Security Scan Report

Service: eizen-utils | Branch: v1.0 | Build: #23 | Date: 2026-02-09 15:02:14
1
Critical
9
High
8
Medium
51
Low

LLM Verification Summary

Model: qwen3:14b | Verified: 30/69
TRUE Positives: 4 FALSE Positives: 10 Needs Review: 16
CRITICAL OWASP-DC CVE-2019-20478: In ruamel.yaml through 0.16.7, the load method allows remote code execution if the a NOT VERIFIED
pkg:pypi/ruamel.yaml.clib@0.2.14:0 CVE-2019-20478 | CVSS: 9.8 | CWE-NVD-CWE-noinfo
In ruamel.yaml through 0.16.7, the load method allows remote code execution if the application calls this method with an untrusted argument. In other words, this issue affects developers who are unawa
LLM Analysis: Not processed due to limit
Recommendation: Manual review required
HIGH OWASP-DC CVE-2019-14751: NLTK Downloader before 3.4.5 is vulnerable to a directory traversal, allowing attack NOT VERIFIED
pkg:pypi/nltk:0 CVE-2019-14751 | CVSS: 7.5 | CWE-22
NLTK Downloader before 3.4.5 is vulnerable to a directory traversal, allowing attackers to write arbitrary files via a ../ (dot dot slash) in an NLTK package (ZIP archive) that is mishandled during ex
LLM Analysis: Not processed due to limit
Recommendation: Manual review required
HIGH OWASP-DC CVE-2021-3828: nltk is vulnerable to Inefficient Regular Expression Complexity NOT VERIFIED
pkg:pypi/nltk:0 CVE-2021-3828 | CVSS: 7.5 | CWE-697
nltk is vulnerable to Inefficient Regular Expression Complexity
LLM Analysis: Not processed due to limit
Recommendation: Manual review required
HIGH OWASP-DC CVE-2021-3842: nltk is vulnerable to Inefficient Regular Expression Complexity NOT VERIFIED
pkg:pypi/nltk:0 CVE-2021-3842 | CVSS: 7.5 | CWE-1333
nltk is vulnerable to Inefficient Regular Expression Complexity
LLM Analysis: Not processed due to limit
Recommendation: Manual review required
HIGH OWASP-DC CVE-2021-43854: NLTK (Natural Language Toolkit) is a suite of open source Python modules, data sets, NOT VERIFIED
pkg:pypi/nltk:0 CVE-2021-43854 | CVSS: 7.5 | CWE-400
NLTK (Natural Language Toolkit) is a suite of open source Python modules, data sets, and tutorials supporting research and development in Natural Language Processing. Versions prior to 3.6.5 are vulne
LLM Analysis: Not processed due to limit
Recommendation: Manual review required
HIGH OWASP-DC CVE-2022-3064: Parsing malicious or large YAML documents can consume excessive amounts of CPU or mem NOT VERIFIED
pkg:pypi/ruamel.yaml.clib@0.2.14:0 CVE-2022-3064 | CVSS: 7.5 | CWE-400
Parsing malicious or large YAML documents can consume excessive amounts of CPU or memory.
LLM Analysis: Not processed due to limit
Recommendation: Manual review required
HIGH OWASP-DC CVE-2022-3064: Parsing malicious or large YAML documents can consume excessive amounts of CPU or mem NOT VERIFIED
pkg:pypi/ruamel.yaml@0.19.1:0 CVE-2022-3064 | CVSS: 7.5 | CWE-400
Parsing malicious or large YAML documents can consume excessive amounts of CPU or memory.
LLM Analysis: Not processed due to limit
Recommendation: Manual review required
HIGH OWASP-DC CVE-2022-3064: Parsing malicious or large YAML documents can consume excessive amounts of CPU or mem NOT VERIFIED
pkg:pypi/yaml:0 CVE-2022-3064 | CVSS: 7.5 | CWE-400
Parsing malicious or large YAML documents can consume excessive amounts of CPU or memory.
