IndexedVerified
Python Security
Python SAST rules aggregated across verified providers.
Fetch pack
greprules pack fetch python-security --engine opengrepcurl https://api.greprules.io/api/packs/python-security.tar.gz -o python-security.tar.gzIncluded rules
CVE-2023-6395: Jinja2 Unsandboxed Template
cve-2023-6395-jinja2-unsandboxed-templateCVE-2024-11406: Django Formfield Missing Dict Validationcve-2024-11406-django-formfield-missing-dict-validationCVE-2024-23826: Python Secure Filename Dos Missing Length Checkcve-2024-23826-python-secure-filename-dos-missing-length-checkCVE-2024-28102: Python Unbounded Zlib Decompressioncve-2024-28102-python-unbounded-zlib-decompressionCVE-2024-41675: Ckan Unescaped Datatable Recordscve-2024-41675-ckan-unescaped-datatable-recordsCVE-2025-12763: Python Conditional Subprocess Shell Truecve-2025-12763-python-conditional-subprocess-shell-trueCVE-2025-12764: Python Ldap Injectioncve-2025-12764-python-ldap-injectionCVE-2025-12765: Ldap3 Tls Cert None Defaultcve-2025-12765-ldap3-tls-cert-none-defaultCVE-2025-45691: Prompt Value Ssrf File Readcve-2025-45691-prompt-value-ssrf-file-readCVE-2025-48869: Django Path Traversal Os Path Joincve-2025-48869-django-path-traversal-os-path-joinCVE-2025-53099: Unvalidated Oauth Parameter Dispatchcve-2025-53099-unvalidated-oauth-parameter-dispatchCVE-2025-53643: Aiohttp Httppayloadparser Unparsed Trailerscve-2025-53643-aiohttp-httppayloadparser-unparsed-trailersCVE-2025-54140: Python Filename Path Traversalcve-2025-54140-python-filename-path-traversalCVE-2025-54141: Python Cgi Path Traversalcve-2025-54141-python-cgi-path-traversalCVE-2025-54796: Arbitrary Re From Requestcve-2025-54796-arbitrary-re-from-requestCVE-2025-55284: Insecure Tmp File Writecve-2025-55284-insecure-tmp-file-writeCVE-2025-55558: Pytorch Inductor Simd Reduction Buffer Overflowcve-2025-55558-pytorch-inductor-simd-reduction-buffer-overflowCVE-2025-55732: Frappe Childquery Dict Sqlicve-2025-55732-frappe-childquery-dict-sqliCVE-2025-58753: Insecure Path Builder Missing Allowlistcve-2025-58753-insecure-path-builder-missing-allowlistCVE-2025-59425: Authorization Header Timing Attackcve-2025-59425-authorization-header-timing-attackCVE-2025-61920: Unbounded Jwt Deserialization Doscve-2025-61920-unbounded-jwt-deserialization-dosCVE-2025-62185: Mpv Missing No Ytdlcve-2025-62185-mpv-missing-no-ytdlCVE-2025-62708: Python Unbounded Bytesio Decompressioncve-2025-62708-python-unbounded-bytesio-decompressionCVE-2025-64340: Python Fastmcp Unencoded Path Substitutioncve-2025-64340-python-fastmcp-unencoded-path-substitutionCVE-2025-65015: Exception Embeds Oversized Variablecve-2025-65015-exception-embeds-oversized-variableCVE-2025-66206: Python Frappe Childquery Sqlicve-2025-66206-python-frappe-childquery-sqliCVE-2025-66418: Unbounded Decoder Chaincve-2025-66418-unbounded-decoder-chainCVE-2025-67725: Python Quadratic String Countingcve-2025-67725-python-quadratic-string-countingCVE-2025-67726: Python Parseparam Quadratic Doscve-2025-67726-python-parseparam-quadratic-dosCVE-2025-68616: Weasyprint Ssrf Urlfetcher Redirectscve-2025-68616-weasyprint-ssrf-urlfetcher-redirectsCVE-2025-68953: Python Unsanitized Dict Key Ast Injectioncve-2025-68953-python-unsanitized-dict-key-ast-injectionCVE-2025-69196: Python Unencoded Path Parameter Substitutioncve-2025-69196-python-unencoded-path-parameter-substitutionCVE-2025-69223: Python Unbounded Decompressioncve-2025-69223-python-unbounded-decompressionCVE-2025-69227: Aiohttp Assert Data Validationcve-2025-69227-aiohttp-assert-data-validationCVE-2025-69228: Aiohttp Multipart Size Accumulator Resetcve-2025-69228-aiohttp-multipart-size-accumulator-resetCVE-2025-70559: Insecure Path Join Pickle Loadscve-2025-70559-insecure-path-join-pickle-loadsCVE-2025-71176: Python Path Chmod Toctoucve-2025-71176-python-path-chmod-toctouCVE-2025-8194: Python Block Padding Missing Negative Checkcve-2025-8194-python-block-padding-missing-negative-checkCVE-2026-0994: Recursion Depth Bypass Dynamic Dispatchcve-2026-0994-recursion-depth-bypass-dynamic-dispatchCVE-2026-10662: Zipfile Extractall Zip Slipcve-2026-10662-zipfile-extractall-zip-slipCVE-2026-10688: Zipfile Extractall Zip Slipcve-2026-10688-zipfile-extractall-zip-slipCVE-2026-21441: Urllib3 Drain Conn Decompression Bombcve-2026-21441-urllib3-drain-conn-decompression-bombCVE-2026-22870: Python Scanner Evasion Extraction Abortcve-2026-22870-python-scanner-evasion-extraction-abortCVE-2026-23490: Unbounded Oid Continuation Octetscve-2026-23490-unbounded-oid-continuation-octetsCVE-2026-23842: Python Sqlalchemy Unmanaged Session Leakcve-2026-23842-python-sqlalchemy-unmanaged-session-leakCVE-2026-24136: Django Missing File Upload Validationcve-2026-24136-django-missing-file-upload-validationCVE-2026-25577: Python Unhandled Simplecookie Loadcve-2026-25577-python-unhandled-simplecookie-loadCVE-2026-25879: Unvalidated Llm Sql Executioncve-2026-25879-unvalidated-llm-sql-executionCVE-2026-26004: Oauth State Presence Routing Bypasscve-2026-26004-oauth-state-presence-routing-bypassCVE-2026-27189: App Ingest Py Cwe 000 Cve 2026 27189cve-2026-27189-app-ingest-py-cwe-000-cve-2026-27189CVE-2026-27628: