AbdullahHasan42/Streamlit-Team-Activity-CRUD
https://github.com/AbdullahHasan42/Streamlit-Team-Activity-CRUDScanned on Mar 29, 2026
AI Assessment
VERDICT
Not production-ready. The scanner detected 72 dependency vulnerabilities including 4 critical CVEs in requirements.txt. While no security issues were found in application code itself, the dependency chain poses significant risk.
TOP RISKS
→ requirements.txt contains GitPython@3.1.31 flagged for CVE-2023-40267 (critical), CVE-2023-40590 (high), and CVE-2024-22190 (high)
→ requirements.txt contains Pillow@9.5.0 flagged for CVE-2023-50447 (critical) and 3 additional high-severity CVEs
→ requirements.txt contains cryptography@38.0.4 flagged for multiple vulnerabilities across high, medium, and low severity levels
→ requirements.txt contains nltk@3.8 flagged for CVE-2025-14009 (critical) and additional high/medium CVEs
→ requirements.txt contains pyarrow@12.0.0 flagged for CVE-2023-47248 (critical)
WHAT TO FIX FIRST
Update all dependencies in requirements.txt to patched versions. GitPython, Pillow, cryptography, and nltk account for the majority of critical and high-severity findings. Start with packages flagged for critical CVEs: GitPython (CVE-2023-40267), Pillow (CVE-2023-50447), nltk (CVE-2025-14009), and pyarrow (CVE-2023-47248).
Additional observations: No LICENSE file or tests were detected. No CI/CD, dependency lock file, SECURITY.md, .gitignore, or CODEOWNERS are present. These best practices gaps should be addressed after dependency updates.
Note: Verify these CVE findings against your actual dependency versions and known patched releases, as some CVE IDs in the report appear anomalous (future dates).
Category Breakdown
Findings(79 in 79 groups)
Tip: 12 low-severity findings are style suggestions, not security risks.
A package your app depends on (GitPython) has a known security hole. Hackers are actively exploiting this vulnerability in the wild. You need to update it.
The dependency GitPython in requirements.txt has a known vulnerability (CVE-2023-40267: GitPython@3.1.31). Update it to a patched version: 1. Run: npm update GitPython (or yarn upgrade GitPython) 2. If that doesn't fix it, check the latest safe version and set it explicitly in package.json 3. Run npm audit to verify the vulnerability is resolved 4. Test your app to make sure the update didn't break anything
A package your app depends on (Pillow) has a known security hole. Hackers are actively exploiting this vulnerability in the wild. You need to update it.
The dependency Pillow in requirements.txt has a known vulnerability (CVE-2023-50447: Pillow@9.5.0). Update it to a patched version: 1. Run: npm update Pillow (or yarn upgrade Pillow) 2. If that doesn't fix it, check the latest safe version and set it explicitly in package.json 3. Run npm audit to verify the vulnerability is resolved 4. Test your app to make sure the update didn't break anything
A package your app depends on (nltk) has a known security hole. Hackers are actively exploiting this vulnerability in the wild. You need to update it.
The dependency nltk in requirements.txt has a known vulnerability (CVE-2025-14009: nltk@3.8). Update it to a patched version: 1. Run: npm update nltk (or yarn upgrade nltk) 2. If that doesn't fix it, check the latest safe version and set it explicitly in package.json 3. Run npm audit to verify the vulnerability is resolved 4. Test your app to make sure the update didn't break anything
A package your app depends on (pyarrow) has a known security hole. Hackers are actively exploiting this vulnerability in the wild. You need to update it.
The dependency pyarrow in requirements.txt has a known vulnerability (CVE-2023-47248: pyarrow@12.0.0). Update it to a patched version: 1. Run: npm update pyarrow (or yarn upgrade pyarrow) 2. If that doesn't fix it, check the latest safe version and set it explicitly in package.json 3. Run npm audit to verify the vulnerability is resolved 4. Test your app to make sure the update didn't break anything
A package your app depends on (GitPython) has a known security hole. Hackers can potentially exploit this to compromise your app. You need to update it.
The dependency GitPython in requirements.txt has a known vulnerability (CVE-2023-40590: GitPython@3.1.31). Update it to a patched version: 1. Run: npm update GitPython (or yarn upgrade GitPython) 2. If that doesn't fix it, check the latest safe version and set it explicitly in package.json 3. Run npm audit to verify the vulnerability is resolved 4. Test your app to make sure the update didn't break anything
A package your app depends on (GitPython) has a known security hole. Hackers can potentially exploit this to compromise your app. You need to update it.
The dependency GitPython in requirements.txt has a known vulnerability (CVE-2024-22190: GitPython@3.1.31). Update it to a patched version: 1. Run: npm update GitPython (or yarn upgrade GitPython) 2. If that doesn't fix it, check the latest safe version and set it explicitly in package.json 3. Run npm audit to verify the vulnerability is resolved 4. Test your app to make sure the update didn't break anything
A package your app depends on (Pillow) has a known security hole. Hackers can potentially exploit this to compromise your app. You need to update it.
The dependency Pillow in requirements.txt has a known vulnerability (CVE-2023-44271: Pillow@9.5.0). Update it to a patched version: 1. Run: npm update Pillow (or yarn upgrade Pillow) 2. If that doesn't fix it, check the latest safe version and set it explicitly in package.json 3. Run npm audit to verify the vulnerability is resolved 4. Test your app to make sure the update didn't break anything
A package your app depends on (Pillow) has a known security hole. Hackers can potentially exploit this to compromise your app. You need to update it.
The dependency Pillow in requirements.txt has a known vulnerability (CVE-2023-4863: Pillow@9.5.0). Update it to a patched version: 1. Run: npm update Pillow (or yarn upgrade Pillow) 2. If that doesn't fix it, check the latest safe version and set it explicitly in package.json 3. Run npm audit to verify the vulnerability is resolved 4. Test your app to make sure the update didn't break anything
A package your app depends on (Pillow) has a known security hole. Hackers can potentially exploit this to compromise your app. You need to update it.
The dependency Pillow in requirements.txt has a known vulnerability (CVE-2024-28219: Pillow@9.5.0). Update it to a patched version: 1. Run: npm update Pillow (or yarn upgrade Pillow) 2. If that doesn't fix it, check the latest safe version and set it explicitly in package.json 3. Run npm audit to verify the vulnerability is resolved 4. Test your app to make sure the update didn't break anything
A package your app depends on (PyJWT) has a known security hole. Hackers can potentially exploit this to compromise your app. You need to update it.
The dependency PyJWT in requirements.txt has a known vulnerability (CVE-2026-32597: PyJWT@2.7.0). Update it to a patched version: 1. Run: npm update PyJWT (or yarn upgrade PyJWT) 2. If that doesn't fix it, check the latest safe version and set it explicitly in package.json 3. Run npm audit to verify the vulnerability is resolved 4. Test your app to make sure the update didn't break anything
Share your ShipScanner
Show the world your code quality. Your report has a beautiful preview image built in.
Embed Trust Badge
Show your code quality score in your README. The badge updates automatically every time you re-scan.
[](https://shipscanner.dev/report/cmnbds6530005if049di4122j)