gitsafehub
github.com/microsoft/agent-lightning ↗

microsoft/agent-lightning

scanned 2026-07-01 · git 0b40cb7
2 of 6 checks flagged a security issue
🔴 Needs attention
Only 4 of 6 checks finished — treat this as provisional. Re-check ↻

Informational scan, not a security audit. How this is computed.

Leaked secretsVulnerable dependencies252Known OSS vulnerabilities518Risky code patternsMalicious dependenciesProject health6

Security checks

Leaked secrets — Gitleaks timed out

API keys, passwords or tokens committed into the repo.

This check didn’t finish — that’s not the same as “clean.” Try Check again above.

via Gitleaks v8.21.2 · MIT

error: timeout after 120s

Vulnerable dependencies — Trivy 252 found · 12 serious

Packages you depend on that have known security holes (CVEs).

  • Serious CVE-2026-41242 protobufjs: protobufjs: Arbitrary code execution via injected protobuf definition type fields
    contrib/recipes/webshop/pnpm-lock.yaml
    A package you depend on has a known security hole (CVE-2026-41242). Fix: Update that package to its patched version.
  • Serious CVE-2026-35030 litellm: LiteLLM: Authentication bypass and privilege escalation via OIDC userinfo cache key collision
    uv.lock
    A package you depend on has a known security hole (CVE-2026-35030). Fix: Update that package to its patched version.
  • Serious CVE-2026-49468 litellm: LiteLLM: Authentication Bypass via Host Header Injection
    uv.lock
    A package you depend on has a known security hole (CVE-2026-49468). Fix: Update that package to its patched version.
  • Serious CVE-2026-35030 litellm: LiteLLM: Authentication bypass and privilege escalation via OIDC userinfo cache key collision
    uv.lock
    A package you depend on has a known security hole (CVE-2026-35030). Fix: Update that package to its patched version.
  • Serious CVE-2026-49468 litellm: LiteLLM: Authentication Bypass via Host Header Injection
    uv.lock
    A package you depend on has a known security hole (CVE-2026-49468). Fix: Update that package to its patched version.
  • Serious CVE-2025-62593 ray: Ray is vulnerable to RCE via Safari & Firefox Browsers through DNS Rebinding Attack
    uv.lock
    A package you depend on has a known security hole (CVE-2025-62593). Fix: Update that package to its patched version.
  • Serious CVE-2026-22778 vLLM: vLLM: Remote code execution via invalid image processing in the multimodal endpoint.
    uv.lock
    A package you depend on has a known security hole (CVE-2026-22778). Fix: Update that package to its patched version.
  • Serious CVE-2026-48746 vllm: starlette: vLLM: Critical authentication bypass allows unauthorized API access
    uv.lock
    A package you depend on has a known security hole (CVE-2026-48746). Fix: Update that package to its patched version.
  • Serious CVE-2026-22778 vLLM: vLLM: Remote code execution via invalid image processing in the multimodal endpoint.
    uv.lock
    A package you depend on has a known security hole (CVE-2026-22778). Fix: Update that package to its patched version.
  • Serious CVE-2026-48746 vllm: starlette: vLLM: Critical authentication bypass allows unauthorized API access
    uv.lock
    A package you depend on has a known security hole (CVE-2026-48746). Fix: Update that package to its patched version.
  • Serious CVE-2026-22778 vLLM: vLLM: Remote code execution via invalid image processing in the multimodal endpoint.
    uv.lock
    A package you depend on has a known security hole (CVE-2026-22778). Fix: Update that package to its patched version.
  • Serious CVE-2026-48746 vllm: starlette: vLLM: Critical authentication bypass allows unauthorized API access
    uv.lock
    A package you depend on has a known security hole (CVE-2026-48746). Fix: Update that package to its patched version.
  • Worth fixing CVE-2026-54285 @opentelemetry/core: opentelemetry-js: @opentelemetry/core: Denial of Service via oversized baggage HTTP headers
    contrib/recipes/webshop/pnpm-lock.yaml
    A package you depend on has a known security hole (CVE-2026-54285). Fix: Update that package to its patched version.
  • Worth fixing CVE-2026-44288 protobufjs: protobufjs: Security control bypass due to improper handling of overlong UTF-8 sequences
    contrib/recipes/webshop/pnpm-lock.yaml
    A package you depend on has a known security hole (CVE-2026-44288). Fix: Update that package to its patched version.
  • Worth fixing CVE-2026-44289 protobufjs: protobufjs: Denial of Service via uncontrolled recursion in protobuf decoding
    contrib/recipes/webshop/pnpm-lock.yaml
    A package you depend on has a known security hole (CVE-2026-44289). Fix: Update that package to its patched version.
  • Worth fixing CVE-2026-44290 protobuf.js: Process-wide denial of service through unsafe option paths
    contrib/recipes/webshop/pnpm-lock.yaml
    A package you depend on has a known security hole (CVE-2026-44290). Fix: Update that package to its patched version.
  • Worth fixing CVE-2026-44291 protobuf.js: Code generation gadget after prototype pollution
    contrib/recipes/webshop/pnpm-lock.yaml
    A package you depend on has a known security hole (CVE-2026-44291). Fix: Update that package to its patched version.
  • Worth fixing CVE-2026-44293 protobufjs: protobufjs: Arbitrary code execution due to unsafe expression generation from crafted protobuf descriptors
    contrib/recipes/webshop/pnpm-lock.yaml
    A package you depend on has a known security hole (CVE-2026-44293). Fix: Update that package to its patched version.
  • Worth fixing CVE-2026-48712 protobufjs: protobufjs: Denial of Service via uncontrolled recursion with crafted protobuf payload
    contrib/recipes/webshop/pnpm-lock.yaml
    A package you depend on has a known security hole (CVE-2026-48712). Fix: Update that package to its patched version.
  • Worth fixing CVE-2026-44288 protobufjs: protobufjs: Security control bypass due to improper handling of overlong UTF-8 sequences
    contrib/recipes/webshop/pnpm-lock.yaml
    A package you depend on has a known security hole (CVE-2026-44288). Fix: Update that package to its patched version.
  • Worth fixing CVE-2026-44292 protobuf.js: Prototype injection in generated message constructors
    contrib/recipes/webshop/pnpm-lock.yaml
    A package you depend on has a known security hole (CVE-2026-44292). Fix: Update that package to its patched version.
  • Worth fixing CVE-2026-44294 protobuf.js: Denial of service from crafted field names in generated code
    contrib/recipes/webshop/pnpm-lock.yaml
    A package you depend on has a known security hole (CVE-2026-44294). Fix: Update that package to its patched version.
  • Worth fixing CVE-2026-45740 protobufjs: Denial of Service via unbounded recursive JSON descriptor expansion
    contrib/recipes/webshop/pnpm-lock.yaml
    A package you depend on has a known security hole (CVE-2026-45740). Fix: Update that package to its patched version.
  • Worth fixing CVE-2026-54269 protobufjs: protobufjs-cli: protobufjs: Denial of Service due to name collision with runtime helpers
    contrib/recipes/webshop/pnpm-lock.yaml
    A package you depend on has a known security hole (CVE-2026-54269). Fix: Update that package to its patched version.
  • Worth fixing CVE-2025-15599 DOMPurify: DOMPurify: Cross-site scripting
    dashboard/package-lock.json
    A package you depend on has a known security hole (CVE-2025-15599). Fix: Update that package to its patched version.
… 227 more not shown

