-
Notifications
You must be signed in to change notification settings - Fork 1
Expand file tree
/
Copy pathresults.xml
More file actions
89 lines (83 loc) · 3.7 KB
/
Copy pathresults.xml
File metadata and controls
89 lines (83 loc) · 3.7 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
<?xml version="1.0" encoding="utf-8"?>
<checkstyle version="1.5">
<file name="golang/go.mod">
<error
source="vulnerability_critical"
line="5"
message="Insecure dependency golang/stdlib@v1.21.4 (CVE-2024-24790: golang: net/netip: Unexpected behavior from Is methods for IPv4-mapped IPv6 addresses) (update to 1.21.11)"
severity="error"
/>
<error
source="vulnerability_critical"
line="5"
message="Insecure dependency golang/stdlib@v1.21.4 (CVE-2025-68121: crypto/tls: crypto/tls: Incorrect certificate validation during TLS session resumption) (update to 1.24.13)"
severity="error"
/>
<error
source="vulnerability_critical"
line="8"
message="Insecure dependency golang/github.com/ollama/ollama@v0.1.46 (CVE-2025-63389: Ollama Platform has missing authentication enabling attackers to perform model management operations) (no fix available)"
severity="error"
/>
</file>
<file name="gradle/gradle.lockfile">
<error
source="vulnerability_critical"
line="1"
message="Insecure dependency maven/org.apache.dolphinscheduler/dolphinscheduler-task-api@3.2.1 (CVE-2024-43202: Apache Dolphinscheduler Code Injection vulnerability) (update to 3.2.2)"
severity="error"
/>
</file>
<file name="java/pom.xml">
<error
source="vulnerability_critical"
line="14"
message="Insecure dependency maven/org.apache.dolphinscheduler/dolphinscheduler-task-api@3.2.1 (CVE-2024-43202: Apache Dolphinscheduler Code Injection vulnerability) (update to 3.2.2)"
severity="error"
/>
</file>
<file name="javascript/package-lock.json">
<error
source="vulnerability_critical"
line="14"
message="Insecure dependency npm/axios@0.21.0 (CVE-2025-62718: axios: Axios: Server-Side Request Forgery and proxy bypass due to improper hostname normalization) (update to 1.15.0)"
severity="error"
/>
<error
source="vulnerability_critical"
line="14"
message="Insecure dependency npm/axios@0.21.0 (CVE-2026-40175: Axios is a promise based HTTP client for the browser and Node.js. Prio ...) (update to 1.15.0)"
severity="error"
/>
</file>
<file name="javascript/yarn.lock">
<error
source="vulnerability_critical"
line="5"
message="Insecure dependency npm/axios@0.21.0 (CVE-2025-62718: axios: Axios: Server-Side Request Forgery and proxy bypass due to improper hostname normalization) (update to 1.15.0)"
severity="error"
/>
<error
source="vulnerability_critical"
line="5"
message="Insecure dependency npm/axios@0.21.0 (CVE-2026-40175: Axios is a promise based HTTP client for the browser and Node.js. Prio ...) (update to 1.15.0)"
severity="error"
/>
</file>
<file name="python/Pipfile.lock">
<error
source="vulnerability_critical"
line="19"
message="Insecure dependency pypi/pymysql@1.1.0 (CVE-2024-36039: python-pymysql: SQL injection if used with untrusted JSON input) (update to 1.1.1)"
severity="error"
/>
</file>
<file name="ruby/Gemfile.lock">
<error
source="vulnerability_critical"
line="4"
message="Insecure dependency gem/discordrb@3.4.2 (CVE-2023-28102: GHSL-2022-094: Remote Code Execution in discordrb) (update to >= 3.4.3)"
severity="error"
/>
</file>
</checkstyle>