without auth dependency — scripts/ray/sagemaker_serve.py:118
`@router.post` decorator with no `Depends(get_current_user)` or auth-shaped dependency in its signature. Mutating endpoints should require authentication unless explicitly public.
scripts/ray/sagemaker_serve.py:118 securityAuth fastapi unauth mutation
medium Security checks security path traversal conf 1.00 [SEC012] ZipSlip — Archive Path Traversal: Archive extraction without path validation allows writing files outside the target directory.
Validate extracted paths with os.path.realpath() and ensure they stay within the target directory.
scripts/common/setup_oss_compliance.sh:14
medium Security checks software Resource exhaustion conf 1.00 [SEC115] Decompression without size cap (zip/gzip bomb): Decompressing untrusted archives without a size or ratio cap → memory/disk exhaustion DoS (10kb → 4GB classic 'zip bomb').
Wrap reader with `io.LimitReader(r, MAX_BYTES)`. In Python, iterate `ZipFile.infolist()` and check each entry's `file_size`. Cap total uncompressed bytes (e.g. 100MB).
scripts/common/setup_oss_compliance.sh:14
medium Security checks software dependencies conf 0.88 2 occurrences aiohttp: GHSA-hg6j-4rv6-33pg
AIOHTTP is vulnerable to cross-origin redirect with per-request cookies
2 files, 2 locations
docker/pytorch/2.11/cpu/uv.lock
docker/ray/uv.lock
medium Security checks software dependencies conf 0.88 2 occurrences aiohttp: GHSA-jg22-mg44-37j8
AIOHTTP is Vulnerable to Deserialization of Untrusted Data
2 files, 2 locations
docker/pytorch/2.11/cpu/uv.lock
docker/ray/uv.lock
low Security checks quality Error handling conf 0.55 ✓ Repobility 11 occurrences Broad exception handler needs review
This handler catches Exception/BaseException. It is actionable when it swallows errors without logging, re-raising, or returning a structured error. Handlers that intentionally convert exceptions into typed error results should not be treated as high risk.
9 files, 11 locations
scripts/autocurrency/agent-fix.py:96, 174 (2 hits)
test/vllm-omni/scripts/benchmark/image_benchmark_client.py:75, 85 (2 hits)
docs/src/utils.py:69
test/test_utils/aws.py:182
test/vllm-omni/scripts/benchmark/audio_generate_benchmark_client.py:107
test/vllm-omni/scripts/benchmark/chat_omni_benchmark_client.py:117
test/vllm-omni/scripts/benchmark/tts_benchmark_client.py:105
test/vllm-omni/scripts/benchmark/video_benchmark_client.py:114
Error handlingquality
high Security checks cicd CI/CD security conf 0.82 12 occurrences Docker final stage has no non-root USER
Docker images run as root unless the image or Dockerfile switches to a non-root user.
12 files, 12 locations
docker/base/v1/Dockerfile:75
docker/base/v2/Dockerfile:77
docker/pytorch/2.11/Dockerfile.cpu:154
docker/ray/Dockerfile.cpu:137
docker/ray/Dockerfile.gpu:174
docker/sglang/Dockerfile:137
docker/sglang/Dockerfile.amzn2023:386
docker/vllm/Dockerfile:99
CI/CD securitycontainers
medium Security checks cicd CI/CD security conf 0.86 4 occurrences Dockerfile separates apt update from install
Splitting apt update and install across layers can reuse stale package indexes and make builds less reliable.
2 files, 4 locations
docker/sglang/Dockerfile:121, 140 (2 hits)
docker/vllm/Dockerfile:87, 102 (2 hits)
CI/CD securitycontainers
medium Security checks software dependencies conf 0.88 5 occurrences idna: GHSA-65pc-fj4g-8rjx
Internationalized Domain Names in Applications (IDNA): Specially crafted inputs to idna.encode() can bypass CVE-2024-3651 fix
5 files, 5 locations
docker/base/v1/uv.lock
docker/base/v2/uv.lock
docker/pytorch/2.11/cpu/uv.lock
docker/ray/uv.lock
docker/xgboost/uv.lock
medium Security checks software dependencies conf 0.88 jinja2: GHSA-cpwx-vrp4-4pq7
Jinja2 vulnerable to sandbox breakout through attr filter selecting format method
docker/xgboost/3.0-5/requirements.txt
medium Security checks software dependencies conf 0.88 jinja2: GHSA-h5c8-rqwp-cp95
Jinja vulnerable to HTML attribute injection when passing user input as keys to xmlattr filter
docker/xgboost/3.0-5/requirements.txt
medium Security checks software dependencies conf 0.88 jinja2: GHSA-h75v-3vvj-5mfj
Jinja vulnerable to HTML attribute injection when passing user input as keys to xmlattr filter
docker/xgboost/3.0-5/requirements.txt
medium Security checks software dependencies conf 0.88 jinja2: GHSA-q2x7-8rv6-6q7h
Jinja has a sandbox breakout through indirect reference to format method
docker/xgboost/3.0-5/requirements.txt
medium Security checks quality Quality conf 1.00 ✓ Repobility Mutable default argument in `on_startup` (list)
`def on_startup(... = []/{}/set())` — Python's default value is constructed ONCE at function definition time and shared across all calls. Mutating it in one call mutates it for every future call too.