Circular Xref Infinite Loopcve-2026-27628-circular-xref-infinite-loopCVE-2026-27888: Pypdf Unbounded Zlib Decompresscve-2026-27888-pypdf-unbounded-zlib-decompressCVE-2026-28352: Python Ipaddress Is Private Bypasscve-2026-28352-python-ipaddress-is-private-bypassCVE-2026-28490: Authlib Internal Registry Unsafe Algorithm Lookupcve-2026-28490-authlib-internal-registry-unsafe-algorithm-lookupCVE-2026-28684: Tempfile Cross Device Symlink Overwritecve-2026-28684-tempfile-cross-device-symlink-overwriteCVE-2026-29039: Insecure Elementpath Xpath Evaluationcve-2026-29039-insecure-elementpath-xpath-evaluationCVE-2026-29081: Frappe Unvalidated Dict Key In Childquerycve-2026-29081-frappe-unvalidated-dict-key-in-childqueryCVE-2026-31958: Unbounded Multipart Parsingcve-2026-31958-unbounded-multipart-parsingCVE-2026-32108: Python Incomplete Sanitization Or Unescaped Jsoncve-2026-32108-python-incomplete-sanitization-or-unescaped-jsonCVE-2026-33314: Tar Extractall Missing Symlink Validationcve-2026-33314-tar-extractall-missing-symlink-validationCVE-2026-33431: Incomplete Path Traversal Guardcve-2026-33431-incomplete-path-traversal-guardCVE-2026-33469: Orm Auth Bypass With All Keywordcve-2026-33469-orm-auth-bypass-with-all-keywordCVE-2026-33533: Http Server Cors Wildcardcve-2026-33533-http-server-cors-wildcardCVE-2026-33981: Jq Compile Injectioncve-2026-33981-jq-compile-injectionCVE-2026-33992: Pyload Ssrf Unvalidated Downloadcve-2026-33992-pyload-ssrf-unvalidated-downloadCVE-2026-34531: Missing Token Truthiness Checkcve-2026-34531-missing-token-truthiness-checkCVE-2026-34586: Missing Soft Delete Inactive Checkcve-2026-34586-missing-soft-delete-inactive-checkCVE-2026-34591: Python Pathlib Traversal Joincve-2026-34591-python-pathlib-traversal-joinCVE-2026-34993: Python Pickle Load From Filecve-2026-34993-python-pickle-load-from-fileCVE-2026-35000: Falsy Validation Bypasscve-2026-35000-falsy-validation-bypassCVE-2026-35407: Django Email Enumerationcve-2026-35407-django-email-enumerationCVE-2026-35586: Python Archive Symlink Escapecve-2026-35586-python-archive-symlink-escapeCVE-2026-39377: Insecure Path Join Traversalcve-2026-39377-insecure-path-join-traversalCVE-2026-39378: Path Traversal Join Opencve-2026-39378-path-traversal-join-openCVE-2026-40300: Insecure Dict Denylist Filtercve-2026-40300-insecure-dict-denylist-filterCVE-2026-4035: Pathlib Dynamic Fstring Writecve-2026-4035-pathlib-dynamic-fstring-writeCVE-2026-40491: Archive Extractall Path Traversalcve-2026-40491-archive-extractall-path-traversalCVE-2026-42175: Incomplete Is Private Ssrf Checkcve-2026-42175-incomplete-is-private-ssrf-checkCVE-2026-42314: Tarfile Incomplete Symlink Validationcve-2026-42314-tarfile-incomplete-symlink-validationCVE-2026-44017: Html Backend Py Cwe 000 Cve 2026 44017cve-2026-44017-html-backend-py-cwe-000-cve-2026-44017CVE-2026-44018: Insecure Urljoin To Pathcve-2026-44018-insecure-urljoin-to-pathCVE-2026-44019: Python Docling Html Single Page Dropcve-2026-44019-python-docling-html-single-page-dropCVE-2026-44020: Html Backend Py Cwe 000 Cve 2026 44020cve-2026-44020-html-backend-py-cwe-000-cve-2026-44020CVE-2026-44180: Python Env Yaml Injectioncve-2026-44180-python-env-yaml-injectionCVE-2026-44182: Insecure Env Yaml Injectioncve-2026-44182-insecure-env-yaml-injectionCVE-2026-44545: Autobahn Unbounded Websocket Payloadcve-2026-44545-autobahn-unbounded-websocket-payloadCVE-2026-44796: Django Python Re Redoscve-2026-44796-django-python-re-redosCVE-2026-45306: Tarfile Incomplete Symlink Validationcve-2026-45306-tarfile-incomplete-symlink-validationCVE-2026-46380: Ssrf Unvalidated Uri Fetchcve-2026-46380-ssrf-unvalidated-uri-fetchCVE-2026-46678: Improper Multimodal Extraction Ssrfcve-2026-46678-improper-multimodal-extraction-ssrfCVE-2026-47180: Unbounded Recursion In Parsercve-2026-47180-unbounded-recursion-in-parserCVE-2026-47183: Concurrent Eviction Leak Via Early Returncve-2026-47183-concurrent-eviction-leak-via-early-returnCVE-2026-47214: Docling Htmlbackend Unsafe Ssrf Omissioncve-2026-47214-docling-htmlbackend-unsafe-ssrf-omissionCVE-2026-47265: Missing Cookie Drop On Cross Origin Redirectcve-2026-47265-missing-cookie-drop-on-cross-origin-redirectCVE-2026-48065: Python Shell Command Injectioncve-2026-48065-python-shell-command-injectionCVE-2026-48681: Python Insecure File Url Path Validationcve-2026-48681-python-insecure-file-url-path-validationCVE-2020-36962: Tendenci Unicodewriter Csv Formula Injectioncve-2020-36962-tendenci-unicodewriter-csv-formula-injectionCVE-2020-37002: Ajenti Totp Stage Without Stage1 Bindingcve-2020-37002-ajenti-totp-stage-without-stage1-bindingCVE-2021-47901: Python Csv Injection Unquoted Field In Reportcve-2021-47901-python-csv-injection-unquoted-field-in-reportCVE-2021-47942: Homeassistant View Handler Unsanitized Path Parametercve-2021-47942-homeassistant-view-handler-unsanitized-path-parameterCVE-2021-47952: Python Jsonpickle Unsafe Decode Eval Rcecve-2021-47952-python-jsonpickle-unsafe-decode-eval-rceCVE-2022-0555: Python Log Sensitive Datacve-2022-0555-python-log-sensitive-dataCVE-2023-2800: Python Insecure Tempfile Mktempcve-2023-2800-python-insecure-tempfile-mktempCVE-2023-6597: