github.com/ggml-org/llama.cpp
Submitted 7/15/2026, 4:54:25 AM · Status: ok
Risk grade
F
100 / 100
Findings
812
18 critical104 high639 medium3 low48 info0 on CISA KEV0ATT&CK
Showing 812 of 812 findings
Findings
- COPY with more than two arguments not ending with slashWhen a COPY command has more than two arguments, the last one should end with a slash.trivy.devops/rocm.Dockerfile:141
- COPY with more than two arguments not ending with slashWhen a COPY command has more than two arguments, the last one should end with a slash.trivy.devops/rocm.Dockerfile:130
- COPY with more than two arguments not ending with slashWhen a COPY command has more than two arguments, the last one should end with a slash.trivy.devops/musa.Dockerfile:129
- COPY with more than two arguments not ending with slashWhen a COPY command has more than two arguments, the last one should end with a slash.trivy.devops/musa.Dockerfile:118
- COPY with more than two arguments not ending with slashWhen a COPY command has more than two arguments, the last one should end with a slash.trivy.devops/intel.Dockerfile:156
- COPY with more than two arguments not ending with slashWhen a COPY command has more than two arguments, the last one should end with a slash.trivy.devops/intel.Dockerfile:144
- COPY with more than two arguments not ending with slashWhen a COPY command has more than two arguments, the last one should end with a slash.trivy.devops/cuda.Dockerfile:127
- COPY with more than two arguments not ending with slashWhen a COPY command has more than two arguments, the last one should end with a slash.trivy.devops/cuda.Dockerfile:116
- COPY with more than two arguments not ending with slashWhen a COPY command has more than two arguments, the last one should end with a slash.trivy.devops/cann.Dockerfile:159
- COPY with more than two arguments not ending with slashWhen a COPY command has more than two arguments, the last one should end with a slash.trivy.devops/cann.Dockerfile:148
- COPY with more than two arguments not ending with slashWhen a COPY command has more than two arguments, the last one should end with a slash.trivy.devops/cpu.Dockerfile:118
- COPY with more than two arguments not ending with slashWhen a COPY command has more than two arguments, the last one should end with a slash.trivy.devops/cpu.Dockerfile:107
- COPY with more than two arguments not ending with slashWhen a COPY command has more than two arguments, the last one should end with a slash.trivy.devops/zendnn.Dockerfile:111
- COPY with more than two arguments not ending with slashWhen a COPY command has more than two arguments, the last one should end with a slash.trivy.devops/zendnn.Dockerfile:100
- COPY with more than two arguments not ending with slashWhen a COPY command has more than two arguments, the last one should end with a slash.trivy.devops/vulkan.Dockerfile:121
- COPY with more than two arguments not ending with slashWhen a COPY command has more than two arguments, the last one should end with a slash.trivy.devops/vulkan.Dockerfile:110
- COPY with more than two arguments not ending with slashWhen a COPY command has more than two arguments, the last one should end with a slash.trivy.devops/s390x.Dockerfile:141
- COPY with more than two arguments not ending with slashWhen a COPY command has more than two arguments, the last one should end with a slash.trivy.devops/s390x.Dockerfile:127
- Detected generic-api-key: Detected a Generic API Key, potentially exposing access to various services and sensitive operationsDetected a Generic API Key, potentially exposing access to various services and sensitive operations.gitleaks
- Detected generic-api-key: Detected a Generic API Key, potentially exposing access to various services and sensitive operationsDetected a Generic API Key, potentially exposing access to various services and sensitive operations.gitleaks
- Avoiding SQL string concatenation: untrusted input concatenated with raw SQL query can result in SQL Injection. In order to execute raw query safely, prepared statement should be used. SQLAlchemy provAvoiding SQL string concatenation: untrusted input concatenated with raw SQL query can result in SQL Injection. In order to execute raw query safely, prepared statement should be used. SQLAlchemy provides TextualSQL to easily used prepared statement with named parameters. For com…semgrepscripts/compare-llama-bench.py:548
- Avoiding SQL string concatenation: untrusted input concatenated with raw SQL query can result in SQL Injection. In order to execute raw query safely, prepared statement should be used. SQLAlchemy provAvoiding SQL string concatenation: untrusted input concatenated with raw SQL query can result in SQL Injection. In order to execute raw query safely, prepared statement should be used. SQLAlchemy provides TextualSQL to easily used prepared statement with named parameters. For com…semgrepscripts/compare-llama-bench.py:510
