Critical
High
Medium
Low
Secrets
Misconfig
| Severity | CVE ID | Package | Installed | Fixed In | Description |
|---|---|---|---|---|---|
| HIGH | CVE-2026-26331 | yt-dlp | 2026.2.4 | 2026.02.21 | yt-dlp: yt-dlp: Arbitrary command injection via maliciously crafted URL when --netrc-cmd is used |
| Type | File | Line | Match |
|---|---|---|---|
| AWS | security-reports/gitleaks-report.json | 30 | "Match": "********************",... |
| AWS | security-reports/gitleaks-report.json | 31 | "Secret": "********************",... |
| AWS | security-reports/gitleaks-report.json | 72 | "Match": "********************",... |
| AWS | security-reports/gitleaks-report.json | 73 | "Secret": "********************",... |
| AWS | security-reports/gitleaks-report.json | 114 | "Match": "********************",... |
| AWS | security-reports/gitleaks-report.json | 115 | "Secret": "********************",... |
| AWS | security-reports/gitleaks-report.json | 156 | "Match": "********************",... |
| AWS | security-reports/gitleaks-report.json | 157 | "Secret": "********************",... |
| AWS | security-reports/gitleaks-report.json | 177 | "Match": "********************",... |
| AWS | security-reports/gitleaks-report.json | 178 | "Secret": "********************",... |
| Severity | ID | Check | File | Message |
|---|---|---|---|---|
| ✅ No misconfigurations found | ||||
{
"SchemaVersion": 2,
"Trivy": {
"Version": "0.69.0"
},
"ReportID": "019c9ec0-d7fd-7106-a450-892eb8b92eb3",
"CreatedAt": "2026-02-27T10:59:24.285070311Z",
"ArtifactID": "sha256:a696439d0264bc036b293d0c796458e674246f1af9b0d1938bd39d926dde0985",
"ArtifactName": "/src",
"ArtifactType": "repository",
"Metadata": {
"RepoURL": "https://github.com/eizen-ai/eizen-producer-consumer.git",
"Branch": "ldev",
"Commit": "6dd356794919c1efa0131d499537f3fd2c40eb90",
"CommitMsg": "Merge pull request #8 from eizen-ai/code-refactor-v1\n\nFix: Use sourceHistoryId in video consumer group_id to prevent frame \u2026",
"Author": "eizen-pattabhi <pattabhi.devarapalli@eizen.ai>",
"Committer": "GitHub <noreply@github.com>"
},
"Results": [
{
"Target": "requirements.txt",
"Class": "lang-pkgs",
"Type": "pip",
"Packages": [
{
"Name": "PyYAML",
"Identifier": {
"PURL": "pkg:pypi/pyyaml@6.0.3",
"UID": "842d1b75a269e901"
},
"Version": "6.0.3",
"Locations": [
{
"StartLine": 11,
"EndLine": 11
}
],
"AnalyzedBy": "pip"
},
{
"Name": "aiohttp",
"Identifier": {
"PURL": "pkg:pypi/aiohttp@3.13.3",
"UID": "e0e490aabd27e771"
},
"Version": "3.13.3",
"Locations": [
{
"StartLine": 1,
"EndLine": 1
}
],
"AnalyzedBy": "pip"
},
{
"Name": "boto3",
"Identifier": {
"PURL": "pkg:pypi/boto3@1.42.46",
"UID": "6912d72de0e157f6"
},
"Version": "1.42.46",
"Locations": [
{
"StartLine": 2,
"EndLine": 2
}
],
"AnalyzedBy": "pip"
},
{
"Name": "kafka-python",
"Identifier": {
"PURL": "pkg:pypi/kafka-python@2.3.0",
"UID": "640e2b472b944588"
},
"Version": "2.3.0",
"Locations": [
{
"StartLine": 3,
"EndLine": 3
}
],
"AnalyzedBy": "pip"
},
{
"Name": "loguru",
"Identifier": {
"PURL": "pkg:pypi/loguru@0.7.3",
"UID": "32d6807876922762"
},
"Version": "0.7.3",
"Locations": [
{
"StartLine": 4,
"EndLine": 4
}
],
"AnalyzedBy": "pip"
},
{
"Name": "opencv-python",
"Identifier": {
