open-llm-vtuber/open-llm-vtuber

[MINED018] Unsafe Deserialization Pickle: pickle.loads / yaml.load (without Loader=SafeLoader) / unmarshal of network/file data — RCE.

[MINED018] Unsafe Deserialization Pickle: pickle.loads / yaml.load (without Loader=SafeLoader) / unmarshal of network/file data — RCE.

[MINED018] Unsafe Deserialization Pickle: pickle.loads / yaml.load (without Loader=SafeLoader) / unmarshal of network/file data — RCE.

[MINED107] Missing import: `platform` used but not imported: The file uses `platform.something(...)` but never imports `platform`. This raises NameError at runtime the first time the line executes.

[MINED116] Workflow uses `secrets.DOCKERHUB_USERNAME` on a `pull_request` trigger: This workflow triggers on `pull_request`, which checks out the FORK's code. Referencing `${ secrets.DOCKERHUB_USERNA…

[MINED116] Workflow uses `secrets.DOCKERHUB_TOKEN` on a `pull_request` trigger: This workflow triggers on `pull_request`, which checks out the FORK's code. Referencing `${ secrets.DOCKERHUB_TOKEN }` …

[MINED116] Workflow uses `secrets.DOCKERHUB_USERNAME` on a `pull_request` trigger: This workflow triggers on `pull_request`, which checks out the FORK's code. Referencing `${ secrets.DOCKERHUB_USERNA…

[MINED116] Workflow uses `secrets.DOCKERHUB_TOKEN` on a `pull_request` trigger: This workflow triggers on `pull_request`, which checks out the FORK's code. Referencing `${ secrets.DOCKERHUB_TOKEN }` …

[SEC079] Python: yaml.load without SafeLoader: yaml.load() without explicit SafeLoader can execute arbitrary Python objects (CVE-2017-18342). Ported from bandit B506 / dlint DUO109 (Apache-2.0 / BSD-…

[SEC079] Python: yaml.load without SafeLoader: yaml.load() without explicit SafeLoader can execute arbitrary Python objects (CVE-2017-18342). Ported from bandit B506 / dlint DUO109 (Apache-2.0 / BSD-…

[SEC079] Python: yaml.load without SafeLoader: yaml.load() without explicit SafeLoader can execute arbitrary Python objects (CVE-2017-18342). Ported from bandit B506 / dlint DUO109 (Apache-2.0 / BSD-…

[SEC116] Ruby YAML.load / Marshal.load on untrusted input: `YAML.load` (pre-3.1) and `Marshal.load` instantiate arbitrary Ruby classes — direct RCE on untrusted input. `unsafe_load` is even more dang…

[SEC116] Ruby YAML.load / Marshal.load on untrusted input: `YAML.load` (pre-3.1) and `Marshal.load` instantiate arbitrary Ruby classes — direct RCE on untrusted input. `unsafe_load` is even more dang…

[SEC116] Ruby YAML.load / Marshal.load on untrusted input: `YAML.load` (pre-3.1) and `Marshal.load` instantiate arbitrary Ruby classes — direct RCE on untrusted input. `unsafe_load` is even more dang…

LLM memory extraction can be prompt-injected into storing fake facts

No test files found

[MINED001] Bare Except Pass: except: pass or except Exception: pass — silently swallows everything including KeyboardInterrupt and bugs.

[MINED001] Bare Except Pass: except: pass or except Exception: pass — silently swallows everything including KeyboardInterrupt and bugs.

[MINED001] Bare Except Pass: except: pass or except Exception: pass — silently swallows everything including KeyboardInterrupt and bugs.

[MINED006] Overcatch Baseexception: except BaseException: ... — prevents Ctrl+C and SystemExit from working.

[MINED020] Logging Credential Via Fstring: logger.error(f"failed for {api_key}") — secrets end up in log aggregators / sentry.

[MINED034] Python Subprocess Shell True: subprocess(..., shell=True) enables command injection.

[MINED034] Python Subprocess Shell True: subprocess(..., shell=True) enables command injection.

[MINED040] Python Yaml Load Unsafe: yaml.load(stream) without SafeLoader can deserialize arbitrary classes.

[MINED040] Python Yaml Load Unsafe: yaml.load(stream) without SafeLoader can deserialize arbitrary classes.

