-
-
Notifications
You must be signed in to change notification settings - Fork 46
Security Export: Issues, Dependabot & CodeScan Alerts (2026-06-28) #141
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Closed
Closed
Changes from all commits
Commits
File filter
Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,62 @@ | ||
| # Repository: LazyOwn | ||
|
|
||
| **Description:** LazyOwn RedTeam/APT Framework is the first RedTeam Framework with an AI-powered C&C, featuring rootkits to conceal campaigns, undetectable malleable implants compatible with Windows/Linux/Mac OSX, and self-configuring backdoors. With its Web interface and powerful Console Client, it is the best combination for your Autonomous RedTeam/APT campaigns. | ||
|
|
||
| | Metric | Value | | ||
| |--------|-------| | ||
| | ⭐ Stars | 213 | | ||
| | 📥 Clones (last 14 days) | 518 | | ||
| | 🟢 Open Issues | 0 | | ||
| | 📋 Total Issues | 4 | | ||
| | 🛡 Dependabot Open Alerts | 35 | | ||
| | 🔍 CodeScan Open Alerts | 3 | | ||
|
|
||
| ## Issues | ||
| - [#84](./issue_84.md) - Lazynmap failing to execute (closed) | ||
| - [#30](./issue_30.md) - Please remove ngrok as a tunneling option as this tool violates the terms of service (closed) | ||
| - [#17](./issue_17.md) - Fix code scanning alert - Flask app is run in debug mode (closed) | ||
| - [#16](./issue_16.md) - Fix code scanning alert - Information exposure through an exception (closed) | ||
|
|
||
| ## Dependabot Alerts | ||
| - [Dependabot #44](./dependabot/alert_44.md) - msgpack (high) - open | ||
| - [Dependabot #43](./dependabot/alert_43.md) - pypdf (medium) - open | ||
| - [Dependabot #42](./dependabot/alert_42.md) - pypdf (medium) - open | ||
| - [Dependabot #41](./dependabot/alert_41.md) - pypdf (medium) - open | ||
| - [Dependabot #40](./dependabot/alert_40.md) - pypdf (medium) - open | ||
| - [Dependabot #39](./dependabot/alert_39.md) - pypdf (medium) - open | ||
| - [Dependabot #38](./dependabot/alert_38.md) - pypdf (medium) - open | ||
| - [Dependabot #37](./dependabot/alert_37.md) - cryptography (high) - open | ||
| - [Dependabot #36](./dependabot/alert_36.md) - pypdf (medium) - open | ||
| - [Dependabot #35](./dependabot/alert_35.md) - pypdf (medium) - open | ||
| - [Dependabot #34](./dependabot/alert_34.md) - torch (low) - open | ||
| - [Dependabot #33](./dependabot/alert_33.md) - torch (low) - open | ||
| - [Dependabot #32](./dependabot/alert_32.md) - pypdf (medium) - open | ||
| - [Dependabot #31](./dependabot/alert_31.md) - pypdf (medium) - open | ||
| - [Dependabot #30](./dependabot/alert_30.md) - pypdf (medium) - open | ||
| - [Dependabot #29](./dependabot/alert_29.md) - pypdf (medium) - open | ||
| - [Dependabot #28](./dependabot/alert_28.md) - pypdf (medium) - open | ||
| - [Dependabot #27](./dependabot/alert_27.md) - cryptography (medium) - open | ||
| - [Dependabot #26](./dependabot/alert_26.md) - pypdf (medium) - open | ||
| - [Dependabot #25](./dependabot/alert_25.md) - pypdf (medium) - open | ||
| - [Dependabot #24](./dependabot/alert_24.md) - pypdf (medium) - open | ||
| - [Dependabot #23](./dependabot/alert_23.md) - pypdf (medium) - open | ||
| - [Dependabot #22](./dependabot/alert_22.md) - pypdf (medium) - open | ||
| - [Dependabot #21](./dependabot/alert_21.md) - pypdf (medium) - open | ||
| - [Dependabot #20](./dependabot/alert_20.md) - pypdf (low) - open | ||
| - [Dependabot #19](./dependabot/alert_19.md) - pypdf (medium) - open | ||
| - [Dependabot #18](./dependabot/alert_18.md) - pypdf (medium) - open | ||
| - [Dependabot #17](./dependabot/alert_17.md) - pypdf (medium) - open | ||