"PURL": "pkg:pypi/opencv-python@4.13.0.92",
"UID": "188b78a50da2daee"
},
"Version": "4.13.0.92",
"Locations": [
{
"StartLine": 5,
"EndLine": 5
}
],
"AnalyzedBy": "pip"
},
{
"Name": "pandas",
"Identifier": {
"PURL": "pkg:pypi/pandas@3.0.0",
"UID": "24ec53d0710d9d45"
},
"Version": "3.0.0",
"Locations": [
{
"StartLine": 6,
"EndLine": 6
}
],
"AnalyzedBy": "pip"
},
{
"Name": "pydantic-settings",
"Identifier": {
"PURL": "pkg:pypi/pydantic-settings@2.12.0",
"UID": "cca3830ff4932c7e"
},
"Version": "2.12.0",
"Locations": [
{
"StartLine": 7,
"EndLine": 7
}
],
"AnalyzedBy": "pip"
},
{
"Name": "pymongo",
"Identifier": {
"PURL": "pkg:pypi/pymongo@4.16.0",
"UID": "a4c1200a4a7e8f45"
},
"Version": "4.16.0",
"Locations": [
{
"StartLine": 8,
"EndLine": 8
}
],
"AnalyzedBy": "pip"
},
{
"Name": "python-dotenv",
"Identifier": {
"PURL": "pkg:pypi/python-dotenv@1.2.1",
"UID": "5fb3685290e2c8cf"
},
"Version": "1.2.1",
"Locations": [
{
"StartLine": 9,
"EndLine": 9
}
],
"AnalyzedBy": "pip"
},
{
"Name": "pytz",
"Identifier": {
"PURL": "pkg:pypi/pytz@2025.2",
"UID": "75d9be2410bca463"
},
"Version": "2025.2",
"Locations": [
{
"StartLine": 10,
"EndLine": 10
}
],
"AnalyzedBy": "pip"
},
{
"Name": "requests",
"Identifier": {
"PURL": "pkg:pypi/requests@2.32.5",
"UID": "16f1528be8f44ae0"
},
"Version": "2.32.5",
"Locations": [
{
"StartLine": 12,
"EndLine": 12
}
],
"AnalyzedBy": "pip"
},
{
"Name": "shapely",
"Identifier": {
"PURL": "pkg:pypi/shapely@2.1.2",
"UID": "9b5f31a0b1f94873"
},
"Version": "2.1.2",
"Locations": [
{
"StartLine": 13,
"EndLine": 13
}
],
"AnalyzedBy": "pip"
},
{
"Name": "streamlink",
"Identifier": {
"PURL": "pkg:pypi/streamlink@8.2.0",
"UID": "f5e79365459a2e00"
},
"Version": "8.2.0",
"Locations": [
{
"StartLine": 14,
"EndLine": 14
}
],
"AnalyzedBy": "pip"
},
{
"Name": "tqdm",
"Identifier": {
"PURL": "pkg:pypi/tqdm@4.67.3",
"UID": "bf9277460a15cea6"
},
"Version": "4.67.3",
"Locations": [
{
"StartLine": 15,
"EndLine": 15
}
],
"AnalyzedBy": "pip"
},
{
"Name": "yt-dlp",
"Identifier": {
"PURL": "pkg:pypi/yt-dlp@2026.2.4",
"UID": "c064f7517123b36"
},
"Version": "2026.2.4",
"Locations": [
{
"StartLine": 16,
"EndLine": 16
}
],
"AnalyzedBy": "pip"
},
{
"Name": "zstandard",
"Identifier": {
"PURL": "pkg:pypi/zstandard@0.25.0",
"UID": "63fbceee8bb24ab"
},
"Version": "0.25.0",
"Locations": [
{
"StartLine": 17,
"EndLine": 17
}
],
"AnalyzedBy": "pip"
}
],
"Vulnerabilities": [
{
"VulnerabilityID": "CVE-2026-26331",
"VendorIDs": [
"GHSA-g3gw-q23r-pgqm"
],
"PkgName": "yt-dlp",
"PkgIdentifier": {
"PURL": "pkg:pypi/yt-dlp@2026.2.4",
"UID": "c064f7517123b36"
},
"InstalledVersion": "2026.2.4",
"FixedVersion": "2026.02.21",
"Status": "fixed",
"SeveritySource": "ghsa",
"PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-26331",
"DataSource": {
"ID": "ghsa",
"Name": "GitHub Security Advisory pip",
"URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Apip"
},
"Fingerprint": "sha256:ab3a5b7913461303b5d41049dd7f4ac1caeb206c46d41d4e52969e9d34e52cbc",
"Title": "yt-dlp: yt-dlp: Arbitrary command injection via maliciously crafted URL when --netrc-cmd is used",
