Skip to content

Pull requests: SecureBananaLabs/bug-bounty

New pull request New
4,373 Open 541 Closed
4,373 Open 541 Closed
Author
Filter by author
Loading
Label
Filter by label
Loading
Use alt + click/return to exclude labels
or + click/return for logical OR
Projects
Filter by project
Loading
Milestones
Filter by milestone
Loading
Reviews
Filter by reviews
No reviews Review required Approved review Changes requested
Assignee
Filter by who’s assigned
Assigned to nobody Loading
Sort
Sort by
Newest Oldest Most commented Least commented Recently updated Least recently updated Best match
Most reactions
👍 👎 😄 🎉 😕 ❤️ 🚀 👀

Pull requests list

fix: SBL security #8207 - reject inverted job budget ranges in validation
#8263 opened Jun 23, 2026 by gtx20060124-bot Loading…
fix: validate refresh token instead of ignoring it (Closes #1775)
#8262 opened Jun 23, 2026 by gtx20060124-bot Loading…
1
fix: SBL security #8237 - restrict CORS to allowed origins via CORS_ORIGIN env var
#8261 opened Jun 23, 2026 by gtx20060124-bot Loading…
fix: enforce authentication on payment endpoint (Closes #2757)
#8260 opened Jun 23, 2026 by gtx20060124-bot Loading…
1
fix: enforce authentication on job creation endpoint (Closes #1776)
#8259 opened Jun 23, 2026 by gtx20060124-bot Loading…
2
fix: security hardening - CORS, input validation, ID injection prevention
#8258 opened Jun 22, 2026 by gtx20060124-bot Loading…
Gaotax2006 [ DevEx ] discover test files with glob pattern (#8195)
#8257 opened Jun 22, 2026 by gtx20060124-bot Loading…
1
Gaotax2006 [ DevEx ] expose runtime JS entrypoint for @freelanceflow/ui (#8199)
#8256 opened Jun 22, 2026 by gtx20060124-bot Loading…
1
Gaotax2006 [ DevEx ] log actual ephemeral port on startup (#8197)
#8255 opened Jun 22, 2026 by gtx20060124-bot Loading…
1
Gaotax2006 [ Security ] reject inverted budget ranges in create and partial-update (#8207)
#8254 opened Jun 22, 2026 by gtx20060124-bot Loading…
1
Gaotax2006 [ Security ] validate notification schema and preserve server-owned defaults (#8209)
#8253 opened Jun 22, 2026 by gtx20060124-bot Loading…
1
Fix/refresh token validation
#8252 opened Jun 22, 2026 by hyperfeng007 Loading…
Gaotax2006 [ Security ] return 400 for malformed JSON, 413 for oversized (#8191)
#8251 opened Jun 22, 2026 by gtx20060124-bot Loading…
1
Gaotax2006 [ Security ] add 10MB upload file size limit (#8193)
#8250 opened Jun 22, 2026 by gtx20060124-bot Loading…
1
Gaotax2006 [ Security ] validate message fields and preserve server-owned id (#8201)
#8249 opened Jun 22, 2026 by gtx20060124-bot Loading…
1
Gaotax2006 [ Security ] validate review fields and preserve server-owned id (#8203)
#8248 opened Jun 22, 2026 by gtx20060124-bot Loading…
1
Gaotax2006 [ Security ] ignore caller-controlled id in proposal creation (#8211)
#8247 opened Jun 22, 2026 by gtx20060124-bot Loading…
1
Gaotax2006 [ Security ] return defensive snapshot from proposal list (#8213)
#8246 opened Jun 22, 2026 by gtx20060124-bot Loading…
1
Gaotax2006 [ Security ] omit password fields from user creation response (#8215)
#8245 opened Jun 22, 2026 by gtx20060124-bot Loading…
3 tasks done
1
Gaotax2006 [ Security ] reject inverted job budget ranges in create and update (#8225)
#8244 opened Jun 22, 2026 by gtx20060124-bot Loading…
4 tasks done
1
Gaotax2006 [ Security ] prevent client-controlled id and read state in notifications (#8226)
#8243 opened Jun 22, 2026 by gtx20060124-bot Loading…
3 tasks done
1
Gaotax2006 [ Security ] enforce default status field in job creation (#8235)
#8242 opened Jun 22, 2026 by gtx20060124-bot Loading…
3 tasks done
1
Gaotax2006 [ Security ] reject missing or blank search queries (#8205)
#8241 opened Jun 22, 2026 by gtx20060124-bot Loading…
4 tasks done
1
Gaotax2006 [ Security ] fix CORS restriction and add CORS_ORIGIN env var (#8237)
#8240 opened Jun 22, 2026 by gtx20060124-bot Loading…
2 of 4 tasks
1
fix: restrict CORS to allowed origins via CORS_ORIGIN env var
#8238 opened Jun 22, 2026 by RanuK12 Loading…
1
ProTip! What’s not been updated in a month: updated:<2026-05-23.