Skip to content

Feature bl 1 06012026 #9

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
levine-cycode wants to merge 2 commits into
base: main
Choose a base branch
from
Open

Feature bl 1 06012026 #9

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
27357b3
Add files via upload
levine-cycode Jun 1, 2026
d18a2cb
Create app_setting.py
levine-cycode Jun 1, 2026
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
19 changes: 19 additions & 0 deletions app.py
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,19 @@
from flask import Flask, request, jsonify
from converter_service import ConversionService

app = Flask(__name__)
conversion_service = ConversionService()


@app.route('/api/convert', methods=['POST'])
def convert_document():
data = request.get_json()
filename = data.get('filename')
output_format = data.get('format', 'pdf')

result = conversion_service.convert(filename, output_format)
return jsonify(result)


if __name__ == '__main__':
app.run(debug=True)

Check failure on line 19 in app.py

View check run for this annotation

Cycode Security / Cycode: SAST

app.py#L19 

Usage of Flask debug mode found
Copy link
Copy Markdown

@cycode-security cycode-security Bot Jun 1, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Cycode: SAST violation: 'Usage of Flask debug mode'.

Severity: Medium

Description

Enabling Flask's debug mode exposes sensitive internal information through detailed error messages, stack traces, and the interactive Werkzeug debugger. This can allow attackers to discover application internals, leak environment variables, or even execute arbitrary code.

Cycode Remediation Guideline

✅ Do

  • Do ensure debug mode is disabled in all production deployments of Flask applications.
  • Do use environment-specific configuration files or variables to control debug mode, keeping sensitive configurations out of source code.
  • Do explicitly set debug=False:
from flask import Flask
app = Flask(__name__)
app.run(debug=False)

❌ Don't

  • Do not set debug mode True in code that is deployed.
from flask import Flask
app = Flask(__name__)
app.run(debug=True) # This should be avoided
  • Do not rely on default Flask settings—always explicitly set debug mode off.

📋 References

🎥 Learning materials (by Secure Code Warrior)

Tell us how you wish to proceed using one of the following commands:

Tag Short Description
#cycode_sast_ignore_here <reason> Ignore this violation — applies to this violation only
#cycode_ai_remediation Request remediation guidance using Cycode AI
#cycode_sast_false_positive <reason> Mark as false positive — applies to this violation only

⚠️ When commenting on Github, you may need to refresh the page to see the latest updates.

33 changes: 33 additions & 0 deletions app_setting.py
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,33 @@
"""Application configuration settings."""

import os

# Database
DATABASE_HOST = os.getenv("DB_HOST", "db.internal.example.com")
DATABASE_PORT = 5432
DATABASE_NAME = "app_production"
DATABASE_USER = "app_service"
DATABASE_PASSWORD = "Pr0d_Db!S3cureP@ss2025"

Check failure on line 10 in app_setting.py

View check run for this annotation

Cycode Security / Cycode: Secrets

app_setting.py#L10 

Generic Password found
Copy link
Copy Markdown

@cycode-security cycode-security Bot Jun 1, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Cycode: Secret of type: 'Generic Password' was found.
Severity: Medium
Confidence Score: 99%
SHA: 1c68f01c3a

Description

A generic secret or password is an authentication token used to access a computer or application and is assigned to a password variable.

Cycode Remediation Guideline

❗ How to revoke

  • Change the password or secret in the system or application where it is used.
  • Update any services, applications, or scripts that use the old password or secret with the new one.
  • Invalidate any sessions or tokens that were authenticated using the old password or secret.

Tell us how you wish to proceed using one of the following commands:

Tag Short Description
#cycode_secret_false_positive <reason> Applies to this secret value for all repos in your organization
#cycode_secret_ignore_here <reason> Applies to this request only
#cycode_secret_ignore_everywhere <reason> Applies to this secret value for all repos in your organization
#cycode_secret_revoked Applies to this secret value for all repos in your organization

⚠️ When commenting on Github, you may need to refresh the page to see the latest updates.