Python Os Chmod Unsafe Symlinkcve-2023-6597-python-os-chmod-unsafe-symlinkCVE-2024-10081: Python Auth Allowlist Path Endswith Bypasscve-2024-10081-python-auth-allowlist-path-endswith-bypassCVE-2024-11392: Python Torch Load Without Weights Onlycve-2024-11392-python-torch-load-without-weights-onlyCVE-2024-11393: Python Pickle Load Without Trust Remote Code Guardcve-2024-11393-python-pickle-load-without-trust-remote-code-guardCVE-2024-11394: Python Pickle Load Without Trust Remote Code Gatecve-2024-11394-python-pickle-load-without-trust-remote-code-gateCVE-2024-12029: Picklescan Incomplete Guard Allows Pickle Rcecve-2024-12029-picklescan-incomplete-guard-allows-pickle-rceCVE-2024-12720: Python Redos Nested Quantifiers In Re Callscve-2024-12720-python-redos-nested-quantifiers-in-re-callsCVE-2024-2044: Pickle Load Path Built With Os Path Joincve-2024-2044-pickle-load-path-built-with-os-path-joinCVE-2024-21576: Python Eval With Broken Builtins Sandboxcve-2024-21576-python-eval-with-broken-builtins-sandboxCVE-2024-21663: Discord Bot Command Shell Injection Unsanitizedcve-2024-21663-discord-bot-command-shell-injection-unsanitizedCVE-2024-22423: Python Incomplete Windows Cmd Escapingcve-2024-22423-python-incomplete-windows-cmd-escapingCVE-2024-26151: Bs4 Formatter None Xsscve-2024-26151-bs4-formatter-none-xssCVE-2024-27105: Unvalidated Dict To Query Objectcve-2024-27105-unvalidated-dict-to-query-objectCVE-2024-27758: Core Netref Py Cwe 000 Cve 2024 27758cve-2024-27758-core-netref-py-cwe-000-cve-2024-27758CVE-2024-28114: Python Jinja2 Unsafe Environmentcve-2024-28114-python-jinja2-unsafe-environmentCVE-2024-30248: Fastapi Starlette Staticfiles Missing Cspcve-2024-30248-fastapi-starlette-staticfiles-missing-cspCVE-2024-32651: Python Jinja2 Unsandboxed Environment Rendercve-2024-32651-python-jinja2-unsandboxed-environment-renderCVE-2024-32982: Path Traversal Unnormalized Commonpathcve-2024-32982-path-traversal-unnormalized-commonpathCVE-2024-34528: Insecure File Creation Toctoucve-2024-34528-insecure-file-creation-toctouCVE-2024-38519: Unsanitized File Extension Interpolationcve-2024-38519-unsanitized-file-extension-interpolationCVE-2024-39903: Path Startswith Directory Traversalcve-2024-39903-path-startswith-directory-traversalCVE-2024-41671: Python Unescaped Html Formatcve-2024-41671-python-unescaped-html-formatCVE-2024-42835: Fastapi Unauth Code Exec Endpointcve-2024-42835-fastapi-unauth-code-exec-endpointCVE-2024-43782: Insufficient Msgfmt Translation Validationcve-2024-43782-insufficient-msgfmt-translation-validationCVE-2024-47092: Python Eval On Untrusted Deserializationcve-2024-47092-python-eval-on-untrusted-deserializationCVE-2024-48061: Langflow Validate Code Endpoint Without Authcve-2024-48061-langflow-validate-code-endpoint-without-authCVE-2024-48911: Python Subprocess Relative Executablecve-2024-48911-python-subprocess-relative-executableCVE-2024-51378: Cyberpanel Preauth Cmdinjection Via Request Bodycve-2024-51378-cyberpanel-preauth-cmdinjection-via-request-bodyCVE-2024-53442: Python Os System Command Injectioncve-2024-53442-python-os-system-command-injectionCVE-2024-53865: Incomplete Hardcoded Dict Redactioncve-2024-53865-incomplete-hardcoded-dict-redactionCVE-2024-53979: Ansible Module Params Cleartext Logcve-2024-53979-ansible-module-params-cleartext-logCVE-2024-5549: Python Flask Cors Misconfigurationcve-2024-5549-python-flask-cors-misconfigurationCVE-2024-56509: Python Insecure File Uri Validationcve-2024-56509-python-insecure-file-uri-validationCVE-2024-5982: Python Shutil Copyfile Path Traversal Without Realpath Checkcve-2024-5982-python-shutil-copyfile-path-traversal-without-realpath-checkCVE-2024-7143: Improper User Context From Permissionscve-2024-7143-improper-user-context-from-permissionsCVE-2024-8183: Fastapi Cors Wildcard Originscve-2024-8183-fastapi-cors-wildcard-originsCVE-2024-8374: Eval In Parsing String Matchcve-2024-8374-eval-in-parsing-string-matchCVE-2024-9287: Cve 2024 9287 Venv Path Injectioncve-2024-9287-cve-2024-9287-venv-path-injectionCVE-2025-10155: Picklescan Fail Open Magic Errorcve-2025-10155-picklescan-fail-open-magic-errorCVE-2025-10157: Picklescan Module Blocklist Bypasscve-2025-10157-picklescan-module-blocklist-bypassCVE-2025-1066: Python Flask Upload Saved To Static Without Validationcve-2025-1066-python-flask-upload-saved-to-static-without-validationCVE-2025-11157: Pyyaml Unsafe Deserializationcve-2025-11157-pyyaml-unsafe-deserializationCVE-2025-1194: Redos Nested Quantifiers In Re Compilecve-2025-1194-redos-nested-quantifiers-in-re-compileCVE-2025-13609: Sqlalchemy Unhandled Query In Critical Taskcve-2025-13609-sqlalchemy-unhandled-query-in-critical-taskCVE-2025-13708: Pytorch Insecure Loadcve-2025-13708-pytorch-insecure-loadCVE-2025-13709: Pytorch Load Unsafe Deserializationcve-2025-13709-pytorch-load-unsafe-deserializationCVE-2025-13714: Insecure Torch Loadcve-2025-13714-insecure-torch-loadCVE-2025-13715: Model Resnet Py Cwe 502 Cve 2025 13715cve-2025-13715-model-resnet-py-cwe-502-cve-2025-13715CVE-2025-13716: Torch Safe Globals Broad Whitelistcve-2025-13716-torch-safe-globals-broad-whitelistCVE-2025-14551: