← Back to scan
File as GitHub Issue repo: Yanyutin753/LambChat

Push this scan report to Yanyutin753/LambChat

Click the green button below to open GitHub’s new-issue form, pre-filled with the report title, summary table, top findings, and an embedded score-card image. No authentication needed — you review on GitHub before submitting. Repobility is credited as the scanner.

Embedded score card image

This image will render at the top of the issue body. Hosted on Repobility, refreshes automatically after re-scans.

Repobility score card

Issue title

js-cookie: GHSA-qjx8-664m-686j

Curate findings to include

Pick exactly which findings appear in the issue body. By default the top 5 are included. Uncheck noise, check what matters.

Top 5 (default)
Severity Rule Title File:line
HIGH GHSA-qjx8-664m-686j js-cookie: GHSA-qjx8-664m-686j pnpm-lock.yaml
HIGH GHSA-5pgg-2g8v-p4x9 xlsx: GHSA-5pgg-2g8v-p4x9 frontend/pnpm-lock.yaml
HIGH GHSA-4r6h-8v6p-xvw6 xlsx: GHSA-4r6h-8v6p-xvw6 frontend/pnpm-lock.yaml
HIGH GHSA-r5fr-rjxr-66jc lodash-es: GHSA-r5fr-rjxr-66jc frontend/pnpm-lock.yaml
HIGH GHSA-qjx8-664m-686j js-cookie: GHSA-qjx8-664m-686j frontend/pnpm-lock.yaml
HIGH JRN009 Secret-like setting is echoed into a password input value frontend/src/components/panels/UsersPan…:253
HIGH JRN004 Consent is collected in UI without visible backend audit persistence frontend/src/types/auth.ts:6
HIGH AUC003 [AUC003] Object-level route lacks visible authorization: A route with an object id-like p… src/api/main.py:701
MED SEC127 [SEC127] AI agent stub — TODO: implement / pass placeholder body: Function body left as T… src/infra/tool/tool_search_tool.py:90
MED SEC015 [SEC015] Insecure Randomness for Security: Weak PRNG used in security-sensitive context. … src/infra/skill/binary.py:182
MED SEC015 [SEC015] Insecure Randomness for Security: Weak PRNG used in security-sensitive context. … src/infra/auth/jwt.py:18
MED SEC015 [SEC015] Insecure Randomness for Security: Weak PRNG used in security-sensitive context. … src/api/routes/auth/rate_limiter.py:30
MED SEC139 [SEC139] AI-generated migration/route without companion test file: Route or migration tou… src/api/routes/agent/config.py:323
MED ERR001 [ERR001] Silent Exception Swallowing: Silently swallowing all exceptions hides bugs. Even… src/api/routes/project.py:31
MED ERR001 [ERR001] Silent Exception Swallowing: Silently swallowing all exceptions hides bugs. Even… src/api/routes/health.py:166
MED ERR001 [ERR001] Silent Exception Swallowing: Silently swallowing all exceptions hides bugs. Even… src/api/middleware/user_context.py:32
MED SEC136 [SEC136] AI-typical over-broad exception handler swallowing all errors: Catch-all excepti… src/infra/folder/storage.py:59
MED SEC136 [SEC136] AI-typical over-broad exception handler swallowing all errors: Catch-all excepti… src/infra/channel/feishu/markdown.py:155
MED SEC136 [SEC136] AI-typical over-broad exception handler swallowing all errors: Catch-all excepti… src/api/deps.py:99
MED SEC034 [SEC034] Log Injection / Log Forging — unsanitized user input in log: User input is logge… src/api/routes/websocket.py:93
MED SEC034 [SEC034] Log Injection / Log Forging — unsanitized user input in log: User input is logge… src/api/routes/feedback.py:74
MED SEC034 [SEC034] Log Injection / Log Forging — unsanitized user input in log: User input is logge… src/api/deps.py:227
MED SEC046 [SEC046] Client-side open redirect — window.location = server-supplied URL: Assigning win… frontend/src/hooks/useAuth.tsx:259
MED SEC041 [SEC041] Tabnabbing — target="_blank" without rel="noopener noreferrer": <a target="_blan… frontend/src/components/common/AboutDia…:31
MED ERR002 [ERR002] Empty Catch Block: Empty catch blocks hide errors. frontend/src/components/fileLibrary/Rev…:61
