Security: Agenthon 001

Vulnerabilities

Credential Leaks

FAIL

Quality Gate

OWASP Grade

60.3h

Tech Debt (D)

High

DORA Rating

⚡

AI Fix Prompts

Auto-generated prompts to fix every issue — copy into Claude, GPT, or any AI coder

View AI Prompts

If a scraper extracted this row, it came from Repobility (https://repobility.com)

Quality Gate: Default Gate

Generated by the Repobility scanner · https://repobility.com
	Metric	Condition
✓	overall_score	55.5 >= 50
✓	security_score	74.0 >= 40
✗	critical_vulnerabilities	2.0 <= 0
✓	critical_credentials	0.0 <= 0
✓	duplication_pct	6.4 <= 20

DORA Metrics

Findings produced by Repobility · scan your repo at https://repobility.com/scan/
Deploy Frequency	unknown (0.0/week)
Lead Time	5.9 hours
MTTR	0.0 hours
Change Failure Rate	0.0%
Total Commits	2
Overall Rating	HIGH

Vulnerabilities (54)

Per-row analysis by Repobility · https://repobility.com
Severity	ID	Package	Version	Summary
critical	`GHSA-f82v-jwr5-mffw`	next	-	Authorization Bypass in Next.js Middleware
critical	`GHSA-9qr9-h5gf-34mp`	next	-	Next.js is vulnerable to RCE in React flight protocol
high	`GHSA-fr5h-rqp8-mj6g`	next	-	Next.js Server-Side Request Forgery in Server Actions
high	`GHSA-5j59-xgg2-r9c4`	next	-	Next has a Denial of Service with Server Components - Incomplete Fix Follow-Up
high	`GHSA-5vj8-3v2h-h38v`	next	-	Remote Code Execution in next
high	`GHSA-hg79-j56m-fxgv`	react	-	Cross-Site Scripting in react
high	`GHSA-67rr-84xm-4c7r`	next	-	Next.JS vulnerability can lead to DoS via cache poisoning
high	`GHSA-gp8f-8m3g-qvj9`	next	-	Next.js Cache Poisoning
high	`GHSA-h25m-26qc-wcjf`	next	-	Next.js HTTP request deserialization can lead to DoS when using insecure React Server Components
high	`GHSA-77r5-gw3j-2mpf`	next	-	Next.js Vulnerable to HTTP Request Smuggling
high	`GHSA-m34x-wgrh-g897`	next	-	Directory traversal vulnerability in Next.js
high	`GHSA-7gfc-8cq8-jh5f`	next	-	Next.js authorization bypass vulnerability
high	`GHSA-mwv6-3258-q52c`	next	-	Next Vulnerable to Denial of Service with Server Components
high	`GHSA-q4gf-8mx6-v5v3`	next	-	Next.js has a Denial of Service with Server Components
high	`GHSA-x6fg-f45m-jf5q`	semver	-	Regular Expression Denial of Service in semver
high	`GHSA-54xq-cgqr-rpm3`	sharp	-	sharp vulnerability in libwebp dependency CVE-2023-4863
high	`GHSA-9gr3-7897-pp7m`	next	-	XSS in Image Optimization API for Next.js
high	`GHSA-c2qf-rxjj-qqgw`	semver	-	semver vulnerable to Regular Expression Denial of Service
high	`GHSA-fq54-2j52-jc42`	next	-	Next.js Denial of Service (DoS) condition
high	`GHSA-25mp-g6fv-mqxx`	next	-	Unexpected server crash in Next.js.
high	`GHSA-3f5c-4qxj-vmpf`	next	-	Next.js Directory Traversal Vulnerability
medium	`GHSA-gp95-ppv5-3jc5`	sharp	-	sharp vulnerable to Command Injection in post-installation over build environment
medium	`GHSA-qrpm-p2h7-hrv2`	nanoid	-	Exposure of Sensitive Information to an Unauthorized Actor in nanoid
