Risk grade
F
100 / 100
Findings
30
0 critical10 high18 medium2 low0 info0 on CISA KEV0ATT&CK
Showing 30 of 30 findings
Findings
- Detected facebook-access-token: Discovered a Facebook Access Token, posing a risk of unauthorized access to Facebook accounts and personal data exposureDiscovered a Facebook Access Token, posing a risk of unauthorized access to Facebook accounts and personal data exposure.gitleaks
- Detected facebook-access-token: Discovered a Facebook Access Token, posing a risk of unauthorized access to Facebook accounts and personal data exposureDiscovered a Facebook Access Token, posing a risk of unauthorized access to Facebook accounts and personal data exposure.gitleaks
- Detected facebook-access-token: Discovered a Facebook Access Token, posing a risk of unauthorized access to Facebook accounts and personal data exposureDiscovered a Facebook Access Token, posing a risk of unauthorized access to Facebook accounts and personal data exposure.gitleaks
- Detected facebook-access-token: Discovered a Facebook Access Token, posing a risk of unauthorized access to Facebook accounts and personal data exposureDiscovered a Facebook Access Token, posing a risk of unauthorized access to Facebook accounts and personal data exposure.gitleaks
- Detected facebook-access-token: Discovered a Facebook Access Token, posing a risk of unauthorized access to Facebook accounts and personal data exposureDiscovered a Facebook Access Token, posing a risk of unauthorized access to Facebook accounts and personal data exposure.gitleaks
- Detected facebook-access-token: Discovered a Facebook Access Token, posing a risk of unauthorized access to Facebook accounts and personal data exposureDiscovered a Facebook Access Token, posing a risk of unauthorized access to Facebook accounts and personal data exposure.gitleaks
- Detected facebook-access-token: Discovered a Facebook Access Token, posing a risk of unauthorized access to Facebook accounts and personal data exposureDiscovered a Facebook Access Token, posing a risk of unauthorized access to Facebook accounts and personal data exposure.gitleaks
- Detected facebook-access-token: Discovered a Facebook Access Token, posing a risk of unauthorized access to Facebook accounts and personal data exposureDiscovered a Facebook Access Token, posing a risk of unauthorized access to Facebook accounts and personal data exposure.gitleaks
- Detected facebook-access-token: Discovered a Facebook Access Token, posing a risk of unauthorized access to Facebook accounts and personal data exposureDiscovered a Facebook Access Token, posing a risk of unauthorized access to Facebook accounts and personal data exposure.gitleaks
- Detected facebook-access-token: Discovered a Facebook Access Token, posing a risk of unauthorized access to Facebook accounts and personal data exposureDiscovered a Facebook Access Token, posing a risk of unauthorized access to Facebook accounts and personal data exposure.gitleaks
- Ensure that HEALTHCHECK instructions have been added to container imagesEnsure that HEALTHCHECK instructions have been added to container images on /packages/markitdown-mcp/Dockerfile.checkovpackages/markitdown-mcp/Dockerfile:1
- Ensure that HEALTHCHECK instructions have been added to container imagesEnsure that HEALTHCHECK instructions have been added to container images on /Dockerfile.checkovDockerfile:1
- Ensure top-level permissions are not set to write-allEnsure top-level permissions are not set to write-all on on(tests)checkov.github/workflows/tests.yml:0
- Ensure top-level permissions are not set to write-allEnsure top-level permissions are not set to write-all on on(pre-commit)checkov.github/workflows/pre-commit.yml:0
- Detected an element with disabled HTML escaping. If external data can reach this, this is a cross-site scripting (XSS) vulnerability. Ensure no external data can reach here, or remove 'escape=false' fDetected an element with disabled HTML escaping. If external data can reach this, this is a cross-site scripting (XSS) vulnerability. Ensure no external data can reach here, or remove 'escape=false' from this element.semgrep/tmp/scan-psc_8ebbe6a1e2676f6d4040457fcbe65fde/repo/packages/markitdown/tests/test_files/test_serp.html:17
- This link points to a plaintext HTTP URL. Prefer an encrypted HTTPS URL if possible.semgrep/tmp/scan-psc_8ebbe6a1e2676f6d4040457fcbe65fde/repo/packages/markitdown/tests/test_files/test_wikipedia.html:2130
- This link points to a plaintext HTTP URL. Prefer an encrypted HTTPS URL if possible.semgrep/tmp/scan-psc_8ebbe6a1e2676f6d4040457fcbe65fde/repo/packages/markitdown/tests/test_files/test_wikipedia.html:2122
- This link points to a plaintext HTTP URL. Prefer an encrypted HTTPS URL if possible.semgrep/tmp/scan-psc_8ebbe6a1e2676f6d4040457fcbe65fde/repo/packages/markitdown/tests/test_files/test_wikipedia.html:2120
