https://github.com/microsoft/VibeVoice.git ·
lang: python ·
LOC: ·
source: user_submitted
| Rule | Severity | Count |
|---|---|---|
MINED108 self.attribute used but never assigned in __init__ |
high | 25 |
MINED111 Bare except continues silently |
medium | 25 |
AIC003 Duplicated implementation block across source files |
low | 7 |
MINED109 Mutable default argument |
medium | 6 |
COMP001 [COMP001] High cognitive complexity: Function `load_yfinanc… |
low | 4 |
SEC045 eval()/exec() on stored or user-supplied data |
medium | 3 |
MINED001 Bare Except Pass |
high | 2 |
MINED106 Phantom test coverage (assertion-free test) |
high | 2 |
AGT012 Agent control bridge may listen on a network interface with… |
medium | 2 |
WEB003 Public web service has no security.txt |
medium | 1 |
COMP001
[COMP001] High cognitive complexity: Function `load_yfinance_data` has cognitive complexity 9 (SonarSource scale). Cognitive complexity measures how hard the function is for a human to understand — nested branches, boolean chains, and recursion all weigh in. Breakdown: except=1, for=1, if=2, nested_bonus=3, or=2.
demo/realtime_model_inference_from_file.py:129
· conf 0.95
[COMP001] High cognitive complexity: Function `main` has cognitive complexity 32 (SonarSource scale). Cognitive complexity measures how hard the function is for a human to understand — nested branche…MINED001
Bare Except Pass
CWE-755
vibevoice/modular/streamer.py:249
· conf 1.00
[MINED001] Bare Except Pass: except: pass or except Exception: pass — silently swallows everything including KeyboardInterrupt and bugs.MINED001
Bare Except Pass
CWE-755
vllm_plugin/__init__.py:46
· conf 1.00
[MINED001] Bare Except Pass: except: pass or except Exception: pass — silently swallows everything including KeyboardInterrupt and bugs.MINED106
Phantom test coverage (assertion-free test)
CWE-1126
vllm_plugin/tests/test_api_auto_recover.py:463
· conf 1.00
[MINED106] Phantom test coverage: test_transcription_with_recovery: Test function `test_transcription_with_recovery` runs code but contains no assert / expect / should call — it passes regardless of …MINED106
Phantom test coverage (assertion-free test)
CWE-1126
vllm_plugin/tests/test_api.py:86
· conf 1.00
[MINED106] Phantom test coverage: test_transcription_with_hotwords: Test function `test_transcription_with_hotwords` runs code but contains no assert / expect / should call — it passes regardless of …MINED108
self.attribute used but never assigned in __init__
CWE-476
demo/realtime_model_inference_from_file.py:36
· conf 1.00
[MINED108] `self.voice_presets` used but never assigned in __init__: Method `setup_voice_presets` of class `VoiceMapper` reads `self.voice_presets`, but no assignment to it exists in __init__ (and no…MINED108
self.attribute used but never assigned in __init__
CWE-476
demo/realtime_model_inference_from_file.py:37
· conf 1.00
[MINED108] `self.available_voices` used but never assigned in __init__: Method `setup_voice_presets` of class `VoiceMapper` reads `self.available_voices`, but no assignment to it exists in __init__ (…MINED108
self.attribute used but never assigned in __init__
CWE-476
demo/realtime_model_inference_from_file.py:41
· conf 1.00
[MINED108] `self.voice_presets` used but never assigned in __init__: Method `setup_voice_presets` of class `VoiceMapper` reads `self.voice_presets`, but no assignment to it exists in __init__ (and no…MINED108
self.attribute used but never assigned in __init__
CWE-476
demo/realtime_model_inference_from_file.py:51
· conf 1.00
[MINED108] `self.voice_presets` used but never assigned in __init__: Method `setup_voice_presets` of class `VoiceMapper` reads `self.voice_presets`, but no assignment to it exists in __init__ (and no…MINED108
self.attribute used but never assigned in __init__
CWE-476
demo/realtime_model_inference_from_file.py:54
· conf 1.00
[MINED108] `self.voice_presets` used but never assigned in __init__: Method `setup_voice_presets` of class `VoiceMapper` reads `self.voice_presets`, but no assignment to it exists in __init__ (and no…MINED108
self.attribute used but never assigned in __init__
CWE-476
demo/realtime_model_inference_from_file.py:57
· conf 1.00
[MINED108] `self.available_voices` used but never assigned in __init__: Method `setup_voice_presets` of class `VoiceMapper` reads `self.available_voices`, but no assignment to it exists in __init__ (…MINED108
self.attribute used but never assigned in __init__
CWE-476
demo/realtime_model_inference_from_file.py:58
· conf 1.00
[MINED108] `self.voice_presets` used but never assigned in __init__: Method `setup_voice_presets` of class `VoiceMapper` reads `self.voice_presets`, but no assignment to it exists in __init__ (and no…MINED108
self.attribute used but never assigned in __init__
CWE-476
demo/realtime_model_inference_from_file.py:62