[MINED040] Python Yaml Load Unsafe: yaml.load(stream) without SafeLoader can deserialize arbitrary classes.

[MINED108] `self.backup_user_config` used but never assigned in __init__: Method `sync_user_config` of class `ConfigSynchronizer` reads `self.backup_user_config`, but no assignment to it exists in __…

[MINED108] `self.compare_field_keys` used but never assigned in __init__: Method `update_user_config` of class `ConfigSynchronizer` reads `self.compare_field_keys`, but no assignment to it exists in …

[MINED108] `self.merge_and_update_user_config` used but never assigned in __init__: Method `update_user_config` of class `ConfigSynchronizer` reads `self.merge_and_update_user_config`, but no assignm…

[MINED108] `self.compare_comments` used but never assigned in __init__: Method `update_user_config` of class `ConfigSynchronizer` reads `self.compare_comments`, but no assignment to it exists in __in…

[MINED108] `self.get_latest_version` used but never assigned in __init__: Method `update_user_config` of class `ConfigSynchronizer` reads `self.get_latest_version`, but no assignment to it exists in …

[MINED108] `self.get_old_version` used but never assigned in __init__: Method `update_user_config` of class `ConfigSynchronizer` reads `self.get_old_version`, but no assignment to it exists in __init…

[MINED108] `self.merge_configs` used but never assigned in __init__: Method `merge_and_update_user_config` of class `ConfigSynchronizer` reads `self.merge_configs`, but no assignment to it exists in …

[MINED108] `self.collect_all_subkeys` used but never assigned in __init__: Method `collect_all_subkeys` of class `ConfigSynchronizer` reads `self.collect_all_subkeys`, but no assignment to it exists …

[MINED108] `self.get_missing_keys` used but never assigned in __init__: Method `get_missing_keys` of class `ConfigSynchronizer` reads `self.get_missing_keys`, but no assignment to it exists in __init…

[MINED108] `self.collect_all_subkeys` used but never assigned in __init__: Method `get_missing_keys` of class `ConfigSynchronizer` reads `self.collect_all_subkeys`, but no assignment to it exists in …

[MINED108] `self.collect_all_subkeys` used but never assigned in __init__: Method `get_extra_keys` of class `ConfigSynchronizer` reads `self.collect_all_subkeys`, but no assignment to it exists in __…

[MINED108] `self.get_extra_keys` used but never assigned in __init__: Method `get_extra_keys` of class `ConfigSynchronizer` reads `self.get_extra_keys`, but no assignment to it exists in __init__ (an…

[MINED108] `self.collect_all_subkeys` used but never assigned in __init__: Method `get_extra_keys` of class `ConfigSynchronizer` reads `self.collect_all_subkeys`, but no assignment to it exists in __…

[MINED108] `self.get_extra_keys` used but never assigned in __init__: Method `delete_extra_keys` of class `ConfigSynchronizer` reads `self.get_extra_keys`, but no assignment to it exists in __init__ …

[MINED108] `self.get_missing_keys` used but never assigned in __init__: Method `compare_field_keys` of class `ConfigSynchronizer` reads `self.get_missing_keys`, but no assignment to it exists in __in…

[MINED108] `self.get_extra_keys` used but never assigned in __init__: Method `compare_field_keys` of class `ConfigSynchronizer` reads `self.get_extra_keys`, but no assignment to it exists in __init__…

[MINED108] `self.delete_extra_keys` used but never assigned in __init__: Method `compare_field_keys` of class `ConfigSynchronizer` reads `self.delete_extra_keys`, but no assignment to it exists in __…

[MINED108] `self._upgrade_live2d_models` used but never assigned in __init__: Method `upgrade` of class `to_v_1_2_1` reads `self._upgrade_live2d_models`, but no assignment to it exists in __init__ (a…

[MINED108] `self._upgrade_conf_yaml` used but never assigned in __init__: Method `upgrade` of class `to_v_1_2_1` reads `self._upgrade_conf_yaml`, but no assignment to it exists in __init__ (and no cl…

[MINED108] `self._migrate_field` used but never assigned in __init__: Method `_upgrade_conf_yaml` of class `to_v_1_2_1` reads `self._migrate_field`, but no assignment to it exists in __init__ (and no…