LLM Analysis: Not processed due to limit
Recommendation: Manual review required
HIGH OWASP-DC CVE-2025-45770: jwt v5.4.3 was discovered to contain weak encryption. NOTE: this issue has been disp NOT VERIFIED
pkg:pypi/pyjwt@2.11.0:0 CVE-2025-45770 | CVSS: 7.0 | CWE-326
jwt v5.4.3 was discovered to contain weak encryption. NOTE: this issue has been disputed on the basis that key lengths are expected to be set by an application, not by this library. This dispute is su
LLM Analysis: Not processed due to limit
Recommendation: Manual review required
HIGH OWASP-DC CVE-2025-45770: jwt v5.4.3 was discovered to contain weak encryption. NOTE: this issue has been disp NOT VERIFIED
pkg:pypi/jwt:0 CVE-2025-45770 | CVSS: 7.0 | CWE-326
jwt v5.4.3 was discovered to contain weak encryption. NOTE: this issue has been disputed on the basis that key lengths are expected to be set by an application, not by this library. This dispute is su
LLM Analysis: Not processed due to limit
Recommendation: Manual review required
MEDIUM Bandit Possible binding to all interfaces. NEEDS REVIEW
/home/eizen-7/jenkins/workspace/new-scan/./dms_utils/src/api/api.py:66
65 import uvicorn 66 uvicorn.run(app, host="0.0.0.0", port=8000)
LLM Analysis: LLM verification inconclusive
Recommendation: Manual review required
MEDIUM Bandit Call to requests without timeout TRUE POSITIVE
/home/eizen-7/jenkins/workspace/new-scan/./dms_utils/src/service_utils/antz_server_utils.py:51
50 files = [('files[]', (file_name, file_obj, 'image/png'))] 51 response = requests.post(self.server_url, headers=headers, data=payload, files=files) 52
LLM Analysis: The absence of a timeout in requests.post can lead to potential DoS vulnerabilities if the server is unresponsive. This is a known security best practice to always set timeouts for network requests.
Recommendation: Add a timeout parameter to the requests.post call, e.g., timeout=(5, 10) for connect and read timeouts.
MEDIUM Bandit Call to requests without timeout TRUE POSITIVE
/home/eizen-7/jenkins/workspace/new-scan/./dms_utils/src/service_utils/antz_server_utils.py:108
107 try: 108 response = requests.get(file_url, stream=True) 109 response.raise_for_status()
LLM Analysis: The absence of a timeout in requests.get can lead to potential DoS vulnerabilities if the server does not respond. This is a valid security concern as it allows for unbounded resource consumption.
Recommendation: Add a timeout parameter to the requests.get call, e.g., timeout=10, to mitigate the risk of hanging requests.
MEDIUM Bandit Call to requests without timeout TRUE POSITIVE
/home/eizen-7/jenkins/workspace/new-scan/./dms_utils/src/service_utils/eizen_dms_utils.py:67
66 files = [('file', (file_name, f, 'application/octet-stream'))] 67 response = requests.post(url, headers=headers, data=payload, files=files) 68
LLM Analysis: The absence of a timeout in requests.post can lead to denial-of-service vulnerabilities if the server is unresponsive. While not always critical, it represents a valid security risk.
Recommendation: Add a timeout parameter to the requests.post call (e.g., timeout=10) to prevent indefinite hanging requests.
MEDIUM Bandit Call to requests without timeout TRUE POSITIVE
/home/eizen-7/jenkins/workspace/new-scan/./dms_utils/src/service_utils/eizen_dms_utils.py:119
118 try: 119 response = requests.delete(url, headers=headers) 120 response.raise_for_status()
LLM Analysis: The absence of a timeout in HTTP requests can lead to denial-of-service vulnerabilities if the server is unresponsive. The requests library's default behavior is to wait indefinitely, which is a known security risk.
Recommendation: Add a timeout parameter to the requests.delete call, e.g., timeout=(5, 30) for connect and read timeouts.
