
// /lib/creds · DECRYPTING RECOGNITION
CREDS // RECOGNITION
Recovered signals of recognition: Hall of Fame acknowledgements, published CVEs, and certifications. Every entry links to an independent source you can verify.
hall of fame
letters of recognition

NASA Letter of Recognition
open full PDFpublished cves
CVE-2026-38360
CRITICAL · CVSS 9.8Path Traversal → Remote Code Execution
Unauthenticated path traversal in dash-uploader's HTTP handler, where upload_id / resumableFilename reach os.path.join() & os.makedirs() unsanitized. A single POST with ../ writes files anywhere the process can; drop a .pth into site-packages and you get code execution on interpreter start.
CVE-2026-38361
HIGH · CVSS 7.5Uncontrolled Resource Consumption → Denial of Service
Unbounded file-upload handling (max_file_size) in dash-uploader lets an unauthenticated attacker exhaust resources and take the service down, with no auth and no user interaction.








