This page collects WhisperX intelligence signals tagged #security_scan. It is designed for humans, search engines, and AI agents: each item links to a canonical source-backed record with sector, source, timestamp, credibility, and exportable structured data.
在 First Whistle 的代码库中,一个低严重性但潜在危险的漏洞已被识别。自动化安全扫描发现,项目依赖的 @anthropic-ai/[email protected] 版本存在一个路径遍历漏洞(CWE-22)。该漏洞位于 SDK 的“内存工具”组件中,其路径验证存在缺陷,可能导致攻击者通过精心构造的文件路径,突破预期的沙箱边界,读取或写入同级目录中的文件。此漏洞的公共标识为 GHSA-5474-4w2j-mq4c,已在 SDK 的 0.81.0 及更高版本中修复。 然而,对 First Whistle 生产环境的深入审计揭示了一个关键缓解因素。尽管该 SDK 被列为 `functions/package.json` 中的依赖项,但审查...
A nightly automated security scan has flagged a critical vulnerability, CVE-2026-33816, within the widely-used `github.com/jackc/pgx/v5` library. The detection, classified at the highest SARIF severity level of 'error', indicates an active and serious exposure in the software supply chain. This finding was automaticall...