← Scan another repo

github.com/ggml-org/llama.cpp

@ 12127defda4f

Submitted 7/15/2026, 4:54:25 AM · Status: ok

Risk grade
F
100 / 100
Findings
812
18 critical104 high639 medium3 low48 info0 on CISA KEV0ATT&CK
Showing 812 of 812 findings

Findings

  • COPY with more than two arguments not ending with slash
    When a COPY command has more than two arguments, the last one should end with a slash.
    trivy.devops/rocm.Dockerfile:141
  • COPY with more than two arguments not ending with slash
    When a COPY command has more than two arguments, the last one should end with a slash.
    trivy.devops/rocm.Dockerfile:130
  • COPY with more than two arguments not ending with slash
    When a COPY command has more than two arguments, the last one should end with a slash.
    trivy.devops/musa.Dockerfile:129
  • COPY with more than two arguments not ending with slash
    When a COPY command has more than two arguments, the last one should end with a slash.
    trivy.devops/musa.Dockerfile:118
  • COPY with more than two arguments not ending with slash
    When a COPY command has more than two arguments, the last one should end with a slash.
    trivy.devops/intel.Dockerfile:156
  • COPY with more than two arguments not ending with slash
    When a COPY command has more than two arguments, the last one should end with a slash.
    trivy.devops/intel.Dockerfile:144
  • COPY with more than two arguments not ending with slash
    When a COPY command has more than two arguments, the last one should end with a slash.
    trivy.devops/cuda.Dockerfile:127
  • COPY with more than two arguments not ending with slash
    When a COPY command has more than two arguments, the last one should end with a slash.
    trivy.devops/cuda.Dockerfile:116
  • COPY with more than two arguments not ending with slash
    When a COPY command has more than two arguments, the last one should end with a slash.
    trivy.devops/cann.Dockerfile:159
  • COPY with more than two arguments not ending with slash
    When a COPY command has more than two arguments, the last one should end with a slash.
    trivy.devops/cann.Dockerfile:148
  • COPY with more than two arguments not ending with slash
    When a COPY command has more than two arguments, the last one should end with a slash.
    trivy.devops/cpu.Dockerfile:118
  • COPY with more than two arguments not ending with slash
    When a COPY command has more than two arguments, the last one should end with a slash.
    trivy.devops/cpu.Dockerfile:107
  • COPY with more than two arguments not ending with slash
    When a COPY command has more than two arguments, the last one should end with a slash.
    trivy.devops/zendnn.Dockerfile:111
  • COPY with more than two arguments not ending with slash
    When a COPY command has more than two arguments, the last one should end with a slash.
    trivy.devops/zendnn.Dockerfile:100
  • COPY with more than two arguments not ending with slash
    When a COPY command has more than two arguments, the last one should end with a slash.
    trivy.devops/vulkan.Dockerfile:121
  • COPY with more than two arguments not ending with slash
    When a COPY command has more than two arguments, the last one should end with a slash.
    trivy.devops/vulkan.Dockerfile:110
  • COPY with more than two arguments not ending with slash
    When a COPY command has more than two arguments, the last one should end with a slash.
    trivy.devops/s390x.Dockerfile:141
  • COPY with more than two arguments not ending with slash
    When a COPY command has more than two arguments, the last one should end with a slash.
    trivy.devops/s390x.Dockerfile:127
  • Detected generic-api-key: Detected a Generic API Key, potentially exposing access to various services and sensitive operations
    Detected a Generic API Key, potentially exposing access to various services and sensitive operations.
    gitleaks
  • Detected generic-api-key: Detected a Generic API Key, potentially exposing access to various services and sensitive operations
    Detected a Generic API Key, potentially exposing access to various services and sensitive operations.
