Security: Reacttest

Vulnerabilities

Credential Leaks

FAIL

Quality Gate

OWASP Grade

29.4h

Tech Debt (C)

Elite

DORA Rating

⚡

AI Fix Prompts

Auto-generated prompts to fix every issue — copy into Claude, GPT, or any AI coder

View AI Prompts

Repobility's GitHub App fixes findings like these · https://github.com/apps/repobility-bot

Quality Gate: Default Gate

Same analyzer free for public repos: https://repobility.com
	Metric	Condition
✗	overall_score	0.0 >= 50
✗	security_score	0.0 >= 40
✗	critical_vulnerabilities	3.0 <= 0
✗	critical_credentials	2.0 <= 0
✓	duplication_pct	0.9 <= 20

DORA Metrics

Powered by Repobility · code-quality intelligence
Deploy Frequency	daily (1.9/week)
Lead Time	55.4 hours
MTTR	0.0 hours
Change Failure Rate	0.0%
Total Commits	70
Overall Rating	ELITE

Vulnerabilities (57)

Generated by the Repobility scanner · https://repobility.com
Severity	ID	Package	Version	Summary
critical	`GHSA-8r6j-v8pm-fqw3`	fsevents	-	Code injection in fsevents
critical	`GHSA-9qr9-h5gf-34mp`	next	-	Next.js is vulnerable to RCE in React flight protocol
critical	`GHSA-f82v-jwr5-mffw`	next	-	Authorization Bypass in Next.js Middleware
high	`GHSA-fr5h-rqp8-mj6g`	next	-	Next.js Server-Side Request Forgery in Server Actions
high	`GHSA-25mp-g6fv-mqxx`	next	-	Unexpected server crash in Next.js.
high	`GHSA-5j59-xgg2-r9c4`	next	-	Next has a Denial of Service with Server Components - Incomplete Fix Follow-Up
high	`GHSA-5vj8-3v2h-h38v`	next	-	Remote Code Execution in next
high	`GHSA-gp8f-8m3g-qvj9`	next	-	Next.js Cache Poisoning
high	`GHSA-h25m-26qc-wcjf`	next	-	Next.js HTTP request deserialization can lead to DoS when using insecure React Server Components
high	`GHSA-67rr-84xm-4c7r`	next	-	Next.JS vulnerability can lead to DoS via cache poisoning
high	`GHSA-c2qf-rxjj-qqgw`	semver	-	semver vulnerable to Regular Expression Denial of Service
high	`GHSA-m34x-wgrh-g897`	next	-	Directory traversal vulnerability in Next.js
high	`GHSA-77r5-gw3j-2mpf`	next	-	Next.js Vulnerable to HTTP Request Smuggling
high	`GHSA-mwv6-3258-q52c`	next	-	Next Vulnerable to Denial of Service with Server Components
high	`GHSA-hg79-j56m-fxgv`	react	-	Cross-Site Scripting in react
high	`GHSA-7gfc-8cq8-jh5f`	next	-	Next.js authorization bypass vulnerability
high	`GHSA-7mvr-c777-76hp`	playwright	-	Playwright downloads and installs browsers without verifying the authenticity of the SSL certificate
high	`GHSA-3f5c-4qxj-vmpf`	next	-	Next.js Directory Traversal Vulnerability
high	`GHSA-54xq-cgqr-rpm3`	sharp	-	sharp vulnerability in libwebp dependency CVE-2023-4863
high	`GHSA-9gr3-7897-pp7m`	next	-	XSS in Image Optimization API for Next.js
high	`GHSA-x6fg-f45m-jf5q`	semver	-	Regular Expression Denial of Service in semver
high	`GHSA-fq54-2j52-jc42`	next	-	Next.js Denial of Service (DoS) condition
high	`GHSA-h68q-55jf-x68w`	chart.js	-	Prototype pollution in chart.js
medium	`GHSA-gp95-ppv5-3jc5`	sharp	-	sharp vulnerable to Command Injection in post-installation over build environment
medium	`MAL-2023-462`	fsevents	-	Malicious code in fsevents (npm)
