Skip to content

issues Search Results · language:Dune language:Python language:Vue language:Java language:Java language:Java language:Java

Filter by

11.6M results  (750 ms)

11.6M results

OrinVoss/ai-friend
[v0.2] Bug: 安全漏洞 — API 密钥泄露至 Git 历史 + SSRF + Session ID 客户端控制

#141 — config.json 明文存储 API 密钥且已提交至 Git 历史 现象 config.json 第 3 行明文存储了真实的 DeepSeek API 密钥。经检查,该文件已存在于 Git 提交历史中,即使已加入 .gitignore,历史提交中的密钥仍可通过 git log -p -- config.json 获取。 根因 开发者将包含真实密钥的配置文件直接提交到版本控制;.gitignore ...
bug
security
v0.2
  • OrinVoss
  • Opened 
    4 seconds ago
  • #155

OrinVoss/ai-friend
[v0.2] Bug:数据库架构缺陷 — Schema 缺会话隔离 + 单连接串行化 + 事务边界过度拆分

现象 1. Schema 完全缺失会话/用户隔离字段(#133) 五张核心数据表(user_facts、experiences、reflections、relationship_metrics、conversation_turns)中没有任何字段用于标识数据属于哪个用户或会话。所有用户数据在物理层完全混合存储。 UNIQUE(category, fact_key) 约束意味着所有用户共享同一命名空间。Repository ...
bug
v0.2
  • OrinVoss
  • Opened 
    6 seconds ago
  • #154

boykush/wiki
Clever/microplane

ingest
  • boykush
  • Opened 
    7 seconds ago
  • #276

OrinVoss/ai-friend
[v0.2] Bug: personality.json 多会话并发写入竞争导致文件损坏与情绪状态跨会话传染

现象 personality.json 是全局共享文件,所有会话共享同一个文件路径。Personality.save() 使用 open(path, w ) 直接写入,不是原子操作。多会话同时处理消息时,每个会话都调用 save(),可能出现: - 线程 A 打开文件并截断 → 线程 B 打开文件并截断 → 线程 A 写入部分数据 → 线程 B 写入完整数据 → 最终文件是混合的无效 JSON ...
bug
v0.2
  • OrinVoss
  • Opened 
    8 seconds ago
  • #153

h-wata/kioku-mesh
Remove `localhost` init mode (use `local` / `mesh start` instead)

Background kioku-mesh init --mode localhost generates a zenohd config with a loopback listener and an in-memory storage volume (non-persistent across zenohd restarts). It is the current default mode of ...
  • h-wata
  • Opened 
    9 seconds ago
  • #151

RobGruhl/anthropic-docs-mirror
Documentation update failed - 2026-06-01

The automated documentation update failed on 2026-06-01. Please check the workflow run for details.
automation
bug
  • github-actions[bot]
  • Opened 
    12 seconds ago
  • #122

OrinVoss/ai-friend
[v0.2][v0.5] Bug:_react_loop 消息累积导致上下文爆炸与内存峰值 + COMPRESS_THRESHOLD 设置过高

涉及 Issue 合并自 #142(Round 02)、#224(Round 05) 现象 _react_loop 消息累积(#142) _react_loop 每次迭代将 LLM 完整响应和工具结果追加到 messages,10 轮后可能达到 89,000 tokens。_react_loop 内部没有任何 token 估算或压缩机制。format_tool_results() 直接使用工具返回的完整内容,无任何长度限制。web_fetch ...
bug
performance
  • OrinVoss
  • Opened 
    12 seconds ago
  • #152

OrinVoss/ai-friend
[v0.3] Bug:Web 路径完全绕过 AgentState 状态机

描述 Full description from #194. 现象 AgentState 枚举定义了完整的状态机(BOOT → IDLE → PERCEIVE → THINK → ACT → REFLECT),但 Web 路径(MessageHandler.handle_message)完全绕过它:直接处理消息,不经过任何状态转换。self.state 始终等于初始值 AgentState.BOOT。 ...
bug
v0.3
  • OrinVoss
  • Opened 
    16 seconds ago
  • #151

OrinVoss/ai-friend
[v0.2] Bug: 安全漏洞 — NotifyTool 命令注入 + GrepTool ReDoS + 路径遍历绕过(symlink)

#138 — NotifyTool PowerShell 命令注入漏洞 现象 tools/notify_tool.py 第 50-61 行将 title 和 message 参数直接通过 Python f-string 拼接到 PowerShell 脚本中,未进行任何转义或参数化处理。如果 title 或 message 包含单引号 或 PowerShell 特殊字符,将破坏字符串边界,导致任意 ...
bug
security
v0.2
  • OrinVoss
  • Opened 
    24 seconds ago
  • #150

0xDBFB7/sneaky-plot-tagging
return an object that can be put on the plot instead of putting it on yourself

  • 0xDBFB7
  • Opened 
    24 seconds ago
  • #2
Issue origami icon

Learn how you can use GitHub Issues to plan and track your work.

Save views for sprints, backlogs, teams, or releases. Rank, sort, and filter issues to suit the occasion. The possibilities are endless.Learn more about GitHub Issues
ProTip! Restrict your search to the title by using the in:title qualifier.
Issue origami icon

Learn how you can use GitHub Issues to plan and track your work.

Save views for sprints, backlogs, teams, or releases. Rank, sort, and filter issues to suit the occasion. The possibilities are endless.Learn more about GitHub Issues
ProTip! Restrict your search to the title by using the in:title qualifier.