docs/src/hooks.py:29
medium Security checks software dependencies conf 0.88 2 occurrences pip: GHSA-58qw-9mgm-455v
pip has an interpretation conflict due to handling both concatenated tar and ZIP files as ZIP files
2 files, 2 locations
docker/pytorch/2.11/cpu/uv.lock
docker/ray/uv.lock
medium Security checks software dependencies conf 0.88 2 occurrences pip: GHSA-jp4c-xjxw-mgf9
pip Vulnerable to Inclusion of Functionality from Untrusted Control Sphere
2 files, 2 locations
docker/pytorch/2.11/cpu/uv.lock
docker/ray/uv.lock
medium Security checks software dependencies conf 0.90 Python package `certifi` is 1 major version(s) behind (2025.4.26 -> 2026.5.20)
`certifi==2025.4.26` is 1 major version(s) behind the latest stable release on PyPI (2026.5.20). Pinned-but-stale Python dependencies drift away from upstream security and bugfix releases. This is the version-currency signal Dependabot raises.
docker/xgboost/3.0-5/requirements.txt:3
medium Security checks software dependencies conf 0.90 Python package `cuda-python` is 1 major version(s) behind (12.6.0 -> 13.3.1)
`cuda-python==12.6.0` is 1 major version(s) behind the latest stable release on PyPI (13.3.1). Pinned-but-stale Python dependencies drift away from upstream security and bugfix releases. This is the version-currency signal Dependabot raises.
docker/xgboost/3.0-5/requirements.txt:5
medium Security checks software dependencies conf 0.90 Python package `dask` is 2 major version(s) behind (2024.11.2 -> 2026.3.0)
`dask==2024.11.2` is 2 major version(s) behind the latest stable release on PyPI (2026.3.0). Pinned-but-stale Python dependencies drift away from upstream security and bugfix releases. This is the version-currency signal Dependabot raises.
docker/xgboost/3.0-5/requirements.txt:7
medium Security checks software dependencies conf 0.90 Python package `Flask` is 2 major version(s) behind (1.1.1 -> 3.1.3)
`Flask==1.1.1` is 2 major version(s) behind the latest stable release on PyPI (3.1.3). Pinned-but-stale Python dependencies drift away from upstream security and bugfix releases. This is the version-currency signal Dependabot raises.
docker/xgboost/3.0-5/requirements.txt:8
medium Security checks software dependencies conf 0.90 Python package `gevent` is 3 major version(s) behind (23.9.1 -> 26.5.0)
`gevent==23.9.1` is 3 major version(s) behind the latest stable release on PyPI (26.5.0). Pinned-but-stale Python dependencies drift away from upstream security and bugfix releases. This is the version-currency signal Dependabot raises.
docker/xgboost/3.0-5/requirements.txt:9
medium Security checks software dependencies conf 0.90 Python package `gunicorn` is 3 major version(s) behind (23.0.0 -> 26.0.0)
`gunicorn==23.0.0` is 3 major version(s) behind the latest stable release on PyPI (26.0.0). Pinned-but-stale Python dependencies drift away from upstream security and bugfix releases. This is the version-currency signal Dependabot raises.
docker/xgboost/3.0-5/requirements.txt:10
medium Security checks software dependencies conf 0.90 Python package `jinja2` is 1 major version(s) behind (2.11.3 -> 3.1.6)
`jinja2==2.11.3` is 1 major version(s) behind the latest stable release on PyPI (3.1.6). Pinned-but-stale Python dependencies drift away from upstream security and bugfix releases. This is the version-currency signal Dependabot raises.
docker/xgboost/3.0-5/requirements.txt:12
medium Security checks software dependencies conf 0.90 Python package `MarkupSafe` is 2 major version(s) behind (1.1.1 -> 3.0.3)
`MarkupSafe==1.1.1` is 2 major version(s) behind the latest stable release on PyPI (3.0.3). Pinned-but-stale Python dependencies drift away from upstream security and bugfix releases. This is the version-currency signal Dependabot raises.