via Trivy v0.70.0 · Apache-2.0

Known OSS vulnerabilities — OSV-Scanner 518 found · 26 serious

Your dependencies cross-checked against the OSV vulnerability database.

  • Serious GHSA-xq3m-2v4x-88gg Arbitrary code execution in protobufjs
    /workdirs/scan-cf9ce2fe-9003-45dc-b616-55615968953a/contrib/recipes/webshop/pnpm-lock.yaml
    A package you depend on has a known security hole (CVE-2026-41242). Fix: Update that package to its patched version.
  • Serious PYSEC-2024-259 In PyTorch <=2.4.1, the RemoteModule has Deserialization RCE. NOTE: this is disputed by multiple parties because this is intended behavior in PyTorch distributed computing.
    /workdirs/scan-cf9ce2fe-9003-45dc-b616-55615968953a/contrib/recipes/webshop/server/requirements.txt
    A package you depend on has a known security hole (CVE-2024-48063). Fix: Update that package to its patched version.
  • Serious PYSEC-2025-41 PyTorch is a Python package that provides tensor computation with strong GPU acceleration and deep neural networks built on a tape-based autograd system. In version 2.5.1 and prior, a Remote Command E
    /workdirs/scan-cf9ce2fe-9003-45dc-b616-55615968953a/contrib/recipes/webshop/server/requirements.txt
    A package you depend on has a known security hole (CVE-2025-32434). Fix: Update that package to its patched version.
  • Serious PYSEC-2023-300 Deserialization of Untrusted Data in GitHub repository huggingface/transformers prior to 4.36.
    /workdirs/scan-cf9ce2fe-9003-45dc-b616-55615968953a/contrib/recipes/webshop/server/requirements.txt
    A package you depend on has a known security hole (CVE-2023-6730). Fix: Update that package to its patched version.
  • Serious GHSA-g8mr-85jm-7xhm Vitest Browser: Exposed Browser Mode API Can Proxy CDP and Overwrite Config Files, Leading to RCE
    /workdirs/scan-cf9ce2fe-9003-45dc-b616-55615968953a/dashboard/package-lock.json
    A package you depend on has a known security hole (CVE-2026-53633). Fix: Update that package to its patched version.
  • Serious GHSA-5xrq-8626-4rwp When Vitest UI server is listening, arbitrary file can be read and executed
    /workdirs/scan-cf9ce2fe-9003-45dc-b616-55615968953a/dashboard/package-lock.json
    A package you depend on has a known security hole (CVE-2026-47429). Fix: Update that package to its patched version.
  • Serious GHSA-63hf-3vf5-4wqf AIOHTTP's C parser (llhttp) accepts null bytes and control characters in response header values - header injection/security bypass
    /workdirs/scan-cf9ce2fe-9003-45dc-b616-55615968953a/uv.lock
    A package you depend on has a known security hole (CVE-2026-34520). Fix: Update that package to its patched version.
  • Serious PYSEC-2026-287 Authlib JWS JWK Header Injection: Signature Verification Bypass
    /workdirs/scan-cf9ce2fe-9003-45dc-b616-55615968953a/uv.lock
    A package you depend on has a known security hole (CVE-2026-27962). Fix: Update that package to its patched version.
  • Serious PYSEC-2026-311 ChromaDB Python project has a pre-authentication code injection vulnerability
    /workdirs/scan-cf9ce2fe-9003-45dc-b616-55615968953a/uv.lock
    A package you depend on has a known security hole (CVE-2026-45829). Fix: Update that package to its patched version.
  • Serious PYSEC-2026-36 cryptography is a package designed to expose cryptographic primitives and recipes to Python developers. From 45.0.0 to before 46.0.7, if a non-contiguous buffer was passed to APIs which accepted Pytho
    /workdirs/scan-cf9ce2fe-9003-45dc-b616-55615968953a/uv.lock
    A package you depend on has a known security hole (CVE-2026-39892). Fix: Update that package to its patched version.
  • Serious PYSEC-2026-338 FastMCP OpenAPI Provider has an SSRF & Path Traversal Vulnerability
    /workdirs/scan-cf9ce2fe-9003-45dc-b616-55615968953a/uv.lock
    A package you depend on has a known security hole (CVE-2026-32871). Fix: Update that package to its patched version.
  • Serious GHSA-c67j-w6g6-q2cm LangChain serialization injection vulnerability enables secret extraction in dumps/loads APIs
    /workdirs/scan-cf9ce2fe-9003-45dc-b616-55615968953a/uv.lock
    A package you depend on has a known security hole (CVE-2025-68664). Fix: Update that package to its patched version.
