issues Search Results · language:Dune language:TypeScript language:JavaScript language:HTML language:HTML language:Go
Filter by
46.7M results
Security Finding
Snyk scan detected Pillow 10.2.0 is pinned in requirements/base.txt.
CVE: CVE-2023-50447 Severity: High Description: Arbitrary code execution via crafted image file in Pillow versions ...
devin-ready
security
sanyaver
Summary
Codex++ could not reapply its patch after Codex updated.
Error
ENOENT: no such file or directory, open /Applications/Codex.app/Contents/Frameworks/Electron Framework.framework/Versions/A/Electron ...
guohaosun139
描述
hash chain 使用简单 SHA-256 拼接而非 HMAC-SHA256,缺少密钥保护。
严重程度: 🟡 中等 位置: src/core/hashchain/hashchain.ts:89-92
修复方案
升级为 HMAC-SHA256,需要密钥管理策略和链迁移。
bug
security
kellyson520
漏洞描述
getDatabaseKey() 在环境变量未设置时回退到硬编码的 development-only-wealth-manager-db-key 。
严重程度: 🔴 严重 位置: src/core/database/database.ts:25
修复方案
使用 expo-secure-store 生成并持久化随机密钥,或从用户输入派生。
bug
security
Preliminary Checks
- [x] I have searched existing issues for similar documentation requests
- [x] I have checked the current documentation thoroughly
Documentation Type
Contributing guidelines (agent ...
documentation
needs-triage
krd-knt
Deferred from PR #84
These items were identified during the PR convergence loop but deferred because they are nits or suggestions after
round 1. They do not block the merge but should be addressed.
...
polish
github-actions[bot]
网站名称
笔记
网站链接
https://bj.z2m.store
友链页面 URL
https://bj.z2m.store/logo.png
网站头像 URL
https://bj.z2m.store/logo.png
网站描述
一个安防人的笔记
yzg011
漏洞描述
所有Agent(guardian, analyst, ledger, coach)直接调用 tool.handler() 而非通过 executeTool(),完全绕过审计日志。
严重程度: 🔴 严重 位置:
- src/agents/ledger/ledger.agent.ts (20+ direct calls)
- src/agents/guardian/guardian.agent.ts ...
bug
security
Please allow us to configure the whitespace. This is ridiculous.
img width= 1300 height= 426 alt= Image src=
https://github.com/user-attachments/assets/2719c75b-f81b-4ae6-9e63-d7622aa13729 /
cwa-mvanderlee
漏洞描述
export_csv 的 escapeCSV 函数不处理以 = + - @ 开头的单元格,可导致CSV注入攻击。
严重程度: 🟡 中等 位置: src/tools/data/data.tool.ts:129-135
修复
已添加零宽空格前缀防止公式注入。
bug
security
Learn how you can use GitHub Issues to plan and track your work.
Save views for sprints, backlogs, teams, or releases. Rank, sort, and filter issues to suit the occasion. The possibilities are endless.Learn more about GitHub IssuesProTip! Restrict your search to the title by using the in:title qualifier.
Learn how you can use GitHub Issues to plan and track your work.
Save views for sprints, backlogs, teams, or releases. Rank, sort, and filter issues to suit the occasion. The possibilities are endless.Learn more about GitHub IssuesProTip! Restrict your search to the title by using the in:title qualifier.