# GitHub integration
GITHUB_PAT = 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

Check failure on line 13 in app_setting.py

View check run for this annotation

Cycode Security / Cycode: Secrets

app_setting.py#L13 

Github Fine Grained Token found
Copy link
Copy Markdown

@cycode-security cycode-security Bot Jun 1, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Cycode: Secret of type: 'Github Fine Grained Token' was found.
Severity: High
SHA: 928f3a513f

Description

GitHub is a web-based platform for hosting and collaborating on software projects. Fine-grained personal access tokens (PATs) are a new type of personal access token introduced by GitHub that offer enhanced security to developers and organization owners.

Cycode Remediation Guideline

❗ How to revoke

  • Log in to your GitHub account.
  • Navigate to Settings.
  • Select Developer settings.
  • Click on Personal access tokens.
  • Locate the fine-grained token you need to revoke.
  • Click the Revoke button next to the token.
  • Confirm the revocation when prompted.

Tell us how you wish to proceed using one of the following commands:

Tag Short Description
#cycode_secret_false_positive <reason> Applies to this secret value for all repos in your organization
#cycode_secret_ignore_here <reason> Applies to this request only
#cycode_secret_ignore_everywhere <reason> Applies to this secret value for all repos in your organization
#cycode_secret_revoked Applies to this secret value for all repos in your organization

⚠️ When commenting on Github, you may need to refresh the page to see the latest updates.

GITHUB_ORG = "acme-corp"
GITHUB_WEBHOOK_SECRET = "whsec_k7Gm2pLqX9vNdR4tYbA1cEfHjW8uZoSi"

Check failure on line 15 in app_setting.py

View check run for this annotation

Cycode Security / Cycode: Secrets

app_setting.py#L15 

Stripe Webhook Secret found
Copy link
Copy Markdown

@cycode-security cycode-security Bot Jun 1, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Cycode: Secret of type: 'Stripe Webhook Secret' was found.
Severity: High
SHA: 5394326e24

Description

A Stripe webhook is a way for Stripe to send real-time updates to your application about events that happen on your Stripe account. To use webhooks, a webhook secret is required

Cycode Remediation Guideline

❗ How to revoke

  • Log in to your Stripe Dashboard.
  • Navigate to the "Developers" section and select "Webhooks".
  • Find the webhook endpoint associated with the secret you need to revoke.
  • Click on the webhook endpoint to view its details.
  • Click "Reveal" to view the current webhook secret.
  • Click "Rotate secret" to generate a new webhook secret.
  • Update your application to use the new webhook secret.
  • Verify that the new webhook secret is working by sending a test webhook event from the Stripe Dashboard.
  • Delete or disable the old webhook secret to ensure it is no longer in use.

Tell us how you wish to proceed using one of the following commands:

Tag Short Description
#cycode_secret_false_positive <reason> Applies to this secret value for all repos in your organization
#cycode_secret_ignore_here <reason> Applies to this request only
#cycode_secret_ignore_everywhere <reason> Applies to this secret value for all repos in your organization
#cycode_secret_revoked Applies to this secret value for all repos in your organization

⚠️ When commenting on Github, you may need to refresh the page to see the latest updates.


# AWS credentials
AWS_ACCESS_KEY_ID = "AKIAUVIGFTH6XXIAP3NB"

Check failure on line 18 in app_setting.py

View check run for this annotation

Cycode Security / Cycode: Secrets

app_setting.py#L18 

Aws Access Key Id found
Copy link
Copy Markdown

@cycode-security cycode-security Bot Jun 1, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Cycode: Secret of type: 'Aws Access Key Id' was found.
Severity: Low
SHA: b1549479ee

Description

An AWS (Amazon Web Services) access key ID is a unique identifier that is used to authenticate and authorize access to the AWS Management Console and the various AWS services and resources. An AWS access key ID consists of two parts: an access key ID and a secret access key.

Cycode Remediation Guideline

❗ How to revoke

  • Sign in to the AWS Management Console.
  • Navigate to the IAM (Identity and Access Management) dashboard.
  • Select "Users" from the navigation pane.
  • Choose the user whose access key needs to be revoked.
  • Click on the "Security credentials" tab.
  • Locate the access key ID that needs to be revoked.
  • Click on the "Make inactive" button next to the access key ID.
  • Confirm the action to deactivate the access key.
  • Click on the "Delete" button next to the inactive access key ID.
  • Confirm the deletion of the access key.