docker/xgboost/3.0-5/requirements.txt:13
medium Security checks software dependencies conf 0.90 Python package `pandas` is 1 major version(s) behind (2.2.3 -> 3.0.3)
`pandas==2.2.3` is 1 major version(s) behind the latest stable release on PyPI (3.0.3). Pinned-but-stale Python dependencies drift away from upstream security and bugfix releases. This is the version-currency signal Dependabot raises.
docker/xgboost/3.0-5/requirements.txt:18
medium Security checks software dependencies conf 0.90 Python package `psutil` is 2 major version(s) behind (5.8.0 -> 7.2.2)
`psutil==5.8.0` is 2 major version(s) behind the latest stable release on PyPI (7.2.2). Pinned-but-stale Python dependencies drift away from upstream security and bugfix releases. This is the version-currency signal Dependabot raises.
docker/xgboost/3.0-5/requirements.txt:20
medium Security checks software dependencies conf 0.90 Python package `pynvml` is 2 major version(s) behind (11.4.1 -> 13.0.1)
`pynvml==11.4.1` is 2 major version(s) behind the latest stable release on PyPI (13.0.1). Pinned-but-stale Python dependencies drift away from upstream security and bugfix releases. This is the version-currency signal Dependabot raises.
docker/xgboost/3.0-5/requirements.txt:21
medium Security checks software dependencies conf 0.90 Python package `urllib3` is 1 major version(s) behind (1.26.20 -> 2.7.0)
`urllib3==1.26.20` is 1 major version(s) behind the latest stable release on PyPI (2.7.0). Pinned-but-stale Python dependencies drift away from upstream security and bugfix releases. This is the version-currency signal Dependabot raises.
docker/xgboost/3.0-5/requirements.txt:31
medium Security checks software dependencies conf 0.90 Python package `Werkzeug` is 3 major version(s) behind (0.15.6 -> 3.1.8)
`Werkzeug==0.15.6` is 3 major version(s) behind the latest stable release on PyPI (3.1.8). Pinned-but-stale Python dependencies drift away from upstream security and bugfix releases. This is the version-currency signal Dependabot raises.
docker/xgboost/3.0-5/requirements.txt:32
medium Security checks software dependencies conf 0.88 2 occurrences requests: GHSA-9hjg-9r4m-mvj7
Requests vulnerable to .netrc credentials leak via malicious URLs
2 files, 2 locations
docker/xgboost/3.0-5/requirements.txt
docker/xgboost/uv.lock
medium Security checks software dependencies conf 0.88 2 occurrences requests: GHSA-gc5v-m9x4-r6x2
Requests has Insecure Temp File Reuse in its extract_zipped_paths() utility function
2 files, 2 locations
docker/pytorch/2.11/cuda/uv.lock
docker/xgboost/uv.lock
medium Security checks software dependencies conf 0.90 ✓ Repobility 16 occurrences requirements.txt: `setuptools<81` has no version pin
Unpinned pip requirement means every fresh install may resolve a different version. Newer releases can introduce malicious code (typosquats, account compromises). Reproducible installs need exact pins.
8 files, 16 locations
docs/requirements.txt:1, 2, 3, 4, 6 (5 hits)
test/requirements.txt:1, 2, 3, 4 (4 hits)
test/pytorch/integration/sagemaker/requirements.txt:1, 2 (2 hits)
docker/xgboost/3.0-5/requirements.txt:30
requirements.txt:1
test/ray/ec2/requirements.txt:1
test/telemetry/requirements.txt:1
test/vllm-omni/sagemaker/requirements.txt:2
medium Security checks software dependencies conf 0.88 urllib3: GHSA-pq67-6m6q-mj2v
urllib3 redirects are not disabled when retries are disabled on PoolManager instantiation
docker/xgboost/3.0-5/requirements.txt
medium Security checks software dependencies conf 0.88 werkzeug: GHSA-29vq-49wr-vm6x
Werkzeug safe_join() allows Windows special device names
docker/xgboost/3.0-5/requirements.txt
medium Security checks software dependencies conf 0.88 werkzeug: GHSA-87hc-h4r5-73f7
Werkzeug safe_join() allows Windows special device names with compound extensions
docker/xgboost/3.0-5/requirements.txt
medium Security checks software dependencies conf 0.88 werkzeug: GHSA-f9vj-2wh5-fj8j
Werkzeug safe_join not safe on Windows
docker/xgboost/3.0-5/requirements.txt
medium Security checks software dependencies conf 0.88 werkzeug: GHSA-hgf8-39gv-g3f2
Werkzeug safe_join() allows Windows special device names
docker/xgboost/3.0-5/requirements.txt
medium System graph hardware Security conf 1.00 Dockerfile runs as root: docker/base/v1/Dockerfile
No non-root USER set. Containers running as root expand the blast radius of any vulnerability inside the image.
