Skip to content

Pull requests: SecureBananaLabs/bug-bounty

New pull request New
1,787 Open 256 Closed
1,787 Open 256 Closed
Author
Filter by author
Loading
Label
Filter by label
Loading
Use alt + click/return to exclude labels
or + click/return for logical OR
Projects
Filter by project
Loading
Milestones
Filter by milestone
Loading
Reviews
Filter by reviews
No reviews Review required Approved review Changes requested
Assignee
Filter by who’s assigned
Assigned to nobody Loading
Sort
Sort by
Newest Oldest Most commented Least commented Recently updated Least recently updated Best match
Most reactions
👍 👎 😄 🎉 😕 ❤️ 🚀 👀

Pull requests list

fix: resolve freelancer profiles from mock data by username
#3368 opened Jun 1, 2026 by AlvaroWhiteRD Loading…
1
fix: reject inverted budget ranges in createJobSchema
#3367 opened Jun 1, 2026 by AlvaroWhiteRD Loading…
1
fix: count malformed json requests in rate limiter 🙋 Bounty claim
#3366 opened Jun 1, 2026 by vicentsmith470-web Loading…
1
1
fix: make @freelanceflow/ui package entrypoint directly importable
#3364 opened Jun 1, 2026 by biocai Loading…
1
fix: add Zod validation for payment endpoint
#3363 opened Jun 1, 2026 by biocai Loading…
1
Return 400 responses for API validation errors 🙋 Bounty claim
#3362 opened Jun 1, 2026 by 18166714330cl-maker Loading…
1
fix: redact production error logs 🙋 Bounty claim
#3361 opened Jun 1, 2026 by sanphandinh Loading…
1
fix: registerUser token subject mismatch bug (closes #3354)
#3355 opened Jun 1, 2026 by patchninja-my Loading…
1
fix(lhf-004): add input validation to payment endpoint
#3353 opened Jun 1, 2026 by patchninja-my Loading…
1
fix(lhf-003): prevent self-registration as admin
#3352 opened Jun 1, 2026 by patchninja-my Loading…
1
fix(lhf-001): remove hardcoded JWT secret fallback
#3351 opened Jun 1, 2026 by patchninja-my Loading…
1
feat: automated low-hanging-fruit bug scanner (fixes #3349)
#3350 opened Jun 1, 2026 by patchninja-my Loading…
1
Keep created notifications unread 🙋 Bounty claim
#3348 opened Jun 1, 2026 by qingfeng312 Loading…
1
Add server-owned timestamps to created reviews 🙋 Bounty claim
#3346 opened Jun 1, 2026 by LikeACloud7 Loading…
1
Add payout skybridge pixel art 🙋 Bounty claim
#3344 opened Jun 1, 2026 by shaiananvari8 Loading…
Expose DB workspace package entrypoint 🙋 Bounty claim
#3343 opened Jun 1, 2026 by shaiananvari8 Loading…
1
fix: expose @freelanceflow/ui runtime entrypoints
#3341 opened Jun 1, 2026 by Daisuke134 Loading…
1
Use canonical role casing for login tokens 🙋 Bounty claim
#3340 opened Jun 1, 2026 by LikeACloud7 Loading…
1
fix: keep new notifications unread on creation 🙋 Bounty claim
#3339 opened Jun 1, 2026 by Barroso0 Loading…
1
fix(auth): sign refresh token with uppercase CLIENT UserRole casing
#3336 opened Jun 1, 2026 by git67-aaa Loading…
1
fix: require authentication for /api/payments routes (#2757)
#3333 opened Jun 1, 2026 by gordonzhaomwrf-a11y Loading…
fix: enforce authentication on job creation endpoint
#3332 opened Jun 1, 2026 by cyrillical00 Loading…
Payment endpoint lacks authentication — unauthenticated payment creation
#3331 opened Jun 1, 2026 by cyrillical00 Loading…
Job creation endpoint lacks authentication — anyone can post jobs
#3329 opened Jun 1, 2026 by cyrillical00 Loading…
Upload endpoint lacks authentication — unauthenticated file uploads allowed
#3330 opened Jun 1, 2026 by cyrillical00 Loading…
ProTip! Adding no:label will show everything without a label.