-
Notifications
You must be signed in to change notification settings - Fork 1
Expand file tree
/
Copy pathresults.xml
More file actions
197 lines (192 loc) · 8.83 KB
/
results.xml
File metadata and controls
197 lines (192 loc) · 8.83 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
<?xml version="1.0" encoding="utf-8"?>
<checkstyle version="1.5">
<file name="dart/pubspec.lock">
<error
source="vulnerability_high"
line="20"
message="Insecure dependency pub/dio@4.0.0 (CVE-2021-31402: dio vulnerable to CRLF injection with HTTP method string) (update to 5.0.0)"
severity="high"
/>
</file>
<file name="golang/go.mod">
<error
source="vulnerability_high"
line="7"
message="Insecure dependency golang/golang.org/x/net@v0.16.0 (CVE-2023-39325: golang: net/http, x/net/http2: rapid stream resets can cause excessive work (CVE-2023-44487)) (update to 0.17.0)"
severity="high"
/>
<error
source="vulnerability_high"
line="8"
message="Insecure dependency golang/github.com/ollama/ollama@v0.1.46 (CVE-2024-45436: Ollama can extract members of a ZIP archive outside of the parent directory) (update to 0.1.47)"
severity="high"
/>
<error
source="vulnerability_high"
line="8"
message="Insecure dependency golang/github.com/ollama/ollama@v0.1.46 (CVE-2024-12055: ollama: DoS using malicious gguf model file in ollama/ollama) (no fix available)"
severity="high"
/>
<error
source="vulnerability_high"
line="8"
message="Insecure dependency golang/github.com/ollama/ollama@v0.1.46 (CVE-2024-12886: ollama: Out-Of-Memory (OOM) Vulnerability in ollama/ollama) (no fix available)"
severity="high"
/>
<error
source="vulnerability_high"
line="8"
message="Insecure dependency golang/github.com/ollama/ollama@v0.1.46 (CVE-2025-0315: ollama: Allocation of Resources Without Limits or Throttling in ollama/ollama) (no fix available)"
severity="high"
/>
<error
source="vulnerability_high"
line="8"
message="Insecure dependency golang/github.com/ollama/ollama@v0.1.46 (CVE-2025-0317: ollama: Divide By Zero in ollama/ollama) (no fix available)"
severity="high"
/>
<error
source="vulnerability_high"
line="8"
message="Insecure dependency golang/github.com/ollama/ollama@v0.1.46 (CVE-2025-0312: ollama: NULL Pointer Dereference in ollama/ollama) (no fix available)"
severity="high"
/>
<error
source="vulnerability_high"
line="8"
message="Insecure dependency golang/github.com/ollama/ollama@v0.1.46 (CVE-2024-8063: ollama: Divide by Zero in ollama/ollama) (no fix available)"
severity="high"
/>
<error
source="vulnerability_high"
line="8"
message="Insecure dependency golang/github.com/ollama/ollama@v0.1.46 (CVE-2025-1975: ollama: Improper Validation of Array Index in ollama/ollama) (no fix available)"
severity="high"
/>
<!-- stdlib -->
<error
source="vulnerability_high"
line="5"
message="Insecure dependency golang/stdlib@v1.21.4 (CVE-2023-45288: golang: net/http, x/net/http2: unlimited number of CONTINUATION frames causes DoS) (update to 1.21.9)"
severity="high"
/>
<error
source="vulnerability_high"
line="5"
message="Insecure dependency golang/stdlib@v1.21.4 (CVE-2024-34156: encoding/gob: golang: Calling Decoder.Decode on a message which contains deeply nested structures can cause a panic due to stack exhaustion) (update to 1.22.7)"
severity="high"
/>
<error
source="vulnerability_high"
line="5"
message="Insecure dependency golang/stdlib@v1.21.4 (CVE-2025-47907: database/sql: Postgres Scan Race Condition) (update to 1.23.12)"
severity="high"
/>
<error
source="vulnerability_high"
line="5"
message="Insecure dependency golang/stdlib@v1.21.4 (CVE-2025-58183: golang: archive/tar: Unbounded allocation when parsing GNU sparse map) (update to 1.24.8)"
severity="high"
/>
<error
source="vulnerability_high"
line="5"