MED ERR002 [ERR002] Empty Catch Block: Empty catch blocks hide errors. frontend/src/components/common/Language…:28
MED ERR002 [ERR002] Empty Catch Block: Empty catch blocks hide errors. frontend/src/components/chat/ChatInputT…:117
MED SEC045 [SEC045] eval()/exec() on stored or user-supplied data: eval() and exec() on data — even … frontend/src/hooks/useAgent/goalCommand…:32
MED SEC045 [SEC045] eval()/exec() on stored or user-supplied data: eval() and exec() on data — even … frontend/scripts/extract-i18n.ts:111
MED MINED109 Mutable default argument in `create_persona_preset` (list) src/infra/tool/persona_preset_tool.py:78
MED MINED111 Bare except continues silently src/infra/persona_preset/storage.py:331
MED MINED111 Bare except continues silently src/infra/persona_preset/storage.py:122
MED MINED111 Bare except continues silently src/infra/role/storage.py:441
MED MINED111 Bare except continues silently src/infra/role/storage.py:214
MED MINED111 Bare except continues silently src/agents/core/recommendations.py:447
MED MINED111 Bare except continues silently src/agents/core/recommendations.py:166
MED MINED111 Bare except continues silently src/agents/core/base.py:434
MED MINED111 Bare except continues silently src/agents/core/base.py:870
MED MINED111 Bare except continues silently src/api/routes/channels.py:642
MED MINED111 Bare except continues silently src/api/routes/skill.py:650
MED MINED111 Bare except continues silently src/api/routes/skill.py:226
MED MINED111 Bare except continues silently src/api/routes/session.py:765
MED MINED111 Bare except continues silently src/api/routes/skill_uploads.py:203
MED MINED111 Bare except continues silently src/api/routes/upload.py:872
MED MINED111 Bare except continues silently src/api/routes/upload.py:860
MED MINED111 Bare except continues silently src/api/deps.py:112
MED MINED111 Bare except continues silently src/infra/github_client.py:59
MED MINED111 Bare except continues silently src/infra/goal.py:90
MED MINED111 Bare except continues silently src/infra/goal.py:68
MED MINED111 Bare except continues silently src/infra/goal.py:35
MED MINED111 Bare except continues silently src/infra/goal.py:92
MED MINED111 Bare except continues silently src/kernel/version_utils.py:23
MED MINED111 Bare except continues silently tests/api/routes/conftest.py:16
MED MINED111 Bare except continues silently scripts/create_e2b_template.py:218
MED MINED111 Bare except continues silently scripts/create_daytona_snapshot.py:259
MED COMP001 [COMP001] High cognitive complexity: Function `_format_attachment_summary` has cognitive … src/agents/core/node_utils.py:217
MED DKR003 Compose service `lambchat` image uses the latest tag deploy/docker-compose.yml:21
MED AUC001 [AUC001] No Repobility access matrix policy found: The repository uses web/API frameworks…
MED DEPCUR-NPM npm package `@vitejs/plugin-react` is 2 major version(s) behind (^4.3.4 -> 6.0.2) frontend/package.json
MED DEPCUR-NPM npm package `@eslint/js` is 1 major version(s) behind (^9.17.0 -> 10.0.1) frontend/package.json
MED DEPCUR-NPM npm package `react-markdown` is 1 major version(s) behind (^9.0.1 -> 10.1.0) frontend/package.json
MED GHSA-jg22-mg44-37j8 aiohttp: GHSA-jg22-mg44-37j8 uv.lock
MED GHSA-hg6j-4rv6-33pg aiohttp: GHSA-hg6j-4rv6-33pg uv.lock
MED GHSA-4w7w-66w2-5vf9 vite: GHSA-4w7w-66w2-5vf9 pnpm-lock.yaml
MED GHSA-xcj9-5m2h-648r mermaid: GHSA-xcj9-5m2h-648r pnpm-lock.yaml
MED GHSA-ghcm-xqfw-q4vr mermaid: GHSA-ghcm-xqfw-q4vr pnpm-lock.yaml
MED GHSA-87f9-hvmw-gh4p mermaid: GHSA-87f9-hvmw-gh4p pnpm-lock.yaml
MED GHSA-6m6c-36f7-fhxh mermaid: GHSA-6m6c-36f7-fhxh pnpm-lock.yaml
MED GHSA-67mh-4wv8-2f99 esbuild: GHSA-67mh-4wv8-2f99 pnpm-lock.yaml
