Showing security data for All Projects
AI Security Score ?
54.0%
Higher is safer
Bug Risk ?
29.3%
Lower is better
Fake-work Risk ?
25.7%
Lower is better
Reviewed Commits ?
1,644
AI reviewed commits

Security Table ?

Click any row to see what should be fixed.
IssueProjectCommitFileAI SecurityBug RiskFake-workStatus
Missing Validation super-admin 23ec28e6 src/routes/user-details.$userId.tsx:1756 60% 30% 10% Open
How to fix: add prop types or runtime validation for userRole to improve security and bug risk
Commit messagesuper master exposure detail
Branchmain
AI summaryThe commit introduces role-based filtering for exposure details, focusing on super and master roles. It adds several utility functions and integrates role checks across components. The code appears logically consistent, but lacks detailed commit message and comments, which could improve maintainability and clarity.
Security Review Needed super-admin d971f360 src/routes/user-exposure-detail.tsx:1346 60% 20% 10% Open
How to fix: add validation or stricter role enumeration to improve security and bug risk scores
Commit messageMerged in Manya1 (pull request #41) super master exposure detail
Branchmain
AI summaryThe commit introduces user role based filtering of exposure data, enhancing feature granularity. It generally improves business value by securing access controls based on role and implementing role normalization. However, there are some areas lacking thorough input validation and explicit role management, which could cause bugs or security issues.
Security Review Needed super-admin d971f360 src/routes/user-exposure-detail.tsx:1341 60% 20% 10% Open
How to fix: add explicit handling or validation for missing roles to improve quality and security
Commit messageMerged in Manya1 (pull request #41) super master exposure detail
Branchmain
AI summaryThe commit introduces user role based filtering of exposure data, enhancing feature granularity. It generally improves business value by securing access controls based on role and implementing role normalization. However, there are some areas lacking thorough input validation and explicit role management, which could cause bugs or security issues.
Missing Validation tenant-service 7a816fd5 src/controllers/horseracing/report.controller.js:4492 70% 25% 10% Open
How to fix: add validation or try/catch to handle invalid IDs
Commit messagehyrarcy exposure
Branchmain
AI summaryThe commit introduces a detailed MongoDB aggregation query to calculate exposure and summarize betting data based on user hierarchy. It uses object IDs properly and MongoDB pipeline stages for efficient data retrieval. The functionality adds valuable business insight into user exposure across hierarchical nodes, which is important for the betting system. However, the commit message is poorly written and unclear, reducing overall readability and traceability. There could be improved clarity and some missing input validation or error handling risks in the usage of IDs that might introduce bugs or security concerns. The code does not explicitly show how authentication or authorization is handled, which is critical in hierarchy exposure contexts.
Security Review Needed tenant-service 7a816fd5 src/controllers/horseracing/report.controller.js:4669 70% 25% 10% Open
How to fix: ensure these are validated and sanitized before use
Commit messagehyrarcy exposure
Branchmain
AI summaryThe commit introduces a detailed MongoDB aggregation query to calculate exposure and summarize betting data based on user hierarchy. It uses object IDs properly and MongoDB pipeline stages for efficient data retrieval. The functionality adds valuable business insight into user exposure across hierarchical nodes, which is important for the betting system. However, the commit message is poorly written and unclear, reducing overall readability and traceability. There could be improved clarity and some missing input validation or error handling risks in the usage of IDs that might introduce bugs or security concerns. The code does not explicitly show how authentication or authorization is handled, which is critical in hierarchy exposure contexts.
Secret Exposure tenant-service 7a816fd5 src/controllers/horseracing/report.controller.js:4705 70% 25% 10% Open
How to fix: add comments to explain its purpose and ensure security checks on visibleBetFilter
Commit messagehyrarcy exposure
Branchmain
AI summaryThe commit introduces a detailed MongoDB aggregation query to calculate exposure and summarize betting data based on user hierarchy. It uses object IDs properly and MongoDB pipeline stages for efficient data retrieval. The functionality adds valuable business insight into user exposure across hierarchical nodes, which is important for the betting system. However, the commit message is poorly written and unclear, reducing overall readability and traceability. There could be improved clarity and some missing input validation or error handling risks in the usage of IDs that might introduce bugs or security concerns. The code does not explicitly show how authentication or authorization is handled, which is critical in hierarchy exposure contexts.