| - [Dependabot #16](./dependabot/alert_16.md) - pypdf (medium) - open | ||
| - [Dependabot #15](./dependabot/alert_15.md) - pypdf (low) - open | ||
| - [Dependabot #14](./dependabot/alert_14.md) - pypdf (low) - open | ||
| - [Dependabot #13](./dependabot/alert_13.md) - pypdf (medium) - open | ||
| - [Dependabot #12](./dependabot/alert_12.md) - pypdf (medium) - open | ||
| - [Dependabot #11](./dependabot/alert_11.md) - pypdf (medium) - open | ||
| - [Dependabot #7](./dependabot/alert_7.md) - paramiko (low) - open | ||
|
|
||
| ## Code Scanning Alerts | ||
| - [CodeScan #767](./codescan/alert_767.md) - py/bind-socket-all-network-interfaces (error) - open | ||
| - [CodeScan #766](./codescan/alert_766.md) - py/bind-socket-all-network-interfaces (error) - open | ||
| - [CodeScan #765](./codescan/alert_765.md) - py/bind-socket-all-network-interfaces (error) - open | ||
|
|
||
| Total issues downloaded: 4 | ||
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,10 @@ | ||
| # Code Scanning Alert #765: py/bind-socket-all-network-interfaces | ||
|
|
||
| - **State:** open | ||
| - **Severity:** error | ||
| - **Tool:** CodeQL | ||
| - **Created:** 2026-05-21T04:27:05Z | ||
| - **URL:** https://github.com/grisuno/LazyOwn/security/code-scanning/765 | ||
|
|
||
| ## Description | ||
| Binding a socket to all network interfaces |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,10 @@ | ||
| # Code Scanning Alert #766: py/bind-socket-all-network-interfaces | ||
|
|
||
| - **State:** open | ||
| - **Severity:** error | ||
| - **Tool:** CodeQL | ||
| - **Created:** 2026-05-21T04:27:05Z | ||
| - **URL:** https://github.com/grisuno/LazyOwn/security/code-scanning/766 | ||
|
|
||
| ## Description | ||
| Binding a socket to all network interfaces |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,10 @@ | ||
| # Code Scanning Alert #767: py/bind-socket-all-network-interfaces | ||
|
|
||
| - **State:** open | ||
| - **Severity:** error | ||
| - **Tool:** CodeQL | ||
| - **Created:** 2026-05-21T04:27:05Z | ||
| - **URL:** https://github.com/grisuno/LazyOwn/security/code-scanning/767 | ||
|
|
||
| ## Description | ||
| Binding a socket to all network interfaces |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,21 @@ | ||
| # Dependabot Alert #11: pypdf | ||
|
|
||
| - **State:** open | ||
| - **Severity:** medium | ||
| - **CVE:** CVE-2025-62707 | ||
| - **Created:** 2026-06-07T17:50:21Z | ||
| - **URL:** https://github.com/grisuno/LazyOwn/security/dependabot/11 | ||
|
|
||
| ## Summary | ||
| pypdf possibly loops infinitely when reading DCT inline images without EOF marker | ||
|
|
||
| ## Description | ||
| ### Impact | ||
|
|
||
| An attacker who uses this vulnerability can craft a PDF which leads to an infinite loop. This requires parsing the content stream of a page which has an inline image using the DCTDecode filter. | ||
|
|
||
| ### Patches | ||
| This has been fixed in [pypdf==6.1.3](https://github.com/py-pdf/pypdf/releases/tag/6.1.3). | ||
|
|
||
| ### Workarounds | ||
| If you cannot upgrade yet, consider applying the changes from PR [#3501](https://github.com/py-pdf/pypdf/pull/3501). |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,21 @@ | ||
| # Dependabot Alert #12: pypdf | ||
|
|
||
| - **State:** open | ||
| - **Severity:** medium | ||
| - **CVE:** CVE-2025-62708 | ||
| - **Created:** 2026-06-07T17:50:21Z | ||
| - **URL:** https://github.com/grisuno/LazyOwn/security/dependabot/12 | ||
|
|
||
| ## Summary | ||
| pypdf can exhaust RAM via manipulated LZWDecode streams | ||
|
|
||