- Avoiding SQL string concatenation: untrusted input concatenated with raw SQL query can result in SQL Injection. In order to execute raw query safely, prepared statement should be used. SQLAlchemy provAvoiding SQL string concatenation: untrusted input concatenated with raw SQL query can result in SQL Injection. In order to execute raw query safely, prepared statement should be used. SQLAlchemy provides TextualSQL to easily used prepared statement with named parameters. For com…semgrepscripts/compare-llama-bench.py:474
- Avoiding SQL string concatenation: untrusted input concatenated with raw SQL query can result in SQL Injection. In order to execute raw query safely, prepared statement should be used. SQLAlchemy provAvoiding SQL string concatenation: untrusted input concatenated with raw SQL query can result in SQL Injection. In order to execute raw query safely, prepared statement should be used. SQLAlchemy provides TextualSQL to easily used prepared statement with named parameters. For com…semgrepscripts/compare-llama-bench.py:362
- Avoiding SQL string concatenation: untrusted input concatenated with raw SQL query can result in SQL Injection. In order to execute raw query safely, prepared statement should be used. SQLAlchemy provAvoiding SQL string concatenation: untrusted input concatenated with raw SQL query can result in SQL Injection. In order to execute raw query safely, prepared statement should be used. SQLAlchemy provides TextualSQL to easily used prepared statement with named parameters. For com…semgrepscripts/compare-llama-bench.py:345
- Avoiding SQL string concatenation: untrusted input concatenated with raw SQL query can result in SQL Injection. In order to execute raw query safely, prepared statement should be used. SQLAlchemy provAvoiding SQL string concatenation: untrusted input concatenated with raw SQL query can result in SQL Injection. In order to execute raw query safely, prepared statement should be used. SQLAlchemy provides TextualSQL to easily used prepared statement with named parameters. For com…semgrepscripts/compare-llama-bench.py:349
- Avoiding SQL string concatenation: untrusted input concatenated with raw SQL query can result in SQL Injection. In order to execute raw query safely, prepared statement should be used. SQLAlchemy provAvoiding SQL string concatenation: untrusted input concatenated with raw SQL query can result in SQL Injection. In order to execute raw query safely, prepared statement should be used. SQLAlchemy provides TextualSQL to easily used prepared statement with named parameters. For com…semgrepscripts/compare-llama-bench.py:350
- Avoiding SQL string concatenation: untrusted input concatenated with raw SQL query can result in SQL Injection. In order to execute raw query safely, prepared statement should be used. SQLAlchemy provAvoiding SQL string concatenation: untrusted input concatenated with raw SQL query can result in SQL Injection. In order to execute raw query safely, prepared statement should be used. SQLAlchemy provides TextualSQL to easily used prepared statement with named parameters. For com…semgrepscripts/compare-llama-bench.py:355
- Avoiding SQL string concatenation: untrusted input concatenated with raw SQL query can result in SQL Injection. In order to execute raw query safely, prepared statement should be used. SQLAlchemy provAvoiding SQL string concatenation: untrusted input concatenated with raw SQL query can result in SQL Injection. In order to execute raw query safely, prepared statement should be used. SQLAlchemy provides TextualSQL to easily used prepared statement with named parameters. For com…semgrepscripts/compare-llama-bench.py:357
- By not specifying a USER, a program in the container may run as 'root'. This is a security hazard. If an attacker can control a process running as root, they may have control over the container. EnsurBy not specifying a USER, a program in the container may run as 'root'. This is a security hazard. If an attacker can control a process running as root, they may have control over the container. Ensure that the last USER in a Dockerfile is a USER other than 'root'.semgrep.devops/llama-cli-cann.Dockerfile:62
- By not specifying a USER, a program in the container may run as 'root'. This is a security hazard. If an attacker can control a process running as root, they may have control over the container. EnsurBy not specifying a USER, a program in the container may run as 'root'. This is a security hazard. If an attacker can control a process running as root, they may have control over the container. Ensure that the last USER in a Dockerfile is a USER other than 'root'.semgrep.devops/musa.Dockerfile:113
- By not specifying a USER, a program in the container may run as 'root'. This is a security hazard. If an attacker can control a process running as root, they may have control over the container. EnsurBy not specifying a USER, a program in the container may run as 'root'. This is a security hazard. If an attacker can control a process running as root, they may have control over the container. Ensure that the last USER in a Dockerfile is a USER other than 'root'.semgrep.devops/musa.Dockerfile:122
