Findings

Audit findings.

Real bugs, not vibes — the security regressions Sebastion catches in live open-source code. Every finding maps to a CWE and is ranked by severity, then published in the open so you can see exactly what a security-first review surfaces before code ships.

1001 findings across 288 repositories — 80 critical, 364 high, 522 medium, 35 low.

Findings come from automated audit runs across public repositories, grouped by scanner severity. They have not all been individually triaged or acknowledged by maintainers; CVE numbers are assigned only after coordinated disclosure where applicable.

Medium

50 on this page

HKUDS/AI-Trader

Path traversal in skill endpoint

CWE-22service/server/routes_misc.py

2026-05-20

HKUDS/AI-Trader

Internal exception details leaked in error responses

CWE-209service/server/routes_signals.py

2026-05-20

HKUDS/AI-Trader

Internal exception details leaked on agent registration failure

CWE-209service/server/routes_agent.py

2026-05-20

different-ai/openwork

XSS via dangerouslySetInnerHTML with JSON.stringify on untrusted data

CWE-79ee/apps/landing/components/structured-data.tsx

2026-05-20

electerm/electerm

Auth bypass via timing — requireAuth token compared with plain equality

CWE-287src/app/server/server.js

2026-05-20

electerm/electerm

MCP server binds with no authentication and permissive CORS

CWE-1021src/app/widgets/widget-mcp-server.js

2026-05-20

electerm/electerm

Arbitrary method invocation on SFTP/FTP instances via WebSocket

CWE-94src/app/server/session-server.js

2026-05-20

electerm/electerm

Arbitrary method invocation on Transfer instances via WebSocket

CWE-94src/app/server/session-server.js

2026-05-20

heygen-com/hyperframes

Path traversal in render file serving endpoint

CWE-22packages/core/src/studio-api/routes/render.ts

2026-05-20

pascalorg/editor

SSRF via Host header injection in server-side scene fetch

CWE-918apps/editor/app/scene/[id]/page.tsx

2026-05-20

pascalorg/editor

Internal error messages leaked to API callers

CWE-200apps/editor/app/api/scenes/[id]/route.ts

2026-05-20

topoteretes/cognee

Shell command injection via nvm_path in subprocess calls

CWE-78cognee/api/v1/ui/npm_utils.py

2026-05-20

soxoj/maigret

Username used unsanitized in report file paths

CWE-22maigret/web/app.py

2026-05-19

agalwood/Motrix

Protocol handler passes untrusted URL query params as commands to application

CWE-79src/main/core/ProtocolManager.js

2026-05-18

docmirror/dev-sidecar

Command injection via npm config set in set-npm-env

CWE-78packages/core/src/shell/scripts/set-npm-env.js

2026-05-18

docmirror/dev-sidecar

Command injection via ip/port in Linux system proxy gsettings commands

CWE-78packages/core/src/shell/scripts/set-system-proxy/index.js

2026-05-18

jamiepine/voicebox

Zip Slip in profile import via crafted filename

CWE-22backend/services/export_import.py

2026-05-18

lfnovo/open-notebook

Arbitrary command execution via /api/commands/jobs endpoint

CWE-77api/routers/commands.py

2026-05-18

node-red/node-red

Path traversal in library getEntry/saveEntry via user-controlled path

CWE-22packages/node_modules/@node-red/runtime/lib/storage/localfilesystem/library.js

