Skip to content

issues Search Results · language:Dune language:JavaScript language:JavaScript language:Java language:JavaScript language:C#

Filter by

39.5M results  (681 ms)

39.5M results

Problem Multiple medium-security gaps: - No HTTPS enforcement (server/index.js:26-28) - DB file could be served via misconfigured static root (server/index.js:20-21) - express.json() body size ...
priority:medium
security

Description When clicking on the Documentation link in the website s navigation bar, the application redirects to the /docs route, but the page returns a 404 Not Found error instead of displaying the ...

Orleans reference: dotnet/orleans#9038 Summary Orleans request for a Redis Pub/Sub-backed stream provider (Orleans currently ships Event Hubs/SQS/etc. providers but no plain Redis Pub/Sub option). Why ...
area: streaming
enhancement
status: needs-design

Hardcoded config values. Externalize to env vars. Generated for enterprise-scale GitHub performance testing. Repository: qa-load-v2 Booster Run ID: boost-20260625-121619 Sequence: 456
P3-low
perf-test

Problem Auto-increment INTEGER PRIMARY KEY IDs are trivially enumerable. Attackers can guess/iterate resource IDs. Scope - Change all ID columns to UUID (TEXT) in schema - Generate UUIDs server-side ...
priority:high
security

Orleans reference: dotnet/orleans#5772 Summary Orleans discussion thread (50 combined reactions/comments) on F# ergonomics — Orleans codegen and grain conventions lean heavily on C#-specific patterns. ...
area: codegen
enhancement
status: needs-design

Problem No security headers set. Missing X-Content-Type-Options, X-Frame-Options, Strict-Transport-Security, Content-Security-Policy, Referrer-Policy. Scope - Add helmet middleware to server/index.js ...
priority:high
security

Orleans reference: dotnet/orleans#447, dotnet/orleans#446 Summary Orleans request (2015) for a single writer, multiple readers grain pattern / state replication — one authoritative activation handles ...
area: persistence
enhancement
status: needs-design

Problem CORS is wide-open (cors() with no options) at server/index.js:12. Any origin can call every API endpoint. Combined with no CSRF protection, any malicious page can forge state-changing requests. ...
priority:critical
security
Issue origami icon

Learn how you can use GitHub Issues to plan and track your work.

Save views for sprints, backlogs, teams, or releases. Rank, sort, and filter issues to suit the occasion. The possibilities are endless.Learn more about GitHub Issues
ProTip! Restrict your search to the title by using the in:title qualifier.
Issue origami icon

Learn how you can use GitHub Issues to plan and track your work.

Save views for sprints, backlogs, teams, or releases. Rank, sort, and filter issues to suit the occasion. The possibilities are endless.Learn more about GitHub Issues
ProTip! Restrict your search to the title by using the in:title qualifier.