Common Apidef Py Cwe 000 Cve 2025 14551cve-2025-14551-common-apidef-py-cwe-000-cve-2025-14551CVE-2025-14700: Python Jinja2 Unsandboxed Environment From String Ssticve-2025-14700-python-jinja2-unsandboxed-environment-from-string-sstiCVE-2025-1497: Python Exec Eval On Dynamic Inputcve-2025-1497-python-exec-eval-on-dynamic-inputCVE-2025-1550: Python Importlib Deserialization No Allowlistcve-2025-1550-python-importlib-deserialization-no-allowlistCVE-2025-22153: Python Sandbox Allows Exceptiongroupcve-2025-22153-python-sandbox-allows-exceptiongroupCVE-2025-23211: Jinja2 Unsandboxed Template Render Ssticve-2025-23211-jinja2-unsandboxed-template-render-sstiCVE-2025-23212: Unvalidated Listdir To Dbcve-2025-23212-unvalidated-listdir-to-dbCVE-2025-27135: Python Sqli Execute Regex Split Statementcve-2025-27135-python-sqli-execute-regex-split-statementCVE-2025-27154: Python Token Cache File Write Without Restrictive Chmodcve-2025-27154-python-token-cache-file-write-without-restrictive-chmodCVE-2025-27778: Python Torch Load Unsafe Deserializationcve-2025-27778-python-torch-load-unsafe-deserializationCVE-2025-27779: Python Torch Load Without Weights Onlycve-2025-27779-python-torch-load-without-weights-onlyCVE-2025-27780: Python Torch Load Without Weights Onlycve-2025-27780-python-torch-load-without-weights-onlyCVE-2025-27781: Python Torch Load Without Weights Onlycve-2025-27781-python-torch-load-without-weights-onlyCVE-2025-2945: Python Eval On Non Literal Rcecve-2025-2945-python-eval-on-non-literal-rceCVE-2025-31479: Typer Shows Locals In Exceptionscve-2025-31479-typer-shows-locals-in-exceptionsCVE-2025-32444: Zmq Recv Pyobj Unsafe Pickle Deserializationcve-2025-32444-zmq-recv-pyobj-unsafe-pickle-deserializationCVE-2025-3248: Langflow Validate Code Endpoint Missing Authcve-2025-3248-langflow-validate-code-endpoint-missing-authCVE-2025-3777: Python Discarded None Fallback Expression Statementcve-2025-3777-python-discarded-none-fallback-expression-statementCVE-2025-3933: Python Redos Lazy Wildcard Angle Bracket Regexcve-2025-3933-python-redos-lazy-wildcard-angle-bracket-regexCVE-2025-43842: Python Subprocess Shell True With Interpolated Commandcve-2025-43842-python-subprocess-shell-true-with-interpolated-commandCVE-2025-43863: Change Password Bruteforce No Rate Limitcve-2025-43863-change-password-bruteforce-no-rate-limitCVE-2025-46724: Python Eval Untrusted Dataframe Expressioncve-2025-46724-python-eval-untrusted-dataframe-expressionCVE-2025-46725: Python Eval Empty Globals False Sandboxcve-2025-46725-python-eval-empty-globals-false-sandboxCVE-2025-48383: Django Widget Shared Token Initcve-2025-48383-django-widget-shared-token-initCVE-2025-5120: Python Sandbox Unvalidated Callable Returncve-2025-5120-python-sandbox-unvalidated-callable-returnCVE-2025-53002: Insecure Torch Loadcve-2025-53002-insecure-torch-loadCVE-2025-53528: Fastapi Openapi Xss From Requestcve-2025-53528-fastapi-openapi-xss-from-requestCVE-2025-54802: Python Path Blocklist Replace Traversalcve-2025-54802-python-path-blocklist-replace-traversalCVE-2025-54886: Insecure Joblib Fallbackcve-2025-54886-insecure-joblib-fallbackCVE-2025-58761: Path Traversal Via Unvalidated Extensioncve-2025-58761-path-traversal-via-unvalidated-extensionCVE-2025-59945: Drf Missing Readonly Is Project Admincve-2025-59945-drf-missing-readonly-is-project-adminCVE-2025-60455: Unsafe Pickle Default Argumentcve-2025-60455-unsafe-pickle-default-argumentCVE-2025-6051: Redos Digit Regex Non Possessive Quantifiercve-2025-6051-redos-digit-regex-non-possessive-quantifierCVE-2025-61673: Python Fastapi Auth Header Fail Opencve-2025-61673-python-fastapi-auth-header-fail-openCVE-2025-61784: Llamafactory Ssrf Lfi Chat Apicve-2025-61784-llamafactory-ssrf-lfi-chat-apiCVE-2025-62373: Python Pickle Loads On Untrusted Deserialize Inputcve-2025-62373-python-pickle-loads-on-untrusted-deserialize-inputCVE-2025-62382: Frigate Event Thumbnail Missing Extensioncve-2025-62382-frigate-event-thumbnail-missing-extensionCVE-2025-64512: Path Traversal To Pickle Deserializationcve-2025-64512-path-traversal-to-pickle-deserializationCVE-2025-64725: Weblate Invitation Post Missing Recipient Validationcve-2025-64725-weblate-invitation-post-missing-recipient-validationCVE-2025-65027: Python Httpx Client Unprotected Ssrfcve-2025-65027-python-httpx-client-unprotected-ssrfCVE-2025-65719: Python Subprocess Shell True Fstring Injectioncve-2025-65719-python-subprocess-shell-true-fstring-injectionCVE-2025-65958: Web Main Py Cwe 918 Cve 2025 65958cve-2025-65958-web-main-py-cwe-918-cve-2025-65958CVE-2025-6638: Redos Greedy Dot Quantifier Flanked By Literalscve-2025-6638-redos-greedy-dot-quantifier-flanked-by-literalsCVE-2025-66416: Mcp Missing Dns Rebinding Protectioncve-2025-66416-mcp-missing-dns-rebinding-protectionCVE-2025-67747: Python Incomplete Module Blocklistcve-2025-67747-python-incomplete-module-blocklistCVE-2025-69201: Pydantic Unvalidated Command List Fieldcve-2025-69201-pydantic-unvalidated-command-list-fieldCVE-2025-6921: Cve 2025 6921 Redos Possessive Quantifier Regex Compilecve-2025-6921-cve-2025-6921-redos-possessive-quantifier-regex-compileCVE-2025-69286: Insecure