- By not specifying a USER, a program in the container may run as 'root'. This is a security hazard. If an attacker can control a process running as root, they may have control over the container. EnsurBy not specifying a USER, a program in the container may run as 'root'. This is a security hazard. If an attacker can control a process running as root, they may have control over the container. Ensure that the last USER in a Dockerfile is a USER other than 'root'.semgrep.devops/musa.Dockerfile:135
- By not specifying a USER, a program in the container may run as 'root'. This is a security hazard. If an attacker can control a process running as root, they may have control over the container. EnsurBy not specifying a USER, a program in the container may run as 'root'. This is a security hazard. If an attacker can control a process running as root, they may have control over the container. Ensure that the last USER in a Dockerfile is a USER other than 'root'.semgrep.devops/openvino.Dockerfile:211
- By not specifying a USER, a program in the container may run as 'root'. This is a security hazard. If an attacker can control a process running as root, they may have control over the container. EnsurBy not specifying a USER, a program in the container may run as 'root'. This is a security hazard. If an attacker can control a process running as root, they may have control over the container. Ensure that the last USER in a Dockerfile is a USER other than 'root'.semgrep.devops/cann.Dockerfile:139
- By not specifying a USER, a program in the container may run as 'root'. This is a security hazard. If an attacker can control a process running as root, they may have control over the container. EnsurBy not specifying a USER, a program in the container may run as 'root'. This is a security hazard. If an attacker can control a process running as root, they may have control over the container. Ensure that the last USER in a Dockerfile is a USER other than 'root'.semgrep.devops/cann.Dockerfile:150
- By not specifying a USER, a program in the container may run as 'root'. This is a security hazard. If an attacker can control a process running as root, they may have control over the container. EnsurBy not specifying a USER, a program in the container may run as 'root'. This is a security hazard. If an attacker can control a process running as root, they may have control over the container. Ensure that the last USER in a Dockerfile is a USER other than 'root'.semgrep.devops/openvino.Dockerfile:221
- By not specifying a USER, a program in the container may run as 'root'. This is a security hazard. If an attacker can control a process running as root, they may have control over the container. EnsurBy not specifying a USER, a program in the container may run as 'root'. This is a security hazard. If an attacker can control a process running as root, they may have control over the container. Ensure that the last USER in a Dockerfile is a USER other than 'root'.semgrep.devops/openvino.Dockerfile:234
- By not specifying a USER, a program in the container may run as 'root'. This is a security hazard. If an attacker can control a process running as root, they may have control over the container. EnsurBy not specifying a USER, a program in the container may run as 'root'. This is a security hazard. If an attacker can control a process running as root, they may have control over the container. Ensure that the last USER in a Dockerfile is a USER other than 'root'.semgrep.devops/rocm.Dockerfile:125
- By not specifying a USER, a program in the container may run as 'root'. This is a security hazard. If an attacker can control a process running as root, they may have control over the container. EnsurBy not specifying a USER, a program in the container may run as 'root'. This is a security hazard. If an attacker can control a process running as root, they may have control over the container. Ensure that the last USER in a Dockerfile is a USER other than 'root'.semgrep.devops/cann.Dockerfile:163
- By not specifying a USER, a program in the container may run as 'root'. This is a security hazard. If an attacker can control a process running as root, they may have control over the container. EnsurBy not specifying a USER, a program in the container may run as 'root'. This is a security hazard. If an attacker can control a process running as root, they may have control over the container. Ensure that the last USER in a Dockerfile is a USER other than 'root'.semgrep.devops/rocm.Dockerfile:134
- By not specifying a USER, a program in the container may run as 'root'. This is a security hazard. If an attacker can control a process running as root, they may have control over the container. EnsurBy not specifying a USER, a program in the container may run as 'root'. This is a security hazard. If an attacker can control a process running as root, they may have control over the container. Ensure that the last USER in a Dockerfile is a USER other than 'root'.semgrep.devops/rocm.Dockerfile:147