Tell us how you wish to proceed using one of the following commands:

Tag Short Description
#cycode_secret_false_positive <reason> Applies to this secret value for all repos in your organization
#cycode_secret_ignore_here <reason> Applies to this request only
#cycode_secret_ignore_everywhere <reason> Applies to this secret value for all repos in your organization
#cycode_secret_revoked Applies to this secret value for all repos in your organization

⚠️ When commenting on Github, you may need to refresh the page to see the latest updates.

AWS_SECRET_ACCESS_KEY = "to21HQaNhBqBajpAnAodU8P8lthdaPJOgdy+y1w6"

Check failure on line 19 in app_setting.py

View check run for this annotation

Cycode Security / Cycode: Secrets

app_setting.py#L19 

Aws Secret Access Key found
Copy link
Copy Markdown

@cycode-security cycode-security Bot Jun 1, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Cycode: Secret of type: 'Aws Secret Access Key' was found.
Severity: Critical
SHA: 722b5fd14a

Description

Alongside with with an AWS access key , the AWS secret access key is a string of characters that is used in to sign and authenticate requests to AWS service

Cycode Remediation Guideline

❗ How to revoke

  • Sign in to the AWS Management Console.
  • Navigate to the IAM (Identity and Access Management) service.
  • Select "Users" from the navigation pane.
  • Choose the user whose secret access key you need to revoke.
  • Click on the "Security credentials" tab.
  • Find the access key associated with the secret access key.
  • Click "Deactivate" next to the access key.
  • Click "Delete" to permanently remove the access key.
  • Generate a new access key and secret access key if needed.
  • Update any applications or services with the new access key and secret access key.

Tell us how you wish to proceed using one of the following commands:

Tag Short Description
#cycode_secret_false_positive <reason> Applies to this secret value for all repos in your organization
#cycode_secret_ignore_here <reason> Applies to this request only
#cycode_secret_ignore_everywhere <reason> Applies to this secret value for all repos in your organization
#cycode_secret_revoked Applies to this secret value for all repos in your organization

⚠️ When commenting on Github, you may need to refresh the page to see the latest updates.

AWS_REGION = "us-east-2"

# Slack notifications
SLACK_BOT_TOKEN = "xoxb-8294716350192-6738201459283-qN7vXpLm2KdRtYwBs5jH1gFe"

Check failure on line 23 in app_setting.py

View check run for this annotation

Cycode Security / Cycode: Secrets

app_setting.py#L23 

Slack Token found
Copy link
Copy Markdown

@cycode-security cycode-security Bot Jun 1, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Cycode: Secret of type: 'Slack Token' was found.
Severity: Medium
SHA: 2c80c51413

Description

In the scope of the Slack API, a token is an identifier that is used to authenticate Slack app app when making API requests

Cycode Remediation Guideline

❗ How to revoke

  • Navigate to the Slack API dashboard at https://api.slack.com/.
  • Log in with your Slack account credentials.
  • Go to the "Your Apps" section and select the app associated with the token.
  • Click on the "OAuth & Permissions" tab.
  • Scroll down to the "OAuth Tokens for Your Workspace" section.
  • Locate the token you need to revoke and click the "Revoke" button next to it.
  • Generate a new token if necessary and update your application with the new token.

Tell us how you wish to proceed using one of the following commands:

Tag Short Description
#cycode_secret_false_positive <reason> Applies to this secret value for all repos in your organization
#cycode_secret_ignore_here <reason> Applies to this request only
#cycode_secret_ignore_everywhere <reason> Applies to this secret value for all repos in your organization
#cycode_secret_revoked Applies to this secret value for all repos in your organization

⚠️ When commenting on Github, you may need to refresh the page to see the latest updates.

SLACK_WEBHOOK_URL = "https://hooks.slack.com/services/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"

Check failure on line 24 in app_setting.py

View check run for this annotation

Cycode Security / Cycode: Secrets

app_setting.py#L24 

Slack Webhook found
Copy link
Copy Markdown

@cycode-security cycode-security Bot Jun 1, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Cycode: Secret of type: 'Slack Webhook' was found.
Severity: Medium
SHA: e6f1594b2d

Description

A Slack webhook is a way to send a message to a Slack channel or conversation using the Slack API. Webhooks allow you to send data to a Slack channel or conversation using a simple HTTP request, without the need for a user to be present in the channel or to have a Slack bot or app installed.

