Issue search results

76.5M results (880 ms)

gwu-ai-cyber-edu-classroom/bbf-build-target-yxk14
[BREAK] P1: GET /<code> follows private admin link and leaks canary (IDOR, is_private ignored)

Target artifact GET / code (the follow/redirect route), e.g. GET /3 Attack class idor-authz Discovery method white-box (source-assisted) Property violated P1: Confidentiality Steps to reproduce ...

iptv-org/iptv
Report: TF1 SD

Stream URL https://test.946985.filegear-sg.me/proxy/71eb898aa398f1b9 What happened to the stream? Not loading Notes (optional) No response Contributing Guide - [x] I have read Contributing Guide ...

streams:remove

gwu-ai-cyber-edu-classroom/bbf-build-target-hpzhang94
[BREAK] P4: SQL injection in GET /api/links/<code> (interpolated SQL; leaks canary, 500 on bad input)

Target artifact GET /api/links/ code Attack class sql-injection Discovery method white-box (source-assisted) Property violated P4: No injection / code execution Steps to reproduce 1. Start the ...

gwu-ai-cyber-edu-classroom/bbf-build-target-hpzhang94
[BREAK] P1: Private admin link leaks canary via /api/links/admin and GET /admin (is_private ignored)

Target artifact GET / code (code=admin) and GET /api/links/admin Attack class idor-authz Discovery method black-box (interface only) Property violated P1: Confidentiality Steps to reproduce 1. ...

gwu-ai-cyber-edu-classroom/bbf-build-target-heena7sept
[BREAK] P5: Stored XSS via raw inline serving of uploaded HTML/SVG (?raw=1)

Target artifact POST /upload then GET /files/ name ?raw=1 Attack class xss Discovery method white-box (source-assisted) Property violated P5: Authorization output safety Steps to reproduce 1. ...

aahoughton/oav
docs(adapters): note that custom res.json overrides bypass validateResponses; point at validateResponse

The validateResponses coverage list in the adapter READMEs declares streamed bodies (res.write / res.end) as not covered, but does not name the case where an app overrides express.response.json with a ...

polish

pixelgrade/anima
Page transitions: reliability roadmap — re-init registry, upstream the replicas, View Transitions path

Architecture review in plans/2026-06-12-page-transitions-architecture-review.md. Summary: The Barba-based system is well engineered (head asset diffing, double-init guards, WC exclusions, lifecycle events) ...

gwu-ai-cyber-edu-classroom/bbf-build-target-heena7sept
[BREAK] P1: GET /files/<name> serves protected admin file (canary) with no authz

Target artifact GET /files/ name (e.g. /files/admin_secret.txt, and ?raw=1) Attack class idor-authz Discovery method white-box (source-assisted) Property violated P1: Confidentiality Steps to reproduce ...

gwu-ai-cyber-edu-classroom/bbf-build-target-heena7sept
[BREAK] P4: POST /upload path traversal via unsanitized filename (arbitrary write)

Target artifact POST /upload (multipart filename) Attack class path-traversal Discovery method white-box (source-assisted) Property violated P4: No injection / code execution Steps to reproduce ...

gwu-ai-cyber-edu-classroom/bbf-build-target-cslongc
[BREAK] P5: Stored XSS via HTML upload served inline by /preview

Target artifact POST /upload then GET /preview?name= file .html Attack class xss Discovery method white-box (source-assisted) Property violated P5: Authorization output safety Steps to reproduce ...

Learn how you can use GitHub Issues to plan and track your work.

Save views for sprints, backlogs, teams, or releases. Rank, sort, and filter issues to suit the occasion. The possibilities are endless.Learn more about GitHub Issues

ProTip! Restrict your search to the title by using the in:title qualifier.

Learn how you can use GitHub Issues to plan and track your work.

Save views for sprints, backlogs, teams, or releases. Rank, sort, and filter issues to suit the occasion. The possibilities are endless.Learn more about GitHub Issues

ProTip! Restrict your search to the title by using the in:title qualifier.

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Filter by

State

Advanced

gwu-ai-cyber-edu-classroom/bbf-build-target-yxk14
[BREAK] P1: GET /<code> follows private admin link and leaks canary (IDOR, is_private ignored)

iptv-org/iptv
Report: TF1 SD

gwu-ai-cyber-edu-classroom/bbf-build-target-hpzhang94
[BREAK] P4: SQL injection in GET /api/links/<code> (interpolated SQL; leaks canary, 500 on bad input)

gwu-ai-cyber-edu-classroom/bbf-build-target-hpzhang94
[BREAK] P1: Private admin link leaks canary via /api/links/admin and GET /admin (is_private ignored)

gwu-ai-cyber-edu-classroom/bbf-build-target-heena7sept
[BREAK] P5: Stored XSS via raw inline serving of uploaded HTML/SVG (?raw=1)

aahoughton/oav
docs(adapters): note that custom res.json overrides bypass validateResponses; point at validateResponse

pixelgrade/anima
Page transitions: reliability roadmap — re-init registry, upstream the replicas, View Transitions path

gwu-ai-cyber-edu-classroom/bbf-build-target-heena7sept
[BREAK] P1: GET /files/<name> serves protected admin file (canary) with no authz

gwu-ai-cyber-edu-classroom/bbf-build-target-heena7sept
[BREAK] P4: POST /upload path traversal via unsanitized filename (arbitrary write)

gwu-ai-cyber-edu-classroom/bbf-build-target-cslongc
[BREAK] P5: Stored XSS via HTML upload served inline by /preview

Learn how you can use GitHub Issues to plan and track your work.

Learn how you can use GitHub Issues to plan and track your work.

issues Search Results · language:Dune language:TypeScript language:Python language:JavaScript language:Java language:PHP

Filter by

State

Advanced

76.5M results

Learn how you can use GitHub Issues to plan and track your work.

Learn how you can use GitHub Issues to plan and track your work.