[MINED108] `self.run_command` used but never assigned in __init__: Method `log_system_info` of class `UpgradeUtility` reads `self.run_command`, but no assignment to it exists in __init__ (and no clas…

[MINED108] `self.run_command` used but never assigned in __init__: Method `log_system_info` of class `UpgradeUtility` reads `self.run_command`, but no assignment to it exists in __init__ (and no clas…

[MINED108] `self.run_command` used but never assigned in __init__: Method `get_submodule_list` of class `UpgradeUtility` reads `self.run_command`, but no assignment to it exists in __init__ (and no c…

[MINED108] `self.get_upgrade_mapping` used but never assigned in __init__: Method `resolve_upgrade_task` of class `VersionUpgradeManager` reads `self.get_upgrade_mapping`, but no assignment to it exi…

[MINED108] `self.resolve_upgrade_task` used but never assigned in __init__: Method `upgrade` of class `VersionUpgradeManager` reads `self.resolve_upgrade_task`, but no assignment to it exists in __in…

[MINED110] Blocking call `requests.post` inside async function `chat_completion`: `requests.post` is a synchronous (blocking) call. When invoked inside an `async def` it stalls the event loop, preven…

[MINED112] FastAPI POST /asr has no auth: Handler `transcribe_audio` is registered with router/app.post(...) but no Depends/Security parameter is declared and no auth marker appears in the function b…

[MINED115] Action `actions/checkout` pinned to mutable ref `@v4`: `uses: actions/checkout@v4` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-a…

[MINED115] Action `github/codeql-action/init` pinned to mutable ref `@v3`: `uses: github/codeql-action/init@v3` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; …

[MINED115] Action `github/codeql-action/analyze` pinned to mutable ref `@v3`: `uses: github/codeql-action/analyze@v3` resolves at workflow-run time. Tags and branches can be re-pushed by the action o…

[MINED115] Action `actions/checkout` pinned to mutable ref `@v3`: `uses: actions/checkout@v3` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-a…

[MINED115] Action `actions/checkout` pinned to mutable ref `@v3`: `uses: actions/checkout@v3` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-a…

[MINED115] Action `actions/setup-python` pinned to mutable ref `@v4`: `uses: actions/setup-python@v4` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made …

[MINED115] Action `actions/upload-artifact` pinned to mutable ref `@v4`: `uses: actions/upload-artifact@v4` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that…

[MINED115] Action `actions/upload-artifact` pinned to mutable ref `@v4`: `uses: actions/upload-artifact@v4` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that…

[MINED115] Action `actions/upload-artifact` pinned to mutable ref `@v4`: `uses: actions/upload-artifact@v4` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that…

[MINED115] Action `actions/upload-artifact` pinned to mutable ref `@v4`: `uses: actions/upload-artifact@v4` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that…

[MINED115] Action `actions/upload-artifact` pinned to mutable ref `@v4`: `uses: actions/upload-artifact@v4` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that…

[MINED115] Action `actions/checkout` pinned to mutable ref `@v4`: `uses: actions/checkout@v4` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-a…

[MINED115] Action `useblacksmith/setup-docker-builder` pinned to mutable ref `@v1`: `uses: useblacksmith/setup-docker-builder@v1` resolves at workflow-run time. Tags and branches can be re-pushed by …

[MINED115] Action `useblacksmith/build-push-action` pinned to mutable ref `@v2`: `uses: useblacksmith/build-push-action@v2` resolves at workflow-run time. Tags and branches can be re-pushed by the ac…

[MINED115] Action `actions/checkout` pinned to mutable ref `@v3`: `uses: actions/checkout@v3` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-a…

[MINED115] Action `fossas/fossa-action` pinned to mutable ref `@main`: `uses: fossas/fossa-action@main` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that mad…

[MINED115] Action `actions/checkout` pinned to mutable ref `@v4`: `uses: actions/checkout@v4` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-a…

[MINED115] Action `astral-sh/ruff-action` pinned to mutable ref `@v3`: `uses: astral-sh/ruff-action@v3` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that mad…

[MINED115] Action `actions/checkout` pinned to mutable ref `@v4`: `uses: actions/checkout@v4` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-a…

[MINED115] Action `astral-sh/setup-uv` pinned to mutable ref `@v3`: `uses: astral-sh/setup-uv@v3` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the …

