Repos / EightGoodDev__oripa / Security

Security: Oripa

72
Vulnerabilities
0
Credential Leaks
FAIL
Quality Gate
A
OWASP Grade
32.3h
Tech Debt (C)
Medium
DORA Rating
Unknown
License (unknown)
Repobility's GitHub App fixes findings like these · https://github.com/apps/repobility-bot

AI Fix Prompts

Auto-generated prompts to fix every issue — copy into Claude, GPT, or any AI coder

View AI Prompts

Quality Gate: Default Gate

Open data · scored by Repobility · https://repobility.com
MetricCondition
overall_score44.5 >= 50
security_score65.0 >= 40
critical_vulnerabilities0.0 <= 0
critical_credentials0.0 <= 0
duplication_pct0.0 <= 20

DORA Metrics

Analysis by Repobility (https://repobility.com) · MCP-ready
Deploy Frequencymonthly (0.2/week)
Lead Time672.0 hours
MTTR48.0 hours
Change Failure Rate100.0%
Total Commits237
Overall RatingMEDIUM

Vulnerabilities (72)

Scored by Repobility's multi-pass pipeline · https://repobility.com
SeverityIDPackageVersionSummary
highCVE-2026-29087@hono/node-server1.19.9@hono/node-server has authorization bypass for protected static paths via encoded slashes in Serve Static Middleware
highCVE-2026-35209defu6.1.4defu: Prototype pollution via `__proto__` key in defaults argument
highCVE-2026-32887effect3.18.4Effect `AsyncLocalStorage` context lost/contaminated inside Effect fibers under concurrent load with RPC
highCVE-2026-29045hono4.11.4Hono vulnerable to arbitrary file access via serveStatic vulnerability
highCVE-2026-4800lodash4.17.21lodash: lodash: Arbitrary code execution via untrusted input in template imports
highGHSA-q4gf-8mx6-v5v3next16.1.6Next.js has a Denial of Service with Server Components
highCVE-2026-33671picomatch4.0.3picomatch: Picomatch: Regular Expression Denial of Service via crafted extglob patterns
highCVE-2026-1526undici6.23.0undici: undici: Denial of Service via unbounded memory consumption during WebSocket permessage-deflate decompression
highCVE-2026-1528undici6.23.0undici: undici: Denial of Service via crafted WebSocket frame with large length
highCVE-2026-2229undici6.23.0undici: Undici: Denial of Service via invalid WebSocket permessage-deflate extension parameter
highGHSA-v9p9-hfj2-hcw8undici6.23.0
highGHSA-f269-vfmq-vjvjundici6.23.0
highGHSA-r5fr-rjxr-66jclodash4.17.21
highGHSA-c2c7-rcm5-vvqjpicomatch2.3.1
highGHSA-q5qw-h33p-qvwrhono4.11.4
highGHSA-rf6f-7fwh-wjghflatted3.3.3
highGHSA-737v-mqg7-c878defu6.1.4
highGHSA-7r86-cg39-jmmjminimatch3.1.2
highGHSA-3ppc-4f35-3m26minimatch3.1.2
highGHSA-23c5-xmqv-rm74minimatch3.1.2
highGHSA-vrm6-8vpv-qv8qundici6.23.0
highGHSA-wc8c-qw6v-h7f6@hono/node-server1.19.9
highGHSA-25h7-pfq9-p65fflatted3.3.3
highGHSA-38f7-945m-qr2geffect3.18.4
mediumCVE-2026-39407hono4.11.4Hono: Middleware bypass via repeated slashes in serveStatic
mediumCVE-2026-29057next16.1.6next.js: Next.js: HTTP request smuggling in rewrites
mediumGHSA-92pp-h63x-v22m@hono/node-server1.19.9
mediumCVE-2026-27978next16.1.6next.js: Next.js: null origin can bypass Server Actions CSRF checks
mediumCVE-2026-27979next16.1.6next.js: Next.js: Unbounded postponed resume buffering can lead to DoS
mediumGHSA-8f24-v5vv-gm5jnext-intl4.8.3next-intl has an open redirect vulnerability
mediumGHSA-6wqw-2p9w-4vw4hono4.11.4
mediumCVE-2026-33672picomatch4.0.3picomatch: Picomatch: Data integrity compromised via method injection with crafted POSIX bracket expressions
mediumGHSA-5pq2-9x2x-5p6whono4.11.4
mediumGHSA-xxjr-mmjv-4gpglodash4.17.21
mediumGHSA-xf4j-xp2r-rqqxhono4.11.4
mediumCVE-2026-1525undici6.23.0undici: Undici: HTTP Request Smuggling and Denial of Service due to duplicate Content-Length headers
mediumCVE-2026-1527undici6.23.0undici: Undici: HTTP header injection and request smuggling vulnerability
mediumGHSA-r354-f388-2fhhhono4.11.4
mediumGHSA-3x4c-7xq6-9pq8next16.1.6
mediumGHSA-3v7f-55p6-f55ppicomatch2.3.1
mediumGHSA-4992-7rv2-5pvqundici6.23.0
mediumGHSA-h27x-g6w4-24gqnext16.1.6
mediumGHSA-f23m-r3pf-42rhlodash4.17.21
mediumGHSA-mq59-m269-xvcxnext16.1.6
mediumGHSA-ggv3-7p47-pfv8next16.1.6
mediumGHSA-f886-m6hf-6m8vbrace-expansion1.1.12
mediumGHSA-p6xx-57qc-3wxrhono4.11.4
mediumGHSA-2g4f-4pwh-qvx6ajv6.12.6
mediumGHSA-wmmm-f939-6g9chono4.11.4
mediumGHSA-9r54-q6cx-xmh5hono4.11.4

Export

SARIF SBOM (CycloneDX) SBOM (SPDX) Vulns CSV Generate AI Fix Prompts (4)