https://github.com/Gen-Verse/Open-AgentRL.git ·
lang: python ·
LOC: ·
source: user_submitted
| Rule | Severity | Count |
|---|---|---|
SEC001 Hardcoded Password |
critical | 4 |
SEC005 Command Injection Risk |
high | 4 |
SEC011 Unsafe PyTorch Model Loading |
medium | 4 |
SEC014 SSL Verification Disabled |
medium | 4 |
SEC020 Secret Printed to Logs |
high | 4 |
SEC015 Insecure Randomness for Security |
medium | 4 |
SEC007 Unsafe Deserialization |
medium | 4 |
SEC012 ZipSlip — Archive Path Traversal |
medium | 3 |
SEC016 LLM Prompt Injection — User Input in AI Prompt |
high | 2 |
SEC013 Path Traversal — User Input in File Path |
high | 2 |
SEC013
Path Traversal — User Input in File Path
verl/utils/reward_score/livecodebench/lcb_runner/evaluation/testing_util.py:131
· conf 0.80
[SEC013] Path Traversal — User Input in File Path: User-controlled input used in file path without sanitization. Allows reading arbitrary files.SEC013
Path Traversal — User Input in File Path
verl/utils/reward_score/prime_code/testing_util.py:586
· conf 0.80
[SEC013] Path Traversal — User Input in File Path: User-controlled input used in file path without sanitization. Allows reading arbitrary files.SEC016
LLM Prompt Injection — User Input in AI Prompt
verl/utils/reward_score/livecodebench/lcb_runner/prompts/self_repair.py:222
· conf 0.90
[SEC016] LLM Prompt Injection — User Input in AI Prompt: User-supplied text is interpolated directly into an AI/LLM prompt (e.g. OpenAI, Anthropic, or local model). This is the AI equivalent of SQL i…SEC001
Hardcoded Password
OSWorld-main/run_autoglm.py:531
· conf 0.30
[SEC001] Hardcoded Password: Hardcoded password found in source code.SEC001
Hardcoded Password
OSWorld-main/run_autoglm_v.py:565
· conf 0.30
[SEC001] Hardcoded Password: Hardcoded password found in source code.SEC001
Hardcoded Password
OSWorld-main/run_multienv_autoglm.py:538
· conf 0.30
[SEC001] Hardcoded Password: Hardcoded password found in source code.SEC005
Command Injection Risk
alfworld_eval.py:27
· conf 0.50
[SEC005] Command Injection Risk: Unsafe shell execution or eval of user input.SEC005
Command Injection Risk
coding_eval.py:15
· conf 0.50
[SEC005] Command Injection Risk: Unsafe shell execution or eval of user input.SEC005
Command Injection Risk
coding_rl.py:15
· conf 0.50
[SEC005] Command Injection Risk: Unsafe shell execution or eval of user input.SEC007
Unsafe Deserialization
verl/protocol.py:363
· conf 1.00
[SEC007] Unsafe Deserialization: Unsafe deserialization can execute arbitrary code.SEC007
Unsafe Deserialization
verl/utils/reward_score/livecodebench/lcb_runner/benchmarks/code_generation.py:68
· conf 1.00
[SEC007] Unsafe Deserialization: Unsafe deserialization can execute arbitrary code.SEC007
Unsafe Deserialization
verl/workers/rollout/sglang_rollout/utils.py:67
· conf 1.00
[SEC007] Unsafe Deserialization: Unsafe deserialization can execute arbitrary code.SEC011
Unsafe PyTorch Model Loading
train/osworld_train.py:566
· conf 1.00
[SEC011] Unsafe PyTorch Model Loading: torch.load() uses pickle internally and can execute arbitrary code from untrusted model files.SEC011
Unsafe PyTorch Model Loading
train/osworld_vlm_merge_preproc_shards.py:63
· conf 1.00
[SEC011] Unsafe PyTorch Model Loading: torch.load() uses pickle internally and can execute arbitrary code from untrusted model files.SEC011
Unsafe PyTorch Model Loading
verl/protocol.py:347
· conf 1.00
[SEC011] Unsafe PyTorch Model Loading: torch.load() uses pickle internally and can execute arbitrary code from untrusted model files.SEC012
ZipSlip — Archive Path Traversal
OSWorld-main/desktop_env/providers/docker/manager.py:88
· conf 1.00
[SEC012] ZipSlip — Archive Path Traversal: Archive extraction without path validation allows writing files outside the target directory.SEC012
ZipSlip — Archive Path Traversal
OSWorld-main/desktop_env/providers/virtualbox/manager.py:110
· conf 1.00
[SEC012] ZipSlip — Archive Path Traversal: Archive extraction without path validation allows writing files outside the target directory.SEC012
ZipSlip — Archive Path Traversal
OSWorld-main/desktop_env/providers/vmware/manager.py:185
· conf 1.00
[SEC012] ZipSlip — Archive Path Traversal: Archive extraction without path validation allows writing files outside the target directory.SEC014
SSL Verification Disabled
