Security: lukevella/rallly
Security
No security policy detected
This project has not set up a SECURITY.md file yet.
Report a vulnerability-
Improper Authorization Allows Reopening of Any Finalized Poll via Public pollIdGHSA-5fp2-pv2j-rqpc published
Nov 19, 2025 by lukevellaHigh -
IDOR in Participant Rename Function Allows Unauthorized Modification of Other Users’ NamesGHSA-q9m7-chfx-43xw published
Nov 19, 2025 by lukevellaModerate -
Broken Authorization: Any User Can Pause or Resume Any Poll via Poll ID ManipulationGHSA-4p93-v53r-vch3 published
Nov 19, 2025 by lukevellaHigh -
Information Disclosure in Participant API Leaks Names and Emails Despite Pro Privacy SettingsGHSA-65wg-8xgw-f3fg published
Nov 28, 2025 by lukevellaHigh -
IDOR in Vote Update Endpoint Allows Unauthorized Manipulation of Participant VotesGHSA-pchc-v5hg-f5gp published
Nov 19, 2025 by lukevellaModerate -
IDOR in Participant Deletion Endpoint Allows Unauthorized Removal of Poll ParticipantsGHSA-f8jc-6746-ww95 published
Nov 19, 2025 by lukevellaHigh -
Improper Authorization in Comment Deletion Endpoint Allows Unauthorized Comment RemovalGHSA-4j32-25f9-qgfm published
Nov 19, 2025 by lukevellaHigh -
Improper Authorization in Comment Endpoint Allows User ImpersonationGHSA-hhfc-6gq7-rrpm published
Nov 19, 2025 by lukevellaModerate -
Unauthorized Poll Finalization via Insecure Direct Object Reference (IDOR)GHSA-x7w2-g548-4qg8 published
Nov 19, 2025 by lukevellaCritical -
Unauthorized Poll Duplication via Insecure Direct Object Reference (IDOR)GHSA-44w7-pf32-gv5m published
Nov 19, 2025 by lukevellaModerate
Learn more about advisories related to lukevella/rallly in the GitHub Advisory Database