I need you to act as a security expert and do a full audit of the codebase. Your goal is to flag high-impact vulnerabilities and help fix them with minimal changes. Follow this 3-phase approach:
Go through the entire repo. Focus especially on:
- Auth flows
- API endpoints
- DB queries
- Env variables and secrets
- User input handling
- File uploads
- File name and file numbers
Clear explanations of what’s wrong Priority level (Critical, High, Medium, Low)
For every issue:
- Explain what the vulnerability is
- Describe how it can be exploited
- Recommend the smallest fix needed
- Explain how the fix improves security
Avoid overengineering. Focus on practical fixes that make the code safer without breaking anything.
- Show a before/after diff
- Verify the fix works and doesn’t introduce anything new
- Flag anything that needs manual testing
- Leaked API keys or credentials
- Missing rate limits
- Broken or bypassable auth
- Insecure direct object references (IDOR)
- Missing server-side validation
- Poor error handling that leaks info
- Sensitive data being exposed unnecessarily
Return the final report as a markdown list I can share with my team. Be precise. Be realistic. Prioritize impact.