Python

Use of insecure MD2, MD4, MD5, or SHA1 hash functions should be avoided. Using more secure algorithms like SHA256 or SHA512.

Use of insecure cipher or cipher mode. Replace with a known secure cipher such as AES.

Use of insecure cipher or cipher mode. Replace with a known secure cipher such as AES.

Cipher used is not secure. It is recommended to replace with a known secure cipher such as AES.

Use of insecure cipher mode such as ECB is not recommended for use in cryptographic protocols at all. In case of ECB, it encrypts identical plaintext blocks into identical ciphertext blocks; and does not hide data patterns well. In some senses, it doesn't provide serious message confidentiality.

D2, MD4, MD5, SHA1 signature algorithms are known to be vulnerable to collision attacks. Attackers can exploit this to generate another certificate with the same digital signature, allowing them to masquerade as the affected service.

pycryptodome is a direct fork of pycrypto that has not fully addressed the issues inherent in PyCrypto. It seems to exist, mainly, as an API compatible continuation of pycrypto and should be deprecated in favor of pyca/cryptography which has more support among the Python community.

Spawning of a subprocess in a way that doesn't use a shell is generally safe, but it maybe useful for penetration testing workflows to track where external system calls are used.

Running a Django application with debug mode enabled may allow an attacker to gain access to sensitive information. Ensure that Django applications that are run in a production environment have DEBUG set to False.

FTP-related functions are being called. FTP is considered insecure. Use SSH/SFTP/SCP or some other encrypted protocol.

XMLRPC is particularly dangerous as it is also concerned with communicating data over a network. Use defused.xmlrpc.monkey_patch() function to monkey-patch xmlrpclib and mitigate remote XML attacks.