  • Serious PYSEC-2026-388 LiteLLM: Authentication Bypass via Host Header Injection
    /workdirs/scan-cf9ce2fe-9003-45dc-b616-55615968953a/uv.lock
    A package you depend on has a known security hole (CVE-2026-49468). Fix: Update that package to its patched version.
  • Serious PYSEC-2026-390 LiteLLM: Authentication bypass via OIDC userinfo cache key collision
    /workdirs/scan-cf9ce2fe-9003-45dc-b616-55615968953a/uv.lock
    A package you depend on has a known security hole (CVE-2026-35030). Fix: Update that package to its patched version.
  • Serious PYSEC-2026-388 LiteLLM: Authentication Bypass via Host Header Injection
    /workdirs/scan-cf9ce2fe-9003-45dc-b616-55615968953a/uv.lock
    A package you depend on has a known security hole (CVE-2026-49468). Fix: Update that package to its patched version.
  • Serious PYSEC-2026-390 LiteLLM: Authentication bypass via OIDC userinfo cache key collision
    /workdirs/scan-cf9ce2fe-9003-45dc-b616-55615968953a/uv.lock
    A package you depend on has a known security hole (CVE-2026-35030). Fix: Update that package to its patched version.
  • Serious PYSEC-2026-96 A critical vulnerability exists in the NLTK downloader component of nltk/nltk, affecting all versions. The _unzip_iter function in nltk/downloader.py uses zipfile.extractall() without performing path
    /workdirs/scan-cf9ce2fe-9003-45dc-b616-55615968953a/uv.lock
    A package you depend on has a known security hole (CVE-2025-14009). Fix: Update that package to its patched version.
  • Serious PYSEC-2026-99 NLTK versions <=3.9.2 are vulnerable to arbitrary code execution due to improper input validation in the StanfordSegmenter module. The module dynamically loads external Java .jar files without verific
    /workdirs/scan-cf9ce2fe-9003-45dc-b616-55615968953a/uv.lock
    A package you depend on has a known security hole (CVE-2026-0848). Fix: Update that package to its patched version.
  • Serious PYSEC-2026-518 Ray's New Token Authentication is Disabled By Default
    /workdirs/scan-cf9ce2fe-9003-45dc-b616-55615968953a/uv.lock
    A package you depend on has a known security hole (CVE-2025-34351). Fix: Update that package to its patched version.
  • Serious PYSEC-2026-520 Ray is vulnerable to Critical RCE via Safari & Firefox Browsers through DNS Rebinding Attack
    /workdirs/scan-cf9ce2fe-9003-45dc-b616-55615968953a/uv.lock
    A package you depend on has a known security hole (CVE-2025-62593). Fix: Update that package to its patched version.
  • Serious PYSEC-2026-226 vLLM is an inference and serving engine for large language models (LLMs). From 0.3.0 until 0.22.0, a vulnerability in ASGI web servers and starlette's trust on those web servers enables an authenticat
    /workdirs/scan-cf9ce2fe-9003-45dc-b616-55615968953a/uv.lock
    A package you depend on has a known security hole (CVE-2026-48746). Fix: Update that package to its patched version.
  • Serious PYSEC-2026-565 vLLM has RCE In Video Processing
    /workdirs/scan-cf9ce2fe-9003-45dc-b616-55615968953a/uv.lock
    A package you depend on has a known security hole (CVE-2026-22778). Fix: Update that package to its patched version.
  • Serious PYSEC-2026-226 vLLM is an inference and serving engine for large language models (LLMs). From 0.3.0 until 0.22.0, a vulnerability in ASGI web servers and starlette's trust on those web servers enables an authenticat
    /workdirs/scan-cf9ce2fe-9003-45dc-b616-55615968953a/uv.lock
    A package you depend on has a known security hole (CVE-2026-48746). Fix: Update that package to its patched version.
  • Serious PYSEC-2026-565 vLLM has RCE In Video Processing
    /workdirs/scan-cf9ce2fe-9003-45dc-b616-55615968953a/uv.lock
    A package you depend on has a known security hole (CVE-2026-22778). Fix: Update that package to its patched version.
  • Serious PYSEC-2026-226 vLLM is an inference and serving engine for large language models (LLMs). From 0.3.0 until 0.22.0, a vulnerability in ASGI web servers and starlette's trust on those web servers enables an authenticat
    /workdirs/scan-cf9ce2fe-9003-45dc-b616-55615968953a/uv.lock
    A package you depend on has a known security hole (CVE-2026-48746). Fix: Update that package to its patched version.
… 493 more not shown