Container
medium System graph hardware Security conf 1.00 Dockerfile runs as root: docker/base/v2/Dockerfile
No non-root USER set. Containers running as root expand the blast radius of any vulnerability inside the image.
Container
medium System graph hardware Security conf 1.00 Dockerfile runs as root: docker/sglang/Dockerfile
No non-root USER set. Containers running as root expand the blast radius of any vulnerability inside the image.
Container
medium System graph hardware Security conf 1.00 Dockerfile runs as root: docker/vllm/Dockerfile
No non-root USER set. Containers running as root expand the blast radius of any vulnerability inside the image.
Container
medium System graph hardware Security conf 1.00 Dockerfile runs as root: docker/xgboost/3.0-5/Dockerfile
No non-root USER set. Containers running as root expand the blast radius of any vulnerability inside the image.
Container
medium System graph hardware Security conf 1.00 Dockerfile runs as root: docker/xgboost/Dockerfile
No non-root USER set. Containers running as root expand the blast radius of any vulnerability inside the image.
Container
medium System graph cicd CI/CD security conf 1.00 45 occurrences GitHub Action is tag-pinned rather than SHA-pinned
pre-commit/[email protected] can move without a code change in this repo. Pin third-party actions to a reviewed 40-character commit SHA.
12 files, 24 locations
.github/workflows/docs-test.yml:54, 60 (2 hits)
.github/workflows/pr-base-v1.yml:105, 111 (2 hits)
.github/workflows/pr-base-v2.yml:105, 111 (2 hits)
.github/workflows/pr-pytorch-ec2-cpu.yml:74, 123 (2 hits)
.github/workflows/pr-pytorch-ec2-cuda.yml:76, 126 (2 hits)
.github/workflows/pr-pytorch-sagemaker-cpu.yml:74, 123 (2 hits)
.github/workflows/pr-pytorch-sagemaker-cuda.yml:74, 123 (2 hits)
.github/workflows/pr-ray-ec2-cpu.yml:116, 122 (2 hits)
CI/CD securitySupply chainGithub actions
medium System graph cicd CI/CD security conf 1.00 GitHub Actions workflow grants broad write permissions
CI tokens with write permissions increase blast radius when an action, dependency, or PR workflow is compromised. Prefer job-level least-privilege permissions.
.github/workflows/docs-deploy.yml CI/CD securitySupply chainGithub actions
medium System graph cicd CI/CD security conf 1.00 GitHub Actions workflow grants broad write permissions
CI tokens with write permissions increase blast radius when an action, dependency, or PR workflow is compromised. Prefer job-level least-privilege permissions.
.github/workflows/prcheck-detect-versions.yml CI/CD securitySupply chainGithub actions
medium System graph quality Integrity conf 1.00 Network/subprocess call without timeout or try/except — .github/actions/download-model/download_model.py:22
`subprocess.run(...)` here lacks both a `timeout=` arg and an enclosing try/except. This is exactly the class of bug that took down our git-clone earlier (HTTP/2 stream cancel surfaced as a fatal). Add a `timeout=` and wrap in try/except, or use a wrapper that retries.
runtime safetyRobustness
medium System graph quality Integrity conf 1.00 Network/subprocess call without timeout or try/except — .github/actions/download-model/evict_models.py:38
`subprocess.run(...)` here lacks both a `timeout=` arg and an enclosing try/except. This is exactly the class of bug that took down our git-clone earlier (HTTP/2 stream cancel surfaced as a fatal). Add a `timeout=` and wrap in try/except, or use a wrapper that retries.
runtime safetyRobustness
medium System graph quality Integrity conf 1.00 Network/subprocess call without timeout or try/except — docs/src/utils.py:82
`subprocess.run(...)` here lacks both a `timeout=` arg and an enclosing try/except. This is exactly the class of bug that took down our git-clone earlier (HTTP/2 stream cancel surfaced as a fatal). Add a `timeout=` and wrap in try/except, or use a wrapper that retries.
