Zero exit code returned when vulnerability detected #821
Description
Checklist
- I agree to the terms within the Safety Code of Conduct.
- I have searched existing issues to ensure this bug hasn't been reported before.
Safety version
3.7.0
Python version
I am using the binary installation of safety so python version should not matter (but it is 3.13 in our project)
Operating System
Docker image based on Debian 12.12
Bug description
When I run safety scan, it finds a vulnerability but returns zero exit code.
Steps to reproduce
$ safety --disable-optional-telemetry --key XXXXX scan /myproject --output screen
Safety 3.7.0 scanning /myproject/app/projectname
2025-11-07 08:48:04 UTC
Account: API key used
Git branch: master
Environment: Stage.development
Scan policy: None, using Safety CLI default policies
Python detected. Found 1 Python pyproject.toml file and 1 Python environment
Dependency vulnerabilities detected:
📝 pyproject.toml:
django==5.1.13 [2 vulnerabilities found]
-> Vuln ID 81269:
CVE-2025-64458: Affected versions of the Django package are vulnerable to Denial of Service (DoS) due to slow ...
-> Vuln ID 81270:
CVE-2025-64459: Affected versions of the Django package are vulnerable to SQL Injection due to improper input ...
Update django==5.1.13 to django==5.1.14 to fix 2 vulnerabilities
Versions of django with no known vulnerabilities: 6.0b1, 6.0a1, 5.2.8, 4.2.26
Learn more: https://data.safetycli.com/p/pypi/django/eda/?from=5.1.13&to=5.1.14
✅ .venv/pyvenv.cfg: No issues found.
Tested 349 dependencies for security issues using default Safety CLI policies
11 vulnerabilities found, 9 ignored due to policy.
1 fix suggested, resolving 2 vulnerabilities.
$ echo ?
0Additional context
No response