- This link points to a plaintext HTTP URL. Prefer an encrypted HTTPS URL if possible.semgrep/tmp/scan-psc_8ebbe6a1e2676f6d4040457fcbe65fde/repo/packages/markitdown/tests/test_files/test_wikipedia.html:2112
- This link points to a plaintext HTTP URL. Prefer an encrypted HTTPS URL if possible.semgrep/tmp/scan-psc_8ebbe6a1e2676f6d4040457fcbe65fde/repo/packages/markitdown/tests/test_files/test_wikipedia.html:2107
- This link points to a plaintext HTTP URL. Prefer an encrypted HTTPS URL if possible.semgrep/tmp/scan-psc_8ebbe6a1e2676f6d4040457fcbe65fde/repo/packages/markitdown/tests/test_files/test_wikipedia.html:1452
- This link points to a plaintext HTTP URL. Prefer an encrypted HTTPS URL if possible.semgrep/tmp/scan-psc_8ebbe6a1e2676f6d4040457fcbe65fde/repo/packages/markitdown/tests/test_files/test_wikipedia.html:1448
- This tag is missing an 'integrity' subresource integrity attribute. The 'integrity' attribute allows for the browser to verify that externally hosted files (for example from a CDN) are delivered withoThis tag is missing an 'integrity' subresource integrity attribute. The 'integrity' attribute allows for the browser to verify that externally hosted files (for example from a CDN) are delivered without unexpected manipulation. Without this attribute, if an attacker can modify th…semgrep/tmp/scan-psc_8ebbe6a1e2676f6d4040457fcbe65fde/repo/packages/markitdown/tests/test_files/test_wikipedia.html:37
- This tag is missing an 'integrity' subresource integrity attribute. The 'integrity' attribute allows for the browser to verify that externally hosted files (for example from a CDN) are delivered withoThis tag is missing an 'integrity' subresource integrity attribute. The 'integrity' attribute allows for the browser to verify that externally hosted files (for example from a CDN) are delivered without unexpected manipulation. Without this attribute, if an attacker can modify th…semgrep/tmp/scan-psc_8ebbe6a1e2676f6d4040457fcbe65fde/repo/packages/markitdown/tests/test_files/test_wikipedia.html:36
- This tag is missing an 'integrity' subresource integrity attribute. The 'integrity' attribute allows for the browser to verify that externally hosted files (for example from a CDN) are delivered withoThis tag is missing an 'integrity' subresource integrity attribute. The 'integrity' attribute allows for the browser to verify that externally hosted files (for example from a CDN) are delivered without unexpected manipulation. Without this attribute, if an attacker can modify th…semgrep/tmp/scan-psc_8ebbe6a1e2676f6d4040457fcbe65fde/repo/packages/markitdown/tests/test_files/test_wikipedia.html:34
- This tag is missing an 'integrity' subresource integrity attribute. The 'integrity' attribute allows for the browser to verify that externally hosted files (for example from a CDN) are delivered withoThis tag is missing an 'integrity' subresource integrity attribute. The 'integrity' attribute allows for the browser to verify that externally hosted files (for example from a CDN) are delivered without unexpected manipulation. Without this attribute, if an attacker can modify th…semgrep/tmp/scan-psc_8ebbe6a1e2676f6d4040457fcbe65fde/repo/packages/markitdown/tests/test_files/test_wikipedia.html:33
- This tag is missing an 'integrity' subresource integrity attribute. The 'integrity' attribute allows for the browser to verify that externally hosted files (for example from a CDN) are delivered withoThis tag is missing an 'integrity' subresource integrity attribute. The 'integrity' attribute allows for the browser to verify that externally hosted files (for example from a CDN) are delivered without unexpected manipulation. Without this attribute, if an attacker can modify th…semgrep/tmp/scan-psc_8ebbe6a1e2676f6d4040457fcbe65fde/repo/packages/markitdown/tests/test_files/test_wikipedia.html:32
- This tag is missing an 'integrity' subresource integrity attribute. The 'integrity' attribute allows for the browser to verify that externally hosted files (for example from a CDN) are delivered withoThis tag is missing an 'integrity' subresource integrity attribute. The 'integrity' attribute allows for the browser to verify that externally hosted files (for example from a CDN) are delivered without unexpected manipulation. Without this attribute, if an attacker can modify th…semgrep/tmp/scan-psc_8ebbe6a1e2676f6d4040457fcbe65fde/repo/packages/markitdown/tests/test_files/test_wikipedia.html:28
- No HEALTHCHECK definedYou should add HEALTHCHECK instruction in your docker container images to perform the health check on running containers.trivyDockerfile:0
- No HEALTHCHECK definedYou should add HEALTHCHECK instruction in your docker container images to perform the health check on running containers.trivypackages/markitdown-mcp/Dockerfile:0
This report is public.