medium	`GHSA-mwcw-c2x4-8c55`	nanoid	-	Predictable results in nanoid generation when given non-integer values
medium	`GHSA-qrpm-p2h7-hrv2`	nanoid	-	Exposure of Sensitive Information to an Unauthorized Actor in nanoid
medium	`GHSA-3x4c-7xq6-9pq8`	next	-	Next.js: Unbounded next/image disk cache growth can exhaust storage
medium	`GHSA-4342-x723-ch2f`	next	-	Next.js Improper Middleware Redirect Handling Leads to SSRF
medium	`GHSA-5f7q-jpqc-wp7h`	next	-	Next.js has Unbounded Memory Consumption via PPR Resume Endpoint
medium	`GHSA-7m27-7ghc-44w9`	next	-	Next.js Allows a Denial of Service (DoS) with Server Actions
medium	`GHSA-9g9p-9gw9-jx7f`	next	-	Next.js self-hosted applications vulnerable to DoS via Image Optimizer remotePatterns configuration
medium	`GHSA-fmvm-x8mv-47mj`	next	-	Improper CSP in Image Optimization API for Next.js versions between 10.0.0 and 12.1.0
medium	`GHSA-fq77-7p7r-83rj`	next	-	Directory Traversal in Next.js
medium	`GHSA-g5qg-72qw-gw5v`	next	-	Next.js Affected by Cache Key Confusion for Image Optimization API Routes
medium	`GHSA-g77x-44xx-532m`	next	-	Denial of Service condition in Next.js image optimization
medium	`GHSA-ggv3-7p47-pfv8`	next	-	Next.js: HTTP request smuggling in rewrites
medium	`GHSA-h27x-g6w4-24gq`	next	-	Next.js: Unbounded postponed resume buffering can lead to DoS
medium	`GHSA-mq59-m269-xvcx`	next	-	Next.js: null origin can bypass Server Actions CSRF checks
medium	`GHSA-qw96-mm2g-c8m7`	next	-	Next.js has cross site scripting (XSS) vulnerability via the 404 or 500 /_error page
medium	`GHSA-vxf5-wxwp-m7g9`	next	-	Open Redirect in Next.js
medium	`GHSA-w37m-7fhw-fmv9`	next	-	Next Server Actions Source Code Exposure
medium	`GHSA-wff4-fpwg-qqv3`	next	-	Unexpected server crash in Next.js
medium	`GHSA-wr66-vrwm-5g5x`	next	-	Denial of Service Vulnerability in next.js
medium	`GHSA-x56p-c8cg-q435`	next	-	Open Redirect in Next.js versions
medium	`GHSA-xv57-4mr9-wg8v`	next	-	Next.js Content Injection Vulnerability for Image Optimization
medium	`GHSA-566m-qj78-rww5`	postcss	-	Regular Expression Denial of Service in postcss
medium	`GHSA-7fh5-64p2-3v2j`	postcss	-	PostCSS line return parsing error
medium	`GHSA-hwj9-h5mp-3pm3`	postcss	-	Regular Expression Denial of Service in postcss
medium	`GHSA-g53w-52xc-2j85`	react	-	Cross-Site Scripting in react

Credential Findings (6)

Page rendered by Aljefra Mapper · scored by Repobility (https://repobility.com)
Severity	Pattern	File	Line
critical	Vault Token	`backend/StocksApi/Program.cs`	64
critical	Vault Token	`backend/StocksApi/Program.cs`	119
high	Password Assignment	`.github/workflows/deploy-azure.yml`	183
high	[sast:aljefra/ssrf-http-client] SSRF via HTTP Client with Dynamic URL	`frontend/src/hooks/useStocks.ts`	40
high	[sast:aljefra/ssrf-http-client] SSRF via HTTP Client with Dynamic URL	`frontend-next/app/_hooks/useStocks.ts`	16
high	[sast:aljefra/ssrf-http-client] SSRF via HTTP Client with Dynamic URL	`frontend-next/app/api/stocks/[companyId]/route.ts`	114

Export

SARIF SBOM (CycloneDX) SBOM (SPDX) Vulns CSV Generate AI Fix Prompts (5)