Findings

Audit findings.

Real bugs, not vibes — the security regressions Sebastion catches in live open-source code. Every finding maps to a CWE and is ranked by severity, then published in the open so you can see exactly what a security-first review surfaces before code ships.

1001 findings across 288 repositories — 80 critical, 364 high, 522 medium, 35 low.

Findings come from automated audit runs across public repositories, grouped by scanner severity. They have not all been individually triaged or acknowledged by maintainers; CVE numbers are assigned only after coordinated disclosure where applicable.

Critical

50 on this page

tech-leads-club/agent-skills

Arbitrary code execution via command-line argument in Playwright runner

CWE-94packages/skills-catalog/skills/(web-automation)/playwright-skill/run.js

2026-05-28

unclecode/crawl4ai

Remote Code Execution via user-provided hook code executed with exec()

CWE-94deploy/docker/hook_manager.py

2026-05-28

JannisX11/blockbench

Arbitrary code execution via plugin loading from URL or file

CWE-94js/plugin_loader.ts

2026-05-27

modelscope/FunASR

Remote code execution via dynamic import of downloaded Python code

CWE-94funasr/utils/dynamic_import.py

2026-05-27

st-tech/ppf-contact-solver

Remote code execution via MCP `run_python_script` tool

CWE-94blender_addon/mcp/blender_handlers.py

2026-05-27

areal-project/AReaL

Arbitrary class instantiation and code execution via unauthenticated /create_engine endpoint

CWE-502areal/experimental/openai/proxy/proxy_rollout_server.py

2026-05-26

sgoudelis/ground-station

SQL injection via arbitrary SQL execution in full_restore

CWE-89backend/handlers/entities/databasebackup.py

2026-05-26

thesysdev/openui

Server-side code execution via `new Function()` on user-controlled math expression

CWE-94docs/app/api/chat/route.ts

2026-05-26

PySpur-Dev/pyspur

Arbitrary code execution via PythonFuncNode exec()

CWE-95backend/pyspur/nodes/python/python_func.py

2026-05-25

PySpur-Dev/pyspur

Arbitrary code execution via workflow code parsing exec()

CWE-95backend/pyspur/workflow_code_handler.py

2026-05-25

open-webui/open-webui

Arbitrary code execution via tool/function creation by non-admin users

CWE-94backend/open_webui/utils/plugin.py

2026-05-25

ItzCrazyKns/Vane

No authentication on any API routes — unauthenticated config modification

CWE-862src/app/api/config/route.ts

2026-05-24

NVlabs/Sana

Unsafe torch.load on user-supplied model files without weights_only=True

CWE-502tools/download.py

2026-05-24

NVlabs/Sana

Unsafe torch.load in download_model without weights_only=True

CWE-502tools/download.py

2026-05-24

brokermr810/QuantDinger

Strategy compiler injects unsanitized user input into generated Python code

CWE-94backend_api_python/app/services/strategy_compiler.py

2026-05-24

kyegomez/swarms

Arbitrary command execution via run_bash tool in autonomous agent loop

CWE-78swarms/structs/autonomous_loop_utils.py

2026-05-24

neuphonic/neutts

Unsafe torch.load on user-supplied .pt files enables arbitrary code execution

CWE-502examples/basic_example.py

2026-05-24

neuphonic/neutts

Unsafe torch.load on user-supplied .pt files in onnx_example.py

CWE-502examples/onnx_example.py

2026-05-24

neuphonic/neutts

Unsafe torch.load on user-supplied .pt files in streaming example

CWE-502examples/basic_streaming_example.py

2026-05-24

aandrew-me/ytDownloader

Shell command injection via user-supplied URL in yt-dlp execution

CWE-78src/renderer.js

2026-05-22

aandrew-me/ytDownloader

Shell command injection via URL in playlist_new.js exec()

CWE-78src/playlist_new.js

2026-05-22

wechat-article/wechat-article-exporter

Server-side eval() on attacker-controlled HTML from external fetch

CWE-94server/api/public/beta/aboutbiz.get.ts

2026-05-22

CodeWithHarry/Sigma-Web-Dev-Course

NoSQL injection via unsanitized request body passed to MongoDB deleteOne

CWE-943Video 130/passop-mongo/backend/server.js

2026-05-21

simular-ai/Agent-S

Arbitrary code execution via LLM-generated code passed to exec()

