issues Search Results · language:Dune language:Python language:JavaScript language:CSS language:Java linked:pr language:C#
Filter by
6.6M results
Bug
The POST /api/users endpoint does not validate input before passing req.body to createUser. This allows empty payloads
and arbitrary fields such as client-controlled id values to be accepted as user ...
Errordog2
Summary
Artifact ids are interpolated directly into filesystem paths on the durable write path, with no validation. Because an
untrusted proposer fully controls the id (via slug_hint), an approved artifact ...
seekmistar01
Summary
Session titles generated from a first message that contains terminal escape sequences (ANSI CSI / OSC) keep the body of
the sequence as visible garbage — e.g. a pasted \x1b[31mRed\x1b[0m is stored ...
kerfern
Parent bounty: #743
Bug
listJobs() returns the module-level jobs array directly. Callers that receive the list can mutate it with push, splice,
or length = 0, corrupting the in-memory job store without ...
hapwi
Parent bounty: #743
Bug
createPaymentIntent() returns payment intent data without a server-owned creation timestamp. Downstream billing,
reconciliation, and transaction-history views would need to trust ...
Background
.claude-plugin/plugin.json was stuck at version : 0.1.0 from the rename in #119 while the repo shipped v1.0.0, v1.1.0,
v1.1.1, v1.2.0. #283 hand-syncs the manifest to 1.2.0, but nothing prevents ...
area:release
ci
berkayturanci
Summary
Parallelize OpenAI analysis calls because the workload is I/O-bound, and add progress reporting so runs show
article-level progress while calls are in flight.
Scope
- Use a ThreadPoolExecutor ...
richpsharp
Parent bounty: #743
Bug
createPaymentIntent() returns payload.currency ?? usd as-is. Payment processors such as Stripe expect lowercase
currency codes, so values such as USD or GBP would be forwarded ...
Parent bounty: #743
Bug
POST /api/reviews forwards req.body directly into createReview(). Empty objects, missing reviewer/reviewee identifiers,
invalid ratings, blank comments, and client-supplied ids ...
Purpose
Add a local daily handoff proof so a phone operator can see whether yesterday s questions, local feedback, carried
tasks, council warnings, and memory risks were reflected in today s MyBroker ...
bborok1234
Learn how you can use GitHub Issues to plan and track your work.
Save views for sprints, backlogs, teams, or releases. Rank, sort, and filter issues to suit the occasion. The possibilities are endless.Learn more about GitHub IssuesProTip! Restrict your search to the title by using the in:title qualifier.
Learn how you can use GitHub Issues to plan and track your work.
Save views for sprints, backlogs, teams, or releases. Rank, sort, and filter issues to suit the occasion. The possibilities are endless.Learn more about GitHub IssuesProTip! Restrict your search to the title by using the in:title qualifier.