Skip to content

issues Search Results · language:Dune language:JavaScript language:Java language:Python language:JavaScript

Filter by

55.5M results  (708 ms)

55.5M results

Where: `index.js` cool-off `setTimeout` (~L309-314, ~L677-682). Problem: Timers live only in process memory; a restart mid-hold leaves the button disabled forever. Fix: On startup, scan active `cooloff_holds` ...
audit
P1-high

Where: `src/layer2.js` and `src/deescalation.js` (~L85) — user content interpolated raw. Problem: Crafted messages can attempt to steer the verdict or break the de-escalation JSON parser (scam text injection). ...
audit
P1-high
security

Where: `src/database.js` / `admin.js` (both load and rewrite the whole DB image). Problem: Running `admin.js` while the bot is live lets the last writer clobber the other s changes silently. Fix: Add a ...
audit
P1-high

Where: `src/web/server.js` checkout/portal (~L1606-1640) and webhook (~L1645-1680). Problem: Checkout error echoes which env var is missing; subscription-deleted path matches by `customer` only. Webhook ...
audit
P1-high
security

Where: `src/web/server.js` error handler (~L1690-1693). Problem: Renders `err.message`/`err.oauthError` into the 500 page, leaking internals to users. Fix: Generic message in production; full detail to ...
audit
P1-high
security

Where: all routes in `src/web/server.js`; notably `POST /dashboard/:guildId/admin-feedback-summary` (~L897). Problem: No throttling. The feedback-summary route triggers a paid DeepSeek call per request; ...
audit
P1-high
security

Where: `src/layer2.js` image-analysis error path. Problem: On error it returns `{flagged:false, confidence:0}`, so for image-only messages a vision API error silently clears the message. (Text Layer 2 ...
audit
P1-high
security

Where: `index.js` image download (~L162-173). Problem: `fetch`→`arrayBuffer` with no size cap/timeout, all images per message fetched via `Promise.all` → memory spike / OOM risk from large or many images. ...
audit
P1-high
security

Where: `src/web/server.js` modal client JS (~L1110-1132, ~L1359-1380). Problem: `channel_name`, `author_tag`/`author_name`, and `image_urls` are injected via `innerHTML` unescaped. A crafted server nickname/URL ...
audit
P1-high
security

Where: `src/database.js` `persist()` (~L38-40). Problem: `fs.writeFileSync` writes the full DB directly over `DB_PATH`; a crash mid-write can corrupt the only copy. It is also synchronous and blocks the ...
audit
P0-critical
Issue origami icon

Learn how you can use GitHub Issues to plan and track your work.

Save views for sprints, backlogs, teams, or releases. Rank, sort, and filter issues to suit the occasion. The possibilities are endless.Learn more about GitHub Issues
ProTip! Restrict your search to the title by using the in:title qualifier.
Issue origami icon

Learn how you can use GitHub Issues to plan and track your work.

Save views for sprints, backlogs, teams, or releases. Rank, sort, and filter issues to suit the occasion. The possibilities are endless.Learn more about GitHub Issues
ProTip! Restrict your search to the title by using the in:title qualifier.