Cycode Remediation Guideline

❗ How to revoke

  • Navigate to the Slack App management page.
  • Locate the app associated with the webhook.
  • Delete the webhook URL or the entire app if no longer needed.
  • Create a new webhook URL if necessary.
  • Update any systems or scripts to use the new webhook URL.

Tell us how you wish to proceed using one of the following commands:

Tag Short Description
#cycode_secret_false_positive <reason> Applies to this secret value for all repos in your organization
#cycode_secret_ignore_here <reason> Applies to this request only
#cycode_secret_ignore_everywhere <reason> Applies to this secret value for all repos in your organization
#cycode_secret_revoked Applies to this secret value for all repos in your organization

⚠️ When commenting on Github, you may need to refresh the page to see the latest updates.


# Stripe payments
STRIPE_SECRET_KEY = "sk_live_51NqR7kGv2Hx8LmTpYbWdJfKs4XcZeA9uOiPn3VrBtMwCyDgEhFj"

Check failure on line 27 in app_setting.py

View check run for this annotation

Cycode Security / Cycode: Secrets

app_setting.py#L27 

Stripe Api Key found
Copy link
Copy Markdown

@cycode-security cycode-security Bot Jun 1, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Cycode: Secret of type: 'Stripe Api Key' was found.
Severity: High
SHA: c25d1c3b9b

Description

Stripe is a payment processing platform that allows businesses to accept payments online. To use the Stripe API, an API key is required

Cycode Remediation Guideline

❗ How to revoke

  • Log in to your Stripe Dashboard.
  • Navigate to the "Developers" section and select "API keys".
  • Locate the compromised API key and click "Revoke Key".
  • Generate a new API key by clicking "Create secret key".
  • Update your application to use the new API key.
  • Verify that the new API key is functioning correctly in your application.

Tell us how you wish to proceed using one of the following commands:

Tag Short Description
#cycode_secret_false_positive <reason> Applies to this secret value for all repos in your organization
#cycode_secret_ignore_here <reason> Applies to this request only
#cycode_secret_ignore_everywhere <reason> Applies to this secret value for all repos in your organization
#cycode_secret_revoked Applies to this secret value for all repos in your organization

⚠️ When commenting on Github, you may need to refresh the page to see the latest updates.

STRIPE_PUBLISHABLE_KEY = "pk_test_placeholder"

# JWT signing
JWT_SECRET_KEY = "xK9#mP2$vL5nQ8wR1tY4bJ7gF0hD3cA6e"

Check failure on line 31 in app_setting.py

View check run for this annotation

Cycode Security / Cycode: Secrets

app_setting.py#L31 

Generic Password found
Copy link
Copy Markdown

@cycode-security cycode-security Bot Jun 1, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Cycode: Secret of type: 'Generic Password' was found.
Severity: Medium
Confidence Score: 99%
SHA: b6a6f98819

Description

A generic secret or password is an authentication token used to access a computer or application and is assigned to a password variable.

Cycode Remediation Guideline

❗ How to revoke

  • Change the password or secret in the system or application where it is used.
  • Update any services, applications, or scripts that use the old password or secret with the new one.
  • Invalidate any sessions or tokens that were authenticated using the old password or secret.

Tell us how you wish to proceed using one of the following commands:

Tag Short Description
#cycode_secret_false_positive <reason> Applies to this secret value for all repos in your organization
#cycode_secret_ignore_here <reason> Applies to this request only
#cycode_secret_ignore_everywhere <reason> Applies to this secret value for all repos in your organization
#cycode_secret_revoked Applies to this secret value for all repos in your organization

⚠️ When commenting on Github, you may need to refresh the page to see the latest updates.

JWT_ALGORITHM = "HS256"
JWT_EXPIRATION_HOURS = 24
10 changes: 10 additions & 0 deletions requirements.txt
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,10 @@
# Python dependencies with known vulnerabilities (SCA triggers)

# Critical vulnerabilities
flask==1.0.2

Check failure on line 4 in requirements.txt

View check run for this annotation

Cycode Security / Cycode: Vulnerable Dependencies

requirements.txt#L4 

Vulnerability found in dependency found
Copy link
Copy Markdown

@cycode-security cycode-security Bot Jun 1, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Cycode: Security vulnerabilities found in newly introduced dependency.
Ecosystem PyPI
Dependency flask
Dependency Paths flask 1.0.2
Direct Dependency Yes

The following vulnerabilities were introduced:

GHSA CVE Severity Fixed Version
GHSA-m2qf-hxjv-5gpq CVE-2023-30861 HIGH 2.2.5

Highest fixed version: 2.2.5

Description

Detects when new vulnerabilities affect your dependencies.