MEDIUM OWASP-DC CVE-2021-4235: Due to unbounded alias chasing, a maliciously crafted YAML file can cause the system NOT VERIFIED
pkg:pypi/ruamel.yaml.clib@0.2.14:0 CVE-2021-4235 | CVSS: 5.5 | CWE-NVD-CWE-noinfo
Due to unbounded alias chasing, a maliciously crafted YAML file can cause the system to consume significant system resources. If parsing user input, this may be used as a denial of service vector.
LLM Analysis: Not processed due to limit
Recommendation: Manual review required
MEDIUM OWASP-DC CVE-2021-4235: Due to unbounded alias chasing, a maliciously crafted YAML file can cause the system NOT VERIFIED
pkg:pypi/ruamel.yaml@0.19.1:0 CVE-2021-4235 | CVSS: 5.5 | CWE-NVD-CWE-noinfo
Due to unbounded alias chasing, a maliciously crafted YAML file can cause the system to consume significant system resources. If parsing user input, this may be used as a denial of service vector.
LLM Analysis: Not processed due to limit
Recommendation: Manual review required
MEDIUM OWASP-DC CVE-2021-4235: Due to unbounded alias chasing, a maliciously crafted YAML file can cause the system NOT VERIFIED
pkg:pypi/yaml:0 CVE-2021-4235 | CVSS: 5.5 | CWE-NVD-CWE-noinfo
Due to unbounded alias chasing, a maliciously crafted YAML file can cause the system to consume significant system resources. If parsing user input, this may be used as a denial of service vector.
LLM Analysis: Not processed due to limit
Recommendation: Manual review required
LOW Semgrep Annotations passed to `typing.get_type_hints` are evaluated in `globals` and `locals` namespaces. Ma NEEDS REVIEW
/home/eizen-7/jenkins/workspace/new-scan/.sast-venv/lib/python3.12/site-packages/attr/_make.py:3096
requires login
LLM Analysis: LLM verification inconclusive
Recommendation: Manual review required
LOW Semgrep Annotations passed to `typing.get_type_hints` are evaluated in `globals` and `locals` namespaces. Ma NEEDS REVIEW
/home/eizen-7/jenkins/workspace/new-scan/.sast-venv/lib/python3.12/site-packages/attr/_make.py:3349
requires login
LLM Analysis: LLM verification inconclusive
Recommendation: Manual review required
LOW Semgrep Annotations passed to `typing.get_type_hints` are evaluated in `globals` and `locals` namespaces. Ma NEEDS REVIEW
/home/eizen-7/jenkins/workspace/new-scan/.sast-venv/lib/python3.12/site-packages/attr/_make.py:3358
requires login
LLM Analysis: LLM verification inconclusive
Recommendation: Manual review required
LOW Semgrep Annotations passed to `typing.get_type_hints` are evaluated in `globals` and `locals` namespaces. Ma NEEDS REVIEW
/home/eizen-7/jenkins/workspace/new-scan/.sast-venv/lib/python3.12/site-packages/attr/converters.py:54
requires login
LLM Analysis: LLM verification inconclusive
Recommendation: Manual review required
LOW Semgrep Annotations passed to `typing.get_type_hints` are evaluated in `globals` and `locals` namespaces. Ma NEEDS REVIEW
/home/eizen-7/jenkins/workspace/new-scan/.sast-venv/lib/python3.12/site-packages/attr/converters.py:58
requires login
LLM Analysis: LLM verification inconclusive
Recommendation: Manual review required
LOW Semgrep Detected a request using 'http://'. This request will be unencrypted. Use 'https://' instead. FALSE POSITIVE
/home/eizen-7/jenkins/workspace/new-scan/.sast-venv/lib/python3.12/site-packages/cachecontrol/_cmd.py:33
requires login
LLM Analysis: The code snippet provided does not contain any actual HTTP request code. The line 'requires login' appears to be a comment or docstring, not a URL. The tool may have misinterpreted context or flagged a false positive due to incomplete code visibility.
Recommendation: Verify the actual code at line 33 in the file. If no HTTP request is present, suppress this finding as a false positive. If HTTP is used in the actual code, address the encryption issue.