Security Review Needed tenant-service 5da2e28b src/controllers/horseracing/race.controller.js:216-249 40% 30% 10% Open
How to fix: add input validation and sanitization to prevent injection attacks
Commit messagehyrarcy exposure
Branchmain
AI summaryThe commit introduces a race scraping feature with proper payload building and duplicate race check. The code includes input validation and error handling, improving robustness. However, it lacks thorough security measures such as input sanitization and rate limiting, and there is room for clearer error reporting and better documentation. The logic and code structure mostly follow good practices but could benefit from some minor improvements for maintainability and security.
Security Review Needed tenant-service 5da2e28b src/services/horseRaceService.js:97-164 40% 30% 10% Open
How to fix: implement rate limiting or authentication checks to avoid abuse of the scrape endpoint
Commit messagehyrarcy exposure
Branchmain
AI summaryThe commit introduces a race scraping feature with proper payload building and duplicate race check. The code includes input validation and error handling, improving robustness. However, it lacks thorough security measures such as input sanitization and rate limiting, and there is room for clearer error reporting and better documentation. The logic and code structure mostly follow good practices but could benefit from some minor improvements for maintainability and security.
Security Review Needed tenant-service 5da2e28b src/services/horseRaceService.js:115 40% 30% 10% Open
How to fix: validate or sanitize URL inputs and ensure that the scraper module handles untrusted input securely
Commit messagehyrarcy exposure
Branchmain
AI summaryThe commit introduces a race scraping feature with proper payload building and duplicate race check. The code includes input validation and error handling, improving robustness. However, it lacks thorough security measures such as input sanitization and rate limiting, and there is room for clearer error reporting and better documentation. The logic and code structure mostly follow good practices but could benefit from some minor improvements for maintainability and security.
Security Review Needed tenant-service 5da2e28b src/controllers/horseracing/race.controller.js:242 40% 30% 10% Open
How to fix: provide more detailed error logging and consider hiding internal errors from client responses for security
Commit messagehyrarcy exposure
Branchmain
AI summaryThe commit introduces a race scraping feature with proper payload building and duplicate race check. The code includes input validation and error handling, improving robustness. However, it lacks thorough security measures such as input sanitization and rate limiting, and there is room for clearer error reporting and better documentation. The logic and code structure mostly follow good practices but could benefit from some minor improvements for maintainability and security.
Authorization Risk tenant-service c8347f05 src/controllers/horseracing/report.controller.js:4558-4564 30% 40% 70% Open
How to fix: implement comprehensive authorization middleware to handle hierarchy exposure securely
Commit messagehyrarcy exposure
Branchmain
AI summaryThe commit adds logic to determine if child users should be loaded based on user role and presence of userId, but the commit message is unclear and misspelled. The code could lead to improper user access due to role checking by string and lack of robust authorization handling, posing security and bug risks. The business value is moderate as it tries to control data exposure but lacks thorough validation.
Missing Validation tenant-service 619a0ebc src/controllers/horseracing/report.controller.js:3284 80% 25% 10% Monitoring
How to fix: Review this commit and apply the AI suggested remediation.
Commit messagehyrarcy exposure
Branchmain
AI summaryThe commit adds MongoDB aggregation pipeline stages to include additional filtering, grouping, and data enrichment for bets and exposures in a horse racing reporting context. The changes appear substantial and domain-relevant but lack clear explanation in the commit message. The code exposes detailed join and lookup operations, which can be complex and needs careful validation. Presumed security is good with rigour in user and bet filtering. The commit message contains a typo and is not descriptive enough. The large aggregation pipeline increases complexity and risk of subtle bugs if not thoroughly tested. No evident security flaws are found, but some defensive coding or validations are not visible here.