- By not specifying a USER, a program in the container may run as 'root'. This is a security hazard. If an attacker can control a process running as root, they may have control over the container. EnsurBy not specifying a USER, a program in the container may run as 'root'. This is a security hazard. If an attacker can control a process running as root, they may have control over the container. Ensure that the last USER in a Dockerfile is a USER other than 'root'.semgrep.devops/s390x.Dockerfile:117
- By not specifying a USER, a program in the container may run as 'root'. This is a security hazard. If an attacker can control a process running as root, they may have control over the container. EnsurBy not specifying a USER, a program in the container may run as 'root'. This is a security hazard. If an attacker can control a process running as root, they may have control over the container. Ensure that the last USER in a Dockerfile is a USER other than 'root'.semgrep.devops/s390x.Dockerfile:129
- By not specifying a USER, a program in the container may run as 'root'. This is a security hazard. If an attacker can control a process running as root, they may have control over the container. EnsurBy not specifying a USER, a program in the container may run as 'root'. This is a security hazard. If an attacker can control a process running as root, they may have control over the container. Ensure that the last USER in a Dockerfile is a USER other than 'root'.semgrep.devops/s390x.Dockerfile:145
- By not specifying a USER, a program in the container may run as 'root'. This is a security hazard. If an attacker can control a process running as root, they may have control over the container. EnsurBy not specifying a USER, a program in the container may run as 'root'. This is a security hazard. If an attacker can control a process running as root, they may have control over the container. Ensure that the last USER in a Dockerfile is a USER other than 'root'.semgrep.devops/vulkan.Dockerfile:105
- By not specifying a USER, a program in the container may run as 'root'. This is a security hazard. If an attacker can control a process running as root, they may have control over the container. EnsurBy not specifying a USER, a program in the container may run as 'root'. This is a security hazard. If an attacker can control a process running as root, they may have control over the container. Ensure that the last USER in a Dockerfile is a USER other than 'root'.semgrep.devops/vulkan.Dockerfile:114
- By not specifying a USER, a program in the container may run as 'root'. This is a security hazard. If an attacker can control a process running as root, they may have control over the container. EnsurBy not specifying a USER, a program in the container may run as 'root'. This is a security hazard. If an attacker can control a process running as root, they may have control over the container. Ensure that the last USER in a Dockerfile is a USER other than 'root'.semgrep.devops/vulkan.Dockerfile:127
- By not specifying a USER, a program in the container may run as 'root'. This is a security hazard. If an attacker can control a process running as root, they may have control over the container. EnsurBy not specifying a USER, a program in the container may run as 'root'. This is a security hazard. If an attacker can control a process running as root, they may have control over the container. Ensure that the last USER in a Dockerfile is a USER other than 'root'.semgrep.devops/zendnn.Dockerfile:95
- By not specifying a USER, a program in the container may run as 'root'. This is a security hazard. If an attacker can control a process running as root, they may have control over the container. EnsurBy not specifying a USER, a program in the container may run as 'root'. This is a security hazard. If an attacker can control a process running as root, they may have control over the container. Ensure that the last USER in a Dockerfile is a USER other than 'root'.semgrep.devops/zendnn.Dockerfile:104
- By not specifying a USER, a program in the container may run as 'root'. This is a security hazard. If an attacker can control a process running as root, they may have control over the container. EnsurBy not specifying a USER, a program in the container may run as 'root'. This is a security hazard. If an attacker can control a process running as root, they may have control over the container. Ensure that the last USER in a Dockerfile is a USER other than 'root'.semgrep.devops/zendnn.Dockerfile:117
- By not specifying a USER, a program in the container may run as 'root'. This is a security hazard. If an attacker can control a process running as root, they may have control over the container. EnsurBy not specifying a USER, a program in the container may run as 'root'. This is a security hazard. If an attacker can control a process running as root, they may have control over the container. Ensure that the last USER in a Dockerfile is a USER other than 'root'.semgrep.devops/cpu.Dockerfile:102
