issues Search Results · language:Dune language:JavaScript language:JavaScript linked:pr language:HTML language:JavaScript
Filter by
2.3M results
Description
In the frontend Chat component, when the AI streams a response or generates a long reply, the view remains static.
Impact
The user has to manually scroll down continuously to read the incoming ...
gssoc
sahare-mayur-0071
Description
The AI engine text splitter accepts file contents for ingestion. There is no hard limit on the length of a single string
passed to the chunker.
Impact
Passing a 50MB minified JS file directly ...
gssoc
Description
In i-engine/app.py, when processing multiple files in eview-diff or nalyze, the code splits files into batches and
processes them synchronously using a or loop.
Impact
Analyzing large repositories ...
gssoc
Description
In the Python AI engine, the HTML/CSS sanitizer allows the ackground CSS property but does not actively filter
url(data:text/html...) payloads.
Impact
An AI hallucination or a poisoned prompt ...
gssoc
Description
The /api/analyze endpoint strictly validates the systemPrompt to prevent homoglyphs and dangerous directives. However,
the /api/chat endpoint passes the systemPrompt straight from the client ...
gssoc
Description
The FastAPI endpoints /api/rag/cleanup and /api/rag/delete-vectors in i-engine/app.py lack any form of authentication or
API key verification.
Impact
Anyone who discovers the AI engine URL ...
gssoc
Description
In ackend/index.js, the repository size is checked using getFolderSize(clonePath) after git.clone completes.
Impact
A user can submit a repository containing a massive zip bomb. The clone ...
gssoc
Description
The endpoints /api/reports/html and /api/reports/pdf generate dynamic content using string concatenation and pdfkit.
They lack rate limiting.
Impact
Attackers can send large JSON payloads ...
gssoc
Description
The /api/issues/create endpoint does not implement the express-rate-limit middleware, unlike /api/analyze and /api/chat.
Impact
Malicious actors or scripts can spam this endpoint, exhausting ...
gssoc
Description
The backend endpoint /api/issues/create accepts a epoUrl and creates an issue using the server s GITHUB_PAT. However, it
lacks validation to ensure the user is only creating issues on the ...
gssoc
Learn how you can use GitHub Issues to plan and track your work.
Save views for sprints, backlogs, teams, or releases. Rank, sort, and filter issues to suit the occasion. The possibilities are endless.Learn more about GitHub IssuesProTip! Restrict your search to the title by using the in:title qualifier.
Learn how you can use GitHub Issues to plan and track your work.
Save views for sprints, backlogs, teams, or releases. Rank, sort, and filter issues to suit the occasion. The possibilities are endless.Learn more about GitHub IssuesProTip! Restrict your search to the title by using the in:title qualifier.