issues Search Results · language:Dune language:Python language:Java language:JavaScript language:Java language:Python
Filter by
54.8M results
Part of the pre-1.0 mod-review sweep (docs/MOD-REVIEW.md) — every mod gets human eyes before 1.0, bucketed by pillar and
capped per milestone. This issue is the v0.15.0 — Polish site batch (40 mods).
...
Xela112233
🟡 MEDIUM — Server-Side Request Forgery (SSRF) risk at VaultNote Source Repository server-side web-requesting the target GitHub Actions Build Pipeline via Push to Pipeline
| Field | Value |
| --- | --- ...
security
severity: medium
threagile:server-side-request-forgery@sou-b8af15a4
threat-model
Luv1881
🟡 MEDIUM — Server-Side Request Forgery (SSRF) risk at GitHub Actions Build Pipeline server-side web-requesting the target AWS ECR Container Registry via Push Image to Registry
| Field | Value |
| --- ...
security
severity: medium
threagile:server-side-request-forgery@bui-048d6c2a
threat-model
Hi @Tasoskourouniadis
Thank you for open-sourcing this repository! Your original Java implementation was a fantastic reference for me. I
wanted to give you a quick heads-up that I’ve spent the last ...
saifmukhtar
🟡 MEDIUM — Server-Side Request Forgery (SSRF) risk at ECS Container Platform server-side web-requesting the target AWS ECR Container Registry via Pull Images from ECR
| Field | Value |
| --- | --- |
| ...
security
severity: medium
threagile:server-side-request-forgery@ecs-4ba4a37f
threat-model
Problem
The audit trail pages — validator audit log (/dashboard/validator/audit) and admin system audit — have styling that s
inconsistent with other dashboard pages. They lack the standard WIMS-BFP card ...
enhancement
ready-for-agent
x1n4te
🟠 HIGH — Server-Side Request Forgery (SSRF) risk at Lambda Email Notifier server-side web-requesting the target AWS SES via SES Email Send
| Field | Value |
| --- | --- |
| Adjusted Score | 7.25/10 | ...
security
severity: high
threagile:server-side-request-forgery@lam-18fc0036
threat-model
Target Project: Lavalamp
Task Type: maintenance_build
Goal: build firmware artifact containing CY Tidal Bloom from existing runner worktrees.
Use base: /home/agent/agent-dev/worktrees/lavalamp/issue-731/firmware/WLED ...
risk:yellow
runner:ready
target:lavalamp
alanua
🟠 HIGH — Server-Side Request Forgery (SSRF) risk at API Server server-side web-requesting the target MinIO Object Storage via MinIO File Storage
| Field | Value |
| --- | --- |
| Adjusted Score | 7.25/10 ...
security
severity: high
threagile:server-side-request-forgery@api-f3c5fec9
threat-model
🔴 CRITICAL — Exposed Default Credentials: MinIO Object Storage is tagged as intentional-misconfiguration and stores confidential data
| Field | Value |
| --- | --- |
| Adjusted Score | 9.25/10 |
| Category ...
security
severity: critical
threagile:exposed-default-credentials@min-723202b5
threat-model
Learn how you can use GitHub Issues to plan and track your work.
Save views for sprints, backlogs, teams, or releases. Rank, sort, and filter issues to suit the occasion. The possibilities are endless.Learn more about GitHub IssuesProTip! Restrict your search to the title by using the in:title qualifier.
Learn how you can use GitHub Issues to plan and track your work.
Save views for sprints, backlogs, teams, or releases. Rank, sort, and filter issues to suit the occasion. The possibilities are endless.Learn more about GitHub IssuesProTip! Restrict your search to the title by using the in:title qualifier.