Ran blitz_api through debuggix.space. Findings below.
π Dependency CVEs
β’ CVE-2026-33155 β deepdiff DoS
β’ CVE-2026-32597 β pyjwt crit header bypass
β’ CVE-2026-42561 β python-multipart DoS
In requirements.txt and uv.lock.
π‘ Binding to all interfaces β app/main.py:75
π‘ Requests without timeout β app/bitcoind/utils.py:58
SSH credentials in sync_to_blitz.sh are placeholder variables
per README β not flagged.
Scan took 60 seconds. Full report: debuggix.space
Ran blitz_api through debuggix.space. Findings below.
π Dependency CVEs
β’ CVE-2026-33155 β deepdiff DoS
β’ CVE-2026-32597 β pyjwt crit header bypass
β’ CVE-2026-42561 β python-multipart DoS
In requirements.txt and uv.lock.
π‘ Binding to all interfaces β app/main.py:75
π‘ Requests without timeout β app/bitcoind/utils.py:58
SSH credentials in sync_to_blitz.sh are placeholder variables
per README β not flagged.
Scan took 60 seconds. Full report: debuggix.space