    gitleaks
  • Avoiding SQL string concatenation: untrusted input concatenated with raw SQL query can result in SQL Injection. In order to execute raw query safely, prepared statement should be used. SQLAlchemy prov
    Avoiding SQL string concatenation: untrusted input concatenated with raw SQL query can result in SQL Injection. In order to execute raw query safely, prepared statement should be used. SQLAlchemy provides TextualSQL to easily used prepared statement with named parameters. For com…
    semgrepscripts/compare-llama-bench.py:548
  • Avoiding SQL string concatenation: untrusted input concatenated with raw SQL query can result in SQL Injection. In order to execute raw query safely, prepared statement should be used. SQLAlchemy prov
    Avoiding SQL string concatenation: untrusted input concatenated with raw SQL query can result in SQL Injection. In order to execute raw query safely, prepared statement should be used. SQLAlchemy provides TextualSQL to easily used prepared statement with named parameters. For com…
    semgrepscripts/compare-llama-bench.py:510
  • Avoiding SQL string concatenation: untrusted input concatenated with raw SQL query can result in SQL Injection. In order to execute raw query safely, prepared statement should be used. SQLAlchemy prov
    Avoiding SQL string concatenation: untrusted input concatenated with raw SQL query can result in SQL Injection. In order to execute raw query safely, prepared statement should be used. SQLAlchemy provides TextualSQL to easily used prepared statement with named parameters. For com…
    semgrepscripts/compare-llama-bench.py:474
  • Avoiding SQL string concatenation: untrusted input concatenated with raw SQL query can result in SQL Injection. In order to execute raw query safely, prepared statement should be used. SQLAlchemy prov
    Avoiding SQL string concatenation: untrusted input concatenated with raw SQL query can result in SQL Injection. In order to execute raw query safely, prepared statement should be used. SQLAlchemy provides TextualSQL to easily used prepared statement with named parameters. For com…
    semgrepscripts/compare-llama-bench.py:362
  • Avoiding SQL string concatenation: untrusted input concatenated with raw SQL query can result in SQL Injection. In order to execute raw query safely, prepared statement should be used. SQLAlchemy prov
    Avoiding SQL string concatenation: untrusted input concatenated with raw SQL query can result in SQL Injection. In order to execute raw query safely, prepared statement should be used. SQLAlchemy provides TextualSQL to easily used prepared statement with named parameters. For com…
    semgrepscripts/compare-llama-bench.py:345
  • Avoiding SQL string concatenation: untrusted input concatenated with raw SQL query can result in SQL Injection. In order to execute raw query safely, prepared statement should be used. SQLAlchemy prov
    Avoiding SQL string concatenation: untrusted input concatenated with raw SQL query can result in SQL Injection. In order to execute raw query safely, prepared statement should be used. SQLAlchemy provides TextualSQL to easily used prepared statement with named parameters. For com…
    semgrepscripts/compare-llama-bench.py:349
  • Avoiding SQL string concatenation: untrusted input concatenated with raw SQL query can result in SQL Injection. In order to execute raw query safely, prepared statement should be used. SQLAlchemy prov
    Avoiding SQL string concatenation: untrusted input concatenated with raw SQL query can result in SQL Injection. In order to execute raw query safely, prepared statement should be used. SQLAlchemy provides TextualSQL to easily used prepared statement with named parameters. For com…
    semgrepscripts/compare-llama-bench.py:350
  • Avoiding SQL string concatenation: untrusted input concatenated with raw SQL query can result in SQL Injection. In order to execute raw query safely, prepared statement should be used. SQLAlchemy prov
    Avoiding SQL string concatenation: untrusted input concatenated with raw SQL query can result in SQL Injection. In order to execute raw query safely, prepared statement should be used. SQLAlchemy provides TextualSQL to easily used prepared statement with named parameters. For com…
    semgrepscripts/compare-llama-bench.py:355
  • Avoiding SQL string concatenation: untrusted input concatenated with raw SQL query can result in SQL Injection. In order to execute raw query safely, prepared statement should be used. SQLAlchemy prov
    Avoiding SQL string concatenation: untrusted input concatenated with raw SQL query can result in SQL Injection. In order to execute raw query safely, prepared statement should be used. SQLAlchemy provides TextualSQL to easily used prepared statement with named parameters. For com…
    semgrepscripts/compare-llama-bench.py:357
  • By not specifying a USER, a program in the container may run as 'root'. This is a security hazard. If an attacker can control a process running as root, they may have control over the container. Ensur
    By not specifying a USER, a program in the container may run as 'root'. This is a security hazard. If an attacker can control a process running as root, they may have control over the container. Ensure that the last USER in a Dockerfile is a USER other than 'root'.
    semgrep.devops/llama-cli-cann.Dockerfile:62
  • By not specifying a USER, a program in the container may run as 'root'. This is a security hazard. If an attacker can control a process running as root, they may have control over the container. Ensur
    By not specifying a USER, a program in the container may run as 'root'. This is a security hazard. If an attacker can control a process running as root, they may have control over the container. Ensure that the last USER in a Dockerfile is a USER other than 'root'.