- By not specifying a USER, a program in the container may run as 'root'. This is a security hazard. If an attacker can control a process running as root, they may have control over the container. EnsurBy not specifying a USER, a program in the container may run as 'root'. This is a security hazard. If an attacker can control a process running as root, they may have control over the container. Ensure that the last USER in a Dockerfile is a USER other than 'root'.semgrep.devops/cpu.Dockerfile:111
- By not specifying a USER, a program in the container may run as 'root'. This is a security hazard. If an attacker can control a process running as root, they may have control over the container. EnsurBy not specifying a USER, a program in the container may run as 'root'. This is a security hazard. If an attacker can control a process running as root, they may have control over the container. Ensure that the last USER in a Dockerfile is a USER other than 'root'.semgrep.devops/cpu.Dockerfile:124
- By not specifying a USER, a program in the container may run as 'root'. This is a security hazard. If an attacker can control a process running as root, they may have control over the container. EnsurBy not specifying a USER, a program in the container may run as 'root'. This is a security hazard. If an attacker can control a process running as root, they may have control over the container. Ensure that the last USER in a Dockerfile is a USER other than 'root'.semgrep.devops/cuda.Dockerfile:111
- By not specifying a USER, a program in the container may run as 'root'. This is a security hazard. If an attacker can control a process running as root, they may have control over the container. EnsurBy not specifying a USER, a program in the container may run as 'root'. This is a security hazard. If an attacker can control a process running as root, they may have control over the container. Ensure that the last USER in a Dockerfile is a USER other than 'root'.semgrep.devops/cuda.Dockerfile:120
- By not specifying a USER, a program in the container may run as 'root'. This is a security hazard. If an attacker can control a process running as root, they may have control over the container. EnsurBy not specifying a USER, a program in the container may run as 'root'. This is a security hazard. If an attacker can control a process running as root, they may have control over the container. Ensure that the last USER in a Dockerfile is a USER other than 'root'.semgrep.devops/cuda.Dockerfile:133
- By not specifying a USER, a program in the container may run as 'root'. This is a security hazard. If an attacker can control a process running as root, they may have control over the container. EnsurBy not specifying a USER, a program in the container may run as 'root'. This is a security hazard. If an attacker can control a process running as root, they may have control over the container. Ensure that the last USER in a Dockerfile is a USER other than 'root'.semgrep.devops/intel.Dockerfile:138
- By not specifying a USER, a program in the container may run as 'root'. This is a security hazard. If an attacker can control a process running as root, they may have control over the container. EnsurBy not specifying a USER, a program in the container may run as 'root'. This is a security hazard. If an attacker can control a process running as root, they may have control over the container. Ensure that the last USER in a Dockerfile is a USER other than 'root'.semgrep.devops/intel.Dockerfile:148
- By not specifying a USER, a program in the container may run as 'root'. This is a security hazard. If an attacker can control a process running as root, they may have control over the container. EnsurBy not specifying a USER, a program in the container may run as 'root'. This is a security hazard. If an attacker can control a process running as root, they may have control over the container. Ensure that the last USER in a Dockerfile is a USER other than 'root'.semgrep.devops/intel.Dockerfile:162
- Found 'subprocess' function 'run' with 'shell=True'. This is dangerous because this call will spawn the command using a shell process. Doing so propagates current shell settings and variables, which mFound 'subprocess' function 'run' with 'shell=True'. This is dangerous because this call will spawn the command using a shell process. Doing so propagates current shell settings and variables, which makes it much easier for a malicious actor to execute commands. Use 'shell=False'…semgreptools/server/bench/bench.py:229
- Functions reliant on pickle can result in arbitrary code execution. Consider loading from `state_dict`, using fickling, or switching to a safer serialization method like ONNXsemgreptools/mtmd/legacy-models/llava_surgery_v2.py:34
- Functions reliant on pickle can result in arbitrary code execution. Consider loading from `state_dict`, using fickling, or switching to a safer serialization method like ONNXsemgreptools/tts/convert_pt_to_hf.py:26
