Skip to content

docs(audit): dependabot alert audit β€” 127 total, 64 open, grouped by severity #11

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Draft
Fearvox wants to merge 1 commit into
base: main
Choose a base branch
from
Draft

docs(audit): dependabot alert audit β€” 127 total, 64 open, grouped by severity #11

Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
120 changes: 120 additions & 0 deletions .planning/dependabot-audit.md
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,120 @@
# Dependabot Alert Audit β€” Fearvox/EverOS

**Date**: 2026-05-13T06:47Z
**Snapshot**: 127 total alerts (64 open, 63 fixed)
**Source**: `gh api /repos/Fearvox/EverOS/dependabot/alerts`

## Executive Summary

| Severity | Total | Open | Fixed | Unique Families |
|----------|-------|------|-------|-----------------|
| Critical | 4 | 2 | 2 | 2 |
| High | 48 | 24 | 24 | 24 |
| Medium | 45 | 23 | 22 | 23 |
| Low | 30 | 15 | 15 | 15 |
| **Total** | **127** | **64** | **63** | **64** |

**Ecosystem split**: pip 126, npm 1
**Manifest split**: EverCore `uv.lock` 63 open, evermemos `uv.lock` 63 fixed, game-of-throne-demo `package.json` 1 open

The 63 fixed alerts are all in `methods/evermemos/uv.lock` β€” a directory not present on the fork's `main` branch which suggests they were fixed upstream and the alerts auto-dismissed. The 64 open alerts are concentrated in `methods/EverCore/uv.lock` (63) plus one npm alert.

## Open Alerts by Severity

### CRITICAL (2 open)

| GHSA | Package | Summary | Manifest |
|------|---------|---------|-----------|
| GHSA-c67j-w6g6-q2cm | langchain-core | Serialization injection enables secret extraction in dumps/loads APIs | EverCore uv.lock |
| GHSA-7p94-766c-hgjp | nltk | Zip Slip vulnerability | EverCore uv.lock |

**Action**: Both are upstream in EverMind-AI/EverOS dependencies. Fix requires EverCore dependency bump. langchain-core serialization is the higher-impact of the two (RCE-adjacent via `load()`). NLTK Zip Slip is path-traversal during archive extraction β€” only exploitable if the app calls vulnerable NLTK APIs with untrusted input.

### HIGH (24 open)

Grouped by dependency family:

**nltk (4 alerts)** β€” path traversal, arbitrary file read/write, unauthenticated RCE in wordnet_app
- GHSA-68j8-pq59-fqgm: Path Traversal
- GHSA-h8wq-7xc4-p3qx: Arbitrary File Read via Absolute Path
- GHSA-469j-vmhf-r6v7: Downloader Path Traversal (Arbitrary File Overwrite)
- GHSA-jm6w-m3j8-898g: Unauthenticated remote shutdown in wordnet_app

**urllib3 (4 alerts)** β€” sensitive header forwarding, decompression bombs (3 variants)
- GHSA-qccp-gfcp-xxvc: Sensitive headers forwarded across origins
- GHSA-38jv-5279-wg99: Decompression-bomb bypass on redirect
- GHSA-2xpw-w6gg-jr37: Streaming API decompression handling
- GHSA-gm62-xv2j-4w53: Unbounded decompression chain links

**ujson (3 alerts)** β€” memory leak, integer overflow, DoS
- GHSA-c38f-wx89-p2xg: Memory leak in ujson.dump()
- GHSA-c8rr-9gxc-jprv: Integer overflow β†’ buffer overflow / infinite loop
- GHSA-wgvc-ghv9-3pmm: Memory leak parsing large integers (DoS)

**langchain-core (2 alerts)** β€” deserialization + path traversal
- GHSA-pjwx-r37v-7724: Unsafe deserialization via overly broad `load()` allowlists
- GHSA-qh6h-p6c9-ff54: Path traversal in legacy `load_prompt`

**python-multipart (2 alerts)** β€” DoS + arbitrary file write
- GHSA-pp6c-gr5w-3c5g: DoS via unbounded multipart part headers (critical for EverCore API)
- GHSA-wp53-j4wj-2cfg: Arbitrary file write via non-default config

