This website requires JavaScript.
Explore
Help
Register
Sign In
azcomputerguru
/
guru-connect
Watch
1
Star
0
Fork
0
You've already forked guru-connect
Code
Issues
18
Pull Requests
Actions
Packages
Projects
Releases
2
Wiki
Activity
Labels
Milestones
New Issue
7 Open
0 Closed
Label
Show archived labels
Use
alt
+
click/enter
to exclude labels
All labels
No label
component:agent
component:dashboard
component:server
security
severity:critical
severity:high
Milestone
All milestones
No milestones
Project
All projects
No project
Author
All users
Assignee
Assigned to nobody
Assigned to anybody
azcomputerguru
Sort
Newest
Oldest
Most recently updated
Least recently updated
Most commented
Least commented
Nearest due date
Farthest due date
Label
7 Open
0 Closed
Close
Label
Clear labels
component:agent
component:dashboard
component:server
security
severity:critical
severity:high
Milestone
No milestone
Projects
Clear projects
Assignee
Clear assignees
No assignee
azcomputerguru
[H5] Server does not block self-role-demotion (only self-delete); lockout guard is client-only
component:dashboard
component:server
security
severity:high
#19
opened
2026-06-05 17:35:45 -07:00
by
azcomputerguru
[H4] token_blacklist cleanup_expired re-verifies every JWT signature; stores whole tokens in RAM
component:server
security
severity:high
#18
opened
2026-06-05 17:35:38 -07:00
by
azcomputerguru
[H3] revoke_user_tokens is a 501 stub whose comment claims partial behavior
component:server
security
severity:high
#17
opened
2026-06-05 17:35:33 -07:00
by
azcomputerguru
[H2] Bootstrap admin plaintext password written to .admin-credentials + info! log fallback
component:server
security
severity:high
#16
opened
2026-06-05 17:35:28 -07:00
by
azcomputerguru
[H1] No rate-limit/lockout on the login path
component:server
security
severity:high
#15
opened
2026-06-05 17:35:23 -07:00
by
azcomputerguru
[C3] downloads.rs body().unwrap() on attacker-controlled Content-Disposition filename -> unauthenticated panic/DoS
component:server
security
severity:critical
#12
opened
2026-06-05 17:35:05 -07:00
by
azcomputerguru
[C2] Unauthenticated downloads.rs: hardcoded prod relay URL + default API-key fallback + false support-embedding docstring
component:server
security
severity:critical
#11
opened
2026-06-05 17:35:00 -07:00
by
azcomputerguru