Skip to content
Sebastion public security findings.Browse the research
FoundationMachines
Findings

Audit findings.

Real bugs, not vibes — the security regressions Sebastion catches in live open-source code. Every finding maps to a CWE and is ranked by severity, then published in the open so you can see exactly what a security-first review surfaces before code ships.

1001 findings across 288 repositories — 80 critical, 364 high, 522 medium, 35 low.

Findings come from automated audit runs across public repositories, grouped by scanner severity. They have not all been individually triaged or acknowledged by maintainers; CVE numbers are assigned only after coordinated disclosure where applicable.

Medium

50 on this page
caamer20/Telegram-Drive
Server binds to 0.0.0.0 exposing share/stream endpoints to network
CWE-200app/src-tauri/src/server.rs
2026-05-28
caamer20/Telegram-Drive
Weak password hashing for shared links using single-round SHA-256
CWE-916app/src-tauri/src/commands/sharing.rs
2026-05-28
chaitin/MonkeyCode
Mermaid rendering with securityLevel 'loose' enables XSS via dangerouslySetInnerHTML
CWE-79frontend/src/components/common/markdown.tsx
2026-05-28
griptape-ai/griptape
Path traversal in LocalFileManagerDriver when workdir is None
CWE-22griptape/drivers/file_manager/local_file_manager_driver.py
2026-05-28
harry0703/MoneyPrinterTurbo
SSRF via user-controlled video_source URLs in material download
CWE-918app/services/material.py
2026-05-28
joeseesun/qiaomu-anything-to-notebooklm
SSRF via MCP tool `read_feishu_doc` with insufficient URL validation
CWE-918feishu-read-mcp/src/server.py
2026-05-28
joeseesun/qiaomu-anything-to-notebooklm
Shell command injection via unsanitized URL in main.py subprocess calls
CWE-78main.py
2026-05-28
pytorch/pytorch
Unsafe torch.load without weights_only in basichandlers decoder
CWE-502torch/utils/data/datapipes/utils/decoder.py
2026-05-28
pytorch/pytorch
Unsafe pickle.loads in model_dump utility
CWE-502torch/utils/model_dump/__init__.py
2026-05-28
Dispatcharr/Dispatcharr
Reflected XSS via POST body in M3U endpoint error response
CWE-79apps/output/views.py
2026-05-27
Dispatcharr/Dispatcharr
SSRF via unauthenticated HLS stream initialization endpoint
CWE-918apps/proxy/hls_proxy/views.py
2026-05-27
Dispatcharr/Dispatcharr
Django template injection via user-controlled payload_template
CWE-94apps/connect/utils.py
2026-05-27
Dispatcharr/Dispatcharr
Path traversal in backup delete via filename parameter
CWE-22apps/backups/services.py
2026-05-27
GaiZhenbiao/ChuanhuChatGPT
FAISS index loaded with allow_dangerous_deserialization=True from user-influenced cache path
CWE-502modules/index_func.py
2026-05-27
GaiZhenbiao/ChuanhuChatGPT
SSRF via ChuanhuAgent tool calls fetching arbitrary URLs
CWE-918modules/models/ChuanhuAgent.py
2026-05-27
NateBJones-Projects/OB1
SQL-like injection via ilike with unsanitized user input
CWE-89integrations/open-brain-rest/index.ts
2026-05-27
Open-Dev-Society/OpenStock
Missing authorization on server actions allows any authenticated user to manipulate other users' watchlists and alerts
CWE-862lib/actions/watchlist.actions.ts
2026-05-27
Open-Dev-Society/OpenStock
deleteAlert and toggleAlert lack ownership verification
CWE-862lib/actions/alert.actions.ts
2026-05-27
alvinunreal/oh-my-opencode-slim
Environment variable injection via config interpolation
CWE-94src/config/loader.ts
2026-05-27
anyproto/anytype-ts
Path traversal in translate() via unsanitized lang config
CWE-22electron/ts/util.ts
2026-05-27
badrisnarayanan/antigravity-claude-proxy
WebUI admin endpoints lack authentication by default
CWE-306src/webui/index.js
2026-05-27
badrisnarayanan/antigravity-claude-proxy
WebUI password stored and compared in plaintext
CWE-522src/webui/index.js