| ## Description | ||
| ### Impact | ||
|
|
||
| An attacker who uses this vulnerability can craft a PDF which leads to large memory usage. This requires parsing the content stream of a page using the LZWDecode filter. | ||
|
|
||
| ### Patches | ||
| This has been fixed in [pypdf==6.1.3](https://github.com/py-pdf/pypdf/releases/tag/6.1.3). | ||
|
|
||
| ### Workarounds | ||
| If you cannot upgrade yet, consider applying the changes from PR [#3502](https://github.com/py-pdf/pypdf/pull/3502). |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,27 @@ | ||
| # Dependabot Alert #13: pypdf | ||
|
|
||
| - **State:** open | ||
| - **Severity:** medium | ||
| - **CVE:** CVE-2025-66019 | ||
| - **Created:** 2026-06-07T17:50:21Z | ||
| - **URL:** https://github.com/grisuno/LazyOwn/security/dependabot/13 | ||
|
|
||
| ## Summary | ||
| pypdf's LZWDecode streams be manipulated to exhaust RAM | ||
|
|
||
| ## Description | ||
| ### Impact | ||
|
|
||
| An attacker who uses this vulnerability can craft a PDF which leads to a memory usage of up to 1 GB per stream. This requires parsing the content stream of a page using the LZWDecode filter. | ||
|
|
||
| This is a follow up to [GHSA-jfx9-29x2-rv3j](https://github.com/py-pdf/pypdf/security/advisories/GHSA-jfx9-29x2-rv3j) to align the default limit with the one for *zlib*. | ||
|
|
||
| ### Patches | ||
| This has been fixed in [pypdf==6.4.0](https://github.com/py-pdf/pypdf/releases/tag/6.4.0). | ||
|
|
||
| ### Workarounds | ||
| If users cannot upgrade yet, use the line below to overwrite the default in their code: | ||
|
|
||
| ```python | ||
| pypdf.filters.LZW_MAX_OUTPUT_LENGTH = 75_000_000 | ||
| ``` |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,37 @@ | ||
| # Dependabot Alert #14: pypdf | ||
|
|
||
| - **State:** open | ||
| - **Severity:** low | ||
| - **CVE:** CVE-2026-22690 | ||
| - **Created:** 2026-06-07T17:50:21Z | ||
| - **URL:** https://github.com/grisuno/LazyOwn/security/dependabot/14 | ||
|
|
||
| ## Summary | ||
| pypdf has possible long runtimes for missing /Root object with large /Size values | ||
|
|
||
| ## Description | ||
| ### Impact | ||
| An attacker who exploits this vulnerability can craft a PDF which leads to possibly long runtimes for actually invalid files. This can be achieved by omitting the `/Root` entry in the trailer, while using a rather large `/Size` value. Only the non-strict reading mode is affected. | ||
|
|
||
| ### Patches | ||
| This has been fixed in [pypdf==6.6.0](https://github.com/py-pdf/pypdf/releases/tag/6.6.0). | ||
|
|
||
| ### Workarounds | ||
|
|
||
| ```python | ||
| from pypdf import PdfReader, PdfWriter | ||
|
|
||
|
|
||
| # Instead of | ||
| reader = PdfReader("file.pdf") | ||
| # use the strict mode: | ||
| reader = PdfReader("file.pdf", strict=True) | ||
|
|
||
| # Instead of | ||
| writer = PdfWriter(clone_from="file.pdf") | ||
| # use an explicit strict reader: | ||
| writer = PdfWriter(clone_from=PdfReader("file.pdf", strict=True)) | ||
| ``` | ||
|
|
||
| ### Resources | ||
| This issue has been fixed in #3594. |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,37 @@ | ||
| # Dependabot Alert #15: pypdf | ||
|
|
||
| - **State:** open | ||
| - **Severity:** low | ||
| - **CVE:** CVE-2026-22691 | ||
| - **Created:** 2026-06-07T17:50:22Z | ||
| - **URL:** https://github.com/grisuno/LazyOwn/security/dependabot/15 | ||
|
|
||
| ## Summary | ||
| pypdf has possible long runtimes for malformed startxref | ||
|
|
||
| ## Description | ||
| ### Impact | ||
