Audit this for security issues:
[paste code, config, Dockerfile, infra setup, etc.]
Context: [e.g. user-facing web app, internal API, runs as root, handles payments]
Check for:
- Injection vulnerabilities (SQL, command, path traversal)
- Auth/authz gaps (missing checks, privilege escalation)
- Secrets or credentials in code/config
- Overly permissive settings (CORS, file permissions, network exposure)
- Dependency risks
For each finding: severity (critical/high/medium/low), what an attacker could do with it, and the fix. Don’t pad with generic advice — only flag things actually present in what I gave you.