    semgrep.devops/musa.Dockerfile:113
  • By not specifying a USER, a program in the container may run as 'root'. This is a security hazard. If an attacker can control a process running as root, they may have control over the container. Ensur
    By not specifying a USER, a program in the container may run as 'root'. This is a security hazard. If an attacker can control a process running as root, they may have control over the container. Ensure that the last USER in a Dockerfile is a USER other than 'root'.
    semgrep.devops/musa.Dockerfile:122
  • By not specifying a USER, a program in the container may run as 'root'. This is a security hazard. If an attacker can control a process running as root, they may have control over the container. Ensur
    By not specifying a USER, a program in the container may run as 'root'. This is a security hazard. If an attacker can control a process running as root, they may have control over the container. Ensure that the last USER in a Dockerfile is a USER other than 'root'.
    semgrep.devops/musa.Dockerfile:135
  • By not specifying a USER, a program in the container may run as 'root'. This is a security hazard. If an attacker can control a process running as root, they may have control over the container. Ensur
    By not specifying a USER, a program in the container may run as 'root'. This is a security hazard. If an attacker can control a process running as root, they may have control over the container. Ensure that the last USER in a Dockerfile is a USER other than 'root'.
    semgrep.devops/openvino.Dockerfile:211
  • By not specifying a USER, a program in the container may run as 'root'. This is a security hazard. If an attacker can control a process running as root, they may have control over the container. Ensur
    By not specifying a USER, a program in the container may run as 'root'. This is a security hazard. If an attacker can control a process running as root, they may have control over the container. Ensure that the last USER in a Dockerfile is a USER other than 'root'.
    semgrep.devops/cann.Dockerfile:139
  • By not specifying a USER, a program in the container may run as 'root'. This is a security hazard. If an attacker can control a process running as root, they may have control over the container. Ensur
    By not specifying a USER, a program in the container may run as 'root'. This is a security hazard. If an attacker can control a process running as root, they may have control over the container. Ensure that the last USER in a Dockerfile is a USER other than 'root'.
    semgrep.devops/cann.Dockerfile:150
  • By not specifying a USER, a program in the container may run as 'root'. This is a security hazard. If an attacker can control a process running as root, they may have control over the container. Ensur
    By not specifying a USER, a program in the container may run as 'root'. This is a security hazard. If an attacker can control a process running as root, they may have control over the container. Ensure that the last USER in a Dockerfile is a USER other than 'root'.
    semgrep.devops/openvino.Dockerfile:221
  • By not specifying a USER, a program in the container may run as 'root'. This is a security hazard. If an attacker can control a process running as root, they may have control over the container. Ensur
    By not specifying a USER, a program in the container may run as 'root'. This is a security hazard. If an attacker can control a process running as root, they may have control over the container. Ensure that the last USER in a Dockerfile is a USER other than 'root'.
    semgrep.devops/openvino.Dockerfile:234
  • By not specifying a USER, a program in the container may run as 'root'. This is a security hazard. If an attacker can control a process running as root, they may have control over the container. Ensur
    By not specifying a USER, a program in the container may run as 'root'. This is a security hazard. If an attacker can control a process running as root, they may have control over the container. Ensure that the last USER in a Dockerfile is a USER other than 'root'.
    semgrep.devops/rocm.Dockerfile:125
  • By not specifying a USER, a program in the container may run as 'root'. This is a security hazard. If an attacker can control a process running as root, they may have control over the container. Ensur
    By not specifying a USER, a program in the container may run as 'root'. This is a security hazard. If an attacker can control a process running as root, they may have control over the container. Ensure that the last USER in a Dockerfile is a USER other than 'root'.
    semgrep.devops/cann.Dockerfile:163
  • By not specifying a USER, a program in the container may run as 'root'. This is a security hazard. If an attacker can control a process running as root, they may have control over the container. Ensur
    By not specifying a USER, a program in the container may run as 'root'. This is a security hazard. If an attacker can control a process running as root, they may have control over the container. Ensure that the last USER in a Dockerfile is a USER other than 'root'.
    semgrep.devops/rocm.Dockerfile:134
  • By not specifying a USER, a program in the container may run as 'root'. This is a security hazard. If an attacker can control a process running as root, they may have control over the container. Ensur
    By not specifying a USER, a program in the container may run as 'root'. This is a security hazard. If an attacker can control a process running as root, they may have control over the container. Ensure that the last USER in a Dockerfile is a USER other than 'root'.
    semgrep.devops/rocm.Dockerfile:147
  • By not specifying a USER, a program in the container may run as 'root'. This is a security hazard. If an attacker can control a process running as root, they may have control over the container. Ensur
    By not specifying a USER, a program in the container may run as 'root'. This is a security hazard. If an attacker can control a process running as root, they may have control over the container. Ensure that the last USER in a Dockerfile is a USER other than 'root'.
