issues Search Results · language:Edge language:Python language:JavaScript language:JavaScript linked:pr language:JavaScript
Filter by
4.5M results
Parent bounty: #743
Bug
adminRoutes in apps/api/src/routes/adminRoutes.js does not check the caller s role — only that they have a valid JWT:
adminRoutes.use(authMiddleware);
adminRoutes.get( /metrics ...
XananasX7
Parent bounty: #743
Bug
GET /api/search in apps/api/src/controllers/searchController.js passes req.query.q to globalSearch() with no validation
or length limit:
export async function search(req, res) ...
Parent bounty: #743
Bug
POST /api/jobs in apps/api/src/routes/jobRoutes.js has no authentication middleware, so unauthenticated users can create
job listings:
jobRoutes.post( / , postJob);
Expected ...
Parent bounty: #743
Bug
POST /api/payments in apps/api/src/routes/paymentRoutes.js has no authentication middleware, so any unauthenticated user
can create payment records:
paymentRoutes.post( / , createPayment); ...
Parent bounty: #743
Bug
createNotification() in apps/api/src/services/notificationService.js spreads the caller payload after the
server-assigned fields:
export async function createNotification(payload) ...
Parent bounty: #743
Bug
createJob() in apps/api/src/services/jobService.js spreads the caller payload after setting the initial status:
export async function createJob(payload) {
const job = { id: ...
Parent bounty: #743
Bug
createUser() in apps/api/src/services/userService.js spreads the entire caller-supplied payload after the
server-generated id:
export async function createUser(payload) {
const ...
Parent bounty: #743
Bug
POST /api/users in apps/api/src/controllers/userController.js passes req.body directly to createUser() with no input
validation whatsoever:
export async function postUser(req, ...
Parent bounty: #743
Bug
registerSchema in apps/api/src/validators/auth.js does not require a fullName field, but the Prisma User model has
fullName String as a non-nullable, required field. Registrations ...
Parent bounty: #743
Bug
registerSchema in apps/api/src/validators/auth.js allows role: admin during registration:
export const registerSchema = z.object({
email: z.string().email(),
password: z.string().min(8), ...
Learn how you can use GitHub Issues to plan and track your work.
Save views for sprints, backlogs, teams, or releases. Rank, sort, and filter issues to suit the occasion. The possibilities are endless.Learn more about GitHub IssuesProTip! Restrict your search to the title by using the in:title qualifier.
Learn how you can use GitHub Issues to plan and track your work.
Save views for sprints, backlogs, teams, or releases. Rank, sort, and filter issues to suit the occasion. The possibilities are endless.Learn more about GitHub IssuesProTip! Restrict your search to the title by using the in:title qualifier.