Critical
High
Medium
Low
Secrets
Misconfig
| Severity | CVE ID | Package | Installed | Fixed In | Description |
|---|---|---|---|---|---|
| MEDIUM | CVE-2023-36464 | PyPDF2 | 3.0.1 | No fix | pypdf: Possible Infinite Loop when a comment isn't followed by a character |
| CRITICAL | CVE-2025-14009 | nltk | 3.9.2 | No fix | nltk: Zip Slip Vulnerability in nltk Leading to Code Execution |
| Type | File | Line | Match |
|---|---|---|---|
| GitHub | security-reports/gitleaks-report.json | 9 | "Match": "**************************************... |
| GitHub | security-reports/gitleaks-report.json | 10 | "Secret": "*************************************... |
| Severity | ID | Check | File | Message |
|---|---|---|---|---|
| HIGH | DS-0029 | 'apt-get' missing '--no-install-recommends' | Dockerfile | '--no-install-recommends' flag is missed: 'apt-get update && apt-get install -y libgl1 libgl |
{
"SchemaVersion": 2,
"Trivy": {
"Version": "0.69.0"
},
"ReportID": "019c935b-692e-74c2-8426-234ef55af605",
"CreatedAt": "2026-02-25T05:52:47.406313934Z",
"ArtifactID": "sha256:2dc61e5f6e6340032d4ec6b5561fdcb017b13e52e8206e555ad8e51874251396",
"ArtifactName": "/src",
"ArtifactType": "repository",
"Metadata": {
"RepoURL": "https://github.com/eizen-ai/eizen-document-processing",
"Branch": "eizen-agent-document-service",
"Commit": "1b761d7f6a867698eae0829b6c8f05be724ce179",
"CommitMsg": "update requirements libraries",
"Author": "eizen-anurag <anurag.bheemani@eizen.ai>",
"Committer": "eizen-anurag <anurag.bheemani@eizen.ai>"
},
"Results": [
{
"Target": "requirements.txt",
"Class": "lang-pkgs",
"Type": "pip",
"Packages": [
{
"Name": "PyMuPDF",
"Identifier": {
"PURL": "pkg:pypi/pymupdf@1.27.1",
"UID": "dd1742bad067274"
},
"Version": "1.27.1",
"Locations": [
{
"StartLine": 8,
"EndLine": 8
}
],
"AnalyzedBy": "pip"
},
{
"Name": "PyPDF2",
"Identifier": {
"PURL": "pkg:pypi/pypdf2@3.0.1",
"UID": "7b201fd6a7f2c222"
},
"Version": "3.0.1",
"Locations": [
{
"StartLine": 21,
"EndLine": 21
}
],
"AnalyzedBy": "pip"
},
{
"Name": "aiofiles",
"Identifier": {
"PURL": "pkg:pypi/aiofiles@25.1.0",
"UID": "efe745a86500823e"
},
"Version": "25.1.0",
"Locations": [
{
"StartLine": 15,
"EndLine": 15
}
],
"AnalyzedBy": "pip"
},
{
"Name": "aiohttp",
"Identifier": {
"PURL": "pkg:pypi/aiohttp@3.13.3",
"UID": "2901af47e41ee619"
},
"Version": "3.13.3",
"Locations": [
{
"StartLine": 14,
"EndLine": 14
}
],
"AnalyzedBy": "pip"
},
{
"Name": "boto3",
"Identifier": {
"PURL": "pkg:pypi/boto3@1.40.30",
"UID": "f964a8b27c243d70"
},
"Version": "1.40.30",
"Locations": [
{
"StartLine": 16,
"EndLine": 16
}
],
"AnalyzedBy": "pip"
},
{
"Name": "fastapi",
"Identifier": {
"PURL": "pkg:pypi/fastapi@0.132.0",
"UID": "de03e794fdeebc21"
},
"Version": "0.132.0",
"Locations": [
{
"StartLine": 2,
"EndLine": 2
}
],
"AnalyzedBy": "pip"
},
{
"Name": "google-generativeai",
"Identifier": {
"PURL": "pkg:pypi/google-generativeai@0.8.5",
"UID": "b6e8abfd9757117a"
},
"Version": "0.8.5",
