Security

Open findings from the GitHub monorepo (Dependabot, Code Scanning, secret scanning). Live data comes from ops-console after Dependabot sync; see infra/devops-stack/SECURITY.md.

Data source

Loading findings from the API…

Open by severity

critical0

high1

medium2

low0

Severity

Source

Summary

Repository

Opened

Link

high

dependabot

axios — Server-Side Request Forgery in axios before 1.6.8

GHSA-4w2v-q235-vp9m

apella/platform

3h ago

medium

dependabot

php - path traversal in optional dependency (transitive)

GHSA-xxxxx

apella/registration

18h ago

medium

code scanning

CodeQL: SQL query may be vulnerable to SQL injection

apella/event-management-services

1d ago

low

dependabot

lodash - Prototype pollution (devDependencies only)

GHSA-f5x3-p86q-v548

apella/platform

5d ago

critical

secret scanning

Generic secret — revoked credential detected in history

apella/legacy-scripts

8d ago