issues Search Results · language:Dune language:Python language:JavaScript language:JavaScript language:HTML
Filter by
47.3M results
Parent
#4
What to build
A batch of small, individually-below-the-bar follow-ups from the #4 branch review. Each should be resolved or explicitly
declined in the PR.
- Adjacency duplication: the scheduler ...
ready-for-agent
qinhaihong-red
Parent
#4
What to build
Found by the #4 review (deferred — low severity at v0.1 s agent-CLI workload; ADR 0003 points this work toward the
failure-semantics/await issues).
State writes (synchronous ...
ready-for-agent
Parent
#4
What to build
Found by the #4 review (deferred — real wasted work, but no executor-level scale test exists yet and the change is
non-trivial; not needed for #4 s correctness).
The concurrent ...
ready-for-agent
来源:2026-06-13 六分区并行安全审查(High)。
漏洞
api_key 明文持久化进 SQLite,随 DB 文件 / 备份长期留存。
攻击路径
- backend/docrestore/persistence/database.py:217 — 落库时 llm.model_dump_json() 未排除 api_key,整 LLMConfig(含明文 key)序列化入库。 ...
area:llm
area:persistence
bug
security-audit
severity:high
lyty1997
moiz-qureshiArchetype: Multi-File Component (Type B)
The Component Gap: The framework lacks a zero-dependency, floating action bar shortcut utility that fans out minor
navigation pathways horizontally or vertically ...
accepted
component
good first issue
gssoc:approved
GSSoC-26
help wanted
level:intermediate
Aryan0819
来源:2026-06-13 六分区并行安全审查(High)。违背项目核心承诺( 上云前脱敏 )。行号以当前 pipeline/pipeline.py 为准(审查后文件有位移)。
漏洞
上云前脱敏 被三条路径绕过,敏感内容仍以原文送达云端:
① code 模式 header 原文裸送实体检测 _redact_code_pii(pipeline/pipeline.py:1592)把所有非空 leading-comment ...
area:pipeline
area:privacy
bug
security-audit
severity:high
As a developer I need to containerize the accounts microservice using Docker So that it can run consistently across
environments
Details and Assumptions
- A Dockerfile will be created
- The image ...
technical debt
Sairaj2113
MejarAdobo来源:2026-06-13 六分区并行安全审查(High)。此项放大同批所有文件系统/RCE/SSRF 面。
漏洞
未配置 DOCRESTORE_API_TOKEN 时认证完全放行(开发模式默认),且无 CORS 约束。任何能访问端口者无需任何凭据即可调用全部接口。
攻击路径
- backend/docrestore/api/auth.py — DOCRESTORE_API_TOKEN ...
area:api
bug
security-audit
severity:high
Learn how you can use GitHub Issues to plan and track your work.
Save views for sprints, backlogs, teams, or releases. Rank, sort, and filter issues to suit the occasion. The possibilities are endless.Learn more about GitHub IssuesProTip! Restrict your search to the title by using the in:title qualifier.
Learn how you can use GitHub Issues to plan and track your work.
Save views for sprints, backlogs, teams, or releases. Rank, sort, and filter issues to suit the occasion. The possibilities are endless.Learn more about GitHub IssuesProTip! Restrict your search to the title by using the in:title qualifier.