LOW Semgrep Running `socket.bind` to 0.0.0.0, or empty string could unexpectedly expose the server publicly as i NEEDS REVIEW
/home/eizen-7/jenkins/workspace/new-scan/.sast-venv/lib/python3.12/site-packages/nltk/parse/corenlp.py:31
requires login
LLM Analysis: LLM verification inconclusive
Recommendation: Manual review required
LOW Semgrep Flask endpoint - verify authentication is properly configured. NEEDS REVIEW
/home/eizen-7/jenkins/workspace/new-scan/.sast-venv/lib/python3.12/site-packages/packageurl/contrib/purl2url.py:107
requires login
LLM Analysis: LLM verification inconclusive
Recommendation: Manual review required
LOW Semgrep Flask endpoint - verify authentication is properly configured. NEEDS REVIEW
/home/eizen-7/jenkins/workspace/new-scan/.sast-venv/lib/python3.12/site-packages/packageurl/contrib/purl2url.py:123
requires login
LLM Analysis: LLM verification inconclusive
Recommendation: Manual review required
LOW Semgrep Flask endpoint - verify authentication is properly configured. FALSE POSITIVE
/home/eizen-7/jenkins/workspace/new-scan/.sast-venv/lib/python3.12/site-packages/packageurl/contrib/purl2url.py:137
requires login
LLM Analysis: LLM indicated false positive
Recommendation: Review manually
LOW Semgrep Flask endpoint - verify authentication is properly configured. NEEDS REVIEW
/home/eizen-7/jenkins/workspace/new-scan/.sast-venv/lib/python3.12/site-packages/packageurl/contrib/purl2url.py:161
requires login
LLM Analysis: LLM verification inconclusive
Recommendation: Manual review required
LOW Semgrep Flask endpoint - verify authentication is properly configured. NEEDS REVIEW
/home/eizen-7/jenkins/workspace/new-scan/.sast-venv/lib/python3.12/site-packages/packageurl/contrib/purl2url.py:175
requires login
LLM Analysis: LLM verification inconclusive
Recommendation: Manual review required
LOW Semgrep Flask endpoint - verify authentication is properly configured. NEEDS REVIEW
/home/eizen-7/jenkins/workspace/new-scan/.sast-venv/lib/python3.12/site-packages/packageurl/contrib/purl2url.py:191
requires login
LLM Analysis: LLM verification inconclusive
Recommendation: Manual review required
LOW Semgrep Flask endpoint - verify authentication is properly configured. NEEDS REVIEW
/home/eizen-7/jenkins/workspace/new-scan/.sast-venv/lib/python3.12/site-packages/packageurl/contrib/purl2url.py:204
requires login
LLM Analysis: LLM verification inconclusive
Recommendation: Manual review required
LOW Semgrep Flask endpoint - verify authentication is properly configured. NEEDS REVIEW
/home/eizen-7/jenkins/workspace/new-scan/.sast-venv/lib/python3.12/site-packages/packageurl/contrib/purl2url.py:227
requires login
LLM Analysis: LLM verification inconclusive
Recommendation: Manual review required
LOW Semgrep Flask endpoint - verify authentication is properly configured. NEEDS REVIEW
/home/eizen-7/jenkins/workspace/new-scan/.sast-venv/lib/python3.12/site-packages/packageurl/contrib/purl2url.py:243
requires login
LLM Analysis: LLM verification inconclusive
Recommendation: Manual review required
LOW Semgrep Flask endpoint - verify authentication is properly configured. FALSE POSITIVE
/home/eizen-7/jenkins/workspace/new-scan/.sast-venv/lib/python3.12/site-packages/packageurl/contrib/purl2url.py:260
requires login
LLM Analysis: The code snippet shows a comment ('requires login') rather than actual authentication logic. Flask endpoints require explicit authentication checks (e.g., @login_required), but this finding appears to misinterpret a comment as a vulnerability.