    semgrep.devops/s390x.Dockerfile:117
  • By not specifying a USER, a program in the container may run as 'root'. This is a security hazard. If an attacker can control a process running as root, they may have control over the container. Ensur
    By not specifying a USER, a program in the container may run as 'root'. This is a security hazard. If an attacker can control a process running as root, they may have control over the container. Ensure that the last USER in a Dockerfile is a USER other than 'root'.
    semgrep.devops/s390x.Dockerfile:129
  • By not specifying a USER, a program in the container may run as 'root'. This is a security hazard. If an attacker can control a process running as root, they may have control over the container. Ensur
    By not specifying a USER, a program in the container may run as 'root'. This is a security hazard. If an attacker can control a process running as root, they may have control over the container. Ensure that the last USER in a Dockerfile is a USER other than 'root'.
    semgrep.devops/s390x.Dockerfile:145
  • By not specifying a USER, a program in the container may run as 'root'. This is a security hazard. If an attacker can control a process running as root, they may have control over the container. Ensur
    By not specifying a USER, a program in the container may run as 'root'. This is a security hazard. If an attacker can control a process running as root, they may have control over the container. Ensure that the last USER in a Dockerfile is a USER other than 'root'.
    semgrep.devops/vulkan.Dockerfile:105
  • By not specifying a USER, a program in the container may run as 'root'. This is a security hazard. If an attacker can control a process running as root, they may have control over the container. Ensur
    By not specifying a USER, a program in the container may run as 'root'. This is a security hazard. If an attacker can control a process running as root, they may have control over the container. Ensure that the last USER in a Dockerfile is a USER other than 'root'.
    semgrep.devops/vulkan.Dockerfile:114
  • By not specifying a USER, a program in the container may run as 'root'. This is a security hazard. If an attacker can control a process running as root, they may have control over the container. Ensur
    By not specifying a USER, a program in the container may run as 'root'. This is a security hazard. If an attacker can control a process running as root, they may have control over the container. Ensure that the last USER in a Dockerfile is a USER other than 'root'.
    semgrep.devops/vulkan.Dockerfile:127
  • By not specifying a USER, a program in the container may run as 'root'. This is a security hazard. If an attacker can control a process running as root, they may have control over the container. Ensur
    By not specifying a USER, a program in the container may run as 'root'. This is a security hazard. If an attacker can control a process running as root, they may have control over the container. Ensure that the last USER in a Dockerfile is a USER other than 'root'.
    semgrep.devops/zendnn.Dockerfile:95
  • By not specifying a USER, a program in the container may run as 'root'. This is a security hazard. If an attacker can control a process running as root, they may have control over the container. Ensur
    By not specifying a USER, a program in the container may run as 'root'. This is a security hazard. If an attacker can control a process running as root, they may have control over the container. Ensure that the last USER in a Dockerfile is a USER other than 'root'.
    semgrep.devops/zendnn.Dockerfile:104
  • By not specifying a USER, a program in the container may run as 'root'. This is a security hazard. If an attacker can control a process running as root, they may have control over the container. Ensur
    By not specifying a USER, a program in the container may run as 'root'. This is a security hazard. If an attacker can control a process running as root, they may have control over the container. Ensure that the last USER in a Dockerfile is a USER other than 'root'.
    semgrep.devops/zendnn.Dockerfile:117
  • By not specifying a USER, a program in the container may run as 'root'. This is a security hazard. If an attacker can control a process running as root, they may have control over the container. Ensur
    By not specifying a USER, a program in the container may run as 'root'. This is a security hazard. If an attacker can control a process running as root, they may have control over the container. Ensure that the last USER in a Dockerfile is a USER other than 'root'.
    semgrep.devops/cpu.Dockerfile:102
  • By not specifying a USER, a program in the container may run as 'root'. This is a security hazard. If an attacker can control a process running as root, they may have control over the container. Ensur
    By not specifying a USER, a program in the container may run as 'root'. This is a security hazard. If an attacker can control a process running as root, they may have control over the container. Ensure that the last USER in a Dockerfile is a USER other than 'root'.
    semgrep.devops/cpu.Dockerfile:111
  • By not specifying a USER, a program in the container may run as 'root'. This is a security hazard. If an attacker can control a process running as root, they may have control over the container. Ensur
    By not specifying a USER, a program in the container may run as 'root'. This is a security hazard. If an attacker can control a process running as root, they may have control over the container. Ensure that the last USER in a Dockerfile is a USER other than 'root'.
