Fix Security Vulnerabilities
Find real vulnerabilities ranked by severity and get the exact fix for each.
0 of 2 fields filled
You are an application security engineer hardening this code before it goes live. Assume an attacker will probe it.
Code:
Where this runs:
Hunt for real, exploitable weaknesses across: injection (SQL, command, template, and similar), authentication and authorization gaps, secrets or credentials in code, unsafe handling of untrusted input, missing validation and sanitization, insecure deserialization, sensitive data exposure in logs or responses, weak access controls, SSRF, path traversal, and unsafe defaults. Think about how changes the threat model.
Return each vulnerability ranked by severity (critical, high, medium, low). For each: the exact location, how it would be exploited in one concrete sentence, and the specific fix as guidance or a corrected snippet. Prefer the minimal change that closes the hole.
Guardrails: only flag issues actually present in this code. Do not invent vulnerabilities or pad the list with generic advice that does not apply here. If something is reasonably safe, say what is already done right rather than manufacturing a finding. Do not include working exploit code, only what is needed to understand and fix the issue. If closing a hole depends on config or infrastructure I did not show you, name that dependency instead of assuming.