"Description": "yt-dlp is a command-line audio/video downloader. Starting in version 2023.06.21 and prior to version 2026.02.21, when yt-dlp's `--netrc-cmd` command-line option (or `netrc_cmd` Python API parameter) is used, an attacker could achieve arbitrary command injection on the user's system with a maliciously crafted URL. yt-dlp maintainers assume the impact of this vulnerability to be high for anyone who uses `--netrc-cmd` in their command/configuration or `netrc_cmd` in their Python scripts. Even though the maliciously crafted URL itself will look very suspicious to many users, it would be trivial for a maliciously crafted webpage with an inconspicuous URL to covertly exploit this vulnerability via HTTP redirect. Users without `--netrc-cmd` in their arguments or `netrc_cmd` in their scripts are unaffected. No evidence has been found of this exploit being used in the wild. yt-dlp version 2026.02.21 fixes this issue by validating all netrc \"machine\" values and raising an error upon unexpected input. As a workaround, users who are unable to upgrade should avoid using the `--netrc-cmd` command-line option (or `netrc_cmd` Python API parameter), or they should at least not pass a placeholder (`{}`) in their `--netrc-cmd` argument.",
"Severity": "HIGH",
"CweIDs": [
"CWE-78"
],
"VendorSeverity": {
"ghsa": 3,
"redhat": 3
},
"CVSS": {
"ghsa": {
"V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"V3Score": 8.8
},
"redhat": {
"V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"V3Score": 8.8
}
},
"References": [
"https://access.redhat.com/security/cve/CVE-2026-26331",
"https://github.com/yt-dlp/yt-dlp",
"https://github.com/yt-dlp/yt-dlp/commit/1fbbe29b99dc61375bf6d786f824d9fcf6ea9c1a",
"https://github.com/yt-dlp/yt-dlp/releases/tag/2026.02.21",
"https://github.com/yt-dlp/yt-dlp/security/advisories/GHSA-g3gw-q23r-pgqm",
"https://nvd.nist.gov/vuln/detail/CVE-2026-26331",
"https://www.cve.org/CVERecord?id=CVE-2026-26331"
],
"PublishedDate": "2026-02-24T03:16:01.71Z",
"LastModifiedDate": "2026-02-25T19:32:30.417Z"
}
]
},
{
"Target": "Dockerfile",
"Class": "config",
"Type": "dockerfile",
"MisconfSummary": {
"Successes": 24,
"Failures": 0
}
},
{
"Target": "security-reports/gitleaks-report.json",
"Class": "secret",
"Secrets": [
{
"RuleID": "aws-access-key-id",
"Category": "AWS",
"Severity": "CRITICAL",
"Title": "AWS Access Key ID",
"StartLine": 30,
"EndLine": 30,
"Code": {
"Lines": [
{
"Number": 28,
"Content": " \"StartColumn\": 15,",
"IsCause": false,
"Annotation": "",
"Truncated": false,
"Highlighted": " \"StartColumn\": 15,",
"FirstCause": false,
"LastCause": false
},
{
"Number": 29,
"Content": " \"EndColumn\": 34,",
"IsCause": false,
"Annotation": "",
"Truncated": false,
"Highlighted": " \"EndColumn\": 34,",
"FirstCause": false,
"LastCause": false
},
{
"Number": 30,
"Content": " \"Match\": \"********************\",",
"IsCause": true,
"Annotation": "",
"Truncated": false,
"Highlighted": " \"Match\": \"********************\",",
"FirstCause": true,
"LastCause": true
},
{
"Number": 31,
"Content": " \"Secret\": \"********************\",",
"IsCause": false,
"Annotation": "",
"Truncated": false,
"Highlighted": " \"Secret\": \"********************\",",
"FirstCause": false,
"LastCause": false
}
]
},
"Match": " \"Match\": \"********************\",",
"Offset": 1140
},
{
"RuleID": "aws-access-key-id",