runtime safetyRobustness
medium System graph quality Integrity conf 1.00 Network/subprocess call without timeout or try/except — test/ray/ec2/common.py:195
`subprocess.run(...)` here lacks both a `timeout=` arg and an enclosing try/except. This is exactly the class of bug that took down our git-clone earlier (HTTP/2 stream cancel surfaced as a fatal). Add a `timeout=` and wrap in try/except, or use a wrapper that retries.
runtime safetyRobustness
medium System graph quality Integrity conf 1.00 Network/subprocess call without timeout or try/except — test/sanity/scripts/upload_oss_source.py:67
`subprocess.run(...)` here lacks both a `timeout=` arg and an enclosing try/except. This is exactly the class of bug that took down our git-clone earlier (HTTP/2 stream cancel surfaced as a fatal). Add a `timeout=` and wrap in try/except, or use a wrapper that retries.
runtime safetyRobustness
medium System graph security Coverage conf 1.00 No auth library detected
The scanner did not find any standard auth library (JWT, OAuth, NextAuth, Auth0, etc.). Either auth lives in custom code, in a separate service, or is missing.
auth
medium System graph network Security conf 1.00 Privileged port 12 in use
Port 12 is privileged (<1024). Make sure the service runs with the right caps or front it with a non-privileged port via a load balancer.
.github/workflows/autorelease-vllm-omni.yml Ports
medium System graph network Security conf 1.00 Privileged port 19 in use
Port 19 is privileged (<1024). Make sure the service runs with the right caps or front it with a non-privileged port via a load balancer.
.github/workflows/scheduled-stale.yml Ports
low Security checks cicd CI/CD security conf 0.72 .dockerignore misses sensitive defaults
.dockerignore exists but does not cover common secret or VCS patterns.
.dockerignore CI/CD securitycontainers
high Security checks cicd CI/CD security conf 0.72 37 occurrences Dockerfile keeps pip download cache
Pip's package cache increases image size and can preserve unnecessary artifacts.
8 files, 37 locations
docker/vllm_omni/Dockerfile.amzn2023:72, 75, 191, 196, 208, 212, 217, 227, +2 more (10 hits)
docker/sglang/Dockerfile.amzn2023:63, 130, 140, 145, 158, 215, 260, 263 (8 hits)
docker/vllm/Dockerfile.amzn2023:69, 185, 190, 200, 205, 210, 215, 225 (8 hits)
docker/xgboost/3.0-5/Dockerfile:66, 118, 162, 217 (4 hits)
docker/pytorch/2.11/Dockerfile.cuda:59, 89 (2 hits)
docker/sglang/Dockerfile:34, 38 (2 hits)
docker/vllm/Dockerfile:29, 35 (2 hits)
docker/xgboost/Dockerfile:103
CI/CD securitycontainers
low Security checks quality Quality conf 0.64 Duplicate top-level symbol appears in a patch-style file
A generated replacement file defining the same public function or class name as another module can mean the new logic is not actually wired into the running code.
scripts/autocurrency/agent-fix.py:1
low Security checks quality Quality conf 0.60 Duplicated implementation block across source files
Duplicate implementation blocks are maintenance debt. Keep them visible, but they are not a high-severity defect unless the duplicated logic is security-sensitive or drifting.
scripts/vllm/sagemaker_serve.py:16 duplicationquality
low Security checks software dependencies conf 0.88 flask: GHSA-68rp-wp8r-4726
Flask session does not add `Vary: Cookie` header when accessed in some ways
docker/xgboost/3.0-5/requirements.txt
low Security checks software dependencies conf 0.88 2 occurrences paramiko: GHSA-r374-rxx8-8654
Paramiko rsakey.py allows the SHA-1 algorithm
2 files, 2 locations
docker/pytorch/2.11/cpu/uv.lock
docker/xgboost/uv.lock
low Security checks software dependencies conf 0.90 Python package `itsdangerous` is minor version(s) behind (2.0.1 -> 2.2.0)
`itsdangerous==2.0.1` is minor version(s) behind the latest stable release on PyPI (2.2.0). Pinned-but-stale Python dependencies drift away from upstream security and bugfix releases. This is the version-currency signal Dependabot raises.
docker/xgboost/3.0-5/requirements.txt:11
low Security checks software dependencies conf 0.90 Python package `numba` is minor version(s) behind (0.61.0 -> 0.65.1)
`numba==0.61.0` is minor version(s) behind the latest stable release on PyPI (0.65.1). Pinned-but-stale Python dependencies drift away from upstream security and bugfix releases. This is the version-currency signal Dependabot raises.