    semgrep.devops/cpu.Dockerfile:124
  • By not specifying a USER, a program in the container may run as 'root'. This is a security hazard. If an attacker can control a process running as root, they may have control over the container. Ensur
    By not specifying a USER, a program in the container may run as 'root'. This is a security hazard. If an attacker can control a process running as root, they may have control over the container. Ensure that the last USER in a Dockerfile is a USER other than 'root'.
    semgrep.devops/cuda.Dockerfile:111
  • By not specifying a USER, a program in the container may run as 'root'. This is a security hazard. If an attacker can control a process running as root, they may have control over the container. Ensur
    By not specifying a USER, a program in the container may run as 'root'. This is a security hazard. If an attacker can control a process running as root, they may have control over the container. Ensure that the last USER in a Dockerfile is a USER other than 'root'.
    semgrep.devops/cuda.Dockerfile:120
  • By not specifying a USER, a program in the container may run as 'root'. This is a security hazard. If an attacker can control a process running as root, they may have control over the container. Ensur
    By not specifying a USER, a program in the container may run as 'root'. This is a security hazard. If an attacker can control a process running as root, they may have control over the container. Ensure that the last USER in a Dockerfile is a USER other than 'root'.
    semgrep.devops/cuda.Dockerfile:133
  • By not specifying a USER, a program in the container may run as 'root'. This is a security hazard. If an attacker can control a process running as root, they may have control over the container. Ensur
    By not specifying a USER, a program in the container may run as 'root'. This is a security hazard. If an attacker can control a process running as root, they may have control over the container. Ensure that the last USER in a Dockerfile is a USER other than 'root'.
    semgrep.devops/intel.Dockerfile:138
  • By not specifying a USER, a program in the container may run as 'root'. This is a security hazard. If an attacker can control a process running as root, they may have control over the container. Ensur
    By not specifying a USER, a program in the container may run as 'root'. This is a security hazard. If an attacker can control a process running as root, they may have control over the container. Ensure that the last USER in a Dockerfile is a USER other than 'root'.
    semgrep.devops/intel.Dockerfile:148
  • By not specifying a USER, a program in the container may run as 'root'. This is a security hazard. If an attacker can control a process running as root, they may have control over the container. Ensur
    By not specifying a USER, a program in the container may run as 'root'. This is a security hazard. If an attacker can control a process running as root, they may have control over the container. Ensure that the last USER in a Dockerfile is a USER other than 'root'.
    semgrep.devops/intel.Dockerfile:162
  • Found 'subprocess' function 'run' with 'shell=True'. This is dangerous because this call will spawn the command using a shell process. Doing so propagates current shell settings and variables, which m
    Found 'subprocess' function 'run' with 'shell=True'. This is dangerous because this call will spawn the command using a shell process. Doing so propagates current shell settings and variables, which makes it much easier for a malicious actor to execute commands. Use 'shell=False'…
    semgreptools/server/bench/bench.py:229
  • Functions reliant on pickle can result in arbitrary code execution. Consider loading from `state_dict`, using fickling, or switching to a safer serialization method like ONNX
    semgreptools/mtmd/legacy-models/llava_surgery_v2.py:34
  • Functions reliant on pickle can result in arbitrary code execution. Consider loading from `state_dict`, using fickling, or switching to a safer serialization method like ONNX
    semgreptools/tts/convert_pt_to_hf.py:26
  • Functions reliant on pickle can result in arbitrary code execution. Consider loading from `state_dict`, using fickling, or switching to a safer serialization method like ONNX
    semgrepconversion/base.py:251
  • Functions reliant on pickle can result in arbitrary code execution. Consider loading from `state_dict`, using fickling, or switching to a safer serialization method like ONNX
    semgrepconvert_lora_to_gguf.py:370
  • Functions reliant on pickle can result in arbitrary code execution. Consider loading from `state_dict`, using fickling, or switching to a safer serialization method like ONNX
    semgreptools/mtmd/legacy-models/llava_surgery_v2.py:25
  • Functions reliant on pickle can result in arbitrary code execution. Consider loading from `state_dict`, using fickling, or switching to a safer serialization method like ONNX
    semgreptools/mtmd/legacy-models/minicpmv-surgery.py:26
  • Functions reliant on pickle can result in arbitrary code execution. Consider loading from `state_dict`, using fickling, or switching to a safer serialization method like ONNX
    semgreptools/mtmd/legacy-models/minicpmv-surgery.py:21
  • Functions reliant on pickle can result in arbitrary code execution. Consider loading from `state_dict`, using fickling, or switching to a safer serialization method like ONNX
    semgreptools/mtmd/legacy-models/minicpmv-convert-image-encoder-to-gguf.py:803
  • Functions reliant on pickle can result in arbitrary code execution. Consider loading from `state_dict`, using fickling, or switching to a safer serialization method like ONNX
