issues Search Results · language:Dune language:Python language:JavaScript is:public language:Java language:Java

Filter by

• • Code... (...)results
  • Repositories
    results
  • Issues
    results
  • Pull requests
    results
  • Discussions
    results
  • Users
    results
  • More

• State

  • Open
  • Closed

• Advanced

  • Owner
  • State
  • Close reason
  • Has linked pull request
  • Author
  • Assignee
  • Mentioned user
  • Mentioned team
  • Commenter
  • Involved user
  • Label
  • Milestone
  • Number of comments
  • Number of interactions
• Advanced search

Filter:Issues55M (55M)

55M results  (727 ms)

55M results

Sort by: Best match

Filter

gwu-ai-cyber-edu-classroom/bbf-build-target-yxk14

[BREAK] P1: GET /<code> follows private admin link and leaks canary (IDOR)

Target artifact GET / code (e.g. /3) Attack class idor-authz Discovery method black-box (interface only) Property violated P1: Confidentiality Steps to reproduce 1. Start the app per START_APP.md ...

• Luna-Xue
·
• Opened 
  6 minutes ago
·
• #4

gwu-ai-cyber-edu-classroom/bbf-build-target-yxk14

[BREAK] P5: open redirect -- /shorten accepts javascript: and off-site URLs

Target artifact POST /shorten → GET / code Attack class open-redirect Discovery method black-box (interface only) Property violated P5: Authorization output safety Steps to reproduce 1. Start ...

• Luna-Xue
·
• Opened 
  6 minutes ago
·
• #5

gwu-ai-cyber-edu-classroom/bbf-build-target-stusteiner

[BREAK] P5: GET /api/quizzes enumerates private quiz metadata

Target artifact GET /api/quizzes Attack class idor-authz Discovery method black-box (interface only) Property violated P5: Authorization output safety Steps to reproduce 1. Start the app per ...

• Luna-Xue
·
• Opened 
  6 minutes ago
·
• #8

gwu-ai-cyber-edu-classroom/bbf-build-target-stusteiner

[BREAK] P4: UNION SQL injection in /api/search dumps answer-key column incl. canary

Target artifact GET /api/search?q= Attack class sql-injection Discovery method white-box → reproduced over HTTP Property violated P1: Confidentiality Steps to reproduce 1. Start the app per START_APP.md ...

• Luna-Xue
·
• Opened 
  6 minutes ago
·
• #7

gwu-ai-cyber-edu-classroom/bbf-build-target-stusteiner

[BREAK] P1: private quiz served unauthenticated via /api/quizzes/2 -> canary (IDOR)

Target artifact GET /api/quizzes/2 (also /quiz/2, /quiz/2/submit) Attack class idor-authz Discovery method black-box (interface only) Property violated P1: Confidentiality Steps to reproduce 1. ...

• Luna-Xue
·
• Opened 
  6 minutes ago
·
• #6

jgeraigery/nnabla

keras-3.12.2-py3-none-any.whl: 1 vulnerabilities (highest severity is: 6.5)

details summary img src= https://whitesource-resources.whitesourcesoftware.com/vulnerability_details.png width=19 height=20 Vulnerable Library - b keras-3.12.2-py3-none-any.whl /b /summary p Multi-backend ...

Mend: dependency security vulnerability

• mend-for-github-com[bot]
·
• Opened 
  6 minutes ago
·
• #52

gwu-ai-cyber-edu-classroom/bbf-build-target-rebeccahwa

[BREAK] P1: IDOR on /drawing/<id> leaks admin's private drawing (canary)

Target artifact GET /drawing/ id Attack class idor-authz Discovery method black-box (interface only) Property violated P1: Confidentiality Steps to reproduce 1. Start the app per START_APP.md ...

• Luna-Xue
·
• Opened 
  6 minutes ago
·
• #5

gwu-ai-cyber-edu-classroom/bbf-build-target-rebeccahwa

[BREAK] P1: hardcoded weak SECRET_KEY enables session forgery -> admin -> canary

Target artifact Flask session cookie → GET /drawing/1 Attack class idor-authz (weak-crypto / session forgery) Discovery method white-box → reproduced over HTTP Property violated P1: Confidentiality ...

• Luna-Xue
·
• Opened 
  6 minutes ago
·
• #6

gwu-ai-cyber-edu-classroom/bbf-build-target-mahdin-star

[BREAK] P5: open redirect on /task/<id>/toggle via unsanitized Referer header

Target artifact POST /task/ id /toggle Attack class open-redirect Discovery method white-box → reproduced over HTTP Property violated P5: Authorization output safety Steps to reproduce 1. Start ...

• Luna-Xue
·
• Opened 
  6 minutes ago
·
• #7

griptape-ai/griptape

ExaWebSearchDriver broken: Exa API no longer accepts use_autoprompt parameter

Summary ExaWebSearchDriver sends a use_autoprompt field in its API request body. The Exa API has removed support for this parameter and now returns an error, making the driver completely non-functional. ...

• shhlife
·
• 2
·
• Opened 
  6 minutes ago
·
• #2199

Learn how you can use GitHub Issues to plan and track your work.

Save views for sprints, backlogs, teams, or releases. Rank, sort, and filter issues to suit the occasion. The possibilities are endless.Learn more about GitHub Issues

ProTip! Restrict your search to the title by using the in:title qualifier.

Learn how you can use GitHub Issues to plan and track your work.

Save views for sprints, backlogs, teams, or releases. Rank, sort, and filter issues to suit the occasion. The possibilities are endless.Learn more about GitHub Issues

ProTip! Restrict your search to the title by using the in:title qualifier.