docker/xgboost/3.0-5/requirements.txt:16
low Security checks software dependencies conf 0.90 Python package `python-dateutil` is minor version(s) behind (2.8.2 -> 2.9.0.post0)
`python-dateutil==2.8.2` is minor version(s) behind the latest stable release on PyPI (2.9.0.post0). Pinned-but-stale Python dependencies drift away from upstream security and bugfix releases. This is the version-currency signal Dependabot raises.
docker/xgboost/3.0-5/requirements.txt:22
low Security checks software dependencies conf 0.90 Python package `requests` is minor version(s) behind (2.32.3 -> 2.34.2)
`requests==2.32.3` is minor version(s) behind the latest stable release on PyPI (2.34.2). Pinned-but-stale Python dependencies drift away from upstream security and bugfix releases. This is the version-currency signal Dependabot raises.
docker/xgboost/3.0-5/requirements.txt:24
low Security checks software dependencies conf 0.90 Python package `retrying` is minor version(s) behind (1.3.3 -> 1.4.2)
`retrying==1.3.3` is minor version(s) behind the latest stable release on PyPI (1.4.2). Pinned-but-stale Python dependencies drift away from upstream security and bugfix releases. This is the version-currency signal Dependabot raises.
docker/xgboost/3.0-5/requirements.txt:25
low Security checks software dependencies conf 0.90 Python package `sagemaker-inference` is minor version(s) behind (1.5.5 -> 1.10.1)
`sagemaker-inference==1.5.5` is minor version(s) behind the latest stable release on PyPI (1.10.1). Pinned-but-stale Python dependencies drift away from upstream security and bugfix releases. This is the version-currency signal Dependabot raises.
docker/xgboost/3.0-5/requirements.txt:27
low Security checks software dependencies conf 0.90 Python package `scikit-learn` is minor version(s) behind (1.5.2 -> 1.9.0)
`scikit-learn==1.5.2` is minor version(s) behind the latest stable release on PyPI (1.9.0). Pinned-but-stale Python dependencies drift away from upstream security and bugfix releases. This is the version-currency signal Dependabot raises.
docker/xgboost/3.0-5/requirements.txt:28
low Security checks software dependencies conf 0.90 Python package `scipy` is minor version(s) behind (1.15.0 -> 1.17.1)
`scipy==1.15.0` is minor version(s) behind the latest stable release on PyPI (1.17.1). Pinned-but-stale Python dependencies drift away from upstream security and bugfix releases. This is the version-currency signal Dependabot raises.
docker/xgboost/3.0-5/requirements.txt:29
low Security checks software dependencies conf 0.90 Python package `wheel` is minor version(s) behind (0.45.1 -> 0.47.0)
`wheel==0.45.1` is minor version(s) behind the latest stable release on PyPI (0.47.0). Pinned-but-stale Python dependencies drift away from upstream security and bugfix releases. This is the version-currency signal Dependabot raises.
docker/xgboost/3.0-5/requirements.txt:33
high Security checks quality Quality conf 0.62 Source file name looks like an AI patch artifact
Files named as final, fixed, copy, new, or backup are often temporary patch artifacts. They may be legitimate, but they deserve review before becoming production surface area.
scripts/autocurrency/agent-fix.py:1
low System graph hardware Coverage conf 1.00 Containers defined but no K8s/orchestration manifest found
Repo has Dockerfiles/compose but no Kubernetes/Nomad manifests. If the target deployment is K8s, the manifests may live in a separate ops repo.
Deployment
low System graph hardware Supply chain conf 1.00 Docker base image is tag-pinned but not digest-pinned: amazonlinux:2023
Container tags can be retagged upstream. Pin production base images to a reviewed digest (`image@sha256:...`) when reproducibility and supply-chain integrity matter.
docker/xgboost/Dockerfile:15 containersPinned dependencies
low System graph hardware Supply chain conf 1.00 Docker base image is tag-pinned but not digest-pinned: nvidia/cuda:${CUDA_VERSION}-base-ubuntu${UBUNTU_VERSION}
Container tags can be retagged upstream. Pin production base images to a reviewed digest (`image@sha256:...`) when reproducibility and supply-chain integrity matter.
docker/xgboost/3.0-5/Dockerfile:46 containersPinned dependencies
low System graph hardware Supply chain conf 1.00 Docker base image is tag-pinned but not digest-pinned: nvidia/cuda:12.9.1-base-amzn2023
Container tags can be retagged upstream. Pin production base images to a reviewed digest (`image@sha256:...`) when reproducibility and supply-chain integrity matter.
