Examples

Real findings. Real evidence.

Every finding below is based on a real vulnerability pattern Composed identifies. Evidence, exploitation path, and fix recommendations.

SQL Injection in API Route Handler

Critical CWE-89
PR Context
A POST endpoint concatenated user-supplied input directly into a raw SQL query.
Evidence / Reproduction
Submitted a single quote (`'`) which broke the query structure. Then injected UNION SELECT to extract the users table. The endpoint returned user email hashes and session tokens in the response body.
Why it matters
An attacker with no authentication could dump the entire user database, including credential hashes and session secrets.
Recommended fix
Replace string concatenation with parameterized queries. Never embed user input in SQL strings.

Server-Side Request Forgery in PDF Generator

High CWE-918
PR Context
The app accepted a URL parameter to fetch an external image for PDF rendering.
Evidence / Reproduction
Changed the URL from example.com/logo.png to the cloud metadata endpoint. The generated PDF contained instance metadata including IAM credentials.
Why it matters
An attacker can pivot from the application into the internal cloud metadata service, stealing credentials that grant access to the entire cloud environment.
Recommended fix
Allowlist permitted domains. Validate URL schemes. Run the PDF service in a sandboxed network with no access to metadata endpoints.

IDOR in User Profile API

High CWE-639
PR Context
The endpoint /api/users/{id}/profile returned the full user profile for any authenticated user.
Evidence / Reproduction
Created account A (userId=1001). Changed the request to /api/users/1002/profile. Account B's email, phone number, and billing address were returned. No authorization check.
Why it matters
Any authenticated user can enumerate all users and scrape personally identifiable information.
Recommended fix
Verify that the requesting user owns the resource before returning data. Use the session user ID, not the URL parameter.

Path Traversal in File Download Endpoint

High CWE-22
PR Context
A file download endpoint accepted a filename parameter with no path sanitization.
Evidence / Reproduction
Replaced the filename with ../../../../etc/passwd. The endpoint returned the server's password file in the HTTP response.
Why it matters
An attacker can read arbitrary files from the server, including configuration files containing database credentials and API keys.
Recommended fix
Validate the resolved path is within the allowed directory. Use a filesystem allowlist.

Credential Leakage in Git History

Critical CWE-522
PR Context
A commit added a .env file containing production AWS access keys and a database connection string.
Evidence / Reproduction
The commit message was 'chore: add env template'. The .env file contained AWS_ACCESS_KEY_ID and DATABASE_URL with plaintext credentials.
Why it matters
Anyone with read access to the repository can use these credentials to access production resources.
Recommended fix
Rotate all exposed credentials immediately. Add .env to .gitignore. Use a pre-commit hook to scan for secrets.

Insecure Agent Tool Integration

Critical CWE-78
PR Context
An AI coding agent was configured with a tool that executed shell commands from user input.
Evidence / Reproduction
A PR description containing shell metacharacters caused the agent to execute arbitrary commands in the CI/CD environment.
Why it matters
A malicious PR description could cause the agent to run arbitrary commands with full production access.
Recommended fix
Use structured APIs instead of shell execution. Run agent tools in restricted containers with minimal permissions.

Prompt Injection via Public Issue Comment

Medium CWE-94
PR Context
A public repository had a bot that automatically responded to issue comments using an LLM.
Evidence / Reproduction
A comment with injection instructions caused the bot to output fabricated system file contents and perform unintended actions.
Why it matters
An attacker can manipulate the bot to leak information or perform actions on behalf of the integration's credentials.
Recommended fix
Never expose LLM agents to untrusted input without a sandbox. Use prompt isolation techniques.

What would Composed find in your code?

Run it on 10 PRs →