    semgreptools/mtmd/legacy-models/llava_surgery.py:26
  • Functions reliant on pickle can result in arbitrary code execution. Consider loading from `state_dict`, using fickling, or switching to a safer serialization method like ONNX
    semgreptools/mtmd/legacy-models/llava_surgery.py:20
  • Functions reliant on pickle can result in arbitrary code execution. Consider loading from `state_dict`, using fickling, or switching to a safer serialization method like ONNX
    semgreptools/mtmd/legacy-models/llava_surgery.py:13
  • Functions reliant on pickle can result in arbitrary code execution. Consider loading from `state_dict`, using fickling, or switching to a safer serialization method like ONNX
    semgreptools/mtmd/legacy-models/glmedge-surgery.py:24
  • Functions reliant on pickle can result in arbitrary code execution. Consider loading from `state_dict`, using fickling, or switching to a safer serialization method like ONNX
    semgreptools/mtmd/legacy-models/glmedge-surgery.py:19
  • Functions reliant on pickle can result in arbitrary code execution. Consider loading from `state_dict`, using fickling, or switching to a safer serialization method like ONNX
    semgreptools/mtmd/legacy-models/glmedge-convert-image-encoder-to-gguf.py:224
  • Functions reliant on pickle can result in arbitrary code execution. Consider loading from `state_dict`, using fickling, or switching to a safer serialization method like ONNX
    semgreptools/mtmd/legacy-models/convert_image_encoder_to_gguf.py:357
  • Insecure WebSocket Detected. WebSocket Secure (wss) should be used for all WebSocket connections.
    semgreptools/ui/src/lib/utils/mcp.ts:41
  • Insecure WebSocket Detected. WebSocket Secure (wss) should be used for all WebSocket connections.
    semgreptools/ui/tests/unit/mcp-service.test.ts:311
  • Using variable interpolation `${{...}}` with `github` context data in a `run:` step could allow an attacker to inject their own code into the runner. This would allow them to steal secrets and code. `
    Using variable interpolation `${{...}}` with `github` context data in a `run:` step could allow an attacker to inject their own code into the runner. This would allow them to steal secrets and code. `github` context data can have arbitrary user input and should be treated as untr…
    semgrep.github/actions/ccache-clear/action.yml:13
  • Using variable interpolation `${{...}}` with `github` context data in a `run:` step could allow an attacker to inject their own code into the runner. This would allow them to steal secrets and code. `
    Using variable interpolation `${{...}}` with `github` context data in a `run:` step could allow an attacker to inject their own code into the runner. This would allow them to steal secrets and code. `github` context data can have arbitrary user input and should be treated as untr…
    semgrep.github/actions/install-exe/action.yml:20
  • Using variable interpolation `${{...}}` with `github` context data in a `run:` step could allow an attacker to inject their own code into the runner. This would allow them to steal secrets and code. `
    Using variable interpolation `${{...}}` with `github` context data in a `run:` step could allow an attacker to inject their own code into the runner. This would allow them to steal secrets and code. `github` context data can have arbitrary user input and should be treated as untr…
    semgrep.github/actions/unarchive-tar/action.yml:24
  • Using variable interpolation `${{...}}` with `github` context data in a `run:` step could allow an attacker to inject their own code into the runner. This would allow them to steal secrets and code. `
    Using variable interpolation `${{...}}` with `github` context data in a `run:` step could allow an attacker to inject their own code into the runner. This would allow them to steal secrets and code. `github` context data can have arbitrary user input and should be treated as untr…
    semgrep.github/actions/windows-setup-openvino/action.yml:19
  • Using variable interpolation `${{...}}` with `github` context data in a `run:` step could allow an attacker to inject their own code into the runner. This would allow them to steal secrets and code. `
    Using variable interpolation `${{...}}` with `github` context data in a `run:` step could allow an attacker to inject their own code into the runner. This would allow them to steal secrets and code. `github` context data can have arbitrary user input and should be treated as untr…
    semgrep.github/workflows/release.yml:51
  • Using variable interpolation `${{...}}` with `github` context data in a `run:` step could allow an attacker to inject their own code into the runner. This would allow them to steal secrets and code. `
    Using variable interpolation `${{...}}` with `github` context data in a `run:` step could allow an attacker to inject their own code into the runner. This would allow them to steal secrets and code. `github` context data can have arbitrary user input and should be treated as untr…
    semgrep.github/workflows/ui-publish.yml:56
  • Using variable interpolation `${{...}}` with `github` context data in a `run:` step could allow an attacker to inject their own code into the runner. This would allow them to steal secrets and code. `
    Using variable interpolation `${{...}}` with `github` context data in a `run:` step could allow an attacker to inject their own code into the runner. This would allow them to steal secrets and code. `github` context data can have arbitrary user input and should be treated as untr…
    semgrep.github/workflows/ui-publish.yml:66
  • 'apt-get' missing '--no-install-recommends'
    'apt-get' install should use '--no-install-recommends' to minimize image size.
