Pull Request Explorer
Back to Repo| Title | Author | Size | AI | Cycle Time | Review | Merged |
|---|---|---|---|---|---|---|
| fix: Stored XSS via trailing-dot filename bypassing file upload extension blocklist (GHSA-7wqv-xjf3-x35v) | mtrezza | L | No | 8.4h | - | Jun 01, 2026 |
SummaryBug FixFix XSS via trailing-dot filename bypass Removes a stored XSS vulnerability that allowed malicious files to bypass the extension blocklist, improving security for file uploads. Health Assessment
Large
High
Low
AI DetailsTech Stack
Languages:
Javascript
|
||||||
| fix: Stored XSS via trailing-dot filename bypassing file upload extension blocklist (GHSA-7wqv-xjf3-x35v) | mtrezza | L | AI | 9.1h | 0.2h | Jun 01, 2026 |
SummaryBug FixFix XSS via trailing-dot filename bypass Prevents stored XSS attacks by tightening file upload validation, ensuring secure handling of filenames. Health Assessment
Large
Medium
Low
AI Details
Usage:
AI Reviewed
Category:
Review AI
Tools:
CodeRabbit
Confidence:
0.95
Tech Stack
Languages:
Javascript
|
||||||
| fix: Server option routeAllowList is bypassable through batch sub-requests (GHSA-p84r-h6rx-f2xr) | mtrezza | M | No | 5.9h | 0.1h | May 27, 2026 |
SummaryBug FixFix routeAllowList bypass via batch sub-requests Prevents a security vulnerability that allowed bypassing server route restrictions through batch requests, ensuring stricter enforcement of routeAllowList. Health Assessment
Small
Low
Low
AI DetailsTech Stack
Languages:
Javascript
|
||||||
| test: GraphQL endpoint is exempt from `routeAllowList` by design | mtrezza | M | No | 7.0h | 0.1h | May 26, 2026 |
SummaryChoreAdd tests for GraphQL routeAllowList exemption Adds unit tests and documentation confirming that the GraphQL endpoint is intentionally exempt from the routeAllowList security feature, ensuring clarity for developers. Health Assessment
Small
Low
Low
AI DetailsTech Stack
Languages:
Javascript
|
||||||
| fix: GraphQL "Did you mean" validation suggestions disclose schema to unauthenticated callers (GHSA-8cph-rgr4-g5vj) | mtrezza | M | No | 15.6h | - | May 18, 2026 |
SummaryBug FixFix GraphQL schema disclosure in validation suggestions Removes sensitive schema information from autocomplete suggestions for unauthenticated users, addressing a security vulnerability. Health Assessment
Medium
Medium
Low
AI DetailsTech Stack
Languages:
Javascript
|
||||||
| fix: GraphQL "Did you mean" validation suggestions disclose schema to unauthenticated callers (GHSA-8cph-rgr4-g5vj) | mtrezza | M | No | 16.7h | 0.1h | May 18, 2026 |
SummaryBug FixFix GraphQL validation disclosure to unauthenticated callers Removes schema disclosure in GraphQL validation suggestions, enhancing security for unauthenticated users. Health Assessment
Small
Low
Low
AI Details
Confidence:
0.20
Tech Stack
Languages:
Javascript
|
||||||
| fix: Pre-authentication denial of service via client version header regex backtracking (GHSA-38m6-82c8-4xfm) | mtrezza | L | No | 2.1h | - | May 17, 2026 |
SummaryBug FixFix pre-auth denial of service via regex Patch a critical denial‑of‑service vulnerability that could be triggered before authentication, ensuring safer client version handling. Health Assessment
Large
High
Low
AI DetailsTech Stack
Languages:
Javascript
|
||||||
| fix: Pre-authentication denial of service via client version header regex backtracking (GHSA-38m6-82c8-4xfm) | mtrezza | L | No | 3.5h | 0.1h | May 17, 2026 |
SummaryBug FixFix pre‑auth denial of service via regex Removes a vulnerability that could allow attackers to cause denial of service by sending crafted client version headers, improving security and reliability. Health Assessment
Medium
Low
Low
AI Details
Usage:
AI Reviewed
Category:
Review AI
Tools:
CodeRabbit
Confidence:
0.95
Tech Stack
Languages:
Javascript
|
||||||