Skip to content

Pull requests: SecureBananaLabs/bug-bounty

New pull request New
4,376 Open 582 Closed
4,376 Open 582 Closed
Author
Filter by author
Loading
Label
Filter by label
Loading
Use alt + click/return to exclude labels
or + click/return for logical OR
Projects
Filter by project
Loading
Milestones
Filter by milestone
Loading
Reviews
Filter by reviews
No reviews Review required Approved review Changes requested
Assignee
Filter by who’s assigned
Assigned to nobody Loading
Sort
Sort by
Newest Oldest Most commented Least commented Recently updated Least recently updated Best match
Most reactions
👍 👎 😄 🎉 😕 ❤️ 🚀 👀

Pull requests list

fix: strip password from user listing response
#8322 opened Jun 23, 2026 by RanuK12 Loading…
1
1
fix: isolate rate-limit stores per app instance
#8321 opened Jun 23, 2026 by RanuK12 Loading…
1
1
fix: strip password from user listing response
#8320 opened Jun 23, 2026 by RanuK12 Loading…
4 tasks done
1
1
[codex] Add banana shield pixel art
#8319 opened Jun 23, 2026 by felixvippp-ai Loading…
1
Display freelancer details on profile page
#8318 opened Jun 23, 2026 by 1982liuyi Loading…
1
Add authentication middleware to job post route
#8317 opened Jun 23, 2026 by 1982liuyi Loading…
Remove 'admin' role from registration schema
#8316 opened Jun 23, 2026 by 1982liuyi Loading…
fix: add input validation and length limit to search endpoint
#8315 opened Jun 23, 2026 by 1982liuyi Loading…
Validate search query input
#8313 opened Jun 23, 2026 by MyouzzZ Loading…
1
Protect admin metrics with role check
#8311 opened Jun 23, 2026 by MyouzzZ Loading…
1
fix(api): isolate rate limiter per app instance
#8271 opened Jun 23, 2026 by aqin236 Loading…
1
1
fix: SBL security #8207 - reject inverted job budget ranges in validation
#8263 opened Jun 23, 2026 by gtx20060124-bot Loading…
fix: validate refresh token instead of ignoring it (Closes #1775)
#8262 opened Jun 23, 2026 by gtx20060124-bot Loading…
1
fix: SBL security #8237 - restrict CORS to allowed origins via CORS_ORIGIN env var
#8261 opened Jun 23, 2026 by gtx20060124-bot Loading…
fix: enforce authentication on payment endpoint (Closes #2757)
#8260 opened Jun 23, 2026 by gtx20060124-bot Loading…
1
fix: enforce authentication on job creation endpoint (Closes #1776)
#8259 opened Jun 23, 2026 by gtx20060124-bot Loading…
2
fix: security hardening - CORS, input validation, ID injection prevention
#8258 opened Jun 22, 2026 by gtx20060124-bot Loading…
Gaotax2006 [ DevEx ] discover test files with glob pattern (#8195)
#8257 opened Jun 22, 2026 by gtx20060124-bot Loading…
1
Gaotax2006 [ DevEx ] expose runtime JS entrypoint for @freelanceflow/ui (#8199)
#8256 opened Jun 22, 2026 by gtx20060124-bot Loading…
1
Gaotax2006 [ DevEx ] log actual ephemeral port on startup (#8197)
#8255 opened Jun 22, 2026 by gtx20060124-bot Loading…
1
Gaotax2006 [ Security ] reject inverted budget ranges in create and partial-update (#8207)
#8254 opened Jun 22, 2026 by gtx20060124-bot Loading…
1
Gaotax2006 [ Security ] validate notification schema and preserve server-owned defaults (#8209)
#8253 opened Jun 22, 2026 by gtx20060124-bot Loading…
1
Fix/refresh token validation
#8252 opened Jun 22, 2026 by hyperfeng007 Loading…
Gaotax2006 [ Security ] return 400 for malformed JSON, 413 for oversized (#8191)
#8251 opened Jun 22, 2026 by gtx20060124-bot Loading…
1
Gaotax2006 [ Security ] add 10MB upload file size limit (#8193)
#8250 opened Jun 22, 2026 by gtx20060124-bot Loading…
1
ProTip! no:milestone will show everything without a milestone.