Recommendation: Verify if the actual route implementation includes proper authentication. Adjust Semgrep rules to avoid flagging comments as vulnerabilities.
LOW Semgrep Flask endpoint - verify authentication is properly configured. FALSE POSITIVE
/home/eizen-7/jenkins/workspace/new-scan/.sast-venv/lib/python3.12/site-packages/packageurl/contrib/purl2url.py:276
requires login
LLM Analysis: LLM indicated false positive
Recommendation: Review manually
LOW Semgrep Flask endpoint - verify authentication is properly configured. FALSE POSITIVE
/home/eizen-7/jenkins/workspace/new-scan/.sast-venv/lib/python3.12/site-packages/packageurl/contrib/purl2url.py:292
requires login
LLM Analysis: LLM indicated false positive
Recommendation: Review manually
LOW Semgrep Flask endpoint - verify authentication is properly configured. FALSE POSITIVE
/home/eizen-7/jenkins/workspace/new-scan/.sast-venv/lib/python3.12/site-packages/packageurl/contrib/purl2url.py:309
requires login
LLM Analysis: LLM indicated false positive
Recommendation: Review manually
LOW Semgrep Flask endpoint - verify authentication is properly configured. FALSE POSITIVE
/home/eizen-7/jenkins/workspace/new-scan/.sast-venv/lib/python3.12/site-packages/packageurl/contrib/purl2url.py:319
requires login
LLM Analysis: The code snippet shows only a comment ('requires login') without actual authentication implementation. Flask endpoints require explicit decorators (e.g., @login_required) for authentication, which are absent here. The tool likely misinterpreted a comment as a vulnerability.
Recommendation: Verify if the actual code enforces authentication via Flask's security decorators. Adjust Semgrep rules to avoid flagging comments as vulnerabilities.
LOW Semgrep Flask endpoint - verify authentication is properly configured. FALSE POSITIVE
/home/eizen-7/jenkins/workspace/new-scan/.sast-venv/lib/python3.12/site-packages/packageurl/contrib/purl2url.py:340
requires login
LLM Analysis: The code snippet shows only a comment ('requires login') without any actual authentication implementation. Flask endpoints typically use decorators like @login_required, which are absent here. The tool likely misinterpreted a comment as a missing security check.
Recommendation: Review Semgrep's rule configuration to ensure it correctly identifies authentication decorators and implementation logic in Flask routes.
LOW Semgrep Flask endpoint - verify authentication is properly configured. NEEDS REVIEW
/home/eizen-7/jenkins/workspace/new-scan/.sast-venv/lib/python3.12/site-packages/packageurl/contrib/purl2url.py:354
requires login
LLM Analysis: LLM verification inconclusive
Recommendation: Manual review required
LOW Semgrep Flask endpoint - verify authentication is properly configured. FALSE POSITIVE
/home/eizen-7/jenkins/workspace/new-scan/.sast-venv/lib/python3.12/site-packages/packageurl/contrib/purl2url.py:368
requires login
LLM Analysis: LLM indicated false positive
Recommendation: Review manually
LOW Semgrep Flask endpoint - verify authentication is properly configured. FALSE POSITIVE
/home/eizen-7/jenkins/workspace/new-scan/.sast-venv/lib/python3.12/site-packages/packageurl/contrib/purl2url.py:388
requires login
LLM Analysis: LLM indicated false positive
Recommendation: Review manually
LOW Semgrep Flask endpoint - verify authentication is properly configured. NOT VERIFIED
/home/eizen-7/jenkins/workspace/new-scan/.sast-venv/lib/python3.12/site-packages/packageurl/contrib/purl2url.py:410
requires login
LLM Analysis: Not processed due to limit
Recommendation: Manual review required
LOW Semgrep Flask endpoint - verify authentication is properly configured. NOT VERIFIED
