https://github.com/xtekky/gpt4free ·
lang: python ·
LOC: ·
source: user_submitted
| Rule | Severity | Count |
|---|---|---|
SEC015 Insecure Randomness for Security |
medium | 4 |
SEC020 Secret Printed to Logs |
high | 4 |
SEC016 LLM Prompt Injection — User Input in AI Prompt |
high | 3 |
SEC013 Path Traversal — User Input in File Path |
high | 1 |
SEC012 ZipSlip — Archive Path Traversal |
medium | 1 |
SEC001 Hardcoded Password |
critical | 1 |
SEC002 Hardcoded API Key |
critical | 1 |
SEC013
Path Traversal — User Input in File Path
g4f/tools/files.py:297
· conf 0.80
[SEC013] Path Traversal — User Input in File Path: User-controlled input used in file path without sanitization. Allows reading arbitrary files.SEC012
ZipSlip — Archive Path Traversal
g4f/tools/files.py:159
· conf 1.00
[SEC012] ZipSlip — Archive Path Traversal: Archive extraction without path validation allows writing files outside the target directory.SEC016
LLM Prompt Injection — User Input in AI Prompt
etc/tool/translate_readme.py:42
· conf 0.40
[SEC016] LLM Prompt Injection — User Input in AI Prompt: User-supplied text is interpolated directly into an AI/LLM prompt (e.g. OpenAI, Anthropic, or local model). This is the AI equivalent of SQL i…SEC001
Hardcoded Password
g4f/Provider/local/Ollama.py:57
· conf 0.10
[SEC001] Hardcoded Password: Hardcoded password found in source code.SEC002
Hardcoded API Key
etc/examples/aibadgr.py:7
· conf 0.15
[SEC002] Hardcoded API Key: Hardcoded API key found in source code.SEC015
Insecure Randomness for Security
[SEC015] Insecure Randomness for Security (and 10 more): Same pattern found in 10 additional files. Review if needed.SEC015
Insecure Randomness for Security
g4f/Provider/hf_space/DeepseekAI_JanusPro7b.py:92
· conf 0.25
[SEC015] Insecure Randomness for Security: Weak PRNG used in security-sensitive context. Output is predictable.SEC015
Insecure Randomness for Security
g4f/Provider/PollinationsAI.py:370
· conf 0.25
[SEC015] Insecure Randomness for Security: Weak PRNG used in security-sensitive context. Output is predictable.SEC015
Insecure Randomness for Security
g4f/requests/__init__.py:218
· conf 0.25
[SEC015] Insecure Randomness for Security: Weak PRNG used in security-sensitive context. Output is predictable.SEC016
LLM Prompt Injection — User Input in AI Prompt
g4f/providers/helper.py:109
· conf 0.10
[SEC016] LLM Prompt Injection — User Input in AI Prompt: User-supplied text is interpolated directly into an AI/LLM prompt (e.g. OpenAI, Anthropic, or local model). This is the AI equivalent of SQL i…SEC016
LLM Prompt Injection — User Input in AI Prompt
g4f/tools/web_search.py:47
· conf 0.10
[SEC016] LLM Prompt Injection — User Input in AI Prompt: User-supplied text is interpolated directly into an AI/LLM prompt (e.g. OpenAI, Anthropic, or local model). This is the AI equivalent of SQL i…SEC020
Secret Printed to Logs
[SEC020] Secret Printed to Logs (and 9 more): Same pattern found in 9 additional files. Review if needed.SEC020
Secret Printed to Logs
g4f/Provider/needs_auth/Antigravity.py:798
· conf 0.15
[SEC020] Secret Printed to Logs: Debug or diagnostic code appears to print a credential-bearing value. This is a frequent AI-assisted coding failure: the helper exposes the exact value needed for tro…SEC020
Secret Printed to Logs
g4f/Provider/qwen/oauthFlow.py:51
· conf 0.15
[SEC020] Secret Printed to Logs: Debug or diagnostic code appears to print a credential-bearing value. This is a frequent AI-assisted coding failure: the helper exposes the exact value needed for tro…SEC020
Secret Printed to Logs
g4f/Provider/qwen/QwenCode.py:177
· conf 0.15
[SEC020] Secret Printed to Logs: Debug or diagnostic code appears to print a credential-bearing value. This is a frequent AI-assisted coding failure: the helper exposes the exact value needed for tro…Reading from rp.scan + rp.finding + rp.rule (unified schema, R78 series). Legacy data path unchanged. Compare with /scan/00245f64-d50c-4146-ae35-895f3151f1fc/.