"Category": "AWS",
"Severity": "CRITICAL",
"Title": "AWS Access Key ID",
"StartLine": 31,
"EndLine": 31,
"Code": {
"Lines": [
{
"Number": 29,
"Content": " \"EndColumn\": 34,",
"IsCause": false,
"Annotation": "",
"Truncated": false,
"Highlighted": " \"EndColumn\": 34,",
"FirstCause": false,
"LastCause": false
},
{
"Number": 30,
"Content": " \"Match\": \"********************\",",
"IsCause": false,
"Annotation": "",
"Truncated": false,
"Highlighted": " \"Match\": \"********************\",",
"FirstCause": false,
"LastCause": false
},
{
"Number": 31,
"Content": " \"Secret\": \"********************\",",
"IsCause": true,
"Annotation": "",
"Truncated": false,
"Highlighted": " \"Secret\": \"********************\",",
"FirstCause": true,
"LastCause": true
},
{
"Number": 32,
"Content": " \"File\": \"config/.env\",",
"IsCause": false,
"Annotation": "",
"Truncated": false,
"Highlighted": " \"File\": \"config/.env\",",
"FirstCause": false,
"LastCause": false
}
]
},
"Match": " \"Secret\": \"********************\",",
"Offset": 1176
},
{
"RuleID": "aws-access-key-id",
"Category": "AWS",
"Severity": "CRITICAL",
"Title": "AWS Access Key ID",
"StartLine": 72,
"EndLine": 72,
"Code": {
"Lines": [
{
"Number": 70,
"Content": " \"StartColumn\": 15,",
"IsCause": false,
"Annotation": "",
"Truncated": false,
"Highlighted": " \"StartColumn\": 15,",
"FirstCause": false,
"LastCause": false
},
{
"Number": 71,
"Content": " \"EndColumn\": 34,",
"IsCause": false,
"Annotation": "",
"Truncated": false,
"Highlighted": " \"EndColumn\": 34,",
"FirstCause": false,
"LastCause": false
},
{
"Number": 72,
"Content": " \"Match\": \"********************\",",
"IsCause": true,
"Annotation": "",
"Truncated": false,
"Highlighted": " \"Match\": \"********************\",",
"FirstCause": true,
"LastCause": true
},
{
"Number": 73,
"Content": " \"Secret\": \"********************\",",
"IsCause": false,
"Annotation": "",
"Truncated": false,
"Highlighted": " \"Secret\": \"********************\",",
"FirstCause": false,
"LastCause": false
}
]
},
"Match": " \"Match\": \"********************\",",
"Offset": 2832
},
{
"RuleID": "aws-access-key-id",
"Category": "AWS",
"Severity": "CRITICAL",
"Title": "AWS Access Key ID",
"StartLine": 73,
"EndLine": 73,
"Code": {
"Lines": [
{
"Number": 71,
"Content": " \"EndColumn\": 34,",
"IsCause": false,
"Annotation": "",
"Truncated": false,
"Highlighted": " \"EndColumn\": 34,",
"FirstCause": false,
"LastCause": false
},
{
"Number": 72,
"Content": " \"Match\": \"********************\",",
"IsCause": false,
"Annotation": "",
"Truncated": false,
"Highlighted": " \"Match\": \"********************\",",
"FirstCause": false,
"LastCause": false
},
{
"Number": 73,
"Content": " \"Secret\": \"********************\",",
"IsCause": true,
"Annotation": "",
"Truncated": false,
"Highlighted": " \"Secret\": \"********************\",",
"FirstCause": true,
"LastCause": true
},
{
"Number": 74,
"Content": " \"File\": \"config/.env\",",
"IsCause": false,
"Annotation": "",
"Truncated": false,
"Highlighted": " \"File\": \"config/.env\",",
"FirstCause": false,
"LastCause": false
}
]
},
"Match": " \"Secret\": \"********************\",",
"Offset": 2868
},
{
"RuleID": "aws-access-key-id",