[MINED115] Action `stefanzweifel/git-auto-commit-action` pinned to mutable ref `@v5`: `uses: stefanzweifel/git-auto-commit-action@v5` resolves at workflow-run time. Tags and branches can be re-pushed…

[MINED118] Dockerfile FROM `python:3.10-slim` not pinned by digest: `FROM python:3.10-slim` resolves the tag at build time. The registry CAN re-push a different image for the same tag, so every build…

[MINED131] pre-commit hook `https://github.com/astral-sh/ruff-pre-commit` pinned to mutable rev `v0.9.6`: `.pre-commit-config.yaml` references `https://github.com/astral-sh/ruff-pre-commit` at `rev: …

[SEC029] Server-Side Request Forgery (SSRF) — outbound HTTP from user input: Outbound HTTP request to a user-controlled URL without allowlist validation. Attackers can probe internal services (169.25…

[SEC029] Server-Side Request Forgery (SSRF) — outbound HTTP from user input: Outbound HTTP request to a user-controlled URL without allowlist validation. Attackers can probe internal services (169.25…

[SEC029] Server-Side Request Forgery (SSRF) — outbound HTTP from user input: Outbound HTTP request to a user-controlled URL without allowlist validation. Attackers can probe internal services (169.25…

[SEC078] Python: requests without timeout: requests.get/post without a timeout will hang indefinitely on a non-responsive server, causing thread exhaustion and ReDoS. Ported from bandit B113 (Apache-…

[SEC078] Python: requests without timeout: requests.get/post without a timeout will hang indefinitely on a non-responsive server, causing thread exhaustion and ReDoS. Ported from bandit B113 (Apache-…

[SEC078] Python: requests without timeout: requests.get/post without a timeout will hang indefinitely on a non-responsive server, causing thread exhaustion and ReDoS. Ported from bandit B113 (Apache-…

[SEC080] Python: tarfile.extractall without filter: tarfile.extract*() without filter='data' allows path-traversal (CVE-2007-4559, fixed via PEP 706 in 3.12). Ported from bandit B202 (Apache-2.0).

[SEC128] Async function without await — fire-and-forget Promise (AI mistake): Async call invoked without `await` returns an unhandled Promise. The outer function resolves before the inner work comple…

[SEC128] Async function without await — fire-and-forget Promise (AI mistake): Async call invoked without `await` returns an unhandled Promise. The outer function resolves before the inner work comple…

[SEC128] Async function without await — fire-and-forget Promise (AI mistake): Async call invoked without `await` returns an unhandled Promise. The outer function resolves before the inner work comple…

[AUC001] No Repobility access matrix policy found: The repository uses web/API frameworks but does not define .repobility/access.yml or equivalent authorization documentation.

[AUC002] Low visible authorization coverage in route inventory: Only 0.0% of discovered routes show nearby authentication, authorization, middleware, or public-route evidence.

[AUC012] FastAPI interactive docs may be exposed by framework defaults: FastAPI exposes /docs, /redoc, and /openapi.json by default. Public production APIs should explicitly disable those defaults, p…

[COMP001] High cognitive complexity: Function `check_frontend_submodule` has cognitive complexity 20 (SonarSource scale). Cognitive complexity measures how hard the function is for a human to underst…

[COMP001] High cognitive complexity: Function `create_agent` has cognitive complexity 16 (SonarSource scale). Cognitive complexity measures how hard the function is for a human to understand — nested…

Docker final stage has no non-root USER

Dockerfile copies broad context with incomplete .dockerignore

[ERR001] Silent Exception Swallowing: Silently swallowing all exceptions hides bugs. Even in cleanup code, log at DEBUG level.

[MINED109] Mutable default argument in `__init__` (list): `def __init__(... = []/{}/set())` — Python's default value is constructed ONCE at function definition time and shared across all calls. Mutat…

[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose.

[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose.

[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose.

[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose.

[SEC005] Command Injection Risk: Unsafe shell execution or eval of user input.

[SEC005] Command Injection Risk: Unsafe shell execution or eval of user input.

[SEC007] Unsafe Deserialization: Unsafe deserialization can execute arbitrary code.

[SEC007] Unsafe Deserialization: Unsafe deserialization can execute arbitrary code.