Urlsafetimedserializer Token Generationcve-2025-69286-insecure-urlsafetimedserializer-token-generationCVE-2025-69662: Sqlalchemy Text Dynamic String Sqlicve-2025-69662-sqlalchemy-text-dynamic-string-sqliCVE-2025-71063: Caldav Client Ssl Verify Cert Disabledcve-2025-71063-caldav-client-ssl-verify-cert-disabledCVE-2025-8406: Tar Unsafe Member Extractioncve-2025-8406-tar-unsafe-member-extractionCVE-2025-8747: Python Unsafe Dynamic Module Attribute Returncve-2025-8747-python-unsafe-dynamic-module-attribute-returnCVE-2025-9636: Python Dict Missing Coop Headercve-2025-9636-python-dict-missing-coop-headerCVE-2026-10042: Insecure Fastapi Pickle Deserializationcve-2026-10042-insecure-fastapi-pickle-deserializationCVE-2026-10044: Python Incomplete Path Traversal Bypasscve-2026-10044-python-incomplete-path-traversal-bypassCVE-2026-10107: Ssrf Missing Private Ip Blockcve-2026-10107-ssrf-missing-private-ip-blockCVE-2026-10108: Path Traversal Startswith Missing Separatorcve-2026-10108-path-traversal-startswith-missing-separatorCVE-2026-1839: Python Torch Load Without Weights Onlycve-2026-1839-python-torch-load-without-weights-onlyCVE-2026-22038: Logger Credential Leak Get Secret Valuecve-2026-22038-logger-credential-leak-get-secret-valueCVE-2026-22778: Vllm Fastapi Exception Handler Leaks Memory Addresscve-2026-22778-vllm-fastapi-exception-handler-leaks-memory-addressCVE-2026-23535: Path Traversal From Untrusted Slugcve-2026-23535-path-traversal-from-untrusted-slugCVE-2026-23846: Python Sensitive Query Paramcve-2026-23846-python-sensitive-query-paramCVE-2026-23949: Tarfile Unsafe Custom Filtercve-2026-23949-tarfile-unsafe-custom-filterCVE-2026-24010: Django Path Traversal Insecure Joincve-2026-24010-django-path-traversal-insecure-joinCVE-2026-24162: Model Base Py Cwe 502 Cve 2026 24162cve-2026-24162-model-base-py-cwe-502-cve-2026-24162CVE-2026-24486: Unsanitized Uploaded Filename Splitcve-2026-24486-unsanitized-uploaded-filename-splitCVE-2026-25115: Python Ast Visitor Denylist Missing Match Class Handlercve-2026-25115-python-ast-visitor-denylist-missing-match-class-handlerCVE-2026-25632: Unsafe Dynamic Importlib Class Resolutioncve-2026-25632-unsafe-dynamic-importlib-class-resolutionCVE-2026-25636: Path Traversal Uri Getcwdcve-2026-25636-path-traversal-uri-getcwdCVE-2026-25660: Codechecker Permission Helper Missing Is Auth Enabledcve-2026-25660-codechecker-permission-helper-missing-is-auth-enabledCVE-2026-25731: Insecure Templite Enginecve-2026-25731-insecure-templite-engineCVE-2026-25873: Python Pickle Loads On Http Request Bodycve-2026-25873-python-pickle-loads-on-http-request-bodyCVE-2026-26210: Python Pickle Loads On Zmq Recvcve-2026-26210-python-pickle-loads-on-zmq-recvCVE-2026-27459: Pyopenssl Dtls Cookie Callback Buffer Overflowcve-2026-27459-pyopenssl-dtls-cookie-callback-buffer-overflowCVE-2026-27905: Tarfile Custom Extract Symlink Traversalcve-2026-27905-tarfile-custom-extract-symlink-traversalCVE-2026-27975: Ajenti Http X Url Prefix Unvalidatedcve-2026-27975-ajenti-http-x-url-prefix-unvalidatedCVE-2026-28416: Gradio Unvalidated Proxy Allowlist Additioncve-2026-28416-gradio-unvalidated-proxy-allowlist-additionCVE-2026-28498: Fail Open Crypto Comparisoncve-2026-28498-fail-open-crypto-comparisonCVE-2026-28518: Console App Py Cwe 000 Cve 2026 28518cve-2026-28518-console-app-py-cwe-000-cve-2026-28518CVE-2026-28681: Starlette Missing Trustedhostmiddlewarecve-2026-28681-starlette-missing-trustedhostmiddlewareCVE-2026-28795: Python Unvalidated File Format Path Traversalcve-2026-28795-python-unvalidated-file-format-path-traversalCVE-2026-28802: Jws None Algorithm Verify Missing Empty Sig Checkcve-2026-28802-jws-none-algorithm-verify-missing-empty-sig-checkCVE-2026-29080: Sqlalchemy Text Hardcoded Bindparam Val Collisioncve-2026-29080-sqlalchemy-text-hardcoded-bindparam-val-collisionCVE-2026-29090: Psycopg2 Execute Format String Sqlicve-2026-29090-psycopg2-execute-format-string-sqliCVE-2026-30242: Unruleable Custom Ssrf Domain Denylistcve-2026-30242-unruleable-custom-ssrf-domain-denylistCVE-2026-30351: Skipped Project Specific Command Executioncve-2026-30351-skipped-project-specific-command-executionCVE-2026-30893: Python Os Path Join Decoded Untrusted Writecve-2026-30893-python-os-path-join-decoded-untrusted-writeCVE-2026-31040: Python Stata Dofile Executed Without Shell Escape Validationcve-2026-31040-python-stata-dofile-executed-without-shell-escape-validationCVE-2026-31235: Python Pickle Loads On Multiprocessing Queue Datacve-2026-31235-python-pickle-loads-on-multiprocessing-queue-dataCVE-2026-31877: Frappe Sanitize Fields Single Paren Blacklist Bypasscve-2026-31877-frappe-sanitize-fields-single-paren-blacklist-bypassCVE-2026-31899: Python Unbounded Svg Use Amplificationcve-2026-31899-python-unbounded-svg-use-amplificationCVE-2026-31900: Permissive Pip Requirement Version Regexcve-2026-31900-permissive-pip-requirement-version-regexCVE-2026-32247: Insecure Valueerror For Security Checkcve-2026-32247-insecure-valueerror-for-security-checkCVE-2026-32311: Python Subprocess Shell True Fstring Injectioncve-2026-32311-python-subprocess-shell-true-fstring-injectionCVE-2026-32610: Fastapi Starlette Cors Wildcard Credentialscve-2026-32610-fastapi-starlette-cors-wildcard-credentialsCVE-2026-32634: Glances Zeroconf Credential Leakcve-2026-32634-glances-zeroconf-credential-leakCVE-2026-32711: Pydicom Referencedfileid Path Traversalcve-2026-32711-pydicom-referencedfileid-path-traversalCVE-2026-32714: Python Sqlite3 Format Sql Injectioncve-2026-32714-python-sqlite3-format-sql-injectionCVE-2026-32716: Path Startswith Bypasscve-2026-32716-path-startswith-bypassCVE-2026-32808: Tarfile Symlink Validation Bypasscve-2026-32808-tarfile-symlink-validation-bypassCVE-2026-32871: Url Path Param Not Percent Encodedcve-2026-32871-url-path-param-not-percent-encodedCVE-2026-32949: Python Sqli Format Executecve-2026-32949-python-sqli-format-executeCVE-2026-33017: Langflow Public Build Rce Via Data Paramcve-2026-33017-langflow-public-build-rce-via-data-paramCVE-2026-33054: Pathlib Path Traversal Unvalidated Token Concatcve-2026-33054-pathlib-path-traversal-unvalidated-token-concatCVE-2026-33057: Python Flask Request Code Executioncve-2026-33057-python-flask-request-code-executionCVE-2026-33076: Python Path Traversal Fstring Host Param Unvalidatedcve-2026-33076-python-path-traversal-fstring-host-param-unvalidatedCVE-2026-33077: Unvalidated Flask Request Path Traversalcve-2026-33077-unvalidated-flask-request-path-traversalCVE-2026-33154: Unsafe Template Evaluation Dynaconfcve-2026-33154-unsafe-template-evaluation-dynaconfCVE-2026-33212: Celery Task Pending State Missing Authorizationcve-2026-33212-celery-task-pending-state-missing-authorizationCVE-2026-33231: Nltk Lexical Path Traversal Symlinkcve-2026-33231-nltk-lexical-path-traversal-symlinkCVE-2026-33236: Insecure Path Join Opencve-2026-33236-insecure-path-join-openCVE-2026-33654: Python Channel Acl Fail Open Empty Allowlistcve-2026-33654-python-channel-acl-fail-open-empty-allowlistCVE-2026-33744: Py Httpx Dns Rebinding Toctoucve-2026-33744-py-httpx-dns-rebinding-toctouCVE-2026-33752: Curl Cffi Ssrf Unsafe Redirectscve-2026-33752-curl-cffi-ssrf-unsafe-redirectsCVE-2026-33756: Unbounded Custom Graphql Batch Processingcve-2026-33756-unbounded-custom-graphql-batch-processingCVE-2026-34513: Unbounded Dict Cachecve-2026-34513-unbounded-dict-cacheCVE-2026-34515: Aiohttp Unc Path Disclosurecve-2026-34515-aiohttp-unc-path-disclosureCVE-2026-34516: Unchecked Async Readline Accumulationcve-2026-34516-unchecked-async-readline-accumulationCVE-2026-34824: Unbounded Thread Creation In Loopcve-2026-34824-unbounded-thread-creation-in-loopCVE-2026-34935: Python Shlex Split Unvalidated Executablecve-2026-34935-python-shlex-split-unvalidated-executableCVE-2026-34936: Ai Agent Tool Unauthorized File Opcve-2026-34936-ai-agent-tool-unauthorized-file-opCVE-2026-34938: Static Method Destructive File Op No Instance Authzcve-2026-34938-static-method-destructive-file-op-no-instance-authzCVE-2026-34977: Python Bash Sh Dash C Dynamic Command Injectioncve-2026-34977-python-bash-sh-dash-c-dynamic-command-injectionCVE-2026-35052: Python Unsafe Pickle Deserialization Storage Backendcve-2026-35052-python-unsafe-pickle-deserialization-storage-backendCVE-2026-35464: Pyload Incomplete Admin Optionscve-2026-35464-pyload-incomplete-admin-optionsCVE-2026-35465: Custom Archive Filename Missing Validationcve-2026-35465-custom-archive-filename-missing-validationCVE-2026-35523: Strawberry Graphql Ws Unauthenticated Startcve-2026-35523-strawberry-graphql-ws-unauthenticated-startCVE-2026-35526: Graphql Ws Missing Limits And Authcve-2026-35526-graphql-ws-missing-limits-and-authCVE-2026-35615: Praisonai Workspace Access Bypasscve-2026-35615-praisonai-workspace-access-bypassCVE-2026-39307: File Tools Py Cwe 000 Cve 2026 39307cve-2026-39307-file-tools-py-cwe-000-cve-2026-39307CVE-2026-39888: Python Exec Unrestricted Builtins Sandboxcve-2026-39888-python-exec-unrestricted-builtins-sandboxCVE-2026-39889: Ai Agent Tool Static File Op Sandbox Bypasscve-2026-39889-ai-agent-tool-static-file-op-sandbox-bypassCVE-2026-39987: Marimo Websocket Missing Validate Authcve-2026-39987-marimo-websocket-missing-validate-authCVE-2026-40030: Os Popen Command Injectioncve-2026-40030-os-popen-command-injectionCVE-2026-40116: Static Validation Workspace Bypasscve-2026-40116-static-validation-workspace-bypassCVE-2026-40149: Static Method File Operation Sandbox Bypasscve-2026-40149-static-method-file-operation-sandbox-bypassCVE-2026-40154: Praisonai Tool Static Destructive File Op Without Workspace Guardcve-2026-40154-praisonai-tool-static-destructive-file-op-without-workspace-guardCVE-2026-40158: Sqli Fstring Interpolationcve-2026-40158-sqli-fstring-interpolationCVE-2026-40258: Python Zipfile Extractall Zip Slipcve-2026-40258-python-zipfile-extractall-zip-slipCVE-2026-40288: Praisonai Filetools Missing Workspace Containmentcve-2026-40288-praisonai-filetools-missing-workspace-containmentCVE-2026-40289: Praisonai Filetools Destructive Missing Workspace Checkcve-2026-40289-praisonai-filetools-destructive-missing-workspace-checkCVE-2026-40315: Python Sql Identifier Injection Via Unvalidated Prefixcve-2026-40315-python-sql-identifier-injection-via-unvalidated-prefixCVE-2026-40525: Python Auth