CWE-95gui_agents/s1/cli_app.py

2026-05-21

simular-ai/Agent-S

eval() on LLM-generated code in Worker.generate_next_action

CWE-95gui_agents/s1/core/Worker.py

2026-05-21

simular-ai/Agent-S

LLM-generated code executed as shell/python scripts via LocalController

CWE-78gui_agents/s3/agents/code_agent.py

2026-05-21

microsoft/data-formulator

LLM-generated Python code executed in local sandbox with insufficient isolation

CWE-94py-src/data_formulator/agents/agent_data_loading_chat.py

2026-05-20

nanocoai/nanoclaw

Command injection in Docker image build via unsanitized package names

CWE-78src/container-runner.ts

2026-05-18

openinterpreter/open-interpreter

Remote code execution via profile loading from URL

CWE-94interpreter/terminal_interface/profiles/profiles.py

2026-05-13

openinterpreter/open-interpreter

Server /settings endpoint allows arbitrary attribute overwrite enabling RCE

CWE-94interpreter/core/async_core.py

2026-05-13

datawhalechina/hello-agents

Arbitrary code execution via exec() on LLM-influenced input

CWE-94Co-creation-projects/chen070808-ProgrammingTutor/src/tools/code_runner.py

2026-04-24

datawhalechina/hello-agents

Arbitrary code execution via exec() in PythonInterpreterTool

CWE-94Co-creation-projects/healer-666-Academic-Data-Agent/src/data_analysis_agent/tools/python_interpreter.py

2026-04-24

datawhalechina/hello-agents

Arbitrary code execution via exec() in CodeTutor CodeRunner

CWE-94Co-creation-projects/lll0807-CodeTutorAgent/programmer/tools/code_runner.py

2026-04-24

siyuan-note/siyuan

Arbitrary JS execution via embedded block query with //!js prefix

CWE-94app/src/protyle/render/blockRender.ts

2026-04-24

siyuan-note/siyuan

Electron renderer with nodeIntegration and no contextIsolation enables RCE from XSS

CWE-94app/electron/main.js

2026-04-24

jingyaogong/minimind

Arbitrary code execution via eval() in web_demo.py tool execution

CWE-95scripts/web_demo.py

2026-04-23

jingyaogong/minimind

Arbitrary code execution via eval() in eval_toolcall.py MOCK_RESULTS

CWE-95scripts/eval_toolcall.py

2026-04-23

zhayujie/CowAgent

OS command injection via bash tool from LLM-controlled input

CWE-78agent/tools/bash/bash.py

2026-04-23

vanna-ai/vanna

Arbitrary command execution via run_bash in LocalFileSystem

CWE-78src/vanna/integrations/local/file_system.py

2026-04-19

MarilynClarke/Hyperliquid-Copy-Trading-Bot

Backdoor: Private key exfiltrated via spawned child process

CWE-506src/index.ts

2026-04-18

duriantaco/skylos

SQL Injection via unsanitized user input in f-string query

CWE-89app.py

2026-04-10

duriantaco/skylos

SQL Injection via table name injection

CWE-89app.py

2026-04-10

duriantaco/skylos

Multiple SQL Injection vectors in /report endpoint

CWE-89app.py

2026-04-10

duriantaco/skylos

OS Command Injection via os.system and subprocess.run with shell=True

CWE-78app.py

2026-04-10

duriantaco/skylos

Arbitrary code execution via eval() and exec() on user input

CWE-94app.py

2026-04-10

smithery-ai/cli

Remote Code Execution via `new Function()` on server-controlled `stdioFunction`

CWE-94src/utils/run/prepare-stdio-connection.ts

2026-04-07

skalesapp/skales

Arbitrary code execution via custom skill upload and execute

CWE-94apps/web/src/app/api/custom-skills/execute/route.ts

2026-04-06

skalesapp/skales

validateSkillCode executes untrusted code in the server process via vm.runInThisContext + sandboxRequire

CWE-94apps/web/src/lib/skill-ai.ts

2026-04-06

KroMiose/nekro-agent

Unsafe pickle deserialization of RPC request body from sandbox containers

CWE-502nekro_agent/services/rpc_service.py

2026-04-05

arc53/DocsGPT

SQL Injection via LLM-generated queries in PostgresTool

CWE-89application/agents/tools/postgres.py

2026-04-05