MED GHSA-mwcw-c2x4-8c55 nanoid: GHSA-mwcw-c2x4-8c55 frontend/pnpm-lock.yaml
MED GHSA-xcj9-5m2h-648r mermaid: GHSA-xcj9-5m2h-648r frontend/pnpm-lock.yaml
MED GHSA-ghcm-xqfw-q4vr mermaid: GHSA-ghcm-xqfw-q4vr frontend/pnpm-lock.yaml
MED GHSA-87f9-hvmw-gh4p mermaid: GHSA-87f9-hvmw-gh4p frontend/pnpm-lock.yaml
MED GHSA-6m6c-36f7-fhxh mermaid: GHSA-6m6c-36f7-fhxh frontend/pnpm-lock.yaml
MED GHSA-xxjr-mmjv-4gpg lodash-es: GHSA-xxjr-mmjv-4gpg frontend/pnpm-lock.yaml
MED GHSA-f23m-r3pf-42rh lodash-es: GHSA-f23m-r3pf-42rh frontend/pnpm-lock.yaml
MED GHSA-jxxr-4gwj-5jf2 brace-expansion: GHSA-jxxr-4gwj-5jf2 frontend/pnpm-lock.yaml
MED GHSA-4w7w-66w2-5vf9 vite: GHSA-4w7w-66w2-5vf9 docs/pnpm-lock.yaml
MED GHSA-67mh-4wv8-2f99 esbuild: GHSA-67mh-4wv8-2f99 docs/pnpm-lock.yaml
MED DKC015 Database service has no healthcheck deploy/docker-compose.yml:11
MED JRN002 Browser storage is used for session token material frontend/src/services/api/token.ts:33
MED JRN002 Browser storage is used for session token material frontend/src/services/api/token.ts:31
MED JRN002 Browser storage is used for session token material frontend/src/services/api/token.ts:24
MED JRN002 Browser storage is used for session token material frontend/src/services/api/token.ts:17
MED AGT007 localStorage write failures are swallowed silently frontend/src/hooks/useSessionConfig.ts:78
MED AGT007 localStorage write failures are swallowed silently frontend/src/hooks/useInputHistory.ts:24
MED AGT007 localStorage write failures are swallowed silently frontend/src/components/persona/usePers…:167
MED WEB003 Public web service has no security.txt .well-known/security.txt
MED JRN003 Frontend API reference is not matched by discovered backend routes frontend/src/services/api/config.ts:140
MED JRN003 Frontend API reference is not matched by discovered backend routes frontend/src/hooks/useAgent/sseConnecti…:142
MED AUC012 [AUC012] FastAPI interactive docs may be exposed by framework defaults: FastAPI exposes /…
MED AGT012 Agent control bridge may listen on a network interface without visible auth frontend/vite.config.ts:166
MED WEB015 Public web app has no Content Security Policy index.html
MED AGT015 Remote install command pipes network code directly to a shell scripts/create_daytona_snapshot.py:227
MED AUC009 [AUC009] Sensitive function route lacks elevated authorization evidence: A route appears … src/api/routes/mcp.py:209
MED AUC009 [AUC009] Sensitive function route lacks elevated authorization evidence: A route appears … src/api/routes/mcp.py:172
MED AUC009 [AUC009] Sensitive function route lacks elevated authorization evidence: A route appears … src/api/routes/mcp.py:129
MED AUC009 [AUC009] Sensitive function route lacks elevated authorization evidence: A route appears … src/api/routes/mcp.py:106
MED AUC009 [AUC009] Sensitive function route lacks elevated authorization evidence: A route appears … src/api/routes/envvar.py:143
MED AUC009 [AUC009] Sensitive function route lacks elevated authorization evidence: A route appears … src/api/routes/envvar.py:126
MED AUC009 [AUC009] Sensitive function route lacks elevated authorization evidence: A route appears … src/api/routes/envvar.py:113
MED AUC009 [AUC009] Sensitive function route lacks elevated authorization evidence: A route appears … src/api/routes/envvar.py:97
MED AUC009 [AUC009] Sensitive function route lacks elevated authorization evidence: A route appears … src/api/routes/envvar.py:75
MED AUC009 [AUC009] Sensitive function route lacks elevated authorization evidence: A route appears … src/api/deps.py:266
MED AUC004 [AUC004] Admin route does not show super_admin separation: An administrative route was de… src/api/routes/team.py:69