2026-05-27
badrisnarayanan/antigravity-claude-proxy
Reflected XSS in OAuth callback error page
CWE-79src/auth/oauth.js
2026-05-27
codeforreal1/compressO
User-controlled metadata strings interpolated into ffmpeg arguments without sanitization
CWE-78src-tauri/src/core/ffmpeg.rs
2026-05-27
homarr-labs/homarr
SQL LIKE injection via unsanitized query parameter in multiple routers
CWE-89packages/api/src/router/user.ts
2026-05-27
jellyfin/jellyfin-web
XSS via unsanitized tuner type values injected into innerHTML
CWE-79src/apps/dashboard/controllers/livetvtuner.js
2026-05-27
kirodotdev/Kiro
GitHub Actions workflow summary script injection via issue title
CWE-78.github/workflows/issue-triage.yml
2026-05-27
zenml-io/zenml
Uninitialized variable used in external auth flow
CWE-457src/zenml/zen_server/routers/auth_endpoints.py
2026-05-27
zenml-io/zenml
Active status update uses wrong field in update_user
CWE-863src/zenml/zen_server/routers/users_endpoints.py
2026-05-27
Acode-Foundation/Acode
XSS via innerHTML in console format() with %o/%O specifiers
CWE-79src/lib/console.js
2026-05-26
Acode-Foundation/Acode
Path traversal in preview server via unsanitized request path
CWE-22src/lib/run.js
2026-05-26
ComposioHQ/composio
Stored XSS via dangerouslySetInnerHTML on FAQ answer content
CWE-79docs/components/toolkits/faq-section.tsx
2026-05-26
ComposioHQ/open-claude-cowork
Stored XSS via innerHTML restoration of assistant messages
CWE-79renderer/renderer.js
2026-05-26
ComposioHQ/open-claude-cowork
DOM XSS via chat deletion button onclick with unsanitized chat ID
CWE-79renderer/renderer.js
2026-05-26
Datalux/Osintgram
Global SSL certificate verification disabled
CWE-295src/Osintgram.py
2026-05-26
SylphAI-Inc/AdalFlow
Code execution via sandbox_exec with insufficient sandboxing
CWE-95adalflow/adalflow/core/tool_manager.py
2026-05-26
areal-project/AReaL
Unsafe torch.load with weights_only=False allows arbitrary code execution via pickle
CWE-502areal/experimental/engine/archon_checkpoint.py
2026-05-26
areal-project/AReaL
Arbitrary module import via deserialized dataclass class_path and enum class_path
CWE-94areal/infra/rpc/serialization.py
2026-05-26
eosphoros-ai/DB-GPT
Path traversal in DuckDB file loading via read_direct
CWE-22packages/dbgpt-app/src/dbgpt_app/scene/chat_data/chat_excel/excel_reader.py
2026-05-26
fmhy/edit
Stored XSS via base64-decoded content injected into onclick handler
CWE-79docs/.vitepress/markdown/base64.ts
2026-05-26
outsourc-e/hermes-workspace
File upload path traversal via filename in multipart upload
CWE-434src/routes/api/files.ts
2026-05-26
outsourc-e/hermes-workspace
SSRF via unsanitized jobId in dashboard proxy path
CWE-918src/routes/api/claude-jobs.$jobId.ts
2026-05-26
zhinianboke/xianyu-auto-reply
WebSocket endpoint lacks authentication
CWE-306backend-web/app/api/routes/chat_new_ws.py
2026-05-26
Aider-AI/aider
Shell injection via editor command in pipe_editor
CWE-78aider/editor.py
2026-05-25
EvoMap/evolver
Command injection via file path in getGitDiff
CWE-78src/gep/selfPR.js
2026-05-25
PySpur-Dev/pyspur
Path traversal in file deletion endpoint via filename parameter
CWE-22backend/pyspur/api/file_management.py
2026-05-25
PySpur-Dev/pyspur
Path traversal in delete_workflow_files via workflow_id
CWE-22backend/pyspur/api/file_management.py
2026-05-25
PySpur-Dev/pyspur
Path traversal in OpenAPI spec operations via spec_id
CWE-22backend/pyspur/api/openapi_management.py
2026-05-25
PySpur-Dev/pyspur
Path traversal in output file download via file_path from database
CWE-22backend/pyspur/api/output_file_management.py
2026-05-25
infiniflow/ragflow
SQL injection in RDBMSConnector via unsanitized timestamp_column in queries
CWE-89common/data_source/rdbms_connector.py
2026-05-25