| An attacker who exploits this vulnerability can craft a PDF which leads to possibly long runtimes for invalid `startxref` entries. When rebuilding the cross-reference table, PDF files with lots of whitespace characters become problematic. Only the non-strict reading mode is affected. | ||
|
|
||
| ### Patches | ||
| This has been fixed in [pypdf==6.6.0](https://github.com/py-pdf/pypdf/releases/tag/6.6.0). | ||
|
|
||
| ### Workarounds | ||
|
|
||
| ```python | ||
| from pypdf import PdfReader, PdfWriter | ||
|
|
||
|
|
||
| # Instead of | ||
| reader = PdfReader("file.pdf") | ||
| # use the strict mode: | ||
| reader = PdfReader("file.pdf", strict=True) | ||
|
|
||
| # Instead of | ||
| writer = PdfWriter(clone_from="file.pdf") | ||
| # use an explicit strict reader: | ||
| writer = PdfWriter(clone_from=PdfReader("file.pdf", strict=True)) | ||
| ``` | ||
|
|
||
| ### Resources | ||
| This issue has been fixed in #3594. |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,23 @@ | ||
| # Dependabot Alert #16: pypdf | ||
|
|
||
| - **State:** open | ||
| - **Severity:** medium | ||
| - **CVE:** CVE-2026-24688 | ||
| - **Created:** 2026-06-07T17:50:22Z | ||
| - **URL:** https://github.com/grisuno/LazyOwn/security/dependabot/16 | ||
|
|
||
| ## Summary | ||
| pypdf has possible Infinite Loop when processing outlines/bookmarks | ||
|
|
||
| ## Description | ||
| ### Impact | ||
|
|
||
| An attacker who uses this vulnerability can craft a PDF which leads to an infinite loop. This requires accessing the outlines/bookmarks. | ||
|
|
||
| ### Patches | ||
|
|
||
| This has been fixed in [pypdf 6.6.2](https://github.com/py-pdf/pypdf/releases/tag/6.6.2). | ||
|
|
||
| ### Workarounds | ||
|
|
||
| If projects cannot upgrade yet, consider applying the changes from PR [#3610](https://github.com/py-pdf/pypdf/pull/3610). |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,23 @@ | ||
| # Dependabot Alert #17: pypdf | ||
|
|
||
| - **State:** open | ||
| - **Severity:** medium | ||
| - **CVE:** CVE-2026-27024 | ||
| - **Created:** 2026-06-07T17:50:22Z | ||
| - **URL:** https://github.com/grisuno/LazyOwn/security/dependabot/17 | ||
|
|
||
| ## Summary | ||
| pypdf has a possible infinite loop when processing TreeObject | ||
|
|
||
| ## Description | ||
| ### Impact | ||
|
|
||
| An attacker who uses this vulnerability can craft a PDF which leads to an infinite loop. This requires accessing the children of a `TreeObject`, for example as part of outlines. | ||
|
|
||
| ### Patches | ||
|
|
||
| This has been fixed in [pypdf==6.7.1](https://github.com/py-pdf/pypdf/releases/tag/6.7.1). | ||
|
|
||
| ### Workarounds | ||
|
|
||
| If you cannot upgrade yet, consider applying the changes from PR [#3645](https://github.com/py-pdf/pypdf/pull/3645). |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,23 @@ | ||
| # Dependabot Alert #18: pypdf | ||
|
|
||
| - **State:** open | ||
| - **Severity:** medium | ||
| - **CVE:** CVE-2026-27025 | ||
| - **Created:** 2026-06-07T17:50:22Z | ||
| - **URL:** https://github.com/grisuno/LazyOwn/security/dependabot/18 | ||
|
|
||
| ## Summary | ||
| pypdf has possible long runtimes/large memory usage for large /ToUnicode streams | ||
|
|
||
| ## Description | ||
| ### Impact | ||
|
|
||
| An attacker who uses this vulnerability can craft a PDF which leads to long runtimes and large memory consumption. This requires parsing the `/ToUnicode` entry of a font with unusually large values, for example during text extraction. | ||
|
|
||
| ### Patches | ||
|
|
||
| This has been fixed in [pypdf==6.7.1](https://github.com/py-pdf/pypdf/releases/tag/6.7.1). | ||
|
|