2026-05-18

wwebjs/whatsapp-web.js

Path traversal in LocalWebCache.persist via version parameter

CWE-22src/webCache/LocalWebCache.js

2026-05-18

HKUDS/CLI-Anything

Code injection via part names in generated FreeCAD macro

CWE-94freecad/agent-harness/cli_anything/freecad/utils/freecad_macro_gen.py

2026-05-17

OpenBMB/MiniCPM-V

trust_remote_code=True enables arbitrary code execution from model repo

CWE-502web_demos/minicpm-o_2.6/model_server.py

2026-05-17

OpenBMB/MiniCPM-V

Shell command injection via os.system with user-influenced model/dataset names

CWE-78eval_mm/vlmevalkit/vlmeval/tools.py

2026-05-17

OpenBMB/MiniCPM-V

Pickle deserialization of files determined by file extension

CWE-502eval_mm/vlmevalkit/vlmeval/smp/file.py

2026-05-17

actualbudget/actual

SQL injection via $oneof operator in AQL compiler

CWE-89packages/loot-core/src/server/aql/compiler.ts

2026-05-14

maboloshi/github-chinese

XSS via unsanitized translation result in zh-TW variant

CWE-79main_zh-TW.user.js

2026-05-14

maboloshi/github-chinese

Workflow script injection via contributors action output

CWE-78.github/workflows/update_contributors_images.yml

2026-05-14

666ghj/MiroFish

Path traversal via simulation_id in file operations

CWE-22backend/app/api/simulation.py

2026-05-13

666ghj/MiroFish

Stack trace disclosure in error responses

CWE-209backend/app/api/simulation.py

2026-05-13

labring/FastGPT

Path traversal in document meta API

CWE-22document/app/api/meta/route.ts

2026-05-13

labring/FastGPT

plusRequest config spread allows baseURL override

CWE-918packages/service/common/api/plusRequest.ts

2026-05-13

NaiboWang/EasySpider

Custom operation 'system command' executes task-defined shell commands

CWE-78ExecuteStage/easyspider_executestage_single.py

2026-05-11

payloadcms/payload

SSRF via getExternalFile when same-origin URL bypass forwards auth cookies

CWE-918packages/payload/src/uploads/getExternalFile.ts

2026-05-11

ultralytics/ultralytics

Shell command injection via package names in check_requirements auto-update

CWE-78ultralytics/utils/checks.py

2026-05-11

Eugeny/tabby

Config sync downloads remote YAML and applies it without integrity verification

CWE-295tabby-settings/src/services/configSync.service.ts

2026-05-06

Eugeny/tabby

Environment variable substitution in local profile uses values from profile config without validation

CWE-88tabby-local/src/session.ts

2026-05-06

simstudioai/sim

Admin mothership proxy forwards arbitrary query params to upstream

CWE-918apps/sim/app/api/admin/mothership/route.ts

2026-05-06

firecrawl/open-lovable

Unauthenticated sandbox/API endpoints with no rate limiting

CWE-1188app/api/create-ai-sandbox/route.ts

2026-04-30

koodo-reader/koodo-reader

Arbitrary SQL execution via custom-database-command IPC

CWE-89main.js

2026-04-30

koodo-reader/koodo-reader

Permissive CORS with credentials on authenticated file server

CWE-942httpServer.js

2026-04-30

gitroomhq/postiz-app

Server-side request forgery in webhook test sender

CWE-918apps/backend/src/api/routes/webhooks.controller.ts

2026-04-27

ruvnet/ruflo

Docker Compose exposes unauthenticated MongoDB on all host interfaces

CWE-306ruflo/docker-compose.yml

2026-04-26

louislam/uptime-kuma

PowerShell injection in Windows system service monitor

CWE-78server/monitor-types/system-service.js

2026-04-25

louislam/uptime-kuma

Path traversal in getPushExample language parameter

CWE-22server/socket-handlers/general-socket-handler.js

2026-04-25

affaan-m/everything-claude-code

Command injection via filePath in format-code tool

CWE-78.opencode/tools/format-code.ts

2026-04-23

affaan-m/everything-claude-code

Partial shell injection protection on Windows in post-edit-format hook

CWE-78scripts/hooks/post-edit-format.js

2026-04-23

hiroi-sora/Umi-OCR

Path traversal in doc download endpoint via download_name

CWE-22UmiOCR-data/py_src/server/doc_server.py

2026-04-23

koala73/worldmonitor

SSRF via DNS rebinding in MCP proxy server URL validation

CWE-918api/mcp-proxy.js

2026-04-23

koala73/worldmonitor

SSRF via SSE endpoint redirect to internal hosts (incomplete re-validation)

CWE-918api/mcp-proxy.js

2026-04-23

marktext/marktext

Arbitrary command execution via cliScript image uploader preference

CWE-78src/renderer/util/fileSystem.js

2026-04-23