[SEC007] Unsafe Deserialization: Unsafe deserialization can execute arbitrary code.

[SEC012] ZipSlip — Archive Path Traversal: Archive extraction without path validation allows writing files outside the target directory.

[SEC034] Log Injection / Log Forging — unsanitized user input in log: User input is logged without sanitizing newlines or control characters. Attackers inject `\n` to forge fake log entries, hide tra…

[SEC034] Log Injection / Log Forging — unsanitized user input in log: User input is logged without sanitizing newlines or control characters. Attackers inject `\n` to forge fake log entries, hide tra…

[SEC034] Log Injection / Log Forging — unsanitized user input in log: User input is logged without sanitizing newlines or control characters. Attackers inject `\n` to forge fake log entries, hide tra…

[SEC037] Uncontrolled Recursion — stack/depth exhaustion: Parsing arbitrary-depth user input (XML, JSON, YAML) without a depth limit, or recursive function over user-controlled structure. Attacker se…

[SEC119] World-writable / world-readable file permissions: World-writable files let any local user (or container neighbor) tamper with data; world-readable files leak secrets.

Public web service has no security.txt

Duplicated implementation block across source files

Duplicated implementation block across source files

Duplicated implementation block across source files

Duplicated implementation block across source files

[AUC005] No authorization-focused tests detected: No test files with common authorization, ownership, 403, admin, or super_admin assertions were found.

[COMP001] High cognitive complexity: Function `_load_file_content` has cognitive complexity 9 (SonarSource scale). Cognitive complexity measures how hard the function is for a human to understand — n…

.dockerignore misses sensitive defaults

Dockerfile keeps pip download cache

[COMP001] High cognitive complexity (and 61 more): Same pattern found in 61 additional files. Review if needed.

[MINED001] Bare Except Pass (and 2 more): Same pattern found in 2 additional files. Review if needed.

[MINED018] Unsafe Deserialization Pickle (and 1 more): Same pattern found in 1 additional files. Review if needed.

[MINED040] Python Yaml Load Unsafe (and 1 more): Same pattern found in 1 additional files. Review if needed.

[MINED043] Http Not Https: Hardcoded http:// (not localhost) for endpoints that handle credentials or data.

[MINED044] Js Console Log Prod: console.log left in code. Should be replaced with logger or removed.

[MINED050] Stub Only Function (and 15 more): Same pattern found in 15 additional files. Review if needed.

[MINED050] Stub Only Function: Function declared but body is just pass, return None, raise NotImplementedError, or TODO comment.

[MINED050] Stub Only Function: Function declared but body is just pass, return None, raise NotImplementedError, or TODO comment.

[MINED050] Stub Only Function: Function declared but body is just pass, return None, raise NotImplementedError, or TODO comment.

[MINED062] Python Dataclass No Fields (and 1 more): Same pattern found in 1 additional files. Review if needed.

[MINED062] Python Dataclass No Fields: @dataclass over an empty class — unfinished model.

[MINED062] Python Dataclass No Fields: @dataclass over an empty class — unfinished model.

[MINED062] Python Dataclass No Fields: @dataclass over an empty class — unfinished model.

[MINED064] Python Input Call: input() blocks for stdin. Inappropriate in services.

[MINED067] Python Requests No Timeout (and 2 more): Same pattern found in 2 additional files. Review if needed.

[MINED067] Python Requests No Timeout: requests.get/post/etc. without timeout= can hang forever.

[MINED067] Python Requests No Timeout: requests.get/post/etc. without timeout= can hang forever.

[MINED067] Python Requests No Timeout: requests.get/post/etc. without timeout= can hang forever.

[SEC007] Unsafe Deserialization (and 1 more): Same pattern found in 1 additional files. Review if needed.

[SEC029] Server-Side Request Forgery (SSRF) — outbound HTTP from user input (and 6 more): Same pattern found in 6 additional files. Review if needed.

[SEC078] Python: requests without timeout (and 2 more): Same pattern found in 2 additional files. Review if needed.

[SEC079] Python: yaml.load without SafeLoader (and 1 more): Same pattern found in 1 additional files. Review if needed.

[SEC116] Ruby YAML.load / Marshal.load on untrusted input (and 1 more): Same pattern found in 1 additional files. Review if needed.