AbdullahHasan42/Streamlit-Team-Activity-CRUD

https://github.com/AbdullahHasan42/Streamlit-Team-Activity-CRUD

Scanned on Mar 19, 2026

8 Critical

56 High

70 Medium

24 Low

Base 500+190 bonuses−43 penalties=647C

Bonuses earned

+190

Clean Security+70

Clean Secrets & Credentials+50

Clean Code Quality+30

Has quality README+15

Low complexity+15

No duplication+10

Clean Dependencies+40

Has tests+40

Has CI/CD+30

Has LICENSE+20

Has lock file+10

Has SECURITY.md+10

Has CODEOWNERS+5

Has .gitignore+5

Penalties

−43

dependenciesDependencies−40

bestpracticesBest Practices−3

Grade caps applied

8 critical findingsCapped to C

AI Assessment

VERDICT

Not production-ready. Automated dependency scanning detected 72 vulnerabilities across requirements.txt, including 4 critical CVEs. Without addressing these, the project poses significant security and stability risks in any environment.

TOP RISKS

→ requirements.txt contains GitPython@3.1.31 flagged for CVE-2023-40267 (critical), CVE-2023-40590 (high), and CVE-2024-22190 (high). Trivy detected multiple code execution and privilege escalation vectors in this version.

→ requirements.txt contains Pillow@9.5.0 flagged for CVE-2023-50447 (critical) and four additional high-severity CVEs (CVE-2023-44271, CVE-2023-4863, CVE-2024-28219). Image processing vulnerabilities detected.

→ requirements.txt contains pyarrow@12.0.0 flagged for CVE-2023-47248 (critical). Data processing vulnerability detected.

→ requirements.txt contains cryptography@38.0.4 with 7 separate CVEs (high and medium severity: CVE-2023-0286, CVE-2023-50782, CVE-2024-26130, etc.). Encryption and security primitives affected.

→ requirements.txt contains nltk@3.8 flagged for CVE-2025-14009 (critical) and CVE-2024-39705 (high). NLP processing vulnerabilities detected.

WHAT TO FIX FIRST

Update all pinned dependency versions in requirements.txt to patch versions that resolve the 4 critical CVEs. GitPython, Pillow, pyarrow, and nltk must be upgraded immediately. This single action addresses the highest-impact scanner findings and would significantly improve the security score. Verify each update against your actual code compatibility before deploying.

fix-prompt.md

Category Breakdown

300/300

Security

200/200

Secrets & Credentials

0/150

Dependencies72 findings

100/100

Code Quality

87/100

Best Practices7 findings

Findings(158 in 79 groups)

GitPython: Insecure non-multi options in clone and clone_from is not blocked | Fix available: 3.1.32 | Package: GitPython (pip) | https://avd.aquasec.com/nvd/cve-2023-40267

Affected files

requirements.txt

pillow: Arbitrary Code Execution via the environment parameter | Fix available: 10.2.0 | Package: Pillow (pip) | https://avd.aquasec.com/nvd/cve-2023-50447

Affected files

requirements.txt

nltk: Zip Slip Vulnerability in nltk Leading to Code Execution | Fix available: 3.9.3 | Package: nltk (pip) | https://avd.aquasec.com/nvd/cve-2025-14009

Affected files

requirements.txt

PyArrow: Arbitrary code execution when loading a malicious data file | Fix available: 14.0.1 | Package: pyarrow (pip) | https://avd.aquasec.com/nvd/cve-2023-47248

Affected files

requirements.txt

gitpython: improper executable lookup on windows | Fix available: 3.1.33 | Package: GitPython (pip) | https://avd.aquasec.com/nvd/cve-2023-40590

Affected files

requirements.txt

Untrusted search path under some conditions on Windows allows arbitrary code execution | Fix available: 3.1.41 | Package: GitPython (pip) | https://avd.aquasec.com/nvd/cve-2024-22190

Affected files

requirements.txt

python-pillow: uncontrolled resource consumption when textlength in an ImageDraw instance operates on a long text argument | Fix available: 10.0.0 | Package: Pillow (pip) | https://avd.aquasec.com/nvd/cve-2023-44271

Affected files

requirements.txt

libwebp: Heap buffer overflow in WebP Codec | Fix available: 10.0.1 | Package: Pillow (pip) | https://avd.aquasec.com/nvd/cve-2023-4863

Affected files

requirements.txt

python-pillow: buffer overflow in _imagingcms.c | Fix available: 10.3.0 | Package: Pillow (pip) | https://avd.aquasec.com/nvd/cve-2024-28219

Affected files

requirements.txt

pyjwt: PyJWT accepts unknown `crit` header extensions (RFC 7515 §4.1.11 MUST violation) | Fix available: 2.12.0 | Package: PyJWT (pip) | https://avd.aquasec.com/nvd/cve-2026-32597

Affected files

requirements.txt

Share your ShipScanner

Show the world your code quality. Your report has a beautiful preview image built in.

LinkedIn Twitter / X

Embed Trust Badge

Show your code quality score in your README. The badge updates automatically every time you re-scan.

README.md

[![ShipScanner: B 648](https://shipscanner.dev/api/badge/cmmy20p060002jp048davcf50)](https://shipscanner.dev/report/cmmy20p060002jp048davcf50)