Issues • QuackatronHQ/Gigarepo

XML parsing may be vulnerable to XXE attacks

JS-D022

Security

Major

a month ago — 2 years old

Seen in 1 file

1

Bind to all interfaces

GSC-G102

Security

Major

a month ago — 2 years old

Seen in 1 file

1

Audit required: Risk of possible SQL injection vector through string-based query construction

BAN-B608

Security

Major

a month ago — 2 years old

Seen in 1 file

1

Use of both safe and unsafe HTTP methods for a view

PY-S6007

Security

Major

a month ago — 2 years old

Seen in 1 file

1

Audit required: Insecurely generated random number

CS-A1008

Security

Critical

a month ago — 2 years old

Seen in 1 file

1

Filesystem related permissions specified are too broad

CS-S1000

Security

Critical

a month ago — 2 years old

Seen in 1 file

1

Audit required: Sensitive cookie without `HttpOnly` attribute

PHP-A1003

Security

Critical

a month ago — 2 years old

Seen in 1 file

1

Audit required: Use of an insecure hashing function

PHP-A1004

Security

Critical

a month ago — 2 years old

Seen in 1 file

1

Audit required: Sensitive cookie without `secure` attribute

PHP-A1005

Security

Critical

a month ago — 2 years old

Seen in 1 file

1

Directory created with insecure permissions

PHP-A1006

Security

Critical

a month ago — 2 years old

Seen in 1 file

1

Audit required: Presence of debug function found

PHP-A1012

Security

Critical

a month ago — 2 years old

Seen in 14 files

63

Servlets should not use mutable fields without synchronization

JAVA-E0128

Bug risk

Critical

a month ago — 2 years old

Seen in 1 file

3

Overly permissive CORS policies are a security risk

JAVA-S1000

Security

Critical

a month ago — 2 years old

Seen in 1 file

1

Cookies must not be insecure

JAVA-S1003

Security

Critical

a month ago — 2 years old

Seen in 1 file

1

Unsafe permissions set on a file

JS-D017

Security

Major

a month ago — 2 years old

Seen in 1 file

2

Getter and setter method synchronization does not match

JAVA-E1074

Bug risk

Major

a month ago — a year old

Seen in 1 file

1

Use `net.JoinHostPort` instead of `fmt.Sprintf(...)`

GO-S1027

Security

Major

a month ago — 2 years old

Seen in 1 file

1

Audit: Including request data within HTML response strings may lead to XSS attacks

JAVA-A1035

Security

Critical

a month ago — a year old

Seen in 1 file

3

QuackatronHQ / Gigarepo

XML parsing may be vulnerable to XXE attacks

Bind to all interfaces

Audit required: Risk of possible SQL injection vector through string-based query construction

Use of both safe and unsafe HTTP methods for a view

Audit required: Insecurely generated random number

Filesystem related permissions specified are too broad

Audit required: Sensitive cookie without HttpOnly attribute

Audit required: Use of an insecure hashing function

Audit required: Sensitive cookie without secure attribute

Directory created with insecure permissions

Audit required: Presence of debug function found

Servlets should not use mutable fields without synchronization

Overly permissive CORS policies are a security risk

Cookies must not be insecure

Unsafe permissions set on a file

Getter and setter method synchronization does not match

Use net.JoinHostPort instead of fmt.Sprintf(...)

Audit: Including request data within HTML response strings may lead to XSS attacks

Audit required: Sensitive cookie without `HttpOnly` attribute

Audit required: Sensitive cookie without `secure` attribute

Use `net.JoinHostPort` instead of `fmt.Sprintf(...)`