The article exposes vulnerabilities in Object Relational Mappers (ORMs) that can lead to leaking sensitive data. A specific bug in the Beego ORM allowed researchers to bypass protections in Harbor, a popular open-source container registry. The authors highlight that ORM Leak vulnerabilities aren't limited to specific frameworks like Django or Prisma. Instead, any robust filtering capability that allows user input can inadvertently expose sensitive attributes if developers don’t implement strict controls. The analysis includes a detailed look at the OData API and the Entity Framework, where issues arose from filtering sensitive attributes. An example provided shows how the Harbor API allowed users to filter by email, but without protections against accessing sensitive fields like passwords. The vulnerability was quickly identified in Harbor’s code, underscoring a common mistake where user-controllable filters are applied without sufficient validation. The piece also introduces semgrep rules for detecting unsafe ORM practices across various frameworks. A key takeaway is that even with recent updates designed to enhance security, weaknesses in parsing filter expressions can still be exploited, as seen in how Harbor's code was structured. Users with adequate permissions could access sensitive information by manipulating filter parameters, demonstrating the need for more rigorous security measures in API design.