What's the link to your site? What does it say when you click on Misleading pages?

I don't know if it's related, but maybe use your own domain instead of stripe-app-production-5848.up.railway.app for your API?

Sure.

When you sign into GSC, go to Security & Manual Actions then Security Issues.

Which pages specifically are showing up?

Have you already used a security scanner on your site? If not, use one that's compatible with where you're hosting. (I can help if you're using WP or Squarespace.)

Actually go into your site's file system, if possible, and go through every single file to look for any weird redirects or suspicious files.

(You can run an Ahref's site audit (free) and it'll tell you if there are any redirects.)

Make sure every part of your site (all components) are updated to the latest versions because they're the most secure. This includes website themes if you didn't build it from scratch.

Actually, now that I think about it, go and run an Ahref's audit anyway, and show us what that looks like. Some stuff could still be loading with HTTP instead of HTTPS, and that could cause an issue.

Does your site link out to software, like installers? If so, double-check those for PUPs. That'd definitely trigger that warning if any exist.

After you do all that and it still doesn't change, let me know. I've got more suggestions you can try to troubleshoot, but they'd be on a server level, and I'm not as confident doing that as the above (but I can tag a local friend who is a genius with that stuff).