Security Audit Report
App Router
22
Routes
3
Query Params
19
Custom Headers
Credentials or API keys may be exposed in client-side code.
User input rendered without proper sanitization.
Database queries constructed using unsanitized user input.
Untrusted data deserialized without validation.
Endpoints lack proper authorization checks.
User input rendered without proper sanitization.
Endpoint is accessible without authentication (HTTP 200)
Endpoint is accessible without authentication (HTTP 200)
Location
https://tabtify.com/api/tabs
Remediation
Review if this endpoint should require authentication
