Worldcoin

Findings · 12

1. 1 User data may persist to disk if the swap space is ever configured Fix Status: Partially Resolved Informational
2. 2 Risk of wrong SSD health check space reported due to integer overflow Fix Status: Resolved Low
3. 3 An expired token for a nonexistent API checked into source code Fix Status: Resolved Informational
4. 4 Memory safety issues in the ZBar library Fix Status: Resolved High
5. 5 The Orb QR code scanner is configured to detect all code types Fix Status: Resolved Medium
6. 6 Core dumps are not disabled Fix Status: Resolved Informational
7. 7 World writable and readable sockets Fix Status: Unresolved Undetermined
8. 8 Opportunities to harden the static kernel configuration and runtime parameters Fix Status: Partially Resolved Informational
9. 9 The downloaded list of components to update is not verified Fix Status: Resolved Informational
10. 10 Security issues in the HTTP client configuration Fix Status: Partially Resolved Medium
11. 11 External GitHub CI/CD action versions are not pinned Fix Status: Resolved Medium
12. 12 The deserialize_message function can panic Fix Status: Unresolved Informational

Findings extracted from the published report PDF. See the full report below for details and remediation.