← Legacy view v2 (rp.*)

scikit-learn/scikit-learn

https://github.com/scikit-learn/scikit-learn · lang: python · LOC: · source: user_submitted

Quality
75.0
Grade B+
Security
90.0
Findings
11
0 critical · 0 high
Status
completed
May 15, 2026 09:54
info: 5 medium: 5 low: 1
Top rules by occurrence
RuleSeverityCount
SEC015 Insecure Randomness for Security medium 4
SEC007 Unsafe Deserialization medium 4
SEC012 ZipSlip — Archive Path Traversal medium 2
SEC006 XSS Risk high 1
First 11 findings (severity-sorted)
medium SEC007 Unsafe Deserialization
asv_benchmarks/benchmarks/common.py:176 · conf 1.00 
[SEC007] Unsafe Deserialization: Unsafe deserialization can execute arbitrary code.
medium SEC007 Unsafe Deserialization
benchmarks/bench_plot_randomized_svd.py:137 · conf 1.00 
[SEC007] Unsafe Deserialization: Unsafe deserialization can execute arbitrary code.
medium SEC007 Unsafe Deserialization
sklearn/utils/estimator_checks.py:2713 · conf 1.00 
[SEC007] Unsafe Deserialization: Unsafe deserialization can execute arbitrary code.
medium SEC012 ZipSlip — Archive Path Traversal
examples/applications/plot_out_of_core_classification.py:175 · conf 1.00 
[SEC012] ZipSlip — Archive Path Traversal: Archive extraction without path validation allows writing files outside the target directory.
medium SEC012 ZipSlip — Archive Path Traversal
sklearn/utils/fixes.py:348 · conf 1.00 
[SEC012] ZipSlip — Archive Path Traversal: Archive extraction without path validation allows writing files outside the target directory.
low SEC006 XSS Risk
sklearn/utils/_repr_html/estimator.js:23 · conf 0.40 
[SEC006] XSS Risk: Direct HTML injection without sanitization.
info SEC007 Unsafe Deserialization
· conf 0.20 
[SEC007] Unsafe Deserialization (and 1 more): Same pattern found in 1 additional files. Review if needed.
info SEC015 Insecure Randomness for Security
· conf 0.20 
[SEC015] Insecure Randomness for Security (and 2 more): Same pattern found in 2 additional files. Review if needed.
info SEC015 Insecure Randomness for Security
benchmarks/bench_isotonic.py:26 · conf 0.25 
[SEC015] Insecure Randomness for Security: Weak PRNG used in security-sensitive context. Output is predictable.
info SEC015 Insecure Randomness for Security
benchmarks/bench_plot_polynomial_kernel_approximation.py:143 · conf 0.25 
[SEC015] Insecure Randomness for Security: Weak PRNG used in security-sensitive context. Output is predictable.
info SEC015 Insecure Randomness for Security
sklearn/model_selection/_split.py:1195 · conf 0.25 
[SEC015] Insecure Randomness for Security: Weak PRNG used in security-sensitive context. Output is predictable.

Reading from rp.scan + rp.finding + rp.rule (unified schema, R78 series). Legacy data path unchanged. Compare with /scan/a5f73a3d-9c26-4983-8ec3-040adfc69698/.