||
| ### Workarounds | ||
|
|
||
| If you cannot upgrade yet, consider applying the changes from PR [#3646](https://github.com/py-pdf/pypdf/pull/3646). |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,23 @@ | ||
| # Dependabot Alert #19: pypdf | ||
|
|
||
| - **State:** open | ||
| - **Severity:** medium | ||
| - **CVE:** CVE-2026-27026 | ||
| - **Created:** 2026-06-07T17:50:22Z | ||
| - **URL:** https://github.com/grisuno/LazyOwn/security/dependabot/19 | ||
|
|
||
| ## Summary | ||
| pypdf possibly has long runtimes for malformed FlateDecode streams | ||
|
|
||
| ## Description | ||
| ### Impact | ||
|
|
||
| An attacker who uses this vulnerability can craft a PDF which leads to long runtimes. This requires a malformed `/FlateDecode` stream, where the byte-by-byte decompression is used. | ||
|
|
||
| ### Patches | ||
|
|
||
| This has been fixed in [pypdf==6.7.1](https://github.com/py-pdf/pypdf/releases/tag/6.7.1). | ||
|
|
||
| ### Workarounds | ||
|
|
||
| If you cannot upgrade yet, consider applying the changes from PR [#3644](https://github.com/py-pdf/pypdf/pull/3644). |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,23 @@ | ||
| # Dependabot Alert #20: pypdf | ||
|
|
||
| - **State:** open | ||
| - **Severity:** low | ||
| - **CVE:** CVE-2026-27628 | ||
| - **Created:** 2026-06-07T17:50:22Z | ||
| - **URL:** https://github.com/grisuno/LazyOwn/security/dependabot/20 | ||
|
|
||
| ## Summary | ||
| pypdf has a possible infinite loop when loading circular /Prev entries in cross-reference streams | ||
|
|
||
| ## Description | ||
| ### Impact | ||
|
|
||
| An attacker who uses this vulnerability can craft a PDF which leads to an infinite loop. This requires reading the file. | ||
|
|
||
| ### Patches | ||
|
|
||
| This has been fixed in [pypdf==6.7.2](https://github.com/py-pdf/pypdf/releases/tag/6.7.2). | ||
|
|
||
| ### Workarounds | ||
|
|
||
| If users cannot upgrade yet, consider applying the changes from PR [#3655](https://github.com/py-pdf/pypdf/pull/3655). |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,20 @@ | ||
| # Dependabot Alert #21: pypdf | ||
|
|
||
| - **State:** open | ||
| - **Severity:** medium | ||
| - **CVE:** CVE-2026-27888 | ||
| - **Created:** 2026-06-07T17:50:22Z | ||
| - **URL:** https://github.com/grisuno/LazyOwn/security/dependabot/21 | ||
|
|
||
| ## Summary | ||
| pypdf: Manipulated FlateDecode XFA streams can exhaust RAM | ||
|
|
||
| ## Description | ||
| ### Impact | ||
| An attacker who uses this vulnerability can craft a PDF which leads to the RAM being exhausted. This requires accessing the `xfa` property of a reader or writer and the corresponding stream being compressed using `/FlateDecode`. | ||
|
|
||
| ### Patches | ||
| This has been fixed in [pypdf==6.7.3](https://github.com/py-pdf/pypdf/releases/tag/6.7.3). | ||
|
|
||
| ### Workarounds | ||
| If projects cannot upgrade yet, consider applying the changes from PR [#3658](https://github.com/py-pdf/pypdf/pull/3658). |
Oops, something went wrong.
Oops, something went wrong.
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
[NITPICK] README content contains inconsistent or potentially misleading metrics (e.g. "🟢 Open Issues | 0" but many open Dependabot/CodeScan alerts listed). Update these counts to reflect reality or make clear they refer only to GitHub issues (not security alerts). Also consider removing or toning down marketing-language that describes rootkits/backdoors in operational terms (line 3) — at minimum flag it as research/security-tooling to reduce accidental misuse and legal/hosting risk.