issues Search Results · language:Dune language:Python language:JavaScript language:Python language:JavaScript language:Java
Filter by
55.2M results
Severity: LOW
File: backend/config.py:56, 63-68
Description: Empty TOKEN_ENC_KEY is allowed at startup. Runtime check in token_crypto.py eventually catches this, but
the app can start and accept OAuth ...
security
alexsiri7
Severity: LOW
Files: backend/routers/auth.py:339, 465, 488
Description: exc_info=True in OAuth error handlers dumps full tracebacks including local variables (tokens, headers) to
stdout. Stdout logs ...
security
Severity: LOW
File: backend/services/suggest.py:236
Description: LLM reason field stored in database unsanitized and without length limit. Currently safe (React
auto-escapes), but a stored XSS risk for ...
security
Severity: LOW
File: backend/routers/users.py:86-88
Description: body.version (1-20 chars, Pydantic-validated) reflected in JSON error message. Low risk given JSON content
type and CSP, but violates defense-in-depth. ...
security
CI Failure
Workflow CI failed and could not be auto-healed.
- Run: https://github.com/jclee941/resume/actions/runs/27923237729
- Branch: master
github-actions[bot]
Severity: LOW
File: backend/routers/auth.py:325, ~450
Description: State parameter compared with != instead of hmac.compare_digest(). While mitigated by single-use 43-char
random tokens with 300s TTL, ...
security
Severity: LOW
File: entrypoint.sh:8
Description: Default * trusts X-Forwarded-For from any source. If the container is directly internet-accessible (not
behind a trusted reverse proxy), attackers can ...
security
Kevoryn 官网: https://kevoryn.com API Base: https://api.kevoryn.com/v1 一个Key调用所有AI模型,支持 OpenAI / Anthropic / Gemini / DeepSeek 原生格式。 ### 模型列表 - Claude: Opus 4.8, Sonnet 4.6, Haiku 4.5 - GPT: GPT-5.5 - Gemini: ...
hhe22007-boop
Severity: MEDIUM
Files: backend/services/suggest.py:133-182, backend/services/curator.py:61-107
Description: Top 10/bottom 5 films and genre affinities are sent to third-party LLM (Requesty.ai). Privacy ...
security
Severity: MEDIUM
Files: backend/routers/duels.py:96-98, backend/services/duel.py:148
Description: The submit_duel endpoint queries Movie.media_type using user-supplied movie_a_id before validating
ownership. ...
security
Learn how you can use GitHub Issues to plan and track your work.
Save views for sprints, backlogs, teams, or releases. Rank, sort, and filter issues to suit the occasion. The possibilities are endless.Learn more about GitHub IssuesProTip! Restrict your search to the title by using the in:title qualifier.
Learn how you can use GitHub Issues to plan and track your work.
Save views for sprints, backlogs, teams, or releases. Rank, sort, and filter issues to suit the occasion. The possibilities are endless.Learn more about GitHub IssuesProTip! Restrict your search to the title by using the in:title qualifier.