-
Authentication seems to be reading security directly from the components and not the security descriptor. When adding multiple keys they all show as individual authorization keys and not multi-key as…
-
I noticed that this repository has exposed several API keys for AI services, like open AI.
Exposing API keys, especially those associated with an account that has active billing, poses a significan…
-
**Describe the bug**
Filestore APIs (/filestore/v1/files/id?tenantId=kl&fileStoreId=5fb3b545-5182-456e-ba82-db9bad25a2e8) are public now. These should be protected with token based authentication.
…
-
wlanpi-core is missing security and is currently exposed through the firewall by default on port 31415.
also consider adding a rate limiter (such as `fastapi-limiter`).
-
### What happens?
I have created a minimal example to demonstrate the CSP issue (https://github.com/michaelg-baringa/scalar-example/blob/main/nextjs-blog/README.md)
When navigating to http://local…
-
Part of https://github.com/5GSEC/SentryFlow/issues/9
-
-
**Related to:** https://github.com/elastic/security-team/issues/9400
## Summary
Improve the auto-generated API reference documentation available on [elastic.co/docs/api](https://www.elastic.co/docs/…
-
The Disclaimer on security is misleading and will result in a high possibility of a compromised API Key:
"Don't store secrets in code or any other resources bundled with your app. Instead, fetch th…
-
Any stored procedures which return customer data should require either the customer's API key or an admin API key.