Missing Validation tenant-service 00358b5d src/controllers/horseracing/report.controller.js:3009 80% 30% 20% Monitoring
How to fix: validate input before conversion to number to reduce bug risk
Commit messagehyrarcy exposure
Branchmain
AI summaryThe commit introduces calculated negative exposure values with rounding applied, which may be useful for reporting. However, the commit message is unclear and misspelled. Some improvements could be made in commit message clarity and potential verification of input data types to reduce bug risk.
Missing Validation tenant-service 00358b5d src/controllers/horseracing/report.controller.js:3012 80% 30% 20% Monitoring
How to fix: add validation to ensure correct numeric input type
Commit messagehyrarcy exposure
Branchmain
AI summaryThe commit introduces calculated negative exposure values with rounding applied, which may be useful for reporting. However, the commit message is unclear and misspelled. Some improvements could be made in commit message clarity and potential verification of input data types to reduce bug risk.
Missing Validation tenant-service 00358b5d src/controllers/horseracing/report.controller.js:3013 80% 30% 20% Monitoring
How to fix: add validation for numeric input
Commit messagehyrarcy exposure
Branchmain
AI summaryThe commit introduces calculated negative exposure values with rounding applied, which may be useful for reporting. However, the commit message is unclear and misspelled. Some improvements could be made in commit message clarity and potential verification of input data types to reduce bug risk.
Security Review Needed website 3db56b89 src/pages/MultiRaceDetail.tsx 80% 20% 10% Monitoring
How to fix: Review this commit and apply the AI suggested remediation.
Commit messagemulti-bet horse icon
Branchmain
AI summaryThis commit adds a horse icon to the multi-bet page and improves runner display by including the gate number in the display name. It introduces multiple UI changes for better visualization and updates typings to include gate number information. The changes mostly improve the user interface and clarity of data presentation with low risk for bugs or security issues.
Security Review Needed super-admin cd1a9573 src/routes/agency-management.user-details.$userId.tsx 80% 20% 10% Monitoring
How to fix: Review this commit and apply the AI suggested remediation.
Commit messageMerged in Manya1 (pull request #35) refresh enable aaply on counter-refresh
Branchmain
AI summaryThis commit adds disabled states and onClick handlers to various UI elements to manage fetch state more effectively. It improves UX by preventing multiple requests during active fetching. The changes show sensible handling of fetching states across multiple routes, contributing to robustness.
Injection Risk super-admin 846680ae src/components/common/RefreshToggle.tsx 80% 15% 10% Monitoring
How to fix: Review this commit and apply the AI suggested remediation.
Commit messagenavbar changes and switch tab api hit
Branchmain
AI summaryThis commit adds UI improvements including date/time display, timezone switcher in the navbar, and refresh toggle features. The clock uses hooks and memoization appropriately. Important controls implement proper state and logout functionality. Some redundant or copy-pasted code is present that could be simplified. Refresh toggling and staleTime/refetchOnMount settings improve API freshness but could impact performance if not calibrated. Security is reasonably handled with user info display and logout, but no explicit security enhancements or risks are introduced.
Security Review Needed super-admin 317403f1 src/hooks/useReportSocket.tsx:259 70% 20% 10% Open
How to fix: add input type checks or validation to avoid runtime errors with unexpected types
Commit messagefix profit-loss socket
Branchmain
AI summaryThis commit adds comprehensive handling for multiple profit-loss event aliases in the socket listener, improving coverage and robustness. It includes normalization and checks for event names, along with appropriate callbacks to refresh the reports. Logging is added for visibility. However, the implementation could benefit from improved code comments, input validation, and better error handling to reduce risk further.