docker/base/v1/Dockerfile:4 containersPinned dependencies
low System graph hardware Supply chain conf 1.00 Docker base image is tag-pinned but not digest-pinned: nvidia/cuda:12.9.1-base-amzn2023
Container tags can be retagged upstream. Pin production base images to a reviewed digest (`image@sha256:...`) when reproducibility and supply-chain integrity matter.
docker/xgboost/Dockerfile:40 containersPinned dependencies
low System graph hardware Supply chain conf 1.00 Docker base image is tag-pinned but not digest-pinned: nvidia/cuda:12.9.1-devel-amzn2023
Container tags can be retagged upstream. Pin production base images to a reviewed digest (`image@sha256:...`) when reproducibility and supply-chain integrity matter.
docker/base/v1/Dockerfile:75 containersPinned dependencies
low System graph hardware Supply chain conf 1.00 Docker base image is tag-pinned but not digest-pinned: nvidia/cuda:12.9.1-runtime-amzn2023
Container tags can be retagged upstream. Pin production base images to a reviewed digest (`image@sha256:...`) when reproducibility and supply-chain integrity matter.
docker/base/v1/Dockerfile:20 containersPinned dependencies
low System graph hardware Supply chain conf 1.00 Docker base image is tag-pinned but not digest-pinned: nvidia/cuda:13.0.2-base-amzn2023
Container tags can be retagged upstream. Pin production base images to a reviewed digest (`image@sha256:...`) when reproducibility and supply-chain integrity matter.
docker/base/v2/Dockerfile:4 containersPinned dependencies
low System graph hardware Supply chain conf 1.00 Docker base image is tag-pinned but not digest-pinned: nvidia/cuda:13.0.2-devel-amzn2023
Container tags can be retagged upstream. Pin production base images to a reviewed digest (`image@sha256:...`) when reproducibility and supply-chain integrity matter.
docker/base/v2/Dockerfile:77 containersPinned dependencies
low System graph hardware Supply chain conf 1.00 Docker base image is tag-pinned but not digest-pinned: nvidia/cuda:13.0.2-runtime-amzn2023
Container tags can be retagged upstream. Pin production base images to a reviewed digest (`image@sha256:...`) when reproducibility and supply-chain integrity matter.
docker/base/v2/Dockerfile:20 containersPinned dependencies
low System graph hardware Supply chain conf 1.00 2 occurrences Docker base image is tag-pinned but not digest-pinned: ubuntu:${UBUNTU_VERSION}
Container tags can be retagged upstream. Pin production base images to a reviewed digest (`image@sha256:...`) when reproducibility and supply-chain integrity matter.
lines 25, 37
docker/xgboost/3.0-5/Dockerfile:25, 37 (2 hits)
containersPinned dependencies
low System graph software Dead code candidate conf 1.00 File has no detected symbols: docs/src/constants.py
Source file with no class/function declarations — possible config, dead code, or scratch file.
low System graph software Dead code candidate conf 1.00 File has no detected symbols: examples/ray/sagemaker/deploy_direct_app.py
Source file with no class/function declarations — possible config, dead code, or scratch file.
low System graph software Dead code candidate conf 1.00 File has no detected symbols: examples/ray/sagemaker/deploy_sentiment.py
Source file with no class/function declarations — possible config, dead code, or scratch file.
low System graph software Dead code candidate conf 1.00 File has no detected symbols: examples/vllm-omni/sagemaker/deploy_tts.py
Source file with no class/function declarations — possible config, dead code, or scratch file.
low System graph software Dead code candidate conf 1.00 File has no detected symbols: examples/vllm-omni/sagemaker/deploy_tts_async.py
Source file with no class/function declarations — possible config, dead code, or scratch file.
low System graph software Dead code candidate conf 1.00 File has no detected symbols: test/efa/scripts/nixl_libfabric_smoke.py
Source file with no class/function declarations — possible config, dead code, or scratch file.
low System graph software Dead code candidate conf 1.00 File has no detected symbols: test/pytorch/conftest.py
Source file with no class/function declarations — possible config, dead code, or scratch file.
low System graph software Dead code candidate conf 1.00 File has no detected symbols: test/test_utils/constants.py
Source file with no class/function declarations — possible config, dead code, or scratch file.
