https://github.com/pytorch/torchtitan ·
lang: python ·
LOC: ·
source: corpus_mined
| Rule | Severity | Count |
|---|---|---|
SEC005 Command Injection Risk |
high | 2 |
SEC007 Unsafe Deserialization |
medium | 2 |
SEC011 Unsafe PyTorch Model Loading |
medium | 1 |
SEC020 Secret Printed to Logs |
high | 1 |
SEC005
Command Injection Risk
scripts/loss_compare.py:124
· conf 0.50
[SEC005] Command Injection Risk: Unsafe shell execution or eval of user input.SEC005
Command Injection Risk
torchtitan/components/validate.py:289
· conf 0.50
[SEC005] Command Injection Risk: Unsafe shell execution or eval of user input.SEC007
Unsafe Deserialization
torchtitan/components/dataloader.py:167
· conf 1.00
[SEC007] Unsafe Deserialization: Unsafe deserialization can execute arbitrary code.SEC007
Unsafe Deserialization
torchtitan/experiments/graph_trainer/precompile.py:269
· conf 1.00
[SEC007] Unsafe Deserialization: Unsafe deserialization can execute arbitrary code.SEC011
Unsafe PyTorch Model Loading
torchtitan/components/checkpoint.py:228
· conf 0.10
[SEC011] Unsafe PyTorch Model Loading: torch.load() uses pickle internally and can execute arbitrary code from untrusted model files.SEC020
Secret Printed to Logs
torchtitan/components/tokenizer.py:191
· conf 0.15
[SEC020] Secret Printed to Logs: Debug or diagnostic code appears to print a credential-bearing value. This is a frequent AI-assisted coding failure: the helper exposes the exact value needed for tro…Reading from rp.scan + rp.finding + rp.rule (unified schema, R78 series). Legacy data path unchanged. Compare with /scan/9eb441b0-4d1c-45b8-9825-0c639f48bd8b/.