· conf 1.00
[MINED108] `self.available_voices` used but never assigned in __init__: Method `setup_voice_presets` of class `VoiceMapper` reads `self.available_voices`, but no assignment to it exists in __init__ (…MINED108
self.attribute used but never assigned in __init__
CWE-476
demo/realtime_model_inference_from_file.py:63
· conf 1.00
[MINED108] `self.available_voices` used but never assigned in __init__: Method `setup_voice_presets` of class `VoiceMapper` reads `self.available_voices`, but no assignment to it exists in __init__ (…MINED108
self.attribute used but never assigned in __init__
CWE-476
demo/realtime_model_inference_from_file.py:69
· conf 1.00
[MINED108] `self.voice_presets` used but never assigned in __init__: Method `get_voice_path` of class `VoiceMapper` reads `self.voice_presets`, but no assignment to it exists in __init__ (and no clas…MINED108
self.attribute used but never assigned in __init__
CWE-476
demo/realtime_model_inference_from_file.py:70
· conf 1.00
[MINED108] `self.voice_presets` used but never assigned in __init__: Method `get_voice_path` of class `VoiceMapper` reads `self.voice_presets`, but no assignment to it exists in __init__ (and no clas…MINED108
self.attribute used but never assigned in __init__
CWE-476
demo/realtime_model_inference_from_file.py:74
· conf 1.00
[MINED108] `self.voice_presets` used but never assigned in __init__: Method `get_voice_path` of class `VoiceMapper` reads `self.voice_presets`, but no assignment to it exists in __init__ (and no clas…MINED108
self.attribute used but never assigned in __init__
CWE-476
demo/realtime_model_inference_from_file.py:83
· conf 1.00
[MINED108] `self.voice_presets` used but never assigned in __init__: Method `get_voice_path` of class `VoiceMapper` reads `self.voice_presets`, but no assignment to it exists in __init__ (and no clas…MINED108
self.attribute used but never assigned in __init__
CWE-476
demo/vibevoice_asr_inference_from_file.py:147
· conf 1.00
[MINED108] `self._prepare_generation_config` used but never assigned in __init__: Method `transcribe_batch` of class `VibeVoiceASRBatchInference` reads `self._prepare_generation_config`, but no assig…MINED108
self.attribute used but never assigned in __init__
CWE-476
demo/vibevoice_asr_inference_from_file.py:240
· conf 1.00
[MINED108] `self.transcribe_batch` used but never assigned in __init__: Method `transcribe_with_batching` of class `VibeVoiceASRBatchInference` reads `self.transcribe_batch`, but no assignment to it …MINED108
self.attribute used but never assigned in __init__
CWE-476
finetuning-asr/lora_finetune.py:305
· conf 1.00
[MINED108] `self._format_transcription` used but never assigned in __init__: Method `__getitem__` of class `VibeVoiceASRDataset` reads `self._format_transcription`, but no assignment to it exists in …MINED108
self.attribute used but never assigned in __init__
CWE-476
vllm_plugin/model.py:339
· conf 1.00
[MINED108] `self._ensure_audio_encoder_dtype` used but never assigned in __init__: Method `forward` of class `VibeVoiceAudioEncoder` reads `self._ensure_audio_encoder_dtype`, but no assignment to it …MINED108
self.attribute used but never assigned in __init__
CWE-476
vllm_plugin/model.py:481
· conf 1.00
[MINED108] `self.ctx` used but never assigned in __init__: Method `get_hf_config` of class `VibeVoiceProcessingInfo` reads `self.ctx`, but no assignment to it exists in __init__ (and no class-level f…MINED108
self.attribute used but never assigned in __init__
CWE-476
vllm_plugin/model.py:498
· conf 1.00
[MINED108] `self.ctx` used but never assigned in __init__: Method `get_feature_extractor` of class `VibeVoiceProcessingInfo` reads `self.ctx`, but no assignment to it exists in __init__ (and no class…MINED108
self.attribute used but never assigned in __init__
CWE-476
vllm_plugin/model.py:539
· conf 1.00
[MINED108] `self.get_tokenizer` used but never assigned in __init__: Method `get_audio_token_info` of class `VibeVoiceProcessingInfo` reads `self.get_tokenizer`, but no assignment to it exists in __i…MINED108
self.attribute used but never assigned in __init__
CWE-476
vllm_plugin/model.py:576
· conf 1.00
[MINED108] `self.get_hf_config` used but never assigned in __init__: Method `get_mm_max_tokens_per_item` of class `VibeVoiceProcessingInfo` reads `self.get_hf_config`, but no assignment to it exists …MINED108
self.attribute used but never assigned in __init__
CWE-476
vllm_plugin/model.py:614
· conf 1.00
[MINED108] `self.info` used but never assigned in __init__: Method `_get_max_audio_samples` of class `VibeVoiceDummyInputsBuilder` reads `self.info`, but no assignment to it exists in __init__ (and n…MINED108
self.attribute used but never assigned in __init__
CWE-476
vllm_plugin/model.py:637
· conf 1.00