Security Review Needed super-admin 87fd5281 src/hooks/useReportSocket.tsx:261 75% 20% 10% Monitoring
How to fix: add unit tests to validate all variants in PROFIT_LOSS_EVENT_ALIASES
Commit messageMerged in Manya1 (pull request #37) fix profit-loss socket
Branchmain
AI summaryThe commit introduces handling for multiple aliases of the profit-loss socket event in a React app, with adequate logging and event normalization for consistency. The changes enhance maintainability and robustness against event name variations, reducing bug risk related to missing or misnamed socket events. However, some minor risks remain due to use of JSON.parse without try-catch and reliance on console.info for logging rather than more robust logging or error capture. Business value is good given the fix is targeted at a core functionality (profit-loss reporting). Security is moderate due to potential parsing risks.
Security Review Needed super-admin 8a6ae6e2 src/routes/net-exposure-detail.tsx:1070 50% 15% 10% Open
How to fix: consider adding error handling or validation for payload structure to reduce bug risk
Commit messageget-market-bets change
Branchmain
AI summaryThe commit adds functionality to fetch and normalize net bets data from an API, integrating it with existing queries using useQuery React hooks. The normalization function robustly handles varying key names and data shapes. Some duplication exists between two files (net-exposure-detail.tsx and user-exposure-detail.tsx) with highly similar normalization and fetching logic. The code introduces detailed mapping of bet data fields improving data handling quality and robustness. However, there is limited input validation beyond type coercion, and userId extraction differs between files without clear consistency. Error handling in async calls is not evident. The commit message is sparse, providing no context.
Missing Validation super-admin f790f431 src/routes/user-exposure-detail.tsx:155 60% 20% 10% Open
How to fix: add validation and error handling to improve quality and reduce bug risk
Commit messageMerged in Manya1 (pull request #38) get-market-bets change
Branchmain
AI summaryThis commit adds fetching and normalization of net bets data in two components, improving data handling and UI reactivity with useQuery hooks. The normalization functions are robust in handling varied response shapes. However, the commit message is uninformative, and some minor function duplications exist between files. There is also no explicit error handling or input validation in fetch functions which could reduce robustness.
Missing Validation super-admin 595e9701 src/routes/net-exposure-detail.tsx:1083 40% 30% 15% Open
How to fix: add input validation and types for higher robustness and security
Commit messagetab switch api hit
Branchmain
AI summaryThe commit adds route state monitoring for tab switch API calls to refetch data when certain route parameters change, which improves user experience by timely updates. It also includes utility functions to deduplicate bet data which improves performance and data consistency. However, reliance on routeHref state as a dependency, minimal error handling, and verbose console logging present risks to maintainability and potential debugging noise in production. The absence of security considerations and type validation reduces security score. The commit message lacks detail about the precise API calls made or outcomes expected, limiting business context.
Secret Exposure super-admin 9d8b2c30 src/routes/net-exposure-detail.tsx 40% 30% 20% Open
How to fix: Review this commit and apply the AI suggested remediation.
Commit messageMerged in Manya1 (pull request #39) tab switch api hit
Branchmain
AI summaryThe commit adds hooks to trigger API refetches when the route changes in two key detail components and introduces utility functions to filter duplicate bets. The improvements enhance data freshness and UI responsiveness to navigation changes, increasing business value. The code uses set-based uniqueness filtering, reducing potential duplicated data. However, several console logging statements remain, which is low quality for production and may leak info. The commit message is vague and lacks clarity on implementation details. No obvious security improvements or bug fixes are present, and refetch logic may lead to excessive calls if route changes rapidly.
Missing Validation super-admin 2618eddb src/components/common/BetsExcelExportButton.tsx:124 80% 20% 10% Monitoring
How to fix: Add input data validation to avoid corrupt or malicious data in generated Excel files
Commit messageCSV file download,status change ,bulk transfer action
Branchmain
AI summaryThe commit introduces a well-structured export feature for bets to Excel with support for multiple layouts and detailed bet leg breakdowns. The code is modular with multiple helper functions improving maintainability and readability. It adds useful features likely increasing business value by enabling better reporting and data export. There is a minor bug risk if the mapping functions (getBet, etc.) are flawed or if the XLSX library usage is incorrect, but overall risk is low. Security could be improved via validation or sanitization of input data before exporting. The commit message could be more descriptive regarding the layout parameter and specific features.