via OSV-Scanner v1.9.2 · Apache-2.0

Risky code patterns — Semgrep none found ✓

Code that can be exploited — injection, hardcoded credentials and similar.

Nothing found by this check. ✓

via Semgrep v1.147.0 · LGPL-2.1

Malicious dependencies — Guarddog couldn’t run

Packages that look intentionally malicious — typosquats, sneaky install scripts.

This check didn’t finish — that’s not the same as “clean.” Try Check again above.

via Guarddog v2.10.0 · Apache-2.0

error: pypi:Traceback (most recent call last): File "/usr/local/bin/guarddog", line 5, in <module> from guarddog.cli import cl

Project health

A signal about how the project is maintained — not a vulnerability in your code. It doesn’t affect the verdict above.

Project health — OpenSSF Scorecard 6 notes

Maintenance & supply-chain hygiene. A signal about the project — not a vulnerability in your code.

  • Worth fixing scorecard-overall OpenSSF Scorecard overall: 3.6/10
    A project-health signal (maintenance / supply-chain hygiene) — not a vulnerability in your code.
  • Minor scorecard-CII-Best-Practices CII-Best-Practices scored 0: no effort to earn an OpenSSF best practices badge detected
    A project-health signal (maintenance / supply-chain hygiene) — not a vulnerability in your code.
  • Minor scorecard-Dependency-Update-Tool Dependency-Update-Tool scored 0: no update tool detected
    A project-health signal (maintenance / supply-chain hygiene) — not a vulnerability in your code.
  • Minor scorecard-Fuzzing Fuzzing scored 0: project is not fuzzed
    A project-health signal (maintenance / supply-chain hygiene) — not a vulnerability in your code.
  • Minor scorecard-Maintained Maintained scored 0: 1 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0
    A project-health signal (maintenance / supply-chain hygiene) — not a vulnerability in your code.
  • Minor scorecard-Security-Policy Security-Policy scored 0: security policy file not detected
    A project-health signal (maintenance / supply-chain hygiene) — not a vulnerability in your code.

via OpenSSF Scorecard v5.5.0 · Apache-2.0

About these results. Six open-source checks ran in parallel; every finding is tagged with the tool that produced it. The verdict follows a published rule. False positives and false negatives are normal — a clean scan does not mean the code is secure, and a red verdict does not mean the project is compromised.