message="Insecure dependency golang/stdlib@v1.21.4 (CVE-2025-61729: crypto/x509: golang: Denial of Service due to excessive resource consumption via crafted certificate) (update to 1.24.11)"
severity="high"
/>
<error
source="vulnerability_high"
line="5"
message="Insecure dependency golang/stdlib@v1.21.4 (CVE-2025-61726: golang: net/url: Memory exhaustion in query parameter parsing in net/url) (update to 1.24.12)"
severity="high"
/>
<error
source="vulnerability_high"
line="5"
message="Insecure dependency golang/stdlib@v1.21.4 (CVE-2025-61728: golang: archive/zip: Excessive CPU consumption when building archive index in archive/zip) (update to 1.24.12)"
severity="high"
/>
</file>
<file name="javascript/package-lock.json">
<error
source="vulnerability_high"
line="14"
message="Insecure dependency npm/axios@0.21.0 (CVE-2021-3749: nodejs-axios: Regular expression denial of service in trim function) (update to 0.21.2)"
severity="high"
/>
<error
source="vulnerability_high"
line="14"
message="Insecure dependency npm/axios@0.21.0 (CVE-2025-27152: axios: Possible SSRF and Credential Leakage via Absolute URL in axios Requests) (update to 0.30.0)"
severity="high"
/>
<error
source="vulnerability_high"
line="14"
message="Insecure dependency npm/axios@0.21.0 (CVE-2026-25639: axios: Axios affected by Denial of Service via __proto__ Key in mergeConfig) (update to 0.30.3)"
severity="high"
/>
</file>
<file name="javascript/yarn.lock">
<error
source="vulnerability_high"
line="5"
message="Insecure dependency npm/axios@0.21.0 (CVE-2021-3749: nodejs-axios: Regular expression denial of service in trim function) (update to 0.21.2)"
severity="high"
/>
<error
source="vulnerability_high"
line="5"
message="Insecure dependency npm/axios@0.21.0 (CVE-2025-27152: axios: Possible SSRF and Credential Leakage via Absolute URL in axios Requests) (update to 0.30.0)"
severity="high"
/>
<error
source="vulnerability_high"
line="5"
message="Insecure dependency npm/axios@0.21.0 (CVE-2026-25639: axios: Axios affected by Denial of Service via __proto__ Key in mergeConfig) (update to 0.30.3)"
severity="high"
/>
</file>
<file name="python/requirements.txt">
<error
source="vulnerability_high"
line="2"
message="Insecure dependency pypi/openstack-heat@v19.0.0 (CVE-2023-1625: openstack-heat: information leak in API) (update to 20.0.0)"
severity="high"
/>
</file>
<file name="scala/build.sbt.lock">
<error
source="vulnerability_high"
line="13"
message="Insecure dependency maven/ch.qos.logback/logback-classic@1.2.3 (CVE-2023-6378: logback: serialization vulnerability in logback receiver) (update to 1.2.13)"
severity="high"
/>
</file>
<file name="swift/Package.resolved">
<error
source="vulnerability_high"
line="67"
message="Insecure dependency swift/github.com/apple/swift-nio-http2@1.2.1 (CVE-2022-0618: Denial of service via HTTP/2 HEADERS frames padding) (update to 1.20)"
severity="high"
/>
<error
source="vulnerability_high"
line="67"
message="Insecure dependency swift/github.com/apple/swift-nio-http2@1.2.1 (CVE-2022-24666: swift-nio-http2 vulnerable to denial of service via invalid HTTP/2 HEADERS frame length) (update to 1.19.2)"
severity="high"
/>
<error
source="vulnerability_high"
line="67"
message="Insecure dependency swift/github.com/apple/swift-nio-http2@1.2.1 (CVE-2022-24667: swift-nio-http2 vulnerable to denial of service via mishandled HPACK variable length integer encoding) (update to 1.19.2)"
severity="high"
/>
<error
source="vulnerability_high"
line="67"
message="Insecure dependency swift/github.com/apple/swift-nio-http2@1.2.1 (CVE-2022-24668: swift-nio-http2 vulnerable to denial of service via ALTSVC or ORIGIN frames) (update to 1.19.2)"
severity="high"
/>
</file>
</checkstyle>