Labels Milestones New Issue

15 Open 0 Closed

Label

Show archived labels Use alt + click/enter to exclude labels

All labels No label

kind/bug

kind/chore

kind/devops

kind/docs

kind/feature

kind/refactor

kind/security

kind/test

kind/ui

priority/critical

priority/high

priority/low

priority/medium

status/blocked

status/in-progress

status/needs-review

status/wontfix

Milestone

All milestones No milestones

Project

All projects No project

Author

All users

Assignee

Assigned to nobody Assigned to anybody

marcel

Sort

Newest Oldest Most recently updated Least recently updated Most commented Least commented Nearest due date Farthest due date

15 Open 0 Closed

Close

Label

Clear labels

kind/bug

kind/chore

kind/devops

kind/docs

kind/feature

kind/refactor

kind/security

kind/test

kind/ui

priority/critical

priority/high

priority/low

priority/medium

status/blocked

status/in-progress

status/needs-review

status/wontfix

Milestone

No milestone

Projects

Clear projects

Assignee

Clear assignees

No assignee

marcel

No password complexity requirements beyond minimum length kind/security priority/low

#15 opened 2026-04-02 11:21:37 +02:00 by marcel

5

createInvite has no role check — any member can invite kind/security priority/low

#14 opened 2026-04-02 11:21:33 +02:00 by marcel

5

No household-level DB enforcement — isolation relies solely on application code kind/security priority/medium

#13 opened 2026-04-02 11:21:28 +02:00 by marcel

5

Shopping list addItem does not validate ingredient belongs to household kind/security priority/medium

#12 opened 2026-04-02 11:21:22 +02:00 by marcel

5

Unbounded limit/offset parameters allow resource exhaustion kind/security priority/medium

#11 opened 2026-04-02 11:21:16 +02:00 by marcel

5

No CORS configuration — will block frontend or risk misconfiguration kind/security priority/medium

#10 opened 2026-04-02 11:21:10 +02:00 by marcel

5

Admin audit log does not capture IP addresses kind/security priority/medium

#9 opened 2026-04-02 11:21:07 +02:00 by marcel

5

Login error responses enable account enumeration via HTTP status codes kind/security priority/high

#8 opened 2026-04-02 11:20:46 +02:00 by marcel

5

Missing catch-all exception handler — stack traces leak to clients kind/security priority/high

#7 opened 2026-04-02 11:20:41 +02:00 by marcel

5

Swagger UI exposed to unauthenticated users in all environments kind/security priority/high

#6 opened 2026-04-02 11:20:35 +02:00 by marcel

5

No validation on systemRole values — arbitrary roles accepted kind/security priority/high

#5 opened 2026-04-02 11:20:30 +02:00 by marcel

5

Sessions not invalidated on password/role change or deactivation kind/security priority/high

#4 opened 2026-04-02 11:20:25 +02:00 by marcel

5

Signup creates session but never authenticates the user kind/security priority/critical

#3 opened 2026-04-02 11:20:16 +02:00 by marcel

5

Invite codes are brute-forceable (insufficient entropy) kind/security priority/critical

#2 opened 2026-04-02 11:20:11 +02:00 by marcel

5

Add rate limiting on auth and invite endpoints kind/security priority/critical

#1 opened 2026-04-02 11:20:03 +02:00 by marcel

5