Skip to content

issues Search Results · language:Dune language:JavaScript language:Java linked:pr language:HTML language:Java language:HTML

Filter by

3.7M results  (341 ms)

3.7M results

privacy-tech-lab/gpc-ai-agents-prototypes
Updates to D

  • vidurgupta01
  • Opened 
    1 minute ago
  • #27

hiero-ledger/hiero-enterprise-java
Update documentation github page

Update the github documentation page
approved
  • manishdait
  • 2
  • Opened 
    4 minutes ago
  • #215

SecureBananaLabs/bug-bounty
notificationService.createNotification allows caller to override server-owned id and read state

Parent bounty: #743 Bug createNotification() in apps/api/src/services/notificationService.js spreads the caller payload after the server-assigned fields: export async function createNotification(payload) ...
  • XananasX7
  • Opened 
    5 minutes ago
  • #7489

SecureBananaLabs/bug-bounty
jobService.createJob allows caller to override server-assigned id and status

Parent bounty: #743 Bug createJob() in apps/api/src/services/jobService.js spreads the caller payload after setting the initial status: export async function createJob(payload) { const job = { id: ...
  • XananasX7
  • Opened 
    5 minutes ago
  • #7488

SecureBananaLabs/bug-bounty
userService.createUser allows caller-supplied id injection

Parent bounty: #743 Bug createUser() in apps/api/src/services/userService.js spreads the entire caller-supplied payload after the server-generated id: export async function createUser(payload) { const ...
  • XananasX7
  • Opened 
    5 minutes ago
  • #7487

SecureBananaLabs/bug-bounty
User creation endpoint has no input validation

Parent bounty: #743 Bug POST /api/users in apps/api/src/controllers/userController.js passes req.body directly to createUser() with no input validation whatsoever: export async function postUser(req, ...
  • XananasX7
  • Opened 
    6 minutes ago
  • #7486

SecureBananaLabs/bug-bounty
Registration validator does not require fullName field

Parent bounty: #743 Bug registerSchema in apps/api/src/validators/auth.js does not require a fullName field, but the Prisma User model has fullName String as a non-nullable, required field. Registrations ...
  • XananasX7
  • Opened 
    6 minutes ago
  • #7485

SecureBananaLabs/bug-bounty
Registration validator allows self-assignment of admin role

Parent bounty: #743 Bug registerSchema in apps/api/src/validators/auth.js allows role: admin during registration: export const registerSchema = z.object({ email: z.string().email(), password: z.string().min(8), ...
  • XananasX7
  • Opened 
    6 minutes ago
  • #7484

SecureBananaLabs/bug-bounty
refreshToken issues tokens without validating any credential

Parent bounty: #743 Bug refreshToken() in apps/api/src/services/authService.js ignores its input entirely and issues a fresh access token to any caller without validating any credential: export async ...
  • XananasX7
  • Opened 
    6 minutes ago
  • #7483

SecureBananaLabs/bug-bounty
registerUser token sub can differ from returned user id

Parent bounty: #743 Bug registerUser() in apps/api/src/services/authService.js generates two independent IDs from two separate Date.now() calls - one used in the returned object and one used as the JWT ...
  • XananasX7
  • Opened 
    6 minutes ago
  • #7482
Issue origami icon

Learn how you can use GitHub Issues to plan and track your work.

Save views for sprints, backlogs, teams, or releases. Rank, sort, and filter issues to suit the occasion. The possibilities are endless.Learn more about GitHub Issues
ProTip! Restrict your search to the title by using the in:title qualifier.
Issue origami icon

Learn how you can use GitHub Issues to plan and track your work.

Save views for sprints, backlogs, teams, or releases. Rank, sort, and filter issues to suit the occasion. The possibilities are endless.Learn more about GitHub Issues
ProTip! Restrict your search to the title by using the in:title qualifier.