Ran blitz_api through debuggix.space. Findings below.
🟠 Dependency CVEs
• CVE-2026-33155 — deepdiff DoS
• CVE-2026-32597 — pyjwt crit header bypass
• CVE-2026-42561 — python-multipart DoS
In requirements.txt and uv.lock.
🟡 Binding to all interfaces — app/main.py:75
🟡 Requests without timeout — app/bitcoind/utils.py:58
SSH credentials in sync_to_blitz.sh are placeholder variables
per README — not flagged.
Scan took 60 seconds. Full report: debuggix.space
Ran blitz_api through debuggix.space. Findings below.
🟠 Dependency CVEs
• CVE-2026-33155 — deepdiff DoS
• CVE-2026-32597 — pyjwt crit header bypass
• CVE-2026-42561 — python-multipart DoS
In requirements.txt and uv.lock.
🟡 Binding to all interfaces — app/main.py:75
🟡 Requests without timeout — app/bitcoind/utils.py:58
SSH credentials in sync_to_blitz.sh are placeholder variables
per README — not flagged.
Scan took 60 seconds. Full report: debuggix.space