Code-quality scan: pascalorg/editor
Score: 79/100 (B) · 88 findings · scanned 2026-05-20 01:28 UTC · 133,093 LOC
| Severity |
Count |
| CRITICAL |
0 |
| HIGH |
17 |
| MEDIUM |
22 |
| LOW |
31 |
📊 Full filterable report · 
Top findings
- HIGH
SEC085 — JS: child_process.exec with non-literal
packages/mcp/src/storage/sqlite-driver.ts:15
- HIGH
SEC085 — JS: child_process.exec with non-literal
packages/mcp/src/prompts/renovation-from-photos.ts:42
- HIGH
SEC040 — innerHTML XSS — template literal with server-supplied data
packages/mcp/src/resources/scene-summary.ts:159 · CWE-79 · A03:2021 Injection (XSS)
- HIGH
SEC040 — innerHTML XSS — template literal with server-supplied data
packages/editor/src/components/editor-2d/svg-paths.ts:103 · CWE-79 · A03:2021 Injection (XSS)
- HIGH
SEC040 — innerHTML XSS — template literal with server-supplied data
packages/editor/src/components/editor-2d/renderers/floorplan-geometry-renderer.tsx:153 · CWE-79 · A03:2021 Injection (XSS)
Security note: this issue is public. If any flagged finding is a real, exploitable vulnerability, please redirect to your SECURITY.md policy or open a private security advisory instead. We're happy to close this and re-submit privately.
Filed automatically. Close this issue if not useful — we won't refile. Full report: https://repobility.com/scan/d053118f-f358-4d74-adb5-d1f9161b677f/
Code-quality scan:
pascalorg/editorScore: 79/100 (B) · 88 findings · scanned 2026-05-20 01:28 UTC · 133,093 LOC
📊 Full filterable report ·
Top findings
SEC085— JS: child_process.exec with non-literalpackages/mcp/src/storage/sqlite-driver.ts:15SEC085— JS: child_process.exec with non-literalpackages/mcp/src/prompts/renovation-from-photos.ts:42SEC040— innerHTML XSS — template literal with server-supplied datapackages/mcp/src/resources/scene-summary.ts:159· CWE-79 · A03:2021 Injection (XSS)SEC040— innerHTML XSS — template literal with server-supplied datapackages/editor/src/components/editor-2d/svg-paths.ts:103· CWE-79 · A03:2021 Injection (XSS)SEC040— innerHTML XSS — template literal with server-supplied datapackages/editor/src/components/editor-2d/renderers/floorplan-geometry-renderer.tsx:153· CWE-79 · A03:2021 Injection (XSS)Security note: this issue is public. If any flagged finding is a real, exploitable vulnerability, please redirect to your
SECURITY.mdpolicy or open a private security advisory instead. We're happy to close this and re-submit privately.Filed automatically. Close this issue if not useful — we won't refile. Full report: https://repobility.com/scan/d053118f-f358-4d74-adb5-d1f9161b677f/