Fail Open Empty Api Keycve-2026-40525-python-auth-fail-open-empty-api-keyCVE-2026-40576: Python Path Traversal Unsafe Sandbox Resolvercve-2026-40576-python-path-traversal-unsafe-sandbox-resolverCVE-2026-41205: Python Backslash Path Traversal Bypasscve-2026-41205-python-backslash-path-traversal-bypassCVE-2026-41588: Python Non Constant Time Secret Comparisoncve-2026-41588-python-non-constant-time-secret-comparisonCVE-2026-41895: Python Falsy Validation Bypasscve-2026-41895-python-falsy-validation-bypassCVE-2026-42031: Ckan Check Access Bypass Via Whitelistcve-2026-42031-ckan-check-access-bypass-via-whitelistCVE-2026-42079: Python Eval Empty Globalscve-2026-42079-python-eval-empty-globalsCVE-2026-42196: Python Pureposixpath Traversal Without Clean Namecve-2026-42196-python-pureposixpath-traversal-without-clean-nameCVE-2026-42197: Django Marksafe String Interpolationcve-2026-42197-django-marksafe-string-interpolationCVE-2026-42304: Twisted Dns Decompression Loopcve-2026-42304-twisted-dns-decompression-loopCVE-2026-42315: Tarfile Incomplete Symlink Validationcve-2026-42315-tarfile-incomplete-symlink-validationCVE-2026-42352: Python Ssrf Unvalidated Callback Urlcve-2026-42352-python-ssrf-unvalidated-callback-urlCVE-2026-42463: Python Sqli Execute Formatcve-2026-42463-python-sqli-execute-formatCVE-2026-42563: Unquoted Replace Subprocesscve-2026-42563-unquoted-replace-subprocessCVE-2026-42796: Arelle Webserver Plugins From Request Query Rcecve-2026-42796-arelle-webserver-plugins-from-request-query-rceCVE-2026-42864: Drf Allowany On Serializer Bound Viewcve-2026-42864-drf-allowany-on-serializer-bound-viewCVE-2026-42869: Python Hardcoded Secret Env Fallbackcve-2026-42869-python-hardcoded-secret-env-fallbackCVE-2026-43891: Falsy Dict Get Validation Bypasscve-2026-43891-falsy-dict-get-validation-bypassCVE-2026-43948: Django Modelform Instance Field Tautological Comparisoncve-2026-43948-django-modelform-instance-field-tautological-comparisonCVE-2026-44339: File Op Static Method Bypasses Workspace Access Controlcve-2026-44339-file-op-static-method-bypasses-workspace-access-controlCVE-2026-44345: Ssrf Toctou Dns Rebindingcve-2026-44345-ssrf-toctou-dns-rebindingCVE-2026-44708: Inline Delimiter Regex Missing Escape Handlingcve-2026-44708-inline-delimiter-regex-missing-escape-handlingCVE-2026-44717: Python Mcp Tool Eval Code Injectioncve-2026-44717-python-mcp-tool-eval-code-injectionCVE-2026-44797: Python Requests Session Send Redirect Ssrfcve-2026-44797-python-requests-session-send-redirect-ssrfCVE-2026-44896: Inline Span Regex Dot Any Body Xsscve-2026-44896-inline-span-regex-dot-any-body-xssCVE-2026-44897: Inline Delimiter Regex Missing Escape Handlingcve-2026-44897-inline-delimiter-regex-missing-escape-handlingCVE-2026-45315: Fastapi Fileresponse Path Route Missing Protection Headerscve-2026-45315-fastapi-fileresponse-path-route-missing-protection-headersCVE-2026-45365: Fastapi Internal Auth Bypass Flag As Query Paramcve-2026-45365-fastapi-internal-auth-bypass-flag-as-query-paramCVE-2026-45675: First User Admin Toctoucve-2026-45675-first-user-admin-toctouCVE-2026-45725: Path Traversal Via Url Pathcve-2026-45725-path-traversal-via-url-pathCVE-2026-46345: Jinja Recursive Ssticve-2026-46345-jinja-recursive-sstiCVE-2026-46374: Sqlfluff Databricks Dos Missing Parameter Rulescve-2026-46374-sqlfluff-databricks-dos-missing-parameter-rulesCVE-2026-46439: Python Jinja Recursive Ssticve-2026-46439-python-jinja-recursive-sstiCVE-2026-47269: Python Shell Command Injection Via String Formattingcve-2026-47269-python-shell-command-injection-via-string-formattingCVE-2026-47392: Agent Tool Static File Operationscve-2026-47392-agent-tool-static-file-operationsCVE-2026-47393: Ai Agent Uncontained File Operationcve-2026-47393-ai-agent-uncontained-file-operationCVE-2026-47394: Agent Tool Static File Access Bypasscve-2026-47394-agent-tool-static-file-access-bypassCVE-2026-47396: Ai Agent Tool Static File Sandbox Bypasscve-2026-47396-ai-agent-tool-static-file-sandbox-bypassCVE-2026-47397: Unsafe Static File Mutation Agentcve-2026-47397-unsafe-static-file-mutation-agentCVE-2026-47405: Static Path Validation Sandbox Bypasscve-2026-47405-static-path-validation-sandbox-bypassCVE-2026-47406: Praisonai Unisolated File Opcve-2026-47406-praisonai-unisolated-file-opCVE-2026-47407: Python Agent Tool Static File Operationcve-2026-47407-python-agent-tool-static-file-operationCVE-2026-47410: Static Method File Operation Sandbox Bypasscve-2026-47410-static-method-file-operation-sandbox-bypassCVE-2026-47414: Ai Agent Unscoped File Operationcve-2026-47414-ai-agent-unscoped-file-operationCVE-2026-47416: Ai Agent Unconfined File Operationcve-2026-47416-ai-agent-unconfined-file-operationCVE-2026-48064: Python Shell Command Injectioncve-2026-48064-python-shell-command-injectionCVE-2026-48544: Python Dynamic Method Json Loads Oomcve-2026-48544-python-dynamic-method-json-loads-oomCVE-2026-5271: Python Sys Path Empty Stringcve-2026-5271-python-sys-path-empty-stringCVE-2026-6266: Unconditional Self Edit Privilegecve-2026-6266-unconditional-self-edit-privilegeCVE-2026-6823: System Prompt Py Cwe 000 Cve 2026 