Missing Validation super-admin 6c2ec1b3 src/components/common/BetsExcelExportButton.tsx:104 50% 30% 10% Open
How to fix: add type checks or validation to avoid runtime errors
Commit messageMerged in Manya1 (pull request #40) CSV file download,status change ,bulk transfer action
Branchmain
AI summaryThis commit adds a comprehensive Excel export feature for bets with multiple layouts accommodating different report styles. The code modularizes the export functionality and dynamically builds Excel sheets with relevant headers and rows based on layout. It also integrates linking between main bets and their legs. However, it lacks comments and type safety checks that could improve maintainability and reduce risks. No security-critical functionality was changed, but exporting potentially sensitive info (like IP addresses) requires careful consideration. The commit message is vague and lacks detail on changes.
Security Review Needed super-admin 6c2ec1b3 src/components/common/BetsExcelExportButton.tsx:189 50% 30% 10% Open
How to fix: verify proper handling/permission for exporting user IP addresses
Commit messageMerged in Manya1 (pull request #40) CSV file download,status change ,bulk transfer action
Branchmain
AI summaryThis commit adds a comprehensive Excel export feature for bets with multiple layouts accommodating different report styles. The code modularizes the export functionality and dynamically builds Excel sheets with relevant headers and rows based on layout. It also integrates linking between main bets and their legs. However, it lacks comments and type safety checks that could improve maintainability and reduce risks. No security-critical functionality was changed, but exporting potentially sensitive info (like IP addresses) requires careful consideration. The commit message is vague and lacks detail on changes.
Security Review Needed website 0948238e src/components/racing/HorseRow.tsx 80% 10% 5% Monitoring
How to fix: Review this commit and apply the AI suggested remediation.
Commit messagejersey horse icon
Branchmain
AI summaryThis commit introduces a jersey horse icon with associated color theming for empty jersey states in HorseRow component, improving UI/UX. It also includes race event fetching logic with proper cancellation and visibility change handling in HorseRacing page, enhancing data freshness and user interaction. The changes are well isolated and use proper React hooks and state management.
Secret Exposure crm-dashbaord dd9379fb src/modules/horse/pages/Race/AdminRacepage.tsx 80% 20% 10% Monitoring
How to fix: Review this commit and apply the AI suggested remediation.
Commit messageMerged in dev-jg-1 (pull request #88) arrow issue fixed
Branchmain
AI summaryThe commit fixes arrow key behavior in number inputs by preventing default to ensure arrow keys are reserved for navigation. However, the change is minimal and lacks detailed context or tests. The commit message is vague.
Security Review Needed crm-dashbaord 2d5d0971 src/pages/Platforms/AdminMarketPage.tsx 80% 30% 10% Monitoring
How to fix: add or update tests to validate the event.stopPropagation and key handling improvements
Commit messagearrow issue fixed
Branchmain
AI summaryThe commit fixes arrow key handling issues by stopping event propagation and wrapping navigation within UI tables. While this addresses a user interaction bug, the lack of detailed commit message and tests lower overall quality and business value scores slightly. The changes reduce risk of unintended browser behavior and potential bugs in navigation. Security risk is low since event handling is local to UI behavior.

Vulnerability Heatmap ?

Project exposure by weighted severity.
No/very low exposure Low Medium High exposure
antfast-dashboard · High exposure
arena · No current exposure
army · Medium exposure
army505 · No current exposure
army510 · No current exposure
avriti · High exposure
avriti-backend · High exposure
b2b-b2c · No current exposure
bet-service · High exposure
crm-dashbaord · High exposure

Security Trend ?

Weekly average security score. Higher is safer.
25 50 75 100 May 18 May 25 Jun 01 Jun 08 Jun 15 Jun 22 Jun 29 Jul 06