- Functions reliant on pickle can result in arbitrary code execution. Consider loading from `state_dict`, using fickling, or switching to a safer serialization method like ONNXsemgrepconversion/base.py:251
- Functions reliant on pickle can result in arbitrary code execution. Consider loading from `state_dict`, using fickling, or switching to a safer serialization method like ONNXsemgrepconvert_lora_to_gguf.py:370
- Functions reliant on pickle can result in arbitrary code execution. Consider loading from `state_dict`, using fickling, or switching to a safer serialization method like ONNXsemgreptools/mtmd/legacy-models/llava_surgery_v2.py:25
- Functions reliant on pickle can result in arbitrary code execution. Consider loading from `state_dict`, using fickling, or switching to a safer serialization method like ONNXsemgreptools/mtmd/legacy-models/minicpmv-surgery.py:26
- Functions reliant on pickle can result in arbitrary code execution. Consider loading from `state_dict`, using fickling, or switching to a safer serialization method like ONNXsemgreptools/mtmd/legacy-models/minicpmv-surgery.py:21
- Functions reliant on pickle can result in arbitrary code execution. Consider loading from `state_dict`, using fickling, or switching to a safer serialization method like ONNXsemgreptools/mtmd/legacy-models/minicpmv-convert-image-encoder-to-gguf.py:803
- Functions reliant on pickle can result in arbitrary code execution. Consider loading from `state_dict`, using fickling, or switching to a safer serialization method like ONNXsemgreptools/mtmd/legacy-models/llava_surgery.py:26
- Functions reliant on pickle can result in arbitrary code execution. Consider loading from `state_dict`, using fickling, or switching to a safer serialization method like ONNXsemgreptools/mtmd/legacy-models/llava_surgery.py:20
- Functions reliant on pickle can result in arbitrary code execution. Consider loading from `state_dict`, using fickling, or switching to a safer serialization method like ONNXsemgreptools/mtmd/legacy-models/llava_surgery.py:13
- Functions reliant on pickle can result in arbitrary code execution. Consider loading from `state_dict`, using fickling, or switching to a safer serialization method like ONNXsemgreptools/mtmd/legacy-models/glmedge-surgery.py:24
- Functions reliant on pickle can result in arbitrary code execution. Consider loading from `state_dict`, using fickling, or switching to a safer serialization method like ONNXsemgreptools/mtmd/legacy-models/glmedge-surgery.py:19
- Functions reliant on pickle can result in arbitrary code execution. Consider loading from `state_dict`, using fickling, or switching to a safer serialization method like ONNXsemgreptools/mtmd/legacy-models/glmedge-convert-image-encoder-to-gguf.py:224
- Functions reliant on pickle can result in arbitrary code execution. Consider loading from `state_dict`, using fickling, or switching to a safer serialization method like ONNXsemgreptools/mtmd/legacy-models/convert_image_encoder_to_gguf.py:357
- Insecure WebSocket Detected. WebSocket Secure (wss) should be used for all WebSocket connections.semgreptools/ui/src/lib/utils/mcp.ts:41
- Insecure WebSocket Detected. WebSocket Secure (wss) should be used for all WebSocket connections.semgreptools/ui/tests/unit/mcp-service.test.ts:311
- Using variable interpolation `${{...}}` with `github` context data in a `run:` step could allow an attacker to inject their own code into the runner. This would allow them to steal secrets and code. `Using variable interpolation `${{...}}` with `github` context data in a `run:` step could allow an attacker to inject their own code into the runner. This would allow them to steal secrets and code. `github` context data can have arbitrary user input and should be treated as untr…semgrep.github/actions/ccache-clear/action.yml:13
- Using variable interpolation `${{...}}` with `github` context data in a `run:` step could allow an attacker to inject their own code into the runner. This would allow them to steal secrets and code. `Using variable interpolation `${{...}}` with `github` context data in a `run:` step could allow an attacker to inject their own code into the runner. This would allow them to steal secrets and code. `github` context data can have arbitrary user input and should be treated as untr…semgrep.github/actions/install-exe/action.yml:20
- Using variable interpolation `${{...}}` with `github` context data in a `run:` step could allow an attacker to inject their own code into the runner. This would allow them to steal secrets and code. `Using variable interpolation `${{...}}` with `github` context data in a `run:` step could allow an attacker to inject their own code into the runner. This would allow them to steal secrets and code. `github` context data can have arbitrary user input and should be treated as untr…semgrep.github/actions/unarchive-tar/action.yml:24