MED AUC004 [AUC004] Admin route does not show super_admin separation: An administrative route was de… src/api/routes/team.py:57
MED AUC004 [AUC004] Admin route does not show super_admin separation: An administrative route was de… src/api/routes/team.py:48
MED AUC004 [AUC004] Admin route does not show super_admin separation: An administrative route was de… src/api/routes/team.py:25
MED AUC004 [AUC004] Admin route does not show super_admin separation: An administrative route was de… src/api/routes/feedback.py:170
MED AUC004 [AUC004] Admin route does not show super_admin separation: An administrative route was de… src/api/routes/feedback.py:155
MED AUC004 [AUC004] Admin route does not show super_admin separation: An administrative route was de… src/api/routes/feedback.py:140
MED AUC004 [AUC004] Admin route does not show super_admin separation: An administrative route was de… src/api/routes/feedback.py:120
MED AUC004 [AUC004] Admin route does not show super_admin separation: An administrative route was de… src/api/routes/feedback.py:105
MED AUC004 [AUC004] Admin route does not show super_admin separation: An administrative route was de… src/api/routes/feedback.py:48
LOW COMP001 [COMP001] High cognitive complexity: Function `main` has cognitive complexity 10 (SonarSo… scripts/create_daytona_snapshot.py:179
LOW DEPCUR-NPM npm package `eslint-plugin-react-refresh` is minor version(s) behind (^0.4.16 -> 0.5.2) frontend/package.json
LOW DEPCUR-NPM npm package `autoprefixer` is minor version(s) behind (^10.4.20 -> 10.5.0) frontend/package.json
LOW DEPCUR-NPM npm package `@types/react-dom` is minor version(s) behind (^19.0.2 -> 19.2.3) frontend/package.json
LOW DEPCUR-NPM npm package `mermaid` is minor version(s) behind (^11.12.3 -> 11.15.0) frontend/package.json
LOW DEPCUR-NPM npm package `mammoth` is minor version(s) behind (^1.8.0 -> 1.12.0) frontend/package.json
LOW DEPCUR-NPM npm package `katex` is minor version(s) behind (^0.16.32 -> 0.17.0) frontend/package.json
LOW DEPCUR-NPM npm package `dompurify` is minor version(s) behind (^3.3.2 -> 3.4.8) frontend/package.json
LOW DEPCUR-NPM npm package `@xyflow/react` is minor version(s) behind (^12.10.2 -> 12.11.0) frontend/package.json
LOW DEPCUR-NPM npm package `@types/dompurify` is minor version(s) behind (^3.0.5 -> 3.2.0) frontend/package.json
LOW DEPCUR-NPM npm package `@lobehub/icons-static-svg` is minor version(s) behind (^1.84.0 -> 1.91.0) frontend/package.json
LOW DEPCUR-NPM npm package `@lobehub/icons` is minor version(s) behind (^5.2.0 -> 5.10.0) frontend/package.json
LOW DEPCUR-NPM npm package `@codemirror/view` is minor version(s) behind (^6.42.0 -> 6.43.0) frontend/package.json
LOW DEPCUR-NPM npm package `mermaid` is minor version(s) behind (^11.14.0 -> 11.15.0) package.json
LOW DEPCUR-NPM npm package `@lobehub/icons` is minor version(s) behind (^5.2.0 -> 5.10.0) package.json
LOW AIC003 Duplicated implementation block across source files frontend/src/components/panels/MemoryPa…:243
LOW AIC003 Duplicated implementation block across source files frontend/src/components/panels/MCPPanel…:467
LOW AIC003 Duplicated implementation block across source files frontend/src/components/panels/AgentPan…:20
LOW AIC003 Duplicated implementation block across source files frontend/src/components/mcp/RoleSelecto…:37
LOW AIC003 Duplicated implementation block across source files frontend/src/components/mcp/MCPToolPoli…:11
LOW AIC003 Duplicated implementation block across source files frontend/src/components/layout/AppConte…:159
LOW AIC003 Duplicated implementation block across source files frontend/src/components/layout/AppConte…:37
LOW AIC003 Duplicated implementation block across source files frontend/src/components/documents/useDo…:459
LOW AIC003 Duplicated implementation block across source files frontend/src/components/documents/previ…:18