**pyasn1 (2 alerts)** β€” DoS via unbounded recursion + decoder
- GHSA-jr27-m4p2-rc6r: Unbounded recursion
- GHSA-63vm-454h-vhhq: Decoder DoS

**Singletons**:
- GHSA-752w-5fwx-jx9f: PyJWT β€” accepts unknown `crit` header extensions
- GHSA-6mq8-rvhq-8wgg: aiohttp β€” zip bomb via auto_decompress
- GHSA-3936-cmfr-pm3m: black β€” arbitrary file writes from unsanitized cache file name
- GHSA-r6ph-v2qm-q3c2: cryptography β€” subgroup attack for SECT curves
- GHSA-wj6h-64fc-37mp: ecdsa β€” Minerva timing attack on P-256
- GHSA-hx9q-6w63-j58v: orjson β€” unlimited recursion depth
- GHSA-7gcm-g887-7qv7: protobuf β€” JSON recursion depth bypass

### MEDIUM (23 open)

Notable clusters:
- **aiohttp (7 alerts)**: SSRF/NTLM credential theft, duplicate Host headers, chunked message DoS, large payload DoS, trailer header memory, multipart header size bypass, UNC path handling
- **langchain/langgraph/langsmith (5 alerts)**: checkpoint deserialization RCE (Medium rather than High due to precondition), f-string injection, SSRF via header injection, token redaction bypass
- **filelock (2 alerts)**: TOCTOU symlink attacks
- **nltk (2 alerts)**: XSS in web interface, unbounded recursion
- **python-multipart (1 alert)**: DoS via large preamble/epilogue
- **vite (1 alert)**: Path traversal in optimized deps `.map` handling (npm, game-of-throne-demo)
- **Singletons**: ecdsa DoS, pytest tmpdir, python-dotenv symlink, requests insecure temp file, virtualenv TOCTOU

### LOW (15 open)

Mostly aiohttp (10 alerts: CRLF injection, cookie leaks, DNS cache DoS, cookie parser warning storm, brute-force path leak, unicode regex parsing, header value discrepancies) plus cryptography DNS constraint issue, langchain SSRF (x2), Pygments ReDoS, mem0ai input validation.

## Dependency Hotspots

| Package | Total Alerts | Critical | High | Medium | Low |
|---------|-------------|----------|------|--------|-----|
| aiohttp | 15 | 0 | 1 | 7 | 7 |
| nltk | 7 | 1 | 4 | 2 | 0 |
| langchain* | 8 | 1 | 2 | 5 | 2 |
| urllib3 | 4 | 0 | 4 | 0 | 0 |
| ujson | 3 | 0 | 3 | 0 | 0 |
| python-multipart | 3 | 0 | 2 | 1 | 0 |
| filelock | 2 | 0 | 0 | 2 | 0 |
| pyasn1 | 2 | 0 | 2 | 0 | 0 |

## Recommendations

1. **Immediate (this week)**: Bump langchain-core to fix the critical serialization injection (GHSA-c67j-w6g6-q2cm) and NLTK for Zip Slip (GHSA-7p94-766c-hgjp). These are the only two critical open alerts.

2. **High priority (within 30d)**: Address the 24 high-severity alerts, prioritizing:
- python-multipart (EverCore API surface β€” DoS + arbitrary file write)
- urllib3 (sensitive header forwarding + decompression bomb chain)
- nltk (4 alerts with path traversal + RCE surface)

3. **Medium (next cycle)**: The aiohttp cluster (15 alerts) is mostly medium/low β€” batch update. The langgraph checkpoint deserialization (GHSA-g48c-2wqr-h844) warrants attention as it could be RCE under specific conditions.

4. **evermemos directory**: 63 fixed alerts reference `methods/evermemos/uv.lock` which is not present on the fork's `main` branch. These were likely fixed upstream and auto-dismissed by Dependabot. No action needed.

5. **npm**: Single vite alert (GHSA-4w7w-66w2-5vf9) in game-of-throne-demo β€” already tracked by open Dependabot PR #1.

## Raw Data

Alerts JSON snapshot saved at `.planning/dependabot-alerts.json` (not committed to feature branch β€” CI-only artifact).
Loading