Search results

[Security] Critical XSS vulnerabilities via eval() and innerHTML in demo code

criticalCritical severity issuesCritical severity issues

securitySecurity-related issues and vulnerabilitiesSecurity-related issues and vulnerabilities

vulnerabilityIndicates a security vulnerabilityIndicates a security vulnerability

Status: Open.

#13 In timothywarner-org/github-security-testbed;

· timothywarner opened on Dec 6, 2025

[Security] Terraform state may contain sensitive data without encryption

infrastructureInfrastructure-related issuesInfrastructure-related issues

medium-priorityMedium priority issuesMedium priority issues

securitySecurity-related issues and vulnerabilitiesSecurity-related issues and vulnerabilities

Status: Open.

#12 In timothywarner-org/github-security-testbed;

· timothywarner opened on Dec 6, 2025

[Security] IDOR vulnerability in document API allows unauthorized access

high-priorityHigh priority issuesHigh priority issues

securitySecurity-related issues and vulnerabilitiesSecurity-related issues and vulnerabilities

vulnerabilityIndicates a security vulnerabilityIndicates a security vulnerability

Status: Open.

#11 In timothywarner-org/github-security-testbed;

· timothywarner opened on Dec 6, 2025

[Security] NodeGoat: Helmet security middleware disabled

medium-priorityMedium priority issuesMedium priority issues

securitySecurity-related issues and vulnerabilitiesSecurity-related issues and vulnerabilities

vulnerabilityIndicates a security vulnerabilityIndicates a security vulnerability

Status: Open.

#10 In timothywarner-org/github-security-testbed;

· timothywarner opened on Dec 6, 2025

[Security] NodeGoat: Session cookies lack httpOnly and secure flags

high-priorityHigh priority issuesHigh priority issues

securitySecurity-related issues and vulnerabilitiesSecurity-related issues and vulnerabilities

vulnerabilityIndicates a security vulnerabilityIndicates a security vulnerability

Status: Open.

#9 In timothywarner-org/github-security-testbed;

· timothywarner opened on Dec 6, 2025