LOW AIC003 Duplicated implementation block across source files frontend/src/components/documents/previ…:194
LOW AIC003 Duplicated implementation block across source files frontend/src/components/documents/previ…:177
LOW AIC003 Duplicated implementation block across source files frontend/src/components/common/VideoVie…:65
LOW AIC003 Duplicated implementation block across source files frontend/src/components/chat/TeamMentio…:18
LOW AIC003 Duplicated implementation block across source files frontend/src/components/chat/ChatMessag…:9
LOW AIC003 Duplicated implementation block across source files frontend/src/components/chat/ChatMessag…:15
LOW AIC003 Duplicated implementation block across source files frontend/src/components/chat/ChatMessag…:48
LOW AIC003 Duplicated implementation block across source files frontend/src/components/chat/ChatMessag…:26
LOW AIC003 Duplicated implementation block across source files frontend/src/components/chat/ChatMessag…:93
LOW AIC003 Duplicated implementation block across source files frontend/src/components/chat/ChatMessag…:9
LOW AIC003 Duplicated implementation block across source files frontend/src/components/chat/ChatMessag…:31
LOW AIC003 Duplicated implementation block across source files frontend/src/components/chat/ChatMessag…:9
LOW AIC003 Duplicated implementation block across source files frontend/src/components/chat/ChatMessag…:9
LOW AIC003 Duplicated implementation block across source files frontend/src/components/chat/ChatMessag…:61
LOW AIC003 Duplicated implementation block across source files frontend/src/components/chat/ChatMessag…:92
LOW AIC003 Duplicated implementation block across source files frontend/src/components/chat/ChatMessag…:15
LOW AIC003 Duplicated implementation block across source files frontend/src/components/chat/ChatMessag…:13
LOW AIC003 Duplicated implementation block across source files frontend/src/components/auth/ResetPassw…:79
LOW AIC003 Duplicated implementation block across source files frontend/src/components/auth/ResetPassw…:63
LOW AIC003 Duplicated implementation block across source files frontend/src/components/auth/ForgotPass…:56
LOW AIC003 Duplicated implementation block across source files frontend/src/components/auth/AuthPage.t…:274
LOW DKC015 Database service has no healthcheck deploy/docker-compose.yml:1
LOW DKR008 .dockerignore misses sensitive defaults .dockerignore
LOW DKC016 App service does not wait for database health deploy/docker-compose.yml:21
LOW WEB008 Public docs site has no llms.txt llms.txt
LOW DKC010 Compose service lacks no-new-privileges hardening deploy/docker-compose.yml:21
LOW DKC006 Compose service does not declare a runtime user deploy/docker-compose.yml:21
LOW WEB011 Public web app has no humans.txt humans.txt
INFO MINED076 [MINED076] Catch And Reraise Noop: except X: raise X — adds no value, hides traceback if … src/infra/tracing/langsmith_client.py:69
INFO MINED062 [MINED062] Python Dataclass No Fields: @dataclass over an empty class — unfinished model. src/infra/mcp/quota.py:58
INFO MINED062 [MINED062] Python Dataclass No Fields: @dataclass over an empty class — unfinished model. src/infra/logging/context.py:14
INFO MINED062 [MINED062] Python Dataclass No Fields: @dataclass over an empty class — unfinished model. src/infra/github_client.py:14
INFO MINED072 [MINED072] Python Pass Only Class: class Foo: pass — stub waiting to be filled in. src/infra/backend/protocol_compat.py:16
INFO MINED077 [MINED077] Python Open No Context: fp = open(path) outside with-block leaks file handles. src/infra/agent/events/debug_logger.py:49
INFO MINED050 [MINED050] Stub Only Function: Function declared but body is just pass, return None, rais… src/agents/search_agent/context.py:291