[MINED108] `self.info` used but never assigned in __init__: Method `get_dummy_text` of class `VibeVoiceDummyInputsBuilder` reads `self.info`, but no assignment to it exists in __init__ (and no class-…MINED108
self.attribute used but never assigned in __init__
CWE-476
vllm_plugin/model.py:654
· conf 1.00
[MINED108] `self._get_max_audio_samples` used but never assigned in __init__: Method `get_dummy_mm_data` of class `VibeVoiceDummyInputsBuilder` reads `self._get_max_audio_samples`, but no assignment …MINED108
self.attribute used but never assigned in __init__
CWE-476
vllm_plugin/model.py:659
· conf 1.00
[MINED108] `self._get_dummy_audios` used but never assigned in __init__: Method `get_dummy_mm_data` of class `VibeVoiceDummyInputsBuilder` reads `self._get_dummy_audios`, but no assignment to it exis…AGT012
Agent control bridge may listen on a network interface without visible auth
demo/vibevoice_asr_gradio_demo.py:402
· conf 0.72
Agent control bridge may listen on a network interface without visible authAGT012
Agent control bridge may listen on a network interface without visible auth
vllm_plugin/scripts/gradio_asr_demo_api_video.py:1843
· conf 0.72
Agent control bridge may listen on a network interface without visible authAUC001
[AUC001] No Repobility access matrix policy found: The repository uses web/API frameworks but does not define .repobility/access.yml or equivalent authorization documentation.
[AUC001] No Repobility access matrix policy found: The repository uses web/API frameworks but does not define .repobility/access.yml or equivalent authorization documentation.AUC012
[AUC012] FastAPI interactive docs may be exposed by framework defaults: FastAPI exposes /docs, /redoc, and /openapi.json by default. Public production APIs should explicitly disable those defaults, protect them behind admin authentication, or publish a reviewed OpenAPI spec with declared security requirements.
[AUC012] FastAPI interactive docs may be exposed by framework defaults: FastAPI exposes /docs, /redoc, and /openapi.json by default. Public production APIs should explicitly disable those defaults, p…CORE_NO_CI
No CI/CD configuration found
No CI/CD configuration foundERR001
[ERR001] Silent Exception Swallowing (and 2 more): Same pattern found in 2 additional files. Review if needed.
vllm_plugin/__init__.py:46
· conf 1.00
[ERR001] Silent Exception Swallowing: Silently swallowing all exceptions hides bugs. Even in cleanup code, log at DEBUG level.MINED109
Mutable default argument
CWE-1023
vibevoice/modular/configuration_vibevoice.py:34
· conf 1.00
[MINED109] Mutable default argument in `__init__` (list): `def __init__(... = []/{}/set())` — Python's default value is constructed ONCE at function definition time and shared across all calls. Mutat…MINED109
Mutable default argument
CWE-1023
vibevoice/modular/configuration_vibevoice.py:97
· conf 1.00
[MINED109] Mutable default argument in `__init__` (list): `def __init__(... = []/{}/set())` — Python's default value is constructed ONCE at function definition time and shared across all calls. Mutat…MINED109
Mutable default argument
CWE-1023
vibevoice/modular/modular_vibevoice_tokenizer.py:164
· conf 1.00
[MINED109] Mutable default argument in `__init__` (dict): `def __init__(... = []/{}/set())` — Python's default value is constructed ONCE at function definition time and shared across all calls. Mutat…MINED109
Mutable default argument
CWE-1023
vibevoice/modular/modular_vibevoice_tokenizer.py:179
· conf 1.00
[MINED109] Mutable default argument in `__init__` (dict): `def __init__(... = []/{}/set())` — Python's default value is constructed ONCE at function definition time and shared across all calls. Mutat…MINED109
Mutable default argument
CWE-1023
vibevoice/modular/modular_vibevoice_tokenizer.py:259
· conf 1.00
[MINED109] Mutable default argument in `__init__` (dict): `def __init__(... = []/{}/set())` — Python's default value is constructed ONCE at function definition time and shared across all calls. Mutat…MINED109
Mutable default argument
CWE-1023
vibevoice/modular/modular_vibevoice_tokenizer.py:435
· conf 1.00
[MINED109] Mutable default argument in `__init__` (dict): `def __init__(... = []/{}/set())` — Python's default value is constructed ONCE at function definition time and shared across all calls. Mutat…MINED111
Bare except continues silently
demo/realtime_model_inference_from_file.py:201
· conf 1.00
[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose.MINED111
Bare except continues silently
demo/vibevoice_asr_gradio_demo.py:43
· conf 1.00
[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose.MINED111
Bare except continues silently
demo/vibevoice_asr_gradio_demo.py:230
· conf 1.00
[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose.MINED111
Bare except continues silently
demo/vibevoice_asr_gradio_demo.py:323
· conf 1.00