    trivy.devops/rocm.Dockerfile:94
  • 'apt-get' missing '--no-install-recommends'
    'apt-get' install should use '--no-install-recommends' to minimize image size.
    trivy.devops/rocm.Dockerfile:111
  • 'apt-get' missing '--no-install-recommends'
    'apt-get' install should use '--no-install-recommends' to minimize image size.
    trivy.devops/rocm.Dockerfile:42
  • 'apt-get' missing '--no-install-recommends'
    'apt-get' install should use '--no-install-recommends' to minimize image size.
    trivy.devops/openvino.Dockerfile:130
  • 'apt-get' missing '--no-install-recommends'
    'apt-get' install should use '--no-install-recommends' to minimize image size.
    trivy.devops/musa.Dockerfile:82
  • 'apt-get' missing '--no-install-recommends'
    'apt-get' install should use '--no-install-recommends' to minimize image size.
    trivy.devops/musa.Dockerfile:99
  • 'apt-get' missing '--no-install-recommends'
    'apt-get' install should use '--no-install-recommends' to minimize image size.
    trivy.devops/intel.Dockerfile:27
  • 'apt-get' missing '--no-install-recommends'
    'apt-get' install should use '--no-install-recommends' to minimize image size.
    trivy.devops/intel.Dockerfile:120
  • 'apt-get' missing '--no-install-recommends'
    'apt-get' install should use '--no-install-recommends' to minimize image size.
    trivy.devops/intel.Dockerfile:104
  • 'apt-get' missing '--no-install-recommends'
    'apt-get' install should use '--no-install-recommends' to minimize image size.
    trivy.devops/cuda.Dockerfile:34
  • 'apt-get' missing '--no-install-recommends'
    'apt-get' install should use '--no-install-recommends' to minimize image size.
    trivy.devops/cuda.Dockerfile:79
  • 'apt-get' missing '--no-install-recommends'
    'apt-get' install should use '--no-install-recommends' to minimize image size.
    trivy.devops/cuda.Dockerfile:96
  • 'apt-get' missing '--no-install-recommends'
    'apt-get' install should use '--no-install-recommends' to minimize image size.
    trivy.devops/cpu.Dockerfile:71
  • 'apt-get' missing '--no-install-recommends'
    'apt-get' install should use '--no-install-recommends' to minimize image size.
    trivy.devops/cpu.Dockerfile:88
  • 'apt-get' missing '--no-install-recommends'
    'apt-get' install should use '--no-install-recommends' to minimize image size.
    trivy.devops/zendnn.Dockerfile:22
  • 'apt-get' missing '--no-install-recommends'
    'apt-get' install should use '--no-install-recommends' to minimize image size.
    trivy.devops/zendnn.Dockerfile:64
  • 'apt-get' missing '--no-install-recommends'
    'apt-get' install should use '--no-install-recommends' to minimize image size.
    trivy.devops/zendnn.Dockerfile:81
  • 'apt-get' missing '--no-install-recommends'
    'apt-get' install should use '--no-install-recommends' to minimize image size.
    trivy.devops/musa.Dockerfile:32
  • 'apt-get' missing '--no-install-recommends'
    'apt-get' install should use '--no-install-recommends' to minimize image size.
    trivy.devops/cpu.Dockerfile:24
  • 'apt-get' missing '--no-install-recommends'
    'apt-get' install should use '--no-install-recommends' to minimize image size.
    trivy.devops/vulkan.Dockerfile:67
  • 'apt-get' missing '--no-install-recommends'
    'apt-get' install should use '--no-install-recommends' to minimize image size.