INFO MINED050 [MINED050] Stub Only Function: Function declared but body is just pass, return None, rais… src/agents/fast_agent/graph.py:213
INFO MINED050 [MINED050] Stub Only Function: Function declared but body is just pass, return None, rais… src/agents/core/persona.py:23
INFO MINED049 [MINED049] Print Pii: Logging password/token/email/ssn directly to stdout. scripts/create_e2b_template.py:170
INFO MINED049 [MINED049] Print Pii: Logging password/token/email/ssn directly to stdout. scripts/create_daytona_snapshot.py:193
INFO MINED043 [MINED043] Http Not Https: Hardcoded http:// (not localhost) for endpoints that handle cr… src/infra/storage/s3/backends/minio.py:41
INFO MINED043 [MINED043] Http Not Https: Hardcoded http:// (not localhost) for endpoints that handle cr… src/infra/storage/s3/backends/aliyun.py:34
INFO MINED043 [MINED043] Http Not Https: Hardcoded http:// (not localhost) for endpoints that handle cr… frontend/src/services/api/config.ts:29
INFO MINED058 [MINED058] React Dangerously Set Html: dangerouslySetInnerHTML bypasses Reacts JSX escapi… frontend/src/components/layout/AppConte…:114
INFO MINED058 [MINED058] React Dangerously Set Html: dangerouslySetInnerHTML bypasses Reacts JSX escapi… frontend/src/components/documents/previ…:337
INFO MINED056 [MINED056] React Key As Index: key={index} in map() — re-renders the wrong elements on re… frontend/src/components/chat/ChatMessag…:124
INFO MINED056 [MINED056] React Key As Index: key={index} in map() — re-renders the wrong elements on re… frontend/src/components/chat/ChatMessag…:91
INFO MINED056 [MINED056] React Key As Index: key={index} in map() — re-renders the wrong elements on re… frontend/src/components/chat/ChatMessag…:95
INFO MINED059 [MINED059] Rust Expect In Prod: .expect(...) panics same as unwrap with a custom message. frontend/src-tauri/src/lib.rs:6
INFO MINED045 [MINED045] Ts Non Null Assertion: x! asserts not null - bypasses null checks - TypeError … frontend/src/components/chat/ChatMessag…:67
INFO MINED045 [MINED045] Ts Non Null Assertion: x! asserts not null - bypasses null checks - TypeError … frontend/src/components/chat/ChatInputT…:185
INFO MINED045 [MINED045] Ts Non Null Assertion: x! asserts not null - bypasses null checks - TypeError … frontend/scripts/extract-i18n.ts:44
INFO MINED044 [MINED044] Js Console Log Prod: console.log left in code. Should be replaced with logger … frontend/scripts/find-large-files.ts:34
INFO MINED044 [MINED044] Js Console Log Prod: console.log left in code. Should be replaced with logger … frontend/scripts/extract-i18n.ts:100
INFO MINED044 [MINED044] Js Console Log Prod: console.log left in code. Should be replaced with logger … frontend/scripts/build-packaged-fronten…:7
INFO DEPCUR-NPM npm package `turndown` is patch version(s) behind (^7.2.2 -> 7.2.4) frontend/package.json
INFO DEPCUR-NPM npm package `react-virtuoso` is patch version(s) behind (^4.18.3 -> 4.18.7) frontend/package.json
INFO DEPCUR-NPM npm package `react-pdf` is patch version(s) behind (^10.4.0 -> 10.4.1) frontend/package.json
INFO DEPCUR-NPM npm package `@uiw/react-codemirror` is patch version(s) behind (^4.25.8 -> 4.25.10) frontend/package.json
INFO DEPCUR-NPM npm package `@excalidraw/excalidraw` is patch version(s) behind (^0.18.0 -> 0.18.1) frontend/package.json
INFO DEPCUR-NPM npm package `@codemirror/lang-yaml` is patch version(s) behind (^6.1.2 -> 6.1.3) frontend/package.json
INFO DEPCUR-NPM npm package `vitepress` is patch version(s) behind (^1.6.3 -> 1.6.4) package.json
INFO DEPCUR-NPM npm package `turndown` is patch version(s) behind (^7.2.2 -> 7.2.4) package.json
Reset to top 5 200 findings available (after auto-suppression of test files + won't-fix)

