Skip to content

issues Search Results · language:Edge language:Python language:JavaScript language:JavaScript linked:pr language:JavaScript

Filter by

4.5M results  (341 ms)

4.5M results

SecureBananaLabs/bug-bounty
Global error handler returns 500 for Zod validation errors instead of 400

Parent bounty: #743 Bug The global error handler in apps/api/src/middleware/errorHandler.js does not recognize Zod ZodError instances and returns 500 for all validation failures: return res.status(500).json({ ...
  • XananasX7
  • Opened 
    5 minutes ago
  • #7527

exasol/script-languages-container-ci
Update PTB to 9.0.0

refactoring
  • tomuben
  • Opened 
    5 minutes ago
  • #158

SecureBananaLabs/bug-bounty
Upload endpoint is unauthenticated — anyone can upload files

Parent bounty: #743 Bug POST /api/uploads in apps/api/src/routes/uploadRoutes.js has no authentication middleware, so unauthenticated users can upload files: uploadRoutes.post( / , upload.single( file ...
  • XananasX7
  • Opened 
    6 minutes ago
  • #7526

Jongtae/agentos
[P2-92] Add Docker Attestation Status product surface

Tracked through the AgentOS issue/branch lifecycle policy. - Kind: task - Phase: 2 - Task ID: P2-92 - Planned branch: codex/p2-92-add-docker-attestation-status-product-surface
  • Jongtae
  • Opened 
    6 minutes ago
  • #205

SecureBananaLabs/bug-bounty
Notification creation endpoint is unauthenticated

Parent bounty: #743 Bug POST /api/notifications in apps/api/src/routes/notificationRoutes.js has no authentication middleware, so unauthenticated users can create notifications: notificationRoutes.post( ...
  • XananasX7
  • Opened 
    6 minutes ago
  • #7525

SecureBananaLabs/bug-bounty
Message creation endpoint is unauthenticated

Parent bounty: #743 Bug POST /api/messages in apps/api/src/routes/messageRoutes.js has no authentication middleware, so unauthenticated users can send messages: messageRoutes.post( / , postMessage); ...
  • XananasX7
  • Opened 
    6 minutes ago
  • #7524

SecureBananaLabs/bug-bounty
Review creation endpoint is unauthenticated

Parent bounty: #743 Bug POST /api/reviews in apps/api/src/routes/reviewRoutes.js has no authentication middleware, so unauthenticated users can submit reviews: reviewRoutes.post( / , postReview); Expected ...
  • XananasX7
  • Opened 
    6 minutes ago
  • #7523

SecureBananaLabs/bug-bounty
Proposal creation endpoint is unauthenticated

Parent bounty: #743 Bug POST /api/proposals in apps/api/src/routes/proposalRoutes.js has no authentication middleware, so unauthenticated users can create proposals: proposalRoutes.post( / , postProposal); ...
  • XananasX7
  • Opened 
    6 minutes ago
  • #7521

SecureBananaLabs/bug-bounty
messageService.sendMessage allows caller to override server-assigned id and sentAt

Parent bounty: #743 Bug sendMessage() in apps/api/src/services/messageService.js spreads caller payload with server fields mixed in: const message = { id: `msg_${Date.now()}`, ...payload, sentAt: new ...
  • XananasX7
  • Opened 
    6 minutes ago
  • #7520

SecureBananaLabs/bug-bounty
reviewService.createReview allows caller-supplied id injection

Parent bounty: #743 Bug createReview() in apps/api/src/services/reviewService.js spreads caller payload after the server-generated id, allowing callers to override the server-assigned id field. Expected ...
  • XananasX7
  • Opened 
    6 minutes ago
  • #7519
Issue origami icon

Learn how you can use GitHub Issues to plan and track your work.

Save views for sprints, backlogs, teams, or releases. Rank, sort, and filter issues to suit the occasion. The possibilities are endless.Learn more about GitHub Issues
ProTip! Restrict your search to the title by using the in:title qualifier.
Issue origami icon

Learn how you can use GitHub Issues to plan and track your work.

Save views for sprints, backlogs, teams, or releases. Rank, sort, and filter issues to suit the occasion. The possibilities are endless.Learn more about GitHub Issues
ProTip! Restrict your search to the title by using the in:title qualifier.