奇安信CodeSafe

https://github.com/airbnb/knowledge-repo/blob/d3bca427303b301ab6e1f3246b2982ee61c138dd/knowledge_repo/config.py#L106 An internal information leak occurs when system data or debugging information is sent to a local file, console, or screen via printing or logging. It is recommended to use...

https://github.com/airbnb/knowledge-repo/blob/d3bca427303b301ab6e1f3246b2982ee61c138dd/knowledge_repo/app/config_defaults.py#L21 Using a null encryption key can easily weaken the security of the encryption measure or even turn to zero, and the attacker can easily get the plaintext information through...

https://github.com/Tencent/VasSonic/blob/59936beff656d4b5718ff6444d6c5e001a2c5231/sonic-android/sample/src/main/java/com/tencent/sonic/demo/BrowserActivity.java#L71-L72 https://github.com/Tencent/VasSonic/blob/59936beff656d4b5718ff6444d6c5e001a2c5231/sonic-android/sample/src/main/java/com/tencent/sonic/demo/BrowserActivity.java#L111-L113 https://github.com/Tencent/VasSonic/blob/59936beff656d4b5718ff6444d6c5e001a2c5231/sonic-android/sample/src/main/java/com/tencent/sonic/demo/BrowserActivity.java#L188 https://github.com/Tencent/VasSonic/blob/59936beff656d4b5718ff6444d6c5e001a2c5231/sonic-android/sdk/src/main/java/com/tencent/sonic/sdk/SonicSessionClient.java#L35-L37 https://github.com/Tencent/VasSonic/blob/59936beff656d4b5718ff6444d6c5e001a2c5231/sonic-android/sdk/src/main/java/com/tencent/sonic/sdk/StandardSonicSession.java#L124 https://github.com/Tencent/VasSonic/blob/59936beff656d4b5718ff6444d6c5e001a2c5231/sonic-android/sample/src/main/java/com/tencent/sonic/demo/SonicSessionClientImpl.java#L40-L41 Sending unvalidated data to a web browser can result in the browser executing malicious code.

https://github.com/Tencent/VasSonic/blob/59936beff656d4b5718ff6444d6c5e001a2c5231/sonic-android/sdk/src/main/java/com/tencent/sonic/sdk/SonicUtils.java#L688 https://github.com/Tencent/VasSonic/blob/59936beff656d4b5718ff6444d6c5e001a2c5231/sonic-android/sdk/src/main/java/com/tencent/sonic/sdk/SonicUtils.java#L701 Weak cryptographic hashes cannot guarantee data integrity and should not be used in security-critical contexts.

Stream is opened https://github.com/didi/delta/blob/cdde1c531301150ccb1dd5186c8f525e36aa4dd2/core/ops/kernels/add_rir_noise_aecres/CConv.cpp#L96 Opened file never closed https://github.com/didi/delta/blob/cdde1c531301150ccb1dd5186c8f525e36aa4dd2/core/ops/kernels/add_rir_noise_aecres/CConv.cpp#L107

Never used variable 'stream2'

2

https://github.com/intel/hyperscan/blob/7729ade0fa291cedb3cbbebb3bafcb9fb8ece81b/unit/hyperscan/arg_checks.cpp#L2433

There is a vulnerability in codecov 3.6.4 ,upgrade recommended

1

https://github.com/didi/chameleon/blob/ffa8976c72f57e2a3878bff1e1bfc65d771f997e/package-lock.json#L3473-L3475 CVE-2020-15123 CVE-2020-7597 Recommended upgrade version：3.7.1

https://github.com/didi/chameleon/blob/ffa8976c72f57e2a3878bff1e1bfc65d771f997e/package-lock.json#L3474 CVE-2020-15123 CVE-2020-7597 Recommended upgrade version：3.7.1

https://github.com/vipshop/vjtools/blob/4c1ee2a312b7ef088e21081a93da3681c97bef69/vjkit/pom.xml#L12 CVE-2018-10237 Recommended upgrade version：24.1.1.jre

https://github.com/vipshop/vjtools/blob/4c1ee2a312b7ef088e21081a93da3681c97bef69/vjkit/pom.xml#L17 CVE-2020-14060 CVE-2020-14061 CVE-2020-14062 CVE-2020-14195 Recommended upgrade version：2.9.10.6