-
Notifications
You must be signed in to change notification settings - Fork 225
All issues
Issue creation is restricted in this repository
Issues
is:issue state:open
is:issue state:open
Search results
- Status: Open.#2027 In utksh1/SecuScan;
CRITICAL: Debug mode defaults to enabled - Reflected XSS plus full stack trace information disclosure
area:backendBackend API, database, or service workBackend API, database, or service workarea:securitySecurity-sensitive implementation or testsSecurity-sensitive implementation or testslevel:critical80 pts difficulty label for critical or high-impact PRs80 pts difficulty label for critical or high-impact PRspriority:highHigh-priority issueHigh-priority issuetype:securitySecurity work category bonus labelSecurity work category bonus labelStatus: Open.#2022 In utksh1/SecuScan;CRITICAL: Broken Object-Level Authorization (BOLA) via client-spoofable X-User-Id header enables cross-workspace credential theft
area:backendBackend API, database, or service workBackend API, database, or service workarea:securitySecurity-sensitive implementation or testsSecurity-sensitive implementation or testslevel:critical80 pts difficulty label for critical or high-impact PRs80 pts difficulty label for critical or high-impact PRspriority:highHigh-priority issueHigh-priority issuetype:securitySecurity work category bonus labelSecurity work category bonus labelStatus: Open.#2021 In utksh1/SecuScan;Title: Scan-trigger endpoints lack documented rate limiting/auth, risking resource exhaustion or unauthorized scan execution
area:backendBackend API, database, or service workBackend API, database, or service workarea:securitySecurity-sensitive implementation or testsSecurity-sensitive implementation or testslevel:advanced55 pts difficulty label for advanced contributor PRs55 pts difficulty label for advanced contributor PRspriority:highHigh-priority issueHigh-priority issuetype:securitySecurity work category bonus labelSecurity work category bonus labelStatus: Open.#1998 In utksh1/SecuScan;Title: Plugin metadata lacks schema validation — malformed plugins/ entries can crash the backend plugin loader
area:pluginsScanner plugin metadata, schemas, or plugin runtime workScanner plugin metadata, schemas, or plugin runtime worklevel:intermediate35 pts difficulty label for moderate contributor PRs35 pts difficulty label for moderate contributor PRspriority:mediumImportant issue with normal urgencyImportant issue with normal urgencytype:bugBug fix work category bonus labelBug fix work category bonus labelStatus: Open.#1997 In utksh1/SecuScan;Title: docker-compose.yml backend service lacks explicit host-binding restriction — scan API may be reachable beyond localhost
area:backendBackend API, database, or service workBackend API, database, or service workarea:securitySecurity-sensitive implementation or testsSecurity-sensitive implementation or testslevel:beginner20 pts difficulty label for small beginner-friendly PRs20 pts difficulty label for small beginner-friendly PRspriority:mediumImportant issue with normal urgencyImportant issue with normal urgencytype:devopsDevOps or infrastructure work category bonus labelDevOps or infrastructure work category bonus labeltype:securitySecurity work category bonus labelSecurity work category bonus labelStatus: Open.#1996 In utksh1/SecuScan;.vite/deps_temp_8e5c994c/ build cache artifact is tracked in git — should be gitignored and removed
area:frontendFrontend React/UI workFrontend React/UI workgood first issueFriendly starter issue for first-time contributorsFriendly starter issue for first-time contributorslevel:beginner20 pts difficulty label for small beginner-friendly PRs20 pts difficulty label for small beginner-friendly PRspriority:lowNice-to-have issue with low urgencyNice-to-have issue with low urgencytype:refactorRefactor work category bonus labelRefactor work category bonus labelStatus: Open.#1995 In utksh1/SecuScan;[Security] Backend API has no documented authentication, risking unauthorized scan execution if exposed beyond localhost
area:backendBackend API, database, or service workBackend API, database, or service workarea:securitySecurity-sensitive implementation or testsSecurity-sensitive implementation or testslevel:advanced55 pts difficulty label for advanced contributor PRs55 pts difficulty label for advanced contributor PRspriority:highHigh-priority issueHigh-priority issuetype:securitySecurity work category bonus labelSecurity work category bonus labelStatus: Open.#1994 In utksh1/SecuScan;[Security] Audit plugin execution layer for unsanitized user input reaching shell/subprocess calls
area:backendBackend API, database, or service workBackend API, database, or service workarea:pluginsScanner plugin metadata, schemas, or plugin runtime workScanner plugin metadata, schemas, or plugin runtime workarea:securitySecurity-sensitive implementation or testsSecurity-sensitive implementation or testslevel:advanced55 pts difficulty label for advanced contributor PRs55 pts difficulty label for advanced contributor PRspriority:highHigh-priority issueHigh-priority issuetype:securitySecurity work category bonus labelSecurity work category bonus labelStatus: Open.#1993 In utksh1/SecuScan;- Status: Open.#1992 In utksh1/SecuScan;
- Status: Open.#1982 In utksh1/SecuScan;
- Status: Open.#1980 In utksh1/SecuScan;