Tell us how you wish to proceed using one of the following commands:

Tag Short Description
#cycode_vulnerable_package_fix_this_violation Fix this violation via a commit to this branch
#cycode_ignore_manifest_here <reason> Applies to this manifest in this request only
#cycode_ignore_package_here <reason> Applies to this manifest for this package in this request only
#cycode_ignore_package_everywhere <reason> Applies to this manifest for this package for all requests in your repository

⚠️ When commenting on Github, you may need to refresh the page to see the latest updates.

django==2.2.0

Check failure on line 5 in requirements.txt

View check run for this annotation

Cycode Security / Cycode: Vulnerable Dependencies

requirements.txt#L5 

Vulnerability found in dependency found
Copy link
Copy Markdown

@cycode-security cycode-security Bot Jun 1, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Cycode: Security vulnerabilities found in newly introduced dependency.
Ecosystem PyPI
Dependency django
Dependency Paths django 2.2.0
Direct Dependency Yes

The following vulnerabilities were introduced:

GHSA CVE Severity Fixed Version
GHSA-frmv-pr5f-9mcr CVE-2025-64459 CRITICAL 4.2.26
GHSA-qw25-v68c-qjf3 CVE-2025-64458 HIGH 4.2.26
GHSA-6w2r-r2m5-xq5w CVE-2025-57833 HIGH 4.2.24
GHSA-7xr5-9hcq-chf9 CVE-2025-48432 MEDIUM 4.2.22
GHSA-rrqc-c2jx-6jgv CVE-2024-45231 MEDIUM 4.2.16
GHSA-h5jv-4p7w-64jg CVE-2019-14233 HIGH 2.2.4
GHSA-c4qh-4vgv-qc6g CVE-2019-14232 HIGH 2.2.4
GHSA-v9qg-3j8p-r63v CVE-2019-14235 HIGH 2.2.4
GHSA-6r97-cj55-9hrq CVE-2019-14234 CRITICAL 2.2.4
GHSA-53qw-q765-4fww CVE-2021-45115 HIGH 2.2.26
GHSA-7rp2-fm2h-wchj CVE-2019-12308 MEDIUM 2.2.2
GHSA-xgxc-v2qg-chmh CVE-2021-28658 MEDIUM 2.2.20
GHSA-p99v-5w3c-jqq9 CVE-2021-33571 HIGH 2.2.24
GHSA-v6rh-hp5x-86rv CVE-2021-44420 MEDIUM 2.2.25
GHSA-2m34-jcjv-45xf CVE-2020-13596 MEDIUM 2.2.13
GHSA-rxjp-mfm9-w4wr CVE-2021-31542 HIGH 2.2.21
GHSA-qm57-vhq3-3fwf CVE-2021-32052 MEDIUM 2.2.22
GHSA-wpjr-j57x-wxfw CVE-2020-13254 HIGH 2.2.13
GHSA-3gh2-xw74-jmcw CVE-2020-9402 HIGH 2.2.11
GHSA-hmr4-m2h5-33qx CVE-2020-7471 CRITICAL 2.2.10
GHSA-vfq6-hq5r-27r6 CVE-2019-19844 CRITICAL 2.2.9
GHSA-hvmf-r92r-27hr CVE-2019-19118 HIGH 2.2.8
GHSA-8c5j-9r9f-c6w8 CVE-2021-45116 HIGH 2.2.26
GHSA-m6gj-h9gm-gw44 CVE-2020-24583 HIGH 2.2.16
GHSA-6c7v-2f49-8h26 CVE-2019-12781 MEDIUM 2.2.3
GHSA-8x94-hmjh-97hq CVE-2022-36359 HIGH 3.2.15
GHSA-jrh2-hc4r-7jwx CVE-2021-45452 MEDIUM 2.2.26
GHSA-6cw3-g6wv-c2xv CVE-2022-23833 HIGH 2.2.27
GHSA-95rw-fx8r-36v6 CVE-2022-22818 MEDIUM 2.2.27
GHSA-fvgf-6h6h-3322 CVE-2021-3281 MEDIUM 2.2.18
GHSA-fr28-569j-53c4 CVE-2020-24584 MEDIUM 2.2.16
GHSA-68w8-qjq3-2gfm CVE-2021-33203 MEDIUM 2.2.24
GHSA-6c3j-c64m-qhgq CVE-2019-11358 MEDIUM 2.2.2
GHSA-w24h-v9qh-8gxj CVE-2022-28347 CRITICAL 2.2.28
GHSA-2gwj-7jmv-h26r CVE-2022-28346 CRITICAL 2.2.28