[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose.MINED111
Bare except continues silently
demo/vibevoice_asr_gradio_demo.py:338
· conf 1.00
[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose.MINED111
Bare except continues silently
demo/vibevoice_asr_gradio_demo.py:403
· conf 1.00
[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose.MINED111
Bare except continues silently
demo/vibevoice_asr_gradio_demo.py:427
· conf 1.00
[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose.MINED111
Bare except continues silently
demo/vibevoice_asr_gradio_demo.py:512
· conf 1.00
[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose.MINED111
Bare except continues silently
demo/vibevoice_asr_gradio_demo.py:595
· conf 1.00
[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose.MINED111
Bare except continues silently
demo/vibevoice_asr_gradio_demo.py:635
· conf 1.00
[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose.MINED111
Bare except continues silently
demo/vibevoice_asr_gradio_demo.py:911
· conf 1.00
[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose.MINED111
Bare except continues silently
demo/vibevoice_asr_inference_from_file.py:184
· conf 1.00
[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose.MINED111
Bare except continues silently
demo/vibevoice_asr_inference_from_file.py:391
· conf 1.00
[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose.MINED111
Bare except continues silently
finetuning-asr/inference_lora.py:137
· conf 1.00
[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose.MINED111
Bare except continues silently
vllm_plugin/model.py:1095
· conf 1.00
[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose.MINED111
Bare except continues silently
vllm_plugin/scripts/gradio_asr_demo_api_video.py:88
· conf 1.00
[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose.MINED111
Bare except continues silently
vllm_plugin/scripts/gradio_asr_demo_api_video.py:156
· conf 1.00
[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose.MINED111
Bare except continues silently
vllm_plugin/scripts/gradio_asr_demo_api_video.py:196
· conf 1.00
[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose.MINED111
Bare except continues silently
vllm_plugin/scripts/gradio_asr_demo_api_video.py:232
· conf 1.00
[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose.MINED111
Bare except continues silently
vllm_plugin/scripts/gradio_asr_demo_api_video.py:388
· conf 1.00
[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose.MINED111
Bare except continues silently
vllm_plugin/scripts/gradio_asr_demo_api_video.py:466
· conf 1.00
[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose.MINED111
Bare except continues silently
vllm_plugin/scripts/gradio_asr_demo_api_video.py:535
· conf 1.00
[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose.MINED111
Bare except continues silently
vllm_plugin/scripts/gradio_asr_demo_api_video.py:589
· conf 1.00
[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose.MINED111
Bare except continues silently
vllm_plugin/scripts/gradio_asr_demo_api_video.py:649
· conf 1.00
[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose.MINED111
Bare except continues silently
vllm_plugin/scripts/start_server.py:294
· conf 1.00
[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose.WEB003
Public web service has no security.txt
.well-known/security.txt
· conf 0.78
Public web service has no security.txtAIC003
Duplicated implementation block across source files
vibevoice/modular/configuration_vibevoice_streaming.py:13
· conf 0.86
Duplicated implementation block across source filesAIC003
Duplicated implementation block across source files
vibevoice/modular/modeling_vibevoice_asr.py:35
· conf 0.86
Duplicated implementation block across source filesAIC003
Duplicated implementation block across source files
vibevoice/modular/modeling_vibevoice_streaming_inference.py:108
· conf 0.86
Duplicated implementation block across source filesAIC003
Duplicated implementation block across source files
vibevoice/modular/modeling_vibevoice_streaming.py:45
· conf 0.86
Duplicated implementation block across source filesAIC003
Duplicated implementation block across source files
vibevoice/processor/vibevoice_processor.py:56
· conf 0.86
Duplicated implementation block across source filesAIC003
Duplicated implementation block across source files
vibevoice/processor/vibevoice_streaming_processor.py:15
· conf 0.86
Duplicated implementation block across source filesAIC003
Duplicated implementation block across source files
vibevoice/processor/vibevoice_streaming_processor.py:53
· conf 0.86
Duplicated implementation block across source filesAUC005
[AUC005] No authorization-focused tests detected: No test files with common authorization, ownership, 403, admin, or super_admin assertions were found.
