issues Search Results · language:Dune language:Python language:JavaScript language:JavaScript linked:pr language:JavaScript
Filter by
4.4M results
Vulnerability Description
While reviewing SecurityConfig.java, I discovered an improper authorization vulnerability where sensitive and
cost-incurring endpoints are exposed to the public internet without ...
gssoc
security
type:design
type:security
pulkit1245
Parent bounty: #743
Bug
createJobSchema allows budgetMin greater than budgetMax, which produces nonsensical job postings and search ranges.
Expected behavior
Job creation validation should reject inverted ...
9cathyface8-cyber
Summary
LAIResult in backend/analysis/lai.py declares a boolean field is_available: bool = True (line 38) that is never assigned
a non-default value and never read. Every LAIResult(...) construction omits ...
dead-code
good first issue
bioedca
Parent bounty: #743
Bug
POST /api/proposals forwards req.body directly into createProposal, so a proposal can be created without estDuration
even though the Prisma Proposal model requires estDuration. ...
Parent bounty: #743
Bug
apps/api/src/config/env.js falls back to the hardcoded development-secret whenever JWT_SECRET is missing. That is
acceptable for local development, but unsafe in production-like ...
Parent bounty: #743
Bug
authMiddleware checks the Authorization header with a case-sensitive Bearer prefix. HTTP authentication schemes are
case-insensitive, so valid tokens sent with bearer or BEARER ...
Parent bounty: #743
Bug
POST /api/jobs does not require authentication, allowing unauthenticated callers to create job listings.
Expected behavior
Job creation should require authMiddleware while public ...
Parent bounty: #743
Bug
Malformed JSON request bodies are handled by the generic API error path and reported as unexpected server errors instead
of client syntax errors.
Expected behavior
Invalid JSON ...
Summary
In src/lib/utils/url-link-converter.js, the convertUrlsToLinks function places matched URLs directly into HTML anchor
tags without escaping (line 67). While the URL regex excludes , , characters, ...
FuturMix
Parent bounty: #743
Bug
Unknown API routes fall through to Express default 404 handling, which returns an HTML response instead of the API JSON
failure envelope.
Expected behavior
Unmatched routes ...
Learn how you can use GitHub Issues to plan and track your work.
Save views for sprints, backlogs, teams, or releases. Rank, sort, and filter issues to suit the occasion. The possibilities are endless.Learn more about GitHub IssuesProTip! Restrict your search to the title by using the in:title qualifier.
Learn how you can use GitHub Issues to plan and track your work.
Save views for sprints, backlogs, teams, or releases. Rank, sort, and filter issues to suit the occasion. The possibilities are endless.Learn more about GitHub IssuesProTip! Restrict your search to the title by using the in:title qualifier.