Skip to content

Pull requests: yash-harness/NodeGoat

New pull request New
28 Open 17 Closed
28 Open 17 Closed
Author
Filter by author
Loading
Label
Filter by label
Loading
Use alt + click/return to exclude labels
or + click/return for logical OR
Projects
Filter by project
Loading
Milestones
Filter by milestone
Loading
Reviews
Filter by reviews
No reviews Review required Approved review Changes requested
Assignee
Filter by who’s assigned
Assigned to nobody Loading
Sort
Sort by
Newest Oldest Most commented Least commented Recently updated Least recently updated Best match
Most reactions
👍 👎 😄 🎉 😕 ❤️ 🚀 👀

Pull requests list

Open Redirect: Non-Constant URL Target of HTTP Redirect in index.js:<lambda>0.<lambda>1
#28 opened May 16, 2026 by yash-harness Owner Loading…
Open Redirect: Attacker-Controlled Data is Used in HTTP Redirects via req in index.js:<lambda>0.<lambda>1
#27 opened May 16, 2026 by yash-harness Owner Loading…
Template Injection: Loading of a Template by a Non-Constant Name in tutorial.js:<lambda>1
#26 opened May 16, 2026 by yash-harness Owner Loading…
Server-Side Request Forgery: Attacker-Controlled Data Used in URL via req in research.js:ResearchHandler.<lambda>0
#25 opened May 16, 2026 by yash-harness Owner Loading…
Cross-Site Scripting: HTTP Data to Swig Template Output via req in profile.js:ProfileHandler.<lambda>2
#24 opened May 16, 2026 by yash-harness Owner Loading…
Remote Code Execution: Inclusion of Local File by Non-Constant Path Name in config.js
#23 opened May 16, 2026 by yash-harness Owner Loading…
Cross-Site Scripting: Use of Non-Constant JavaScript Code in contributions.js:ContributionsHandler.<lambda>2
#22 opened May 16, 2026 by yash-harness Owner Loading…
Remote Code Execution: Code Injection Through Attacker-controlled Data via req in `contributions.js:ContributionsHandler.<lam…
#21 opened May 16, 2026 by yash-harness Owner Loading…
NoSQL Injection: HTTP Data Used as Part of Dangerous NoSQL Query via req in allocations.js:AllocationsHandler.<lambda>0
#20 opened May 16, 2026 by yash-harness Owner Loading…
fix: resolve low sast vulnerability
#19 opened May 16, 2026 by yash-harness Owner Loading…
fix: resolve medium sast vulnerability
#18 opened May 16, 2026 by yash-harness Owner Loading…
fix: resolve medium sast vulnerability
#17 opened May 16, 2026 by yash-harness Owner Loading…
security: resolve medium sast vulnerability
#16 opened May 16, 2026 by yash-harness Owner Loading…
fix: resolve high sast vulnerability
#15 opened May 16, 2026 by yash-harness Owner Loading…
security: resolve critical sast vulnerability
#14 opened May 16, 2026 by yash-harness Owner Loading…
security: resolve critical sast vulnerability
#13 opened May 16, 2026 by yash-harness Owner Loading…
[HIGH] Replace Hardcoded Secrets with Environment Variables
#12 opened May 15, 2026 by yash-harness Owner Loading…
5 of 17 tasks
[CRITICAL] Remove Exposed Private Key from Repository
#11 opened May 15, 2026 by yash-harness Owner Loading…
3 of 13 tasks
fix: Remote Code Execution: Code Injection Through Atta
#10 opened May 15, 2026 by yash-harness Owner Loading…
fix: NoSQL Injection: HTTP Data Used as Part of Dangero
#9 opened May 15, 2026 by yash-harness Owner Loading…
fix: Open Redirect: Attacker-Controlled Data is Used in
#8 opened May 15, 2026 by yash-harness Owner Loading…
fix: Server-Side Request Forgery: Attacker-Controlled D
#7 opened May 15, 2026 by yash-harness Owner Loading…
fix: Cross-Site Scripting: Use of Non-Constant JavaScri
#6 opened May 15, 2026 by yash-harness Owner Loading…
fix: Remote Code Execution: Execution of Non-Constant C
#5 opened May 15, 2026 by yash-harness Owner Loading…
fix: Open Redirect: Non-Constant URL Target of HTTP Red
#4 opened May 15, 2026 by yash-harness Owner Loading…
ProTip! Type g i on any issue or pull request to go back to the issue listing page.