[AUC005] No authorization-focused tests detected: No test files with common authorization, ownership, 403, admin, or super_admin assertions were found.COMP001
[COMP001] High cognitive complexity: Function `load_yfinance_data` has cognitive complexity 9 (SonarSource scale). Cognitive complexity measures how hard the function is for a human to understand — nested branches, boolean chains, and recursion all weigh in. Breakdown: except=1, for=1, if=2, nested_bonus=3, or=2.
demo/realtime_model_inference_from_file.py:65
· conf 0.95
[COMP001] High cognitive complexity: Function `get_voice_path` has cognitive complexity 8 (SonarSource scale). Cognitive complexity measures how hard the function is for a human to understand — neste…COMP001
[COMP001] High cognitive complexity: Function `load_yfinance_data` has cognitive complexity 9 (SonarSource scale). Cognitive complexity measures how hard the function is for a human to understand — nested branches, boolean chains, and recursion all weigh in. Breakdown: except=1, for=1, if=2, nested_bonus=3, or=2.
finetuning-asr/inference_lora.py:147
· conf 0.95
[COMP001] High cognitive complexity: Function `main` has cognitive complexity 8 (SonarSource scale). Cognitive complexity measures how hard the function is for a human to understand — nested branches…COMP001
[COMP001] High cognitive complexity: Function `load_yfinance_data` has cognitive complexity 9 (SonarSource scale). Cognitive complexity measures how hard the function is for a human to understand — nested branches, boolean chains, and recursion all weigh in. Breakdown: except=1, for=1, if=2, nested_bonus=3, or=2.
[COMP001] High cognitive complexity (and 5 more): Same pattern found in 5 additional files. Review if needed.MINED049
Print Pii
CWE-532
demo/realtime_model_inference_from_file.py:279
· conf 1.00
[MINED049] Print Pii: Logging password/token/email/ssn directly to stdout.MINED050
Stub Only Function
CWE-1188
vibevoice/modular/streamer.py:133
· conf 1.00
[MINED050] Stub Only Function: Function declared but body is just pass, return None, raise NotImplementedError, or TODO comment.SEC011
Unsafe PyTorch Model Loading
demo/realtime_model_inference_from_file.py:228
· conf 0.10
[SEC011] Unsafe PyTorch Model Loading: torch.load() uses pickle internally and can execute arbitrary code from untrusted model files.SEC020
Secret Printed to Logs
demo/realtime_model_inference_from_file.py:222
· conf 0.10
[SEC020] Secret Printed to Logs: Debug or diagnostic code appears to print a credential-bearing value. This is a frequent AI-assisted coding failure: the helper exposes the exact value needed for tro…SEC045
eval()/exec() on stored or user-supplied data
demo/realtime_model_inference_from_file.py:218
· conf 0.10
[SEC045] eval()/exec() on stored or user-supplied data: eval() and exec() on data — even admin-stored data — is a lateral-movement vector after any one credential compromise. Sandboxes (__builtins__ …SEC045
eval()/exec() on stored or user-supplied data
finetuning-asr/inference_lora.py:68
· conf 0.10
[SEC045] eval()/exec() on stored or user-supplied data: eval() and exec() on data — even admin-stored data — is a lateral-movement vector after any one credential compromise. Sandboxes (__builtins__ …SEC045
eval()/exec() on stored or user-supplied data
vibevoice/modular/modeling_vibevoice_streaming.py:161
· conf 0.10
[SEC045] eval()/exec() on stored or user-supplied data: eval() and exec() on data — even admin-stored data — is a lateral-movement vector after any one credential compromise. Sandboxes (__builtins__ …Reading from rp.scan + rp.finding + rp.rule (unified schema, R78 series). Legacy data path unchanged. Compare with /scan/59822133-99df-4890-8acc-0ec11ec6560c/.