"Locations": [
{
"StartLine": 11,
"EndLine": 11
}
],
"AnalyzedBy": "pip"
},
{
"Name": "motor",
"Identifier": {
"PURL": "pkg:pypi/motor@3.7.1",
"UID": "89388599636f86dd"
},
"Version": "3.7.1",
"Locations": [
{
"StartLine": 13,
"EndLine": 13
}
],
"AnalyzedBy": "pip"
},
{
"Name": "nltk",
"Identifier": {
"PURL": "pkg:pypi/nltk@3.9.2",
"UID": "3ec20f2e55cdeabd"
},
"Version": "3.9.2",
"Locations": [
{
"StartLine": 23,
"EndLine": 23
}
],
"AnalyzedBy": "pip"
},
{
"Name": "numpy",
"Identifier": {
"PURL": "pkg:pypi/numpy@1.26.4",
"UID": "c98e40357658d084"
},
"Version": "1.26.4",
"Locations": [
{
"StartLine": 18,
"EndLine": 18
}
],
"AnalyzedBy": "pip"
},
{
"Name": "opencv-python",
"Identifier": {
"PURL": "pkg:pypi/opencv-python@4.11.0.86",
"UID": "43d876fe4f8aef2e"
},
"Version": "4.11.0.86",
"Locations": [
{
"StartLine": 10,
"EndLine": 10
}
],
"AnalyzedBy": "pip"
},
{
"Name": "paddleocr",
"Identifier": {
"PURL": "pkg:pypi/paddleocr@2.9.1",
"UID": "73c256dae2644e8a"
},
"Version": "2.9.1",
"Locations": [
{
"StartLine": 26,
"EndLine": 26
}
],
"AnalyzedBy": "pip"
},
{
"Name": "paddlepaddle",
"Identifier": {
"PURL": "pkg:pypi/paddlepaddle@2.6.2",
"UID": "ae18f368eeba819c"
},
"Version": "2.6.2",
"Locations": [
{
"StartLine": 27,
"EndLine": 27
}
],
"AnalyzedBy": "pip"
},
{
"Name": "pillow",
"Identifier": {
"PURL": "pkg:pypi/pillow@12.1.1",
"UID": "a4e7a7476c2650"
},
"Version": "12.1.1",
"Locations": [
{
"StartLine": 9,
"EndLine": 9
}
],
"AnalyzedBy": "pip"
},
{
"Name": "pydantic",
"Identifier": {
"PURL": "pkg:pypi/pydantic@2.12.5",
"UID": "8246512e47847984"
},
"Version": "2.12.5",
"Locations": [
{
"StartLine": 4,
"EndLine": 4
}
],
"AnalyzedBy": "pip"
},
{
"Name": "pymongo",
"Identifier": {
"PURL": "pkg:pypi/pymongo@4.16.0",
"UID": "4adf949a01736a5a"
},
"Version": "4.16.0",
"Locations": [
{
"StartLine": 12,
"EndLine": 12
}
],
"AnalyzedBy": "pip"
},
{
"Name": "pytesseract",
"Identifier": {
"PURL": "pkg:pypi/pytesseract@0.3.13",
"UID": "c32a1723fe9f4459"
},
"Version": "0.3.13",
"Locations": [
{
"StartLine": 28,
"EndLine": 28
}
],
"AnalyzedBy": "pip"
},
{
"Name": "python-dotenv",
"Identifier": {
"PURL": "pkg:pypi/python-dotenv@1.2.1",
"UID": "b3c3e271fc07ea7c"
},
"Version": "1.2.1",
"Locations": [
{
"StartLine": 5,
"EndLine": 5
}
],
"AnalyzedBy": "pip"
},
{
"Name": "requests",
"Identifier": {
"PURL": "pkg:pypi/requests@2.32.5",
"UID": "d20e69427937d4a9"
},
"Version": "2.32.5",
"Locations": [
{
"StartLine": 17,
"EndLine": 17
}
],
"AnalyzedBy": "pip"
},
{
"Name": "transformers",
"Identifier": {
"PURL": "pkg:pypi/transformers@4.57.6",
"UID": "a780c9985eb6b83f"
},
"Version": "4.57.6",
"Locations": [
{
"StartLine": 22,
"EndLine": 22
}
],
"AnalyzedBy": "pip"
},
{
"Name": "uvicorn",
"Identifier": {
"PURL": "pkg:pypi/uvicorn@0.41.0",
"UID": "f0e3a99b48397e02"
},
"Version": "0.41.0",
"Locations": [
{
"StartLine": 3,
"EndLine": 3
}
],
"AnalyzedBy": "pip"
}
],
"Vulnerabilities": [
{
"VulnerabilityID": "CVE-2023-36464",
"VendorIDs": [