Highest fixed version: 4.2.26

Description

Detects when new vulnerabilities affect your dependencies.

Tell us how you wish to proceed using one of the following commands:

Tag Short Description
#cycode_vulnerable_package_fix_this_violation Fix this violation via a commit to this branch
#cycode_ignore_manifest_here <reason> Applies to this manifest in this request only
#cycode_ignore_package_here <reason> Applies to this manifest for this package in this request only
#cycode_ignore_package_everywhere <reason> Applies to this manifest for this package for all requests in your repository

⚠️ When commenting on Github, you may need to refresh the page to see the latest updates.

requests==2.19.1

Check failure on line 6 in requirements.txt

View check run for this annotation

Cycode Security / Cycode: Vulnerable Dependencies

requirements.txt#L6 

Vulnerability found in dependency found
Copy link
Copy Markdown

@cycode-security cycode-security Bot Jun 1, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Cycode: Security vulnerabilities found in newly introduced dependency.
Ecosystem PyPI
Dependency requests
Dependency Paths requests 2.19.1
Direct Dependency Yes

The following vulnerabilities were introduced:

GHSA CVE Severity Fixed Version
GHSA-gc5v-m9x4-r6x2 CVE-2026-25645 MEDIUM 2.33.0
GHSA-9hjg-9r4m-mvj7 CVE-2024-47081 MEDIUM 2.32.4
GHSA-9wx4-h78v-vm56 CVE-2024-35195 MEDIUM 2.32.0
GHSA-j8r2-6x86-q33q CVE-2023-32681 MEDIUM 2.31.0
GHSA-x84v-xcm2-53pg CVE-2018-18074 HIGH 2.20.0

Highest fixed version: 2.33.0

Description

Detects when new vulnerabilities affect your dependencies.

Tell us how you wish to proceed using one of the following commands:

Tag Short Description
#cycode_vulnerable_package_fix_this_violation Fix this violation via a commit to this branch
#cycode_ignore_manifest_here <reason> Applies to this manifest in this request only
#cycode_ignore_package_here <reason> Applies to this manifest for this package in this request only
#cycode_ignore_package_everywhere <reason> Applies to this manifest for this package for all requests in your repository

⚠️ When commenting on Github, you may need to refresh the page to see the latest updates.

urllib3==1.24.1

Check failure on line 7 in requirements.txt

View check run for this annotation

Cycode Security / Cycode: Vulnerable Dependencies

requirements.txt#L7 

Vulnerability found in dependency found
Copy link
Copy Markdown

@cycode-security cycode-security Bot Jun 1, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Cycode: Security vulnerabilities found in newly introduced dependency.
Ecosystem PyPI
Dependency urllib3
Dependency Paths urllib3 1.24.1
Direct Dependency Yes

The following vulnerabilities were introduced:

GHSA CVE Severity Fixed Version
GHSA-qccp-gfcp-xxvc CVE-2026-44431 HIGH 2.7.0
GHSA-38jv-5279-wg99 CVE-2026-21441 HIGH 2.6.3
GHSA-2xpw-w6gg-jr37 CVE-2025-66471 HIGH 2.6.0
GHSA-gm62-xv2j-4w53 CVE-2025-66418 HIGH 2.6.0
GHSA-pq67-6m6q-mj2v CVE-2025-50181 MEDIUM 2.5.0
GHSA-34jh-p97f-mpxf CVE-2024-37891 MEDIUM 1.26.19
GHSA-g4mx-q9vg-27p4 CVE-2023-45803 MEDIUM 1.26.18
GHSA-gwvm-45gx-3cf8 CVE-2018-25091 MEDIUM 1.24.2
GHSA-v845-jxx5-vc9f CVE-2023-43804 HIGH 1.26.17
GHSA-mh33-7rrq-662w CVE-2019-11324 HIGH 1.24.2
GHSA-wqvq-5m8c-6g24 CVE-2020-26137 MEDIUM 1.25.9
GHSA-r64q-w8jr-g9qp CVE-2019-11236 MEDIUM 1.24.3

Highest fixed version: 2.7.0

Description

Detects when new vulnerabilities affect your dependencies.