- Using variable interpolation `${{...}}` with `github` context data in a `run:` step could allow an attacker to inject their own code into the runner. This would allow them to steal secrets and code. `Using variable interpolation `${{...}}` with `github` context data in a `run:` step could allow an attacker to inject their own code into the runner. This would allow them to steal secrets and code. `github` context data can have arbitrary user input and should be treated as untr…semgrep.github/actions/windows-setup-openvino/action.yml:19
- Using variable interpolation `${{...}}` with `github` context data in a `run:` step could allow an attacker to inject their own code into the runner. This would allow them to steal secrets and code. `Using variable interpolation `${{...}}` with `github` context data in a `run:` step could allow an attacker to inject their own code into the runner. This would allow them to steal secrets and code. `github` context data can have arbitrary user input and should be treated as untr…semgrep.github/workflows/release.yml:51
- Using variable interpolation `${{...}}` with `github` context data in a `run:` step could allow an attacker to inject their own code into the runner. This would allow them to steal secrets and code. `Using variable interpolation `${{...}}` with `github` context data in a `run:` step could allow an attacker to inject their own code into the runner. This would allow them to steal secrets and code. `github` context data can have arbitrary user input and should be treated as untr…semgrep.github/workflows/ui-publish.yml:56
- Using variable interpolation `${{...}}` with `github` context data in a `run:` step could allow an attacker to inject their own code into the runner. This would allow them to steal secrets and code. `Using variable interpolation `${{...}}` with `github` context data in a `run:` step could allow an attacker to inject their own code into the runner. This would allow them to steal secrets and code. `github` context data can have arbitrary user input and should be treated as untr…semgrep.github/workflows/ui-publish.yml:66
- 'apt-get' missing '--no-install-recommends''apt-get' install should use '--no-install-recommends' to minimize image size.trivy.devops/rocm.Dockerfile:94
- 'apt-get' missing '--no-install-recommends''apt-get' install should use '--no-install-recommends' to minimize image size.trivy.devops/rocm.Dockerfile:111
- 'apt-get' missing '--no-install-recommends''apt-get' install should use '--no-install-recommends' to minimize image size.trivy.devops/rocm.Dockerfile:42
- 'apt-get' missing '--no-install-recommends''apt-get' install should use '--no-install-recommends' to minimize image size.trivy.devops/openvino.Dockerfile:130
- 'apt-get' missing '--no-install-recommends''apt-get' install should use '--no-install-recommends' to minimize image size.trivy.devops/musa.Dockerfile:82
- 'apt-get' missing '--no-install-recommends''apt-get' install should use '--no-install-recommends' to minimize image size.trivy.devops/musa.Dockerfile:99
- 'apt-get' missing '--no-install-recommends''apt-get' install should use '--no-install-recommends' to minimize image size.trivy.devops/intel.Dockerfile:27
- 'apt-get' missing '--no-install-recommends''apt-get' install should use '--no-install-recommends' to minimize image size.trivy.devops/intel.Dockerfile:120
- 'apt-get' missing '--no-install-recommends''apt-get' install should use '--no-install-recommends' to minimize image size.trivy.devops/intel.Dockerfile:104
- 'apt-get' missing '--no-install-recommends''apt-get' install should use '--no-install-recommends' to minimize image size.trivy.devops/cuda.Dockerfile:34
- 'apt-get' missing '--no-install-recommends''apt-get' install should use '--no-install-recommends' to minimize image size.trivy.devops/cuda.Dockerfile:79
- 'apt-get' missing '--no-install-recommends''apt-get' install should use '--no-install-recommends' to minimize image size.trivy.devops/cuda.Dockerfile:96
- 'apt-get' missing '--no-install-recommends''apt-get' install should use '--no-install-recommends' to minimize image size.trivy.devops/cpu.Dockerfile:71
- 'apt-get' missing '--no-install-recommends''apt-get' install should use '--no-install-recommends' to minimize image size.trivy.devops/cpu.Dockerfile:88
- 'apt-get' missing '--no-install-recommends''apt-get' install should use '--no-install-recommends' to minimize image size.trivy.devops/zendnn.Dockerfile:22
- 'apt-get' missing '--no-install-recommends''apt-get' install should use '--no-install-recommends' to minimize image size.trivy.devops/zendnn.Dockerfile:64
- 'apt-get' missing '--no-install-recommends''apt-get' install should use '--no-install-recommends' to minimize image size.trivy.devops/zendnn.Dockerfile:81
- 'apt-get' missing '--no-install-recommends''apt-get' install should use '--no-install-recommends' to minimize image size.trivy.devops/musa.Dockerfile:32
- 'apt-get' missing '--no-install-recommends''apt-get' install should use '--no-install-recommends' to minimize image size.trivy.devops/cpu.Dockerfile:24