"GHSA-4vvm-4w3v-6mr8"
],
"PkgName": "PyPDF2",
"PkgIdentifier": {
"PURL": "pkg:pypi/pypdf2@3.0.1",
"UID": "7b201fd6a7f2c222"
},
"InstalledVersion": "3.0.1",
"Status": "affected",
"SeveritySource": "ghsa",
"PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-36464",
"DataSource": {
"ID": "ghsa",
"Name": "GitHub Security Advisory pip",
"URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Apip"
},
"Fingerprint": "sha256:79e8b530ef730e9ff2cd2ff5f093e0b926c98d471f33896c472dee9bd6a15ff9",
"Title": "pypdf: Possible Infinite Loop when a comment isn't followed by a character",
"Description": "pypdf is an open source, pure-python PDF library. In affected versions an attacker may craft a PDF which leads to an infinite loop if `__parse_content_stream` is executed. That is, for example, the case if the user extracted text from such a PDF. This issue was introduced in pull request #969 and resolved in pull request #1828. Users are advised to upgrade. Users unable to upgrade may modify the line `while peek not in (b\"\\r\", b\"\\n\")` in `pypdf/generic/_data_structures.py` to `while peek not in (b\"\\r\", b\"\\n\", b\"\")`.",
"Severity": "MEDIUM",
"CweIDs": [
"CWE-835"
],
"VendorSeverity": {
"ghsa": 2,
"nvd": 2,
"redhat": 2
},
"CVSS": {
"ghsa": {
"V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"V3Score": 6.2
},
"nvd": {
"V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"V3Score": 5.5
},
"redhat": {
"V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"V3Score": 6.2
}
},
"References": [
"https://access.redhat.com/security/cve/CVE-2023-36464",
"https://github.com/py-pdf/pypdf",
"https://github.com/py-pdf/pypdf/commit/b0e5c689df689ab173df84dacd77b6fc3c161932",
"https://github.com/py-pdf/pypdf/pull/1828",
"https://github.com/py-pdf/pypdf/pull/969",
"https://github.com/py-pdf/pypdf/releases/tag/3.9.0",
"https://github.com/py-pdf/pypdf/security/advisories/GHSA-4vvm-4w3v-6mr8",
"https://nvd.nist.gov/vuln/detail/CVE-2023-36464",
"https://www.cve.org/CVERecord?id=CVE-2023-36464"
],
"PublishedDate": "2023-06-27T22:15:11.79Z",
"LastModifiedDate": "2024-11-21T08:09:45.95Z"
},
{
"VulnerabilityID": "CVE-2025-14009",
"VendorIDs": [
"GHSA-7p94-766c-hgjp"
],
"PkgName": "nltk",
"PkgIdentifier": {
"PURL": "pkg:pypi/nltk@3.9.2",
"UID": "3ec20f2e55cdeabd"
},
"InstalledVersion": "3.9.2",
"Status": "affected",
"SeveritySource": "ghsa",
"PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-14009",
"DataSource": {
"ID": "ghsa",
"Name": "GitHub Security Advisory pip",
"URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Apip"
},
"Fingerprint": "sha256:a1f76da4e35df1b0bcf1eb97f83ce31d0abfc7084bbfdadca59ff29117636a0e",
"Title": "nltk: Zip Slip Vulnerability in nltk Leading to Code Execution",
