2026-01-08 - 2026-07-08
Overview
4 Pull requests merged by 1 user
Merged
#4 feature/flea-market
Merged
#3 refactor(trade): remove OriginalPrice and Location fields from trade items
Merged
#2 feat(trade): implement second-hand trading/flea market feature
Merged
#1 feat: 添加日志管理和敏感词过滤功能
8 Issues closed from 1 user
Closed
#9 [LOW] JWT 载荷含敏感信息 + 缺少安全响应头
Closed
#10 [HIGH] SSRF 漏洞:用户可控 URL 未验证即发起 HTTP 请求
Closed
#11 [MEDIUM] HTTP Server 缺少超时配置:Slowloris DoS 攻击风险
Closed
#5 [CRITICAL] 大规模 IDOR 漏洞:Delete/Update 操作缺失所有权检查
Closed
#6 [HIGH] SetupSuperAdmin 接口暴露:无速率限制,可被爆破
Closed
#8 [MEDIUM] 缺失全局速率限制:登录、注册、密码重置接口可被爆破
Closed
#13 [MEDIUM] Email TLS 证书校验可被禁用:InsecureSkipVerify 配置风险
Closed
#14 [LOW] SQL LIKE 查询未转义通配符:用户输入可导致全表扫描/数据泄露
10 Issues created by 1 user
Opened
#5 [CRITICAL] 大规模 IDOR 漏洞:Delete/Update 操作缺失所有权检查
Opened
#6 [HIGH] SetupSuperAdmin 接口暴露:无速率限制,可被爆破
Opened
#7 [MEDIUM] CORS 配置过于宽松:子域名通配 + localhost 任意端口
Opened
#8 [MEDIUM] 缺失全局速率限制:登录、注册、密码重置接口可被爆破
Opened
#9 [LOW] JWT 载荷含敏感信息 + 缺少安全响应头
Opened
#10 [HIGH] SSRF 漏洞:用户可控 URL 未验证即发起 HTTP 请求
Opened
#11 [MEDIUM] HTTP Server 缺少超时配置:Slowloris DoS 攻击风险
Opened
#12 [LOW] fmt.Sscanf 返回值未检查:可能导致逻辑错误
Opened
#13 [MEDIUM] Email TLS 证书校验可被禁用:InsecureSkipVerify 配置风险
Opened
#14 [LOW] SQL LIKE 查询未转义通配符:用户输入可导致全表扫描/数据泄露