Go Restful API Boilerplate: Hardcoded JWT Secret "random" Allows Token Forgery

Vulnerability: CWE-798 — Hardcoded JWT Secret + Broken Mitigation Affected Component - github.com/dhax/go-base — Go REST API boilerplate go-chi/jwtauth/v5, Viper, PostgreSQL/Bun - 1,685 stars on GitHub Vulnerability Locations | File | Line | Role | |------|------|------| | dev.env | 10 |...

Weblate: Testing flow includes a DeepSource secret

The testing workflow for the WeblateOrg/wlc repository included a DeepSource secret, which could have allowed a malicious actor to access parts of the repository and report artifacts to DeepSource. The recommended usage would have been to create a GitHub action environment secret and call it at...