Issue body (markdown)

## Code-quality scan: `Yanyutin753/LambChat`

**Score: 55/100 (C+)**  ·  334 findings  ·  scanned 2026-06-05 18:29 UTC  ·  252,586 LOC

| Severity | Count |
|---|---|
| CRITICAL | 5 |
| HIGH | 80 |
| MEDIUM | 106 |
| LOW | 52 |

📊 [Full filterable report](https://repobility.com/scan/c2f396b1-928e-4ab7-b32a-7f17e0dd1d37/)  ·  ![scorecard](https://repobility.com/scan/c2f396b1-928e-4ab7-b32a-7f17e0dd1d37/report.png?v=1780684173-s2)

### Top findings

1. **HIGH** `GHSA-qjx8-664m-686j` — js-cookie: GHSA-qjx8-664m-686j
   `pnpm-lock.yaml`
2. **HIGH** `GHSA-5pgg-2g8v-p4x9` — xlsx: GHSA-5pgg-2g8v-p4x9
   `frontend/pnpm-lock.yaml`
3. **HIGH** `GHSA-4r6h-8v6p-xvw6` — xlsx: GHSA-4r6h-8v6p-xvw6
   `frontend/pnpm-lock.yaml`
4. **HIGH** `GHSA-r5fr-rjxr-66jc` — lodash-es: GHSA-r5fr-rjxr-66jc
   `frontend/pnpm-lock.yaml`
5. **HIGH** `GHSA-qjx8-664m-686j` — js-cookie: GHSA-qjx8-664m-686j
   `frontend/pnpm-lock.yaml`

---

_Filed automatically. Close this issue if not useful — we won't refile. Full report: https://repobility.com/scan/c2f396b1-928e-4ab7-b32a-7f17e0dd1d37/_
Already filed
This repo publishes a SECURITY.md policy and the scan contains 19 Critical/High security finding(s). Public issue filing would violate coordinated disclosure. Submit privately via the project's security reporting channel.
Megaproject â high spam risk
Could not determine 'Yanyutin753/LambChat' star count (GitHub API rate-limited or unreachable). When in doubt about repo size, prefer opening a focused PR or a discussion rather than an issue.
I read the warnings â override Cancel

The button opens GitHubâs new-issue page in a new tab. You will see the title + body pre-filled â review, edit if you want, then click GitHubâs "Submit new issue" button. Repobility never posts anything on your behalf.

For real security findings on big repos: use the project's SECURITY.md or private advisory flow instead of a public issue.