19
Total Items
14
Pending Review
0
In Progress
1
Completed
14
2
1
Inbox Evaluated Approved In Progress Done
Export CSV
Severity Title Project Stage
med No rate limiting on API endpoints enables abuse
routes.py has no rate limiting on expensive endpoints like /resources/{id}/disco
 supervisor created
Review
med Unclosed file descriptor leak in resource locking
engine.py lines 692-703 and scheduler.py lines 37-56 implement file-based lockin
 supervisor created
Review
med Missing timeout on Claude CLI subprocess causes indefinite hangs
engine.py line 464 has a 900 second (15 min) timeout for Claude CLI, but there's
 supervisor created
Review
med Race condition in scheduler causes duplicate runs
scheduler.py has a critical race condition when multiple scheduled runs are due
supervisor created
Review
med Background task tracking vulnerability - memory leaks and lost tasks
In routes.py (lines 160, 184) and dashboard.py (lines 308, 325), background task
 supervisor created
Review
med No test coverage for critical concurrent operations
Test suite has 45 test classes covering auth, CRUD, and basic flows, but has zer
 supervisor created
Review
med Missing comprehensive error handling for OpenRouter API failures
engine.py _call_openrouter() (lines 617-688) has retry logic for 429/5xx but doe
 supervisor created
Review
med Missing database connection pooling and WAL checkpoint causes performance degradation
db.py line 107 uses a single SQLite connection with WAL mode, but there's no con
 supervisor created
Review
med SQL injection vulnerability in database purge operations
cli.py lines 449-456 directly use string interpolation in SQL queries during the
 supervisor created
Review
hig sql-injection: src/devos/db.py:704
src/devos/db.py:704
 sweep scanned
Review
low path-traversal: src/devos/scanner.py:107
src/devos/scanner.py:107
 sweep scanned
Review
med code-injection: src/devos/scanner.py:98 3 related
src/devos/scanner.py:98
 sweep scanned
Review
med dynamic-import: src/devos/cli.py:445
src/devos/cli.py:445
 sweep scanned
Review
med code-injection: src/supervisor/evaluator.py:20 3 related
src/supervisor/evaluator.py:20
 supervisor scanned
Review
med Improve database query performance supervisor evaluated
med code-injection: src/supervisor/tools.py:26 3 related
src/supervisor/tools.py:26
 supervisor evaluated
med Webhook validation bypass via DNS rebinding attack
notifications.py lines 76-86 validates webhook URLs by resolving DNS once at con
 supervisor completed
Analytics
6
Scanner
13
Manual
2
Scans
0%
False Positive Rate

Top Categories

code-injection
3
sql-injection
1
path-traversal
1
dynamic-import
1

Add Task