/home/eizen-7/jenkins/workspace/new-scan/.sast-venv/lib/python3.12/site-packages/packageurl/contrib/purl2url.py:424
requires login
LLM Analysis: Not processed due to limit
Recommendation: Manual review required
LOW Semgrep Flask endpoint - verify authentication is properly configured. NOT VERIFIED
/home/eizen-7/jenkins/workspace/new-scan/.sast-venv/lib/python3.12/site-packages/packageurl/contrib/purl2url.py:438
requires login
LLM Analysis: Not processed due to limit
Recommendation: Manual review required
LOW Semgrep Flask endpoint - verify authentication is properly configured. NOT VERIFIED
/home/eizen-7/jenkins/workspace/new-scan/.sast-venv/lib/python3.12/site-packages/packageurl/contrib/purl2url.py:446
requires login
LLM Analysis: Not processed due to limit
Recommendation: Manual review required
LOW Semgrep Flask endpoint - verify authentication is properly configured. NOT VERIFIED
/home/eizen-7/jenkins/workspace/new-scan/.sast-venv/lib/python3.12/site-packages/packageurl/contrib/purl2url.py:460
requires login
LLM Analysis: Not processed due to limit
Recommendation: Manual review required
LOW Semgrep Flask endpoint - verify authentication is properly configured. NOT VERIFIED
/home/eizen-7/jenkins/workspace/new-scan/.sast-venv/lib/python3.12/site-packages/packageurl/contrib/purl2url.py:488
requires login
LLM Analysis: Not processed due to limit
Recommendation: Manual review required
LOW Semgrep Flask endpoint - verify authentication is properly configured. NOT VERIFIED
/home/eizen-7/jenkins/workspace/new-scan/.sast-venv/lib/python3.12/site-packages/packageurl/contrib/purl2url.py:502
requires login
LLM Analysis: Not processed due to limit
Recommendation: Manual review required
LOW Semgrep Flask endpoint - verify authentication is properly configured. NOT VERIFIED
/home/eizen-7/jenkins/workspace/new-scan/.sast-venv/lib/python3.12/site-packages/packageurl/contrib/purl2url.py:519
requires login
LLM Analysis: Not processed due to limit
Recommendation: Manual review required
LOW Semgrep Flask endpoint - verify authentication is properly configured. NOT VERIFIED
/home/eizen-7/jenkins/workspace/new-scan/.sast-venv/lib/python3.12/site-packages/packageurl/contrib/purl2url.py:537
requires login
LLM Analysis: Not processed due to limit
Recommendation: Manual review required
LOW Semgrep Flask endpoint - verify authentication is properly configured. NOT VERIFIED
/home/eizen-7/jenkins/workspace/new-scan/.sast-venv/lib/python3.12/site-packages/packageurl/contrib/purl2url.py:581
requires login
LLM Analysis: Not processed due to limit
Recommendation: Manual review required
LOW Semgrep Flask endpoint - verify authentication is properly configured. NOT VERIFIED
/home/eizen-7/jenkins/workspace/new-scan/.sast-venv/lib/python3.12/site-packages/packageurl/contrib/purl2url.py:607
requires login
LLM Analysis: Not processed due to limit
Recommendation: Manual review required
LOW Semgrep Flask endpoint - verify authentication is properly configured. NOT VERIFIED
/home/eizen-7/jenkins/workspace/new-scan/.sast-venv/lib/python3.12/site-packages/packageurl/contrib/purl2url.py:650
requires login
LLM Analysis: Not processed due to limit
Recommendation: Manual review required
LOW Semgrep Flask endpoint - verify authentication is properly configured. NOT VERIFIED
/home/eizen-7/jenkins/workspace/new-scan/.sast-venv/lib/python3.12/site-packages/packageurl/contrib/url2purl.py:126
requires login
LLM Analysis: Not processed due to limit
Recommendation: Manual review required
LOW Semgrep Flask endpoint - verify authentication is properly configured. NOT VERIFIED
/home/eizen-7/jenkins/workspace/new-scan/.sast-venv/lib/python3.12/site-packages/packageurl/contrib/url2purl.py:222
requires login
LLM Analysis: Not processed due to limit