"Description": "A critical vulnerability exists in the NLTK downloader component of nltk/nltk, affecting all versions. The _unzip_iter function in nltk/downloader.py uses zipfile.extractall() without performing path validation or security checks. This allows attackers to craft malicious zip packages that, when downloaded and extracted by NLTK, can execute arbitrary code. The vulnerability arises because NLTK assumes all downloaded packages are trusted and extracts them without validation. If a malicious package contains Python files, such as __init__.py, these files are executed automatically upon import, leading to remote code execution. This issue can result in full system compromise, including file system access, network access, and potential persistence mechanisms.",
"Severity": "CRITICAL",
"CweIDs": [
"CWE-94"
],
"VendorSeverity": {
"ghsa": 4,
"redhat": 3
},
"CVSS": {
"ghsa": {
"V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"V3Score": 10
},
"redhat": {
"V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"V3Score": 8.8
}
},
"References": [
"https://access.redhat.com/security/cve/CVE-2025-14009",
"https://github.com/nltk/nltk",
"https://github.com/nltk/nltk/commit/1056b323af6462455571302e766b67cf300aea18",
"https://github.com/nltk/nltk/pull/3468",
"https://huntr.com/bounties/49ecbc02-054e-4470-b2e0-b267936cc4e4",
"https://nvd.nist.gov/vuln/detail/CVE-2025-14009",
"https://www.cve.org/CVERecord?id=CVE-2025-14009"
],
"PublishedDate": "2026-02-18T18:24:19.41Z",
"LastModifiedDate": "2026-02-19T15:53:02.85Z"
}
]
},
{
"Target": "Dockerfile",
"Class": "config",
"Type": "dockerfile",
"MisconfSummary": {
"Successes": 23,
"Failures": 1
},
"Misconfigurations": [
{
"Type": "Dockerfile Security Check",
"ID": "DS-0029",
"Title": "'apt-get' missing '--no-install-recommends'",
"Description": "'apt-get' install should use '--no-install-recommends' to minimize image size.",
"Message": "'--no-install-recommends' flag is missed: 'apt-get update && apt-get install -y libgl1 libglib2.0-0 tesseract-ocr && rm -rf /var/lib/apt/lists/*'",
"Namespace": "builtin.dockerfile.DS029",
"Query": "data.builtin.dockerfile.DS029.deny",
"Resolution": "Add '--no-install-recommends' flag to 'apt-get'",
"Severity": "HIGH",
"PrimaryURL": "https://avd.aquasec.com/misconfig/ds-0029",
"References": [
"https://docs.docker.com/develop/develop-images/dockerfile_best-practices/",
"https://avd.aquasec.com/misconfig/ds-0029"
],
"Status": "FAIL",
"CauseMetadata": {
"Provider": "Dockerfile",
"Service": "general",
"StartLine": 4,
"EndLine": 8,
"Code": {
"Lines": [
{
"Number": 4,
"Content": "RUN apt-get update && apt-get install -y \\",
"IsCause": true,
"Annotation": "",
"Truncated": false,
"Highlighted": "\u001b[38;5;64mRUN\u001b[0m apt-get update \u001b[38;5;245m&&\u001b[0m apt-get install -y \u001b[38;5;124m\\",
"FirstCause": true,
"LastCause": false
},
{
"Number": 5,
"Content": " libgl1 \\",
"IsCause": true,
"Annotation": "",
"Truncated": false,
"Highlighted": "\u001b[0m libgl1 \u001b[38;5;124m\\",
"FirstCause": false,
"LastCause": false
},
{
"Number": 6,
"Content": " libglib2.0-0 \\",
"IsCause": true,
"Annotation": "",
"Truncated": false,
