chore(deps): update dependency pypdf to v6 #12
Security Report
❗️Scan Incomplete: The scan completed with partial failure. The integration encountered issues with one or more projects in this repository, preventing their scan. The errors occurred in the following package managers: gradle,CocoaPods. Consequently, there may be gaps in the coverage of open-source dependencies used in the repository.
Scan Details Report
gradle
/tmp/ws-scm/AutoGPT/classic/frontend/android/build.gradle
| Step | Level | Description | Details |
|---|---|---|---|
| Preparing the project for scan | ⚠Warn | One or more of the installations failed | failed running mend init script (mendDeps): NOTE: Picked up JDK_JAVA_OPTIONS: --add-opens java.base/java.util=ALL-UNNAMED --add-opens java.base/sun.reflect.generics.reflectiveObjects=ALL-UNNAMED FAILURE: Build failed with an exception. * Where: Settings file '/tmp/ws-scm/AutoGPT/classic/frontend/android/settings.gradle' line: 6 * What went wrong: A problem occurred evaluating settings 'andro... |
pip
/tmp/ws-scm/AutoGPT/classic/benchmark/agbenchmark/challenges/verticals/code/6_battleship/artifacts_in/product_requirements.txt
| Step | Level | Description | Details |
|---|---|---|---|
| Resolving the project | ⚠Warn | Some problems occurred while performing the resolution operation |
|
/tmp/ws-scm/AutoGPT/classic/original_autogpt
| Step | Level | Description | Details |
|---|---|---|---|
| Resolving the project | ⚠Warn | Some problems occurred while performing the resolution operation |
|
/tmp/ws-scm/AutoGPT/classic/original_autogpt/autogpt/app
| Step | Level | Description | Details |
|---|---|---|---|
| Resolving the project | ⚠Warn | Some problems occurred while performing the resolution operation |
|
poetry
/tmp/ws-scm/AutoGPT/classic/forge/pyproject.toml
| Step | Level | Description | Details |
|---|---|---|---|
| Preparing the project for scan | ⚠Warn | One or more of the installations failed | poetry install --no-root failed with exit code 1 for manifest "/tmp/ws-scm/AutoGPT/classic/forge/pyproject.toml". output: The currently activated Python version 3.9.25 is not supported by the project (^3.10). Trying to find and use a compatible version. Using python3.13 (3.13.11) Creating virtualenv autogpt-forge-Eq_saOJk-py3.13 in /home/wss-scanner/.cache/pypoetry/virtualenvs Installing depen... |
| Resolving the project | ⚠Warn | Failed to build the dependency tree, fallback was used in the scan, results may be incomplete | Error occurred while parsing the poetry show --tree command on the /tmp/ws-scm/AutoGPT/classic/forge/pyproject.toml file |
/tmp/ws-scm/AutoGPT/classic/original_autogpt/pyproject.toml
| Step | Level | Description | Details |
|---|---|---|---|
| Resolving the project | ⚠Warn | Failed to build the dependency tree, fallback was used in the scan, results may be incomplete | Error occurred while parsing the poetry show --tree command on the /tmp/ws-scm/AutoGPT/classic/original_autogpt/pyproject.toml file |
❌ New vulnerabilities:
| Vulnerability | Severity | Vulnerable Library | Direct Library | Suggested Fix | Issue | Reachability | |
|---|---|---|---|---|---|---|---|
CVE-2026-0994Dependency Hierarchy: -> chromadb-0.4.22-py3-none-any.whl (Root Library) -> onnxruntime-1.17.1-cp310-cp310-macosx_11_0_universal2.whl -> ❌ protobuf-4.25.2-cp310-abi3-win32.whl (Vulnerable Library) |
8.6 | Transitive protobuf-4.25.2-cp310-abi3-win32.whl |
chromadb-0.4.22-py3-none-any.whl | None | |||
