issues Search Results · language:Dune language:Python language:HTML language:Java language:TypeScript language:Java
Filter by
58M results
Summary
Runtime dependencies are pinned to old releases and have never been audited; test dependencies are unpinned. Some pinned
versions carry known advisories.
Location
- requirements.txt
Evidence ...
area:config-deploy
kind:security
kind:tech-debt
priority:P2
stage:S2-implementation
konard
Audit finding API-H1 — see umbrella issue #241. Spec file: audit/findings/API-H1-api-key-secret-default-fallback.md
Summary
The HMAC secret used to hash API keys defaults to a hardcoded literal when ...
audit
bug
priority:high
stage:2-high
type:backend
type:security
Problem
The Scans page still uses alert() for delete and clear-history failure paths. This is inconsistent with the app
toast/modal patterns and is harder to test/accessibly style.
Expected behavior ...
area:frontend
level:intermediate
priority:medium
type:accessibility
type:bug
utksh1
checkup/ code review for pr: https://github.com/promptdriven/pdd/pull/1291 Issue:
https://github.com/promptdriven/pdd/issues/830
DianaTao
Summary
The _ROUTE_POLICY table at app.py:774-831 is the single source of truth for role gating in server mode. Several entries
are too narrow (POST-only when DELETE/PUT/PATCH should also be gated) and ...
bug
kallanroi
Audit finding SDK-C1 — see umbrella issue #241. Spec file:
audit/findings/SDK-C1-go-python-webhook-signature-scheme-mismatch.md
Summary
The Go and Python SDK webhook verifiers compute the HMAC over the ...
audit
bug
priority:critical
stage:1-critical
type:sdk
type:security
Summary
autobot-frontend/src/composables/transcriber/useTranscriberApi.ts imports useApi(), which is deprecated per
composables/useApi.ts:1–24:
This composable family has been superseded. GH#7446 audit ...
bug
frontend
priority: high
tech-debt
mrveiss
Status: PARKED — kept for later revival, do not delete
As part of the Following/Saved activity-feed pivot (Phase 3, 2026-06-01), the Production Submissions review pipeline
(shortlist → accept → reject ...
CavellTopDev
Summary
_redact_settings(s) iterates only the top-level keys of s and drops anything matching credential patterns. It does NOT
recurse into nested dicts. The SSO Entra OAuth client_secret is persisted ...
bug
Audit finding CONTRACTS-C1 — see umbrella issue #241. Spec file:
audit/findings/CONTRACTS-C1-governance-ownership-verification.md
Summary
The governance ProposalRegistry records votes and proposals using ...
audit
bug
priority:critical
stage:1-critical
type:contract
type:security
Learn how you can use GitHub Issues to plan and track your work.
Save views for sprints, backlogs, teams, or releases. Rank, sort, and filter issues to suit the occasion. The possibilities are endless.Learn more about GitHub IssuesProTip! Restrict your search to the title by using the in:title qualifier.
Learn how you can use GitHub Issues to plan and track your work.
Save views for sprints, backlogs, teams, or releases. Rank, sort, and filter issues to suit the occasion. The possibilities are endless.Learn more about GitHub IssuesProTip! Restrict your search to the title by using the in:title qualifier.