← All catches
// bug category

xss bugs PullLight caught in real PRs.

Real findings from live code reviews — human-approved before anything posted to GitHub. Every snippet is sanitized: no identifiers, no secrets, no author info.

0 xss catches on record
Other categories
# sql-injection # missing-await # null-deref # race-condition # auth # xss # memory-leak # type-error # off-by-one # undefined
No xss catches yet — check back soon.

← Back to all catches

Want PullLight catching xss bugs in your PRs?

Install the GitHub App. Claude analyzes every diff. You approve findings before anything posts.

Install PullLight →