OSWorld-main/mm_agents/opencua/opencua_agent.py:449
· conf 1.00
[SEC014] SSL Verification Disabled: SSL certificate verification is disabled, allowing man-in-the-middle attacks.SEC014
SSL Verification Disabled
OSWorld-main/mm_agents/qwen3vl_agent_local.py:637
· conf 1.00
[SEC014] SSL Verification Disabled: SSL certificate verification is disabled, allowing man-in-the-middle attacks.SEC014
SSL Verification Disabled
OSWorld-main/mm_agents/uitars15_v1_local.py:778
· conf 1.00
[SEC014] SSL Verification Disabled: SSL certificate verification is disabled, allowing man-in-the-middle attacks.SEC016
LLM Prompt Injection — User Input in AI Prompt
verl/utils/reward_score/livecodebench/lcb_runner/prompts/code_generation.py:39
· conf 0.50
[SEC016] LLM Prompt Injection — User Input in AI Prompt: User-supplied text is interpolated directly into an AI/LLM prompt (e.g. OpenAI, Anthropic, or local model). This is the AI equivalent of SQL i…SEC017
Unbounded Input to LLM/External API
verl/utils/reward_score/livecodebench/lcb_runner/prompts/code_generation.py:39
· conf 0.80
[SEC017] Unbounded Input to LLM/External API: User input is passed to an LLM or external AI API (OpenAI, Anthropic, etc.) without any visible length or size validation. This creates two risks: (1) Co…SEC006
XSS Risk
OSWorld-main/monitor/static/index.js:143
· conf 0.40
[SEC006] XSS Risk: Direct HTML injection without sanitization.SEC017
Unbounded Input to LLM/External API
verl/utils/reward_score/livecodebench/lcb_runner/prompts/self_repair.py:222
· conf 0.30
[SEC017] Unbounded Input to LLM/External API: User input is passed to an LLM or external AI API (OpenAI, Anthropic, etc.) without any visible length or size validation. This creates two risks: (1) Co…SEC001
Hardcoded Password
[SEC001] Hardcoded Password (and 11 more): Same pattern found in 11 additional files. Review if needed.SEC005
Command Injection Risk
[SEC005] Command Injection Risk (and 10 more): Same pattern found in 10 additional files. Review if needed.SEC007
Unsafe Deserialization
[SEC007] Unsafe Deserialization (and 2 more): Same pattern found in 2 additional files. Review if needed.SEC011
Unsafe PyTorch Model Loading
[SEC011] Unsafe PyTorch Model Loading (and 5 more): Same pattern found in 5 additional files. Review if needed.SEC014
SSL Verification Disabled
[SEC014] SSL Verification Disabled (and 2 more): Same pattern found in 2 additional files. Review if needed.SEC015
Insecure Randomness for Security
[SEC015] Insecure Randomness for Security (and 2 more): Same pattern found in 2 additional files. Review if needed.SEC015
Insecure Randomness for Security
alfworld_master/my_environments.py:330
· conf 0.25
[SEC015] Insecure Randomness for Security: Weak PRNG used in security-sensitive context. Output is predictable.SEC015
Insecure Randomness for Security
OSWorld-main/desktop_env/providers/vmware/manager.py:70
· conf 0.25
[SEC015] Insecure Randomness for Security: Weak PRNG used in security-sensitive context. Output is predictable.SEC015
Insecure Randomness for Security
train/utils.py:111
· conf 0.25
[SEC015] Insecure Randomness for Security: Weak PRNG used in security-sensitive context. Output is predictable.SEC020
Secret Printed to Logs
[SEC020] Secret Printed to Logs (and 13 more): Same pattern found in 13 additional files. Review if needed.SEC020
Secret Printed to Logs
sample/alfworld_utils.py:341
· conf 0.15
[SEC020] Secret Printed to Logs: Debug or diagnostic code appears to print a credential-bearing value. This is a frequent AI-assisted coding failure: the helper exposes the exact value needed for tro…SEC020
Secret Printed to Logs
train/alfworld_train.py:590
· conf 0.15
[SEC020] Secret Printed to Logs: Debug or diagnostic code appears to print a credential-bearing value. This is a frequent AI-assisted coding failure: the helper exposes the exact value needed for tro…SEC020
Secret Printed to Logs
train/osworld_train.py:542
· conf 0.15
[SEC020] Secret Printed to Logs: Debug or diagnostic code appears to print a credential-bearing value. This is a frequent AI-assisted coding failure: the helper exposes the exact value needed for tro…Reading from rp.scan + rp.finding + rp.rule (unified schema, R78 series). Legacy data path unchanged. Compare with /scan/67cbee14-0162-4d5c-96f7-35bb573129bc/.