CVE-2025-69223Dependency Hierarchy: -> ❌ aiohttp-3.9.3-cp310-cp310-macosx_10_9_universal2.whl (Vulnerable Library) |
7.5 | Direct aiohttp-3.9.3-cp310-cp310-macosx_10_9_universal2.whl |
aiohttp-3.9.3-cp310-cp310-macosx_10_9_universal2.whl | None | |||
CVE-2025-67221Dependency Hierarchy: -> duckduckgo_search-6.1.7-py3-none-any.whl (Root Library) -> ❌ orjson-3.10.5-cp38-none-win32.whl (Vulnerable Library) |
7.5 | Transitive orjson-3.10.5-cp38-none-win32.whl |
duckduckgo_search-6.1.7-py3-none-any.whl | None | |||
CVE-2025-4565Dependency Hierarchy: -> chromadb-0.4.22-py3-none-any.whl (Root Library) -> onnxruntime-1.17.1-cp310-cp310-macosx_11_0_universal2.whl -> ❌ protobuf-4.25.2-cp310-abi3-win32.whl (Vulnerable Library) |
7.5 | Transitive protobuf-4.25.2-cp310-abi3-win32.whl |
chromadb-0.4.22-py3-none-any.whl | Transitive 4.25.8 |
None | ||
| 7.5 | Direct python_multipart-0.0.7.tar.gz |
python_multipart-0.0.7.tar.gz | python-multipart - 0.0.18,python-multipart - 0.0.18 | None | |||
CVE-2025-69224Dependency Hierarchy: -> ❌ aiohttp-3.9.3-cp310-cp310-macosx_10_9_universal2.whl (Vulnerable Library) |
6.5 | Direct aiohttp-3.9.3-cp310-cp310-macosx_10_9_universal2.whl |
aiohttp-3.9.3-cp310-cp310-macosx_10_9_universal2.whl | None | |||
CVE-2025-69226Dependency Hierarchy: -> ❌ aiohttp-3.9.3-cp310-cp310-macosx_10_9_universal2.whl (Vulnerable Library) |
5.3 | Direct aiohttp-3.9.3-cp310-cp310-macosx_10_9_universal2.whl |
aiohttp-3.9.3-cp310-cp310-macosx_10_9_universal2.whl | None | |||
CVE-2025-53643Dependency Hierarchy: -> ❌ aiohttp-3.9.3-cp310-cp310-macosx_10_9_universal2.whl (Vulnerable Library) |
5.3 | Direct aiohttp-3.9.3-cp310-cp310-macosx_10_9_universal2.whl |
aiohttp-3.9.3-cp310-cp310-macosx_10_9_universal2.whl | 3.12.14 | None | ||
CVE-2024-52304Path to dependency file: /autogpt_platform/backend/.ws-temp-DUHOHN-requirements.txt Path to vulnerable library: /home/wss-scanner/.cache/pypoetry/virtualenvs/autogpt-platform-backend--YkgNmTR-py3.12/lib/python3.12/site-packages/aiohttp-3.10.8.dist-info Dependency Hierarchy: -> autogpt-libs-0.2.0 (Root Library) -> supabase-2.7.4-py3-none-any.whl -> realtime-2.0.5-py3-none-any.whl -> ❌ aiohttp-3.10.8-cp312-cp312-manylinux_2_17_x86_64.manylinux2014_x86_64.whl (Vulnerable Library) |
5.3 | Transitive aiohttp-3.10.8-cp312-cp312-manylinux_2_17_x86_64.manylinux2014_x86_64.whl |
autogpt-libs-0.2.0 | Transitive aiohttp - 3.10.11 |
None | ||
CVE-2024-52304Path to dependency file: /autogpt_platform/backend/.ws-temp-DUHOHN-requirements.txt Path to vulnerable library: /home/wss-scanner/.cache/pypoetry/virtualenvs/autogpt-platform-backend--YkgNmTR-py3.12/lib/python3.12/site-packages/aiohttp-3.10.8.dist-info Dependency Hierarchy: -> supabase-2.7.4-py3-none-any.whl (Root Library) -> realtime-2.0.5-py3-none-any.whl -> ❌ aiohttp-3.10.8-cp312-cp312-manylinux_2_17_x86_64.manylinux2014_x86_64.whl (Vulnerable Library) |
5.3 | Transitive aiohttp-3.10.8-cp312-cp312-manylinux_2_17_x86_64.manylinux2014_x86_64.whl |
supabase-2.7.4-py3-none-any.whl | Transitive aiohttp - 3.10.11 |
None | ||
CVE-2021-33430Dependency Hierarchy: -> ❌ numpy-1.26.3-cp310-cp310-macosx_10_9_x86_64.whl (Vulnerable Library) |
5.3 | Direct numpy-1.26.3-cp310-cp310-macosx_10_9_x86_64.whl |
numpy-1.26.3-cp310-cp310-macosx_10_9_x86_64.whl | None |
Base branch total remaining vulnerabilities: 76
Base branch commit: b74c8d4152d600b0a70b423a8ee2d3fcd7737272
Total libraries scanned: 992
Scan token: 51000d00e2e04f7e9bb327e82fd26ace