low System graph quality Integrity conf 1.00 6 occurrences Near-duplicate function bodies in 2 places
Functions with the same first-5-line body hash: test/vllm-omni/scripts/benchmark/audio_generate_benchmark_client.py:run_benchmark, test/vllm-omni/scripts/benchmark/tts_benchmark_client.py:run_benchmark This is *the* AI-coder failure mode (4× more duplication in vibe-coded repos — see https://jw.hn…
6 occurrences
repo-level (6 hits)
duplicatesduplication
low System graph quality Integrity conf 1.00 Near-duplicate function bodies in 5 places
Functions with the same first-5-line body hash: test/vllm-omni/scripts/benchmark/video_benchmark_client.py:pct, test/vllm-omni/scripts/benchmark/audio_generate_benchmark_client.py:pct, test/vllm-omni/scripts/benchmark/tts_benchmark_client.py:pct, test/vllm-omni/scripts/benchmark/chat_omni_benchmark…
duplicatesduplication
low System graph quality Integrity conf 1.00 Old/deprecated-named symbol `list_objects_v2` in test/xgboost/container/conftest.py:43
Names with suffixes like `_old`, `_v1`, `_deprecated` usually indicate replaced-but-not-removed code (typical AI-coder leftover). Confirm and delete, or rename if it's the active version.
old markerDead code
low System graph quality Integrity conf 1.00 Old/deprecated-named symbol `list_objects_v2` in test/xgboost/container/generate_models.py:31
Names with suffixes like `_old`, `_v1`, `_deprecated` usually indicate replaced-but-not-removed code (typical AI-coder leftover). Confirm and delete, or rename if it's the active version.
old markerDead code
low System graph software Dead code conf 1.00 Possibly dead Python function: accelerator_sorter
No callers detected by AST scan in this repo. Could be exported for external callers or a framework handler.
docs/src/sorter.py:23
low System graph software Dead code conf 1.00 Possibly dead Python function: define_env
No callers detected by AST scan in this repo. Could be exported for external callers or a framework handler.
docs/src/macros.py:29
low System graph software Dead code conf 1.00 Possibly dead Python function: detect_failed_jobs
No callers detected by AST scan in this repo. Could be exported for external callers or a framework handler.
scripts/autocurrency/agent-fix.py:195
low System graph software Dead code conf 1.00 Possibly dead Python function: engine_sorter
No callers detected by AST scan in this repo. Could be exported for external callers or a framework handler.
docs/src/sorter.py:28
low System graph software Dead code conf 1.00 Possibly dead Python function: forward
No callers detected by AST scan in this repo. Could be exported for external callers or a framework handler.
examples/ray/tabular-model/deployment.py:21
low System graph software Dead code conf 1.00 Possibly dead Python function: install_requirements
No callers detected by AST scan in this repo. Could be exported for external callers or a framework handler.
scripts/ray/sagemaker_serve.py:44
low System graph software Dead code conf 1.00 Possibly dead Python function: platform_sorter
No callers detected by AST scan in this repo. Could be exported for external callers or a framework handler.
docs/src/sorter.py:18
low System graph software Dead code conf 1.00 Possibly dead Python function: query_bucket
No callers detected by AST scan in this repo. Could be exported for external callers or a framework handler.
scripts/telemetry/deep_learning_container.py:291
low System graph software Dead code conf 1.00 Possibly dead Python function: repository_sorter
No callers detected by AST scan in this repo. Could be exported for external callers or a framework handler.
docs/src/sorter.py:9
low System graph software Dead code conf 1.00 Possibly dead Python function: sort_key
No callers detected by AST scan in this repo. Could be exported for external callers or a framework handler.
docs/src/image_config.py:236
low System graph software Dead code conf 1.00 Possibly dead Python function: tag_instance
No callers detected by AST scan in this repo. Could be exported for external callers or a framework handler.
scripts/telemetry/deep_learning_container.py:329
low System graph api Wiring conf 1.00 Unused endpoint: POST /invocations
`scripts/ray/sagemaker_serve.py` declares `POST /invocations` but no frontend code we scanned calls it. This is fine if the endpoint serves external clients (mobile app, third-party, server-side webhooks). Otherwise it's dead code — consider removing or documenting who consumes it.
Unused endpoint
For AI agents: Voting guide (TP/FP) MCP manifest Stdio wrapper SARIF Integrate Findings queue Vote TP/FP on findings to calibrate the engine.
For AI agents + API integrations
Email me when this repo regresses
Free. We re-scan periodically; new criticals → your inbox. No signup required for the scan itself.
API access

This page is publicly accessible at: https://repobility.com/scan/ef7e74e6-7da3-4a12-9d46-e87eac765138/

To check status programmatically (no auth required): 

curl -s https://repobility.com/api/v1/public/scan/ef7e74e6-7da3-4a12-9d46-e87eac765138/

Important — please don't re-submit the same URL repeatedly. The submission endpoint is idempotent: re-submitting the same git URL returns this same scan_token, not a new one. To re-scan this repo, sign up free and use the dashboard.