    trivy.devops/vulkan.Dockerfile:89
  • 'yum clean all' missing
    You should use 'yum clean all' after using a 'yum install' command to clean package cached data and reduce image size.
    trivy.devops/llama-cli-cann.Dockerfile:12
  • Image user should not be 'root'
    Running containers with 'root' user can lead to a container escape situation. It is a best practice to run containers as non-root users, which can be done by adding a 'USER' statement to the Dockerfile.
    trivy.devops/rocm.Dockerfile:0
  • Image user should not be 'root'
    Running containers with 'root' user can lead to a container escape situation. It is a best practice to run containers as non-root users, which can be done by adding a 'USER' statement to the Dockerfile.
    trivy.devops/s390x.Dockerfile:0
  • Image user should not be 'root'
    Running containers with 'root' user can lead to a container escape situation. It is a best practice to run containers as non-root users, which can be done by adding a 'USER' statement to the Dockerfile.
    trivy.devops/openvino.Dockerfile:0
  • Image user should not be 'root'
    Running containers with 'root' user can lead to a container escape situation. It is a best practice to run containers as non-root users, which can be done by adding a 'USER' statement to the Dockerfile.
    trivy.devops/musa.Dockerfile:0
  • Image user should not be 'root'
    Running containers with 'root' user can lead to a container escape situation. It is a best practice to run containers as non-root users, which can be done by adding a 'USER' statement to the Dockerfile.
    trivy.devops/llama-cli-cann.Dockerfile:0
  • Image user should not be 'root'
    Running containers with 'root' user can lead to a container escape situation. It is a best practice to run containers as non-root users, which can be done by adding a 'USER' statement to the Dockerfile.
    trivy.devops/intel.Dockerfile:0
  • Image user should not be 'root'
    Running containers with 'root' user can lead to a container escape situation. It is a best practice to run containers as non-root users, which can be done by adding a 'USER' statement to the Dockerfile.
    trivy.devops/cuda.Dockerfile:0
  • Image user should not be 'root'
    Running containers with 'root' user can lead to a container escape situation. It is a best practice to run containers as non-root users, which can be done by adding a 'USER' statement to the Dockerfile.
    trivy.devops/cann.Dockerfile:0
  • Image user should not be 'root'
    Running containers with 'root' user can lead to a container escape situation. It is a best practice to run containers as non-root users, which can be done by adding a 'USER' statement to the Dockerfile.
    trivy.devops/cpu.Dockerfile:0
  • Image user should not be 'root'
    Running containers with 'root' user can lead to a container escape situation. It is a best practice to run containers as non-root users, which can be done by adding a 'USER' statement to the Dockerfile.
    trivy.devops/zendnn.Dockerfile:0
  • Image user should not be 'root'
    Running containers with 'root' user can lead to a container escape situation. It is a best practice to run containers as non-root users, which can be done by adding a 'USER' statement to the Dockerfile.
    trivy.devops/vulkan.Dockerfile:0
  • urllib3: urllib3 Streaming API improperly handles highly compressed data
    urllib3 is a user-friendly HTTP client library for Python. Starting in version 1.0 and prior to 2.6.0, the Streaming API improperly handles highly compressed data. urllib3's streaming API is designed for the efficient handling of large HTTP responses by reading the content in chu…
    trivyCVE-2025-66471
  • urllib3: urllib3 vulnerable to decompression-bomb safeguard bypass when following HTTP redirects (streaming API)
    urllib3 is an HTTP client library for Python. urllib3's streaming API is designed for the efficient handling of large HTTP responses by reading the content in chunks, rather than loading the entire response body into memory at once. urllib3 can perform decoding or decompression b…
    trivyCVE-2026-21441
  • urllib3: urllib3: Information disclosure via cross-origin redirects forwarding sensitive headers
    urllib3 is an HTTP client library for Python. From 1.23 to before 2.7.0, cross-origin redirects followed from the low-level API via ProxyManager.connection_from_url().urlopen(..., assert_same_host=False) still forward these sensitive headers. This vulnerability is fixed in 2.7.0.
    trivyCVE-2026-44431
  • urllib3: urllib3: Unbounded decompression chain leads to resource exhaustion
    urllib3 is a user-friendly HTTP client library for Python. Starting in version 1.24 and prior to 2.6.0, the number of links in the decompression chain was unbounded allowing a malicious server to insert a virtually unlimited number of compression steps leading to high CPU usage a…
    trivyCVE-2025-66418

This report is public.