- SQL queries were written with raw parameters and needed proper sanitization. - One defined endpoint lacked security. - The code was missing type annotations. - Unnecessary data was being loaded into memory.