Recommendation: Manual review required
LOW Semgrep Flask endpoint - verify authentication is properly configured. NOT VERIFIED
/home/eizen-7/jenkins/workspace/new-scan/.sast-venv/lib/python3.12/site-packages/packageurl/contrib/url2purl.py:263
requires login
LLM Analysis: Not processed due to limit
Recommendation: Manual review required
LOW Semgrep Flask endpoint - verify authentication is properly configured. NOT VERIFIED
/home/eizen-7/jenkins/workspace/new-scan/.sast-venv/lib/python3.12/site-packages/packageurl/contrib/url2purl.py:281
requires login
LLM Analysis: Not processed due to limit
Recommendation: Manual review required
LOW Semgrep Flask endpoint - verify authentication is properly configured. NOT VERIFIED
/home/eizen-7/jenkins/workspace/new-scan/.sast-venv/lib/python3.12/site-packages/packageurl/contrib/url2purl.py:313
requires login
LLM Analysis: Not processed due to limit
Recommendation: Manual review required
LOW Semgrep Flask endpoint - verify authentication is properly configured. NOT VERIFIED
/home/eizen-7/jenkins/workspace/new-scan/.sast-venv/lib/python3.12/site-packages/packageurl/contrib/url2purl.py:343
requires login
LLM Analysis: Not processed due to limit
Recommendation: Manual review required
LOW Semgrep Flask endpoint - verify authentication is properly configured. NOT VERIFIED
/home/eizen-7/jenkins/workspace/new-scan/.sast-venv/lib/python3.12/site-packages/packageurl/contrib/url2purl.py:404
requires login
LLM Analysis: Not processed due to limit
Recommendation: Manual review required
LOW Semgrep Flask endpoint - verify authentication is properly configured. NOT VERIFIED
/home/eizen-7/jenkins/workspace/new-scan/.sast-venv/lib/python3.12/site-packages/packageurl/contrib/url2purl.py:459
requires login
LLM Analysis: Not processed due to limit
Recommendation: Manual review required
LOW Semgrep Flask endpoint - verify authentication is properly configured. NOT VERIFIED
/home/eizen-7/jenkins/workspace/new-scan/.sast-venv/lib/python3.12/site-packages/packageurl/contrib/url2purl.py:498
requires login
LLM Analysis: Not processed due to limit
Recommendation: Manual review required
LOW Semgrep Flask endpoint - verify authentication is properly configured. NOT VERIFIED
/home/eizen-7/jenkins/workspace/new-scan/.sast-venv/lib/python3.12/site-packages/packageurl/contrib/url2purl.py:608
requires login
LLM Analysis: Not processed due to limit
Recommendation: Manual review required
LOW Semgrep Flask endpoint - verify authentication is properly configured. NOT VERIFIED
/home/eizen-7/jenkins/workspace/new-scan/.sast-venv/lib/python3.12/site-packages/packageurl/contrib/url2purl.py:670
requires login
LLM Analysis: Not processed due to limit
Recommendation: Manual review required
LOW Semgrep Flask endpoint - verify authentication is properly configured. NOT VERIFIED
/home/eizen-7/jenkins/workspace/new-scan/.sast-venv/lib/python3.12/site-packages/packageurl/contrib/url2purl.py:755
requires login
LLM Analysis: Not processed due to limit
Recommendation: Manual review required
LOW Semgrep Detected a request using 'http://'. This request will be unencrypted. Use 'https://' instead. NOT VERIFIED
/home/eizen-7/jenkins/workspace/new-scan/.sast-venv/lib/python3.12/site-packages/pip/_vendor/cachecontrol/_cmd.py:33
requires login
LLM Analysis: Not processed due to limit
Recommendation: Manual review required
LOW Semgrep Annotations passed to `typing.get_type_hints` are evaluated in `globals` and `locals` namespaces. Ma NOT VERIFIED
/home/eizen-7/jenkins/workspace/new-scan/.sast-venv/lib/python3.12/site-packages/pydantic/v1/generics.py:400
requires login
LLM Analysis: Not processed due to limit
Recommendation: Manual review required