Dashboard
Resources
Pricing
Discover
Directory
Log in
QuackatronHQ
/
Gigarepo
Active
Overview
Issues
Metrics
History
All
Severity
Sort
Security
111
All issues
805
Recommended
407
Secrets
0
Bug Risk
359
Anti-pattern
276
Security
111
Performance
53
Typecheck
0
Coverage
6
Style
0
Documentation
0
Audit required: Use of
eval
PYL-W0123
Security
Major
25 days ago
—
2 years old
Seen in 1 file
1
XML parsing may be vulnerable to XXE attacks
JS-D022
Security
Major
25 days ago
—
2 years old
Seen in 1 file
1
Audit required: Server hostname may not be verified
PTC-W6002
Security
Minor
25 days ago
—
2 years old
Seen in 1 file
1
Assert statement used outside of tests
BAN-B101
Security
Major
25 days ago
—
2 years old
Seen in 2 files
2
Audit the random number generation source (rand)
GSC-G404
Security
Minor
25 days ago
—
2 years old
Seen in 1 file
1
No certificate validation detected for HTTP request
BAN-B501
Security
Major
25 days ago
—
2 years old
Seen in 1 file
1
Use of
tempnam
detected
BAN-B325
Security
Major
25 days ago
—
2 years old
Seen in 1 file
1
Hardcoded temporary directory detected
BAN-B108
Security
Major
25 days ago
—
2 years old
Seen in 1 file
1
Audit: Starting a process with a partial executable path
BAN-B607
Security
Minor
25 days ago
—
2 years old
Seen in 1 file
1
Audit required: Risk of possible SQL injection vector through string-based query construction
BAN-B608
Security
Major
25 days ago
—
2 years old
Seen in 1 file
1
Use of both safe and unsafe HTTP methods for a view
PY-S6007
Security
Major
25 days ago
—
2 years old
Seen in 1 file
1
Audit required: Possible wildcard injection in call:
subprocess.Popen
BAN-B609
Security
Major
25 days ago
—
2 years old
Seen in 1 file
1
Audit required: Server certificate may not be verified
PTC-W6001
Security
Minor
25 days ago
—
2 years old
Seen in 2 files
2
Audit required: External control of file name or path
PTC-W6004
Security
Minor
25 days ago
—
2 years old
Seen in 1 file
1
User should not be
root
when the Dockerfile completes
DOK-DL3002
Security
Critical
25 days ago
—
2 years old
Seen in 1 file
1
Audit: Consider using
System.URI
instead of
string
s
CS-A1000
Security
Major
25 days ago
—
2 years old
Seen in 1 file
1
Audit required: Insecurely generated random number
CS-A1008
Security
Critical
25 days ago
—
2 years old
Seen in 1 file
1
Filesystem related permissions specified are too broad
CS-S1000
Security
Critical
25 days ago
—
2 years old
Seen in 1 file
1
Audit required: Sensitive cookie without
HttpOnly
attribute
PHP-A1003
Security
Critical
25 days ago
—
2 years old
Seen in 1 file
1
Audit required: Use of an insecure hashing function
PHP-A1004
Security
Critical
25 days ago
—
2 years old
Seen in 1 file
1
Audit required: Sensitive cookie without
secure
attribute
PHP-A1005
Security
Critical
25 days ago
—
2 years old
Seen in 1 file
1
Directory created with insecure permissions
PHP-A1006
Security
Critical
25 days ago
—
2 years old
Seen in 1 file
1
Audit required: Presence of debug function found
PHP-A1012
Security
Critical
25 days ago
—
2 years old
Seen in 14 files
63
Overly permissive CORS policies are a security risk
JAVA-S1000
Security
Critical
25 days ago
—
2 years old
Seen in 1 file
1
Cookies must not be insecure
JAVA-S1003
Security
Critical
25 days ago
—
2 years old
Seen in 1 file
1
1
2