6823cve-2026-6823-system-prompt-py-cwe-000-cve-2026-6823CVE-2026-6911: Python Jwt Payload Decoded Without Signature Verificationcve-2026-6911-python-jwt-payload-decoded-without-signature-verificationAssert Assert Usedgitlab-sast-python-assert-rule-assert-usedBind All Interfaces General Bindall Interfacesgitlab-sast-python-bind-all-interfaces-rule-general-bindall-interfacesCrypto Cipher Modesgitlab-sast-python-crypto-rule-cipher-modesCrypto Crypto Cipher Blowfishgitlab-sast-python-crypto-rule-crypto-cipher-blowfishCrypto Crypto Cipher Desgitlab-sast-python-crypto-rule-crypto-cipher-desCrypto Crypto Cipher Rc2gitlab-sast-python-crypto-rule-crypto-cipher-rc2Crypto Crypto Cipher Rc4gitlab-sast-python-crypto-rule-crypto-cipher-rc4Crypto Crypto Cipher Xorgitlab-sast-python-crypto-rule-crypto-cipher-xorCrypto Crypto Encrypt Dsa Rsagitlab-sast-python-crypto-rule-crypto-encrypt-dsa-rsaCrypto Crypto Encrypt Ecgitlab-sast-python-crypto-rule-crypto-encrypt-ecCrypto Crypto Hash Md5gitlab-sast-python-crypto-rule-crypto-hash-md5Crypto Crypto Hash Sha1gitlab-sast-python-crypto-rule-crypto-hash-sha1Crypto Crypto Hazmat Cipher Arc4gitlab-sast-python-crypto-rule-crypto-hazmat-cipher-arc4Crypto Crypto Hazmat Cipher Blowfishgitlab-sast-python-crypto-rule-crypto-hazmat-cipher-blowfishCrypto Crypto Hazmat Cipher Ideagitlab-sast-python-crypto-rule-crypto-hazmat-cipher-ideaCrypto Crypto Hazmat Hash Md5gitlab-sast-python-crypto-rule-crypto-hazmat-hash-md5Crypto Crypto Hazmat Hash Sha1gitlab-sast-python-crypto-rule-crypto-hazmat-hash-sha1Crypto Hash Md2gitlab-sast-python-crypto-rule-hash-md2Crypto Hash Md4gitlab-sast-python-crypto-rule-hash-md4Crypto Hash Md5gitlab-sast-python-crypto-rule-hash-md5Crypto Hash Sha1gitlab-sast-python-crypto-rule-hash-sha1Crypto Hashlib New Insecure Functionsgitlab-sast-python-crypto-rule-hashlib-new-insecure-functionsCrypto Import Pycryptogitlab-sast-python-crypto-rule-import-pycryptoDeserialization Cpicklegitlab-sast-python-deserialization-rule-cpickleDeserialization Dillgitlab-sast-python-deserialization-rule-dillDeserialization Marshalgitlab-sast-python-deserialization-rule-marshalDeserialization Picklegitlab-sast-python-deserialization-rule-pickleDeserialization Shelvegitlab-sast-python-deserialization-rule-shelveDeserialization Yaml Loadgitlab-sast-python-deserialization-rule-yaml-loadDjango Django Extra Usedgitlab-sast-python-django-rule-django-extra-usedEscaping Jinja2 Autoescape Falsegitlab-sast-python-escaping-rule-jinja2-autoescape-falseEscaping Use Of Mako Templatesgitlab-sast-python-escaping-rule-use-of-mako-templatesEval Evalgitlab-sast-python-eval-rule-evalExec Exec Usedgitlab-sast-python-exec-rule-exec-usedExec Linux Command Wildcard Injectiongitlab-sast-python-exec-rule-linux-command-wildcard-injectionExec Os Pathgitlab-sast-python-exec-rule-os-pathExec Os Popen2gitlab-sast-python-exec-rule-os-popen2Exec Start Process With No Shellgitlab-sast-python-exec-rule-start-process-with-no-shellExec Subprocess Callgitlab-sast-python-exec-rule-subprocess-callExec Subprocess Popen Shell Truegitlab-sast-python-exec-rule-subprocess-popen-shell-trueExec Subprocess Shell TRUEgitlab-sast-python-exec-rule-subprocess-shell-trueFile Permissions General Bad Permissiongitlab-sast-python-file-permissions-rule-general-bad-permissionFiles Tarfile Unsafe Membersgitlab-sast-python-files-rule-tarfile-unsafe-membersFlask App Debuggitlab-sast-python-flask-rule-app-debugFtp Ftplibgitlab-sast-python-ftp-rule-ftplibLog Logging Config Insecure Listengitlab-sast-python-log-rule-logging-config-insecure-listenRandom Randomgitlab-sast-python-random-rule-randomRequests Request Without Timeoutgitlab-sast-python-requests-rule-request-without-timeoutSnmp Insecure Snmp Versiongitlab-sast-python-snmp-rule-insecure-snmp-versionSnmp Snmp Weak Cryptographygitlab-sast-python-snmp-rule-snmp-weak-cryptographySql Hardcoded Sql Expressiongitlab-sast-python-sql-rule-hardcoded-sql-expressionSsh Ssh Nohost Key Verificationgitlab-sast-python-ssh-rule-ssh-nohost-key-verificationSsl Req No Certvalidgitlab-sast-python-ssl-rule-req-no-certvalidSsl Ssl No Versiongitlab-sast-python-ssl-rule-ssl-no-versionSsl Ssl With Bad Versiongitlab-sast-python-ssl-rule-ssl-with-bad-versionSsl Unverified Contextgitlab-sast-python-ssl-rule-unverified-contextTelnet Import Telnibgitlab-sast-python-telnet-rule-import-telnibTmpdir Hardcodedtmpgitlab-sast-python-tmpdir-rule-hardcodedtmpTmpdir Mktemp Qgitlab-sast-python-tmpdir-rule-mktemp-qUrlopen Urllib Urlopengitlab-sast-python-urlopen-rule-urllib-urlopenXml Celementgitlab-sast-python-xml-rule-celementXml Elementgitlab-sast-python-xml-rule-elementXml Etreegitlab-sast-python-xml-rule-etreeXml Expatbuildergitlab-sast-python-xml-rule-expatbuilderXml Expatreadergitlab-sast-python-xml-rule-expatreaderXml Minidomgitlab-sast-python-xml-rule-minidomXml Pulldomgitlab-sast-python-xml-rule-pulldomXml Saxgitlab-sast-python-xml-rule-saxExec Start Process Partial Pathgitlab-sast-rules-gitlab-python-exec-rule-start-process-partial-pathExec Start Process Pathgitlab-sast-rules-gitlab-python-exec-rule-start-process-pathExec Subprocess Call Arraygitlab-sast-rules-gitlab-python-exec-rule-subprocess-call-array