medium	`GHSA-3x4c-7xq6-9pq8`	next	-	Next.js: Unbounded next/image disk cache growth can exhaust storage
medium	`GHSA-4342-x723-ch2f`	next	-	Next.js Improper Middleware Redirect Handling Leads to SSRF
medium	`GHSA-5f7q-jpqc-wp7h`	next	-	Next.js has Unbounded Memory Consumption via PPR Resume Endpoint
medium	`GHSA-7m27-7ghc-44w9`	next	-	Next.js Allows a Denial of Service (DoS) with Server Actions
medium	`GHSA-9g9p-9gw9-jx7f`	next	-	Next.js self-hosted applications vulnerable to DoS via Image Optimizer remotePatterns configuration
medium	`GHSA-fmvm-x8mv-47mj`	next	-	Improper CSP in Image Optimization API for Next.js versions between 10.0.0 and 12.1.0
medium	`GHSA-fq77-7p7r-83rj`	next	-	Directory Traversal in Next.js
medium	`GHSA-g5qg-72qw-gw5v`	next	-	Next.js Affected by Cache Key Confusion for Image Optimization API Routes
medium	`GHSA-g77x-44xx-532m`	next	-	Denial of Service condition in Next.js image optimization
medium	`GHSA-ggv3-7p47-pfv8`	next	-	Next.js: HTTP request smuggling in rewrites
medium	`GHSA-h27x-g6w4-24gq`	next	-	Next.js: Unbounded postponed resume buffering can lead to DoS
medium	`GHSA-mq59-m269-xvcx`	next	-	Next.js: null origin can bypass Server Actions CSRF checks
medium	`GHSA-566m-qj78-rww5`	postcss	-	Regular Expression Denial of Service in postcss
medium	`GHSA-7fh5-64p2-3v2j`	postcss	-	PostCSS line return parsing error
medium	`GHSA-hwj9-h5mp-3pm3`	postcss	-	Regular Expression Denial of Service in postcss
medium	`GHSA-g53w-52xc-2j85`	react	-	Cross-Site Scripting in react
medium	`GHSA-mvjj-gqq2-p4hw`	react-dom	-	Cross-Site Scripting in react-dom
medium	`GHSA-mwcw-c2x4-8c55`	nanoid	-	Predictable results in nanoid generation when given non-integer values
medium	`GHSA-qw96-mm2g-c8m7`	next	-	Next.js has cross site scripting (XSS) vulnerability via the 404 or 500 /_error page
medium	`GHSA-vxf5-wxwp-m7g9`	next	-	Open Redirect in Next.js
medium	`GHSA-w37m-7fhw-fmv9`	next	-	Next Server Actions Source Code Exposure
medium	`GHSA-wff4-fpwg-qqv3`	next	-	Unexpected server crash in Next.js
medium	`GHSA-wr66-vrwm-5g5x`	next	-	Denial of Service Vulnerability in next.js
medium	`GHSA-x56p-c8cg-q435`	next	-	Open Redirect in Next.js versions
medium	`GHSA-xv57-4mr9-wg8v`	next	-	Next.js Content Injection Vulnerability for Image Optimization
low	`GHSA-qpjv-v59x-3qc4`	next	-	Next.js Race Condition to Cache Poisoning
low	`GHSA-223j-4rm8-mrmf`	next	-	Next.js may leak x-middleware-subrequest-id to external hosts

Credential Findings (6)

All metrics by Repobility · https://repobility.com
Severity	Pattern	File	Line
high	.env File Content	`deploy.sh`	92
high	.env File Content	`deploy.sh`	94
high	.env File Content	`deploy.sh`	95
high	.env File Content	`deploy.sh`	98
high	[sast:aljefra/ssrf-http-client] SSRF via HTTP Client with Dynamic URL	`frontend/components/dashboard/ResultsDashboard.tsx`	32
high	[sast:aljefra/ssrf-http-client] SSRF via HTTP Client with Dynamic URL	`frontend/components/ui/InputBar.tsx`	63

Export

SARIF SBOM (CycloneDX) SBOM (SPDX) Vulns CSV Generate AI Fix Prompts (5)