Skip to content
Sebastion public security findings.Browse the research
FoundationMachines
Findings

Audit findings.

Real bugs, not vibes — the security regressions Sebastion catches in live open-source code. Every finding maps to a CWE and is ranked by severity, then published in the open so you can see exactly what a security-first review surfaces before code ships.

1001 findings across 288 repositories — 80 critical, 364 high, 522 medium, 35 low.

Findings come from automated audit runs across public repositories, grouped by scanner severity. They have not all been individually triaged or acknowledged by maintainers; CVE numbers are assigned only after coordinated disclosure where applicable.

Medium

50 on this page
skalesapp/skales
Email credentials stored in plaintext JSON on disk
CWE-319apps/web/src/actions/email.ts
2026-04-06
skalesapp/skales
FTP deploy credentials stored in plaintext JSON, readable via path traversal
CWE-319apps/web/src/app/api/code/project/[id]/deploy-config/route.ts
2026-04-06
skalesapp/skales
Google API key exposed in URL query parameters for all Gemini/Imagen/Veo API calls
CWE-200apps/web/src/actions/skills.ts
2026-04-06
vercel/mcp-handler
Origin spoofing via X-Forwarded-Host/Proto headers in auth metadata and resource URL
CWE-918src/lib/url.ts
2026-04-06
vercel/mcp-handler
SSE session hijacking via predictable Redis pub/sub channel names with user-controlled sessionId
CWE-200src/handler/mcp-api-handler.ts
2026-04-06
KroMiose/nekro-agent
Unauthenticated webhook endpoint allows triggering arbitrary plugin methods
CWE-862nekro_agent/routers/webhook.py
2026-04-05
KroMiose/nekro-agent
SSRF via git clone in skills and plugin endpoints with user-controlled repo_url
CWE-918nekro_agent/routers/skills.py
2026-04-05
KroMiose/nekro-agent
Path traversal in file upload via crafted chat_key and filename
CWE-22nekro_agent/routers/chat_channel.py
2026-04-05
KroMiose/nekro-agent
Container name injection via from_chat_key in sandbox runner
CWE-77nekro_agent/services/sandbox/runner.py
2026-04-05
KroMiose/nekro-agent
Path traversal in file path conversion for agent messages
CWE-22nekro_agent/services/chat/universal_chat_service.py
2026-04-05
agbcloud/agbcloud-sdk
Arbitrary file write in page_agent.py initialize() overwrites Python source files
CWE-94agb/modules/browser/eval/page_agent.py
2026-04-05
agbcloud/agbcloud-sdk
Arbitrary code execution via Code.run() with unsanitized code from untrusted sources
CWE-94python/agb/modules/code.py
2026-04-05
agbcloud/agbcloud-sdk
API key and sensitive code content logged in plaintext
CWE-532python/agb/modules/code.py
2026-04-05
agbcloud/agbcloud-sdk
Insecure fixed-path temporary file write in LocalBrowser
CWE-377agb/modules/browser/eval/local_page_agent.py
2026-04-05
agbcloud/agbcloud-sdk
Path traversal in file_transfer download allows writing to arbitrary local paths
CWE-22python/agb/modules/file_transfer.py
2026-04-05
agbcloud/agbcloud-sdk
Path traversal in extension upload allows writing to arbitrary remote context paths
CWE-22python/agb/extension.py
2026-04-05
arc53/DocsGPT
Reflected XSS via postMessage with wildcard targetOrigin in connector callback
CWE-79application/api/connector/routes.py
2026-04-05
arc53/DocsGPT
JWT tokens never expire - stolen tokens grant permanent access
CWE-287application/auth.py
2026-04-05
arc53/DocsGPT
SSRF via API tool - LLM-controlled URLs in api_tool execute
CWE-918application/agents/tools/api_tool.py
2026-04-05
arc53/DocsGPT
MongoDB NoSQL injection via unsanitized regex in paginated sources search
CWE-943application/api/user/sources/routes.py
2026-04-05
arc53/DocsGPT
Pickle deserialization of FAISS index files from storage
CWE-502application/vectorstore/faiss.py
2026-04-05
arc53/DocsGPT
Missing authentication on /api/delete_by_ids allows unauthenticated deletion of vector store data
CWE-862application/api/user/sources/routes.py
2026-04-05
ibbybuilds/aegra
SQL Injection via ILIKE with unsanitized user input in assistant search
CWE-89libs/aegra-api/src/aegra_api/services/assistant_service.py
2026-04-05
zcaceres/fetch-mcp
Partial command injection in yt-dlp via videoUrl parameter
CWE-78src/Fetcher.ts
2026-04-05
zcaceres/fetch-mcp
Arbitrary proxy specification enables SSRF and traffic interception
CWE-918src/Fetcher.ts
2026-04-05
zcaceres/fetch-mcp
User-controlled Host header enables SSRF via host header injection
CWE-918src/Fetcher.ts
2026-04-05
PurpleAILAB/Decepticon
Hardcoded default credentials for LiteLLM proxy and PostgreSQL
CWE-798docker-compose.yml
2026-04-04
PurpleAILAB/Decepticon
Install script pipes curl output directly to bash with no integrity verification
CWE-829scripts/install.sh
2026-04-04
cft0808/edict
Path traversal via file