"Category": "AWS",
"Severity": "CRITICAL",
"Title": "AWS Access Key ID",
"StartLine": 114,
"EndLine": 114,
"Code": {
"Lines": [
{
"Number": 112,
"Content": " \"StartColumn\": 16,",
"IsCause": false,
"Annotation": "",
"Truncated": false,
"Highlighted": " \"StartColumn\": 16,",
"FirstCause": false,
"LastCause": false
},
{
"Number": 113,
"Content": " \"EndColumn\": 35,",
"IsCause": false,
"Annotation": "",
"Truncated": false,
"Highlighted": " \"EndColumn\": 35,",
"FirstCause": false,
"LastCause": false
},
{
"Number": 114,
"Content": " \"Match\": \"********************\",",
"IsCause": true,
"Annotation": "",
"Truncated": false,
"Highlighted": " \"Match\": \"********************\",",
"FirstCause": true,
"LastCause": true
},
{
"Number": 115,
"Content": " \"Secret\": \"********************\",",
"IsCause": false,
"Annotation": "",
"Truncated": false,
"Highlighted": " \"Secret\": \"********************\",",
"FirstCause": false,
"LastCause": false
}
]
},
"Match": " \"Match\": \"********************\",",
"Offset": 4529
},
{
"RuleID": "aws-access-key-id",
"Category": "AWS",
"Severity": "CRITICAL",
"Title": "AWS Access Key ID",
"StartLine": 115,
"EndLine": 115,
"Code": {
"Lines": [
{
"Number": 113,
"Content": " \"EndColumn\": 35,",
"IsCause": false,
"Annotation": "",
"Truncated": false,
"Highlighted": " \"EndColumn\": 35,",
"FirstCause": false,
"LastCause": false
},
{
"Number": 114,
"Content": " \"Match\": \"********************\",",
"IsCause": false,
"Annotation": "",
"Truncated": false,
"Highlighted": " \"Match\": \"********************\",",
"FirstCause": false,
"LastCause": false
},
{
"Number": 115,
"Content": " \"Secret\": \"********************\",",
"IsCause": true,
"Annotation": "",
"Truncated": false,
"Highlighted": " \"Secret\": \"********************\",",
"FirstCause": true,
"LastCause": true
},
{
"Number": 116,
"Content": " \"File\": \"config/.env\",",
"IsCause": false,
"Annotation": "",
"Truncated": false,
"Highlighted": " \"File\": \"config/.env\",",
"FirstCause": false,
"LastCause": false
}
]
},
"Match": " \"Secret\": \"********************\",",
"Offset": 4565
},
{
"RuleID": "aws-access-key-id",
"Category": "AWS",
"Severity": "CRITICAL",
"Title": "AWS Access Key ID",
"StartLine": 156,
"EndLine": 156,
"Code": {
"Lines": [
{
"Number": 154,
"Content": " \"StartColumn\": 16,",
"IsCause": false,
"Annotation": "",
"Truncated": false,
"Highlighted": " \"StartColumn\": 16,",
"FirstCause": false,
"LastCause": false
},
{
"Number": 155,
"Content": " \"EndColumn\": 35,",
"IsCause": false,
"Annotation": "",
"Truncated": false,
"Highlighted": " \"EndColumn\": 35,",
"FirstCause": false,
"LastCause": false
},
{
"Number": 156,
"Content": " \"Match\": \"********************\",",
"IsCause": true,
"Annotation": "",
"Truncated": false,
"Highlighted": " \"Match\": \"********************\",",
"FirstCause": true,
"LastCause": true
},
{
"Number": 157,
"Content": " \"Secret\": \"********************\",",
"IsCause": false,
"Annotation": "",
"Truncated": false,
"Highlighted": " \"Secret\": \"********************\",",
"FirstCause": false,
"LastCause": false
}
]
},
"Match": " \"Match\": \"********************\",",
"Offset": 6233
},
{
"RuleID": "aws-access-key-id",
"Category": "AWS",