Tell us how you wish to proceed using one of the following commands:

Tag Short Description
#cycode_vulnerable_package_fix_this_violation Fix this violation via a commit to this branch
#cycode_ignore_manifest_here <reason> Applies to this manifest in this request only
#cycode_ignore_package_here <reason> Applies to this manifest for this package in this request only
#cycode_ignore_package_everywhere <reason> Applies to this manifest for this package for all requests in your repository

⚠️ When commenting on Github, you may need to refresh the page to see the latest updates.

pyyaml==5.1

Check failure on line 8 in requirements.txt

View check run for this annotation

Cycode Security / Cycode: Vulnerable Dependencies

requirements.txt#L8 

Vulnerability found in dependency found
Copy link
Copy Markdown

@cycode-security cycode-security Bot Jun 1, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Cycode: Security vulnerabilities found in newly introduced dependency.
Ecosystem PyPI
Dependency pyyaml
Dependency Paths pyyaml 5.1
Direct Dependency Yes

The following vulnerabilities were introduced:

GHSA CVE Severity Fixed Version
GHSA-6757-jp84-gxfx CVE-2020-1747 CRITICAL 5.3.1
GHSA-8q59-q68h-6hv4 CVE-2020-14343 CRITICAL 5.4
GHSA-3pqx-4fqf-j49f CVE-2019-20477 CRITICAL 5.2

Highest fixed version: 5.4

Description

Detects when new vulnerabilities affect your dependencies.

Tell us how you wish to proceed using one of the following commands:

Tag Short Description
#cycode_vulnerable_package_fix_this_violation Fix this violation via a commit to this branch
#cycode_ignore_manifest_here <reason> Applies to this manifest in this request only
#cycode_ignore_package_here <reason> Applies to this manifest for this package in this request only
#cycode_ignore_package_everywhere <reason> Applies to this manifest for this package for all requests in your repository

⚠️ When commenting on Github, you may need to refresh the page to see the latest updates.

jinja2==2.10

Check failure on line 9 in requirements.txt

View check run for this annotation

Cycode Security / Cycode: Vulnerable Dependencies

requirements.txt#L9 

Vulnerability found in dependency found
Copy link
Copy Markdown

@cycode-security cycode-security Bot Jun 1, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Cycode: Security vulnerabilities found in newly introduced dependency.
Ecosystem PyPI
Dependency jinja2
Dependency Paths jinja2 2.10
Direct Dependency Yes

The following vulnerabilities were introduced:

GHSA CVE Severity Fixed Version
GHSA-cpwx-vrp4-4pq7 CVE-2025-27516 MEDIUM 3.1.6
GHSA-q2x7-8rv6-6q7h CVE-2024-56326 MEDIUM 3.1.5
GHSA-h75v-3vvj-5mfj CVE-2024-34064 MEDIUM 3.1.4
GHSA-h5c8-rqwp-cp95 CVE-2024-22195 MEDIUM 3.1.3
GHSA-g3rq-g295-4j3m CVE-2020-28493 MEDIUM 2.11.3
GHSA-462w-v97r-4m45 CVE-2019-10906 HIGH 2.10.1

Highest fixed version: 3.1.6

Description

Detects when new vulnerabilities affect your dependencies.

Tell us how you wish to proceed using one of the following commands:

Tag Short Description
#cycode_vulnerable_package_fix_this_violation Fix this violation via a commit to this branch
#cycode_ignore_manifest_here <reason> Applies to this manifest in this request only
#cycode_ignore_package_here <reason> Applies to this manifest for this package in this request only
#cycode_ignore_package_everywhere <reason> Applies to this manifest for this package for all requests in your repository

⚠️ When commenting on Github, you may need to refresh the page to see the latest updates.


Loading