"Highlighted": "\u001b[0m libglib2.0-0 \u001b[38;5;124m\\",
"FirstCause": false,
"LastCause": false
},
{
"Number": 7,
"Content": " tesseract-ocr \\",
"IsCause": true,
"Annotation": "",
"Truncated": false,
"Highlighted": "\u001b[0m tesseract-ocr \u001b[38;5;124m\\",
"FirstCause": false,
"LastCause": false
},
{
"Number": 8,
"Content": " && rm -rf /var/lib/apt/lists/*",
"IsCause": true,
"Annotation": "",
"Truncated": false,
"Highlighted": "\u001b[0m \u001b[38;5;245m&&\u001b[0m rm -rf /var/lib/apt/lists/*",
"FirstCause": false,
"LastCause": true
}
]
}
}
}
]
},
{
"Target": "security-reports/gitleaks-report.json",
"Class": "secret",
"Secrets": [
{
"RuleID": "github-pat",
"Category": "GitHub",
"Severity": "CRITICAL",
"Title": "GitHub Personal Access Token",
"StartLine": 9,
"EndLine": 9,
"Code": {
"Lines": [
{
"Number": 7,
"Content": " \"StartColumn\": 32,",
"IsCause": false,
"Annotation": "",
"Truncated": false,
"Highlighted": " \"StartColumn\": 32,",
"FirstCause": false,
"LastCause": false
},
{
"Number": 8,
"Content": " \"EndColumn\": 71,",
"IsCause": false,
"Annotation": "",
"Truncated": false,
"Highlighted": " \"EndColumn\": 71,",
"FirstCause": false,
"LastCause": false
},
{
"Number": 9,
"Content": " \"Match\": \"****************************************\",",
"IsCause": true,
"Annotation": "",
"Truncated": false,
"Highlighted": " \"Match\": \"****************************************\",",
"FirstCause": true,
"LastCause": true
},
{
"Number": 10,
"Content": " \"Secret\": \"****************************************\",",
"IsCause": false,
"Annotation": "",
"Truncated": false,
"Highlighted": " \"Secret\": \"****************************************\",",
"FirstCause": false,
"LastCause": false
}
]
},
"Match": " \"Match\": \"****************************************\",",
"Offset": 265
},
{
"RuleID": "github-pat",
"Category": "GitHub",
"Severity": "CRITICAL",
"Title": "GitHub Personal Access Token",
"StartLine": 10,
"EndLine": 10,
"Code": {
"Lines": [
{
"Number": 8,
"Content": " \"EndColumn\": 71,",
"IsCause": false,
"Annotation": "",
"Truncated": false,
"Highlighted": " \"EndColumn\": 71,",
"FirstCause": false,
"LastCause": false
},
{
"Number": 9,
"Content": " \"Match\": \"****************************************\",",
"IsCause": false,
"Annotation": "",
"Truncated": false,
"Highlighted": " \"Match\": \"****************************************\",",
"FirstCause": false,
"LastCause": false
},
{
"Number": 10,
"Content": " \"Secret\": \"****************************************\",",
"IsCause": true,
"Annotation": "",
"Truncated": false,
"Highlighted": " \"Secret\": \"****************************************\",",
"FirstCause": true,
"LastCause": true
},
{
"Number": 11,
"Content": " \"File\": \".gitmodules\",",
"IsCause": false,
"Annotation": "",
"Truncated": false,
"Highlighted": " \"File\": \".gitmodules\",",
"FirstCause": false,
"LastCause": false
}
]
},
"Match": " \"Secret\": \"****************************************\",",
"Offset": 321
}
]
}
]
}