"Severity": "CRITICAL",
"Title": "AWS Access Key ID",
"StartLine": 157,
"EndLine": 157,
"Code": {
"Lines": [
{
"Number": 155,
"Content": " \"EndColumn\": 35,",
"IsCause": false,
"Annotation": "",
"Truncated": false,
"Highlighted": " \"EndColumn\": 35,",
"FirstCause": false,
"LastCause": false
},
{
"Number": 156,
"Content": " \"Match\": \"********************\",",
"IsCause": false,
"Annotation": "",
"Truncated": false,
"Highlighted": " \"Match\": \"********************\",",
"FirstCause": false,
"LastCause": false
},
{
"Number": 157,
"Content": " \"Secret\": \"********************\",",
"IsCause": true,
"Annotation": "",
"Truncated": false,
"Highlighted": " \"Secret\": \"********************\",",
"FirstCause": true,
"LastCause": true
},
{
"Number": 158,
"Content": " \"File\": \"s3utils/test.py\",",
"IsCause": false,
"Annotation": "",
"Truncated": false,
"Highlighted": " \"File\": \"s3utils/test.py\",",
"FirstCause": false,
"LastCause": false
}
]
},
"Match": " \"Secret\": \"********************\",",
"Offset": 6269
},
{
"RuleID": "aws-access-key-id",
"Category": "AWS",
"Severity": "CRITICAL",
"Title": "AWS Access Key ID",
"StartLine": 177,
"EndLine": 177,
"Code": {
"Lines": [
{
"Number": 175,
"Content": " \"StartColumn\": 16,",
"IsCause": false,
"Annotation": "",
"Truncated": false,
"Highlighted": " \"StartColumn\": 16,",
"FirstCause": false,
"LastCause": false
},
{
"Number": 176,
"Content": " \"EndColumn\": 35,",
"IsCause": false,
"Annotation": "",
"Truncated": false,
"Highlighted": " \"EndColumn\": 35,",
"FirstCause": false,
"LastCause": false
},
{
"Number": 177,
"Content": " \"Match\": \"********************\",",
"IsCause": true,
"Annotation": "",
"Truncated": false,
"Highlighted": " \"Match\": \"********************\",",
"FirstCause": true,
"LastCause": true
},
{
"Number": 178,
"Content": " \"Secret\": \"********************\",",
"IsCause": false,
"Annotation": "",
"Truncated": false,
"Highlighted": " \"Secret\": \"********************\",",
"FirstCause": false,
"LastCause": false
}
]
},
"Match": " \"Match\": \"********************\",",
"Offset": 7073
},
{
"RuleID": "aws-access-key-id",
"Category": "AWS",
"Severity": "CRITICAL",
"Title": "AWS Access Key ID",
"StartLine": 178,
"EndLine": 178,
"Code": {
"Lines": [
{
"Number": 176,
"Content": " \"EndColumn\": 35,",
"IsCause": false,
"Annotation": "",
"Truncated": false,
"Highlighted": " \"EndColumn\": 35,",
"FirstCause": false,
"LastCause": false
},
{
"Number": 177,
"Content": " \"Match\": \"********************\",",
"IsCause": false,
"Annotation": "",
"Truncated": false,
"Highlighted": " \"Match\": \"********************\",",
"FirstCause": false,
"LastCause": false
},
{
"Number": 178,
"Content": " \"Secret\": \"********************\",",
"IsCause": true,
"Annotation": "",
"Truncated": false,
"Highlighted": " \"Secret\": \"********************\",",
"FirstCause": true,
"LastCause": true
},
{
"Number": 179,
"Content": " \"File\": \"s3utils/generaloperations.py\",",
"IsCause": false,
"Annotation": "",
"Truncated": false,
"Highlighted": " \"File\": \"s3utils/generaloperations.py\",",
"FirstCause": false,
"LastCause": false
}
]
},
"Match": " \"Secret\": \"********************\",",
"Offset": 7109
}
]
}
]
}