Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Feature/vulnerable demo #39

Open
wants to merge 2 commits into
base: main
Choose a base branch
from

Update Medicalreport.jsx

5f9d345
Select commit
Loading
Failed to load commit list.
Open

Feature/vulnerable demo #39

Update Medicalreport.jsx
5f9d345
Select commit
Loading
Failed to load commit list.
GitHub Advanced Security / CodeQL failed Aug 30, 2024 in 5s

6 new alerts including 2 critical severity security vulnerabilities

New alerts in code changed by this pull request

Security Alerts:

  • 2 critical
  • 4 high

See annotations below for details.

View all branch alerts.

Annotations

Check failure on line 15 in vulnerable.js

See this annotation in the file changed.

Code scanning / CodeQL

Reflected cross-site scripting High

Cross-site scripting vulnerability due to a
user-provided value
.

Check failure on line 24 in vulnerable.js

See this annotation in the file changed.

Code scanning / CodeQL

Reflected cross-site scripting High

Cross-site scripting vulnerability due to a
user-provided value
.

Check failure on line 30 in vulnerable.js

See this annotation in the file changed.

Code scanning / CodeQL

Hard-coded credentials Critical

The hard-coded value "secretkey" is used as
jwt key
.

Check failure on line 44 in vulnerable.js

See this annotation in the file changed.

Code scanning / CodeQL

Missing rate limiting High

This route handler performs
a file system access
, but is not rate-limited.

Check failure on line 37 in vulnerable.js

See this annotation in the file changed.

Code scanning / CodeQL

Uncontrolled data used in path expression High

This path depends on a
user-provided value
.

Check failure on line 50 in vulnerable.js

See this annotation in the file changed.

Code scanning / CodeQL

Code injection Critical

This code execution depends on a
user-provided value
.