issues Search Results · language:Edge language:Python linked:pr language:TypeScript language:Java language:JavaScript
Filter by
9.3M results
Summary
POST /api/setup/llm-test is reachable post-setup by any authenticated non-admin user and performs an unvalidated
outbound request to a user-supplied baseUrl, reflecting connect/HTTP results back ...
backend
security
laboef1900
Summary
Local-page attachments are served back inline with a client-supplied Content-Type, allowing an authenticated user to
store HTML/JS on a shared page and achieve same-origin stored XSS → access-token ...
backend
priority:high
security
Summary
POST /api/llm/improvements/apply lets any authenticated user overwrite the contents of any other user s private
standalone page (IDOR / broken access control, CWE-639).
Details
- Route guard ...
backend
priority:high
security
Summary
Several knowledge routes resolve a page by id and act on it without the per-space / per-page authorization check that
the rest of the domain enforces via getUserAccessibleSpaces / userCanAccessPage ...
backend
priority:critical
security
Summary
The committed package-lock.json is out of sync with the workspace manifests: it still contains d3-force and
@types/d3-force entries for the frontend workspace, but the dependency is no longer ...
bug
kenhaesler
Finding
Three pure functions in the workload deployment and RBAC subsystems have zero test coverage:
pkg/k8s/workload_deploy.go
- normalizeImageRef — converts short Docker Hub image names to fully-qualified ...
help wanted
quality
testing
clubanderson
Summary
The scheduled CI run on dev has been failing since ~2026-06-05 in the Frontend Tests job, and the same failure blocks
all 16 open Dependabot PRs (they inherit the broken suite from dev). Exactly ...
bug
Context
License gating is the one class of provider defect the fixture-backed go-live strategy explicitly must catch. The
media-job license gate is real and tested, but the FONT path of the gate has a ...
area:provider
area:render
priority:P0
risk:license
type:bug
type:security
MegaPhoenix92
Ao tentar fazer uma operação com usuários, ocorre 502 em:
- GET /api/v0/usuarios
- origem: solo-fifteen-gibson-birmingham.trycloudflare.com
- referer: /app/usuarios
Observação de segurança: o header ...
munifgebara
Problem
backend/Containerfile uses COPY . . but backend/ has no .containerignore / .dockerignore. Building the backend image
therefore copies the real local env files (backend/.env, backend/db.env) into ...
quangminhhh
Learn how you can use GitHub Issues to plan and track your work.
Save views for sprints, backlogs, teams, or releases. Rank, sort, and filter issues to suit the occasion. The possibilities are endless.Learn more about GitHub IssuesProTip! Restrict your search to the title by using the in:title qualifier.
Learn how you can use GitHub Issues to plan and track your work.
Save views for sprints, backlogs, teams, or releases. Rank, sort, and filter issues to suit the occasion. The possibilities are endless.Learn more about GitHub IssuesProTip! Restrict your search to the title by using the in:title qualifier.