- 'apt-get' missing '--no-install-recommends''apt-get' install should use '--no-install-recommends' to minimize image size.trivy.devops/vulkan.Dockerfile:67
- 'apt-get' missing '--no-install-recommends''apt-get' install should use '--no-install-recommends' to minimize image size.trivy.devops/vulkan.Dockerfile:89
- 'yum clean all' missingYou should use 'yum clean all' after using a 'yum install' command to clean package cached data and reduce image size.trivy.devops/llama-cli-cann.Dockerfile:12
- Image user should not be 'root'Running containers with 'root' user can lead to a container escape situation. It is a best practice to run containers as non-root users, which can be done by adding a 'USER' statement to the Dockerfile.trivy.devops/rocm.Dockerfile:0
- Image user should not be 'root'Running containers with 'root' user can lead to a container escape situation. It is a best practice to run containers as non-root users, which can be done by adding a 'USER' statement to the Dockerfile.trivy.devops/s390x.Dockerfile:0
- Image user should not be 'root'Running containers with 'root' user can lead to a container escape situation. It is a best practice to run containers as non-root users, which can be done by adding a 'USER' statement to the Dockerfile.trivy.devops/openvino.Dockerfile:0
- Image user should not be 'root'Running containers with 'root' user can lead to a container escape situation. It is a best practice to run containers as non-root users, which can be done by adding a 'USER' statement to the Dockerfile.trivy.devops/musa.Dockerfile:0
- Image user should not be 'root'Running containers with 'root' user can lead to a container escape situation. It is a best practice to run containers as non-root users, which can be done by adding a 'USER' statement to the Dockerfile.trivy.devops/llama-cli-cann.Dockerfile:0
- Image user should not be 'root'Running containers with 'root' user can lead to a container escape situation. It is a best practice to run containers as non-root users, which can be done by adding a 'USER' statement to the Dockerfile.trivy.devops/intel.Dockerfile:0
- Image user should not be 'root'Running containers with 'root' user can lead to a container escape situation. It is a best practice to run containers as non-root users, which can be done by adding a 'USER' statement to the Dockerfile.trivy.devops/cuda.Dockerfile:0
- Image user should not be 'root'Running containers with 'root' user can lead to a container escape situation. It is a best practice to run containers as non-root users, which can be done by adding a 'USER' statement to the Dockerfile.trivy.devops/cann.Dockerfile:0
- Image user should not be 'root'Running containers with 'root' user can lead to a container escape situation. It is a best practice to run containers as non-root users, which can be done by adding a 'USER' statement to the Dockerfile.trivy.devops/cpu.Dockerfile:0
- Image user should not be 'root'Running containers with 'root' user can lead to a container escape situation. It is a best practice to run containers as non-root users, which can be done by adding a 'USER' statement to the Dockerfile.trivy.devops/zendnn.Dockerfile:0
- Image user should not be 'root'Running containers with 'root' user can lead to a container escape situation. It is a best practice to run containers as non-root users, which can be done by adding a 'USER' statement to the Dockerfile.trivy.devops/vulkan.Dockerfile:0
- urllib3: urllib3 Streaming API improperly handles highly compressed dataurllib3 is a user-friendly HTTP client library for Python. Starting in version 1.0 and prior to 2.6.0, the Streaming API improperly handles highly compressed data. urllib3's streaming API is designed for the efficient handling of large HTTP responses by reading the content in chu…trivyCVE-2025-66471
- urllib3: urllib3 vulnerable to decompression-bomb safeguard bypass when following HTTP redirects (streaming API)urllib3 is an HTTP client library for Python. urllib3's streaming API is designed for the efficient handling of large HTTP responses by reading the content in chunks, rather than loading the entire response body into memory at once. urllib3 can perform decoding or decompression b…trivyCVE-2026-21441
- urllib3: urllib3: Information disclosure via cross-origin redirects forwarding sensitive headersurllib3 is an HTTP client library for Python. From 1.23 to before 2.7.0, cross-origin redirects followed from the low-level API via ProxyManager.connection_from_url().urlopen(..., assert_same_host=False) still forward these sensitive headers. This vulnerability is fixed in 2.7.0.trivyCVE-2026-44431
- urllib3: urllib3: Unbounded decompression chain leads to resource exhaustionurllib3 is a user-friendly HTTP client library for Python. Starting in version 1.24 and prior to 2.6.0, the number of links in the decompression chain was unbounded allowing a malicious server to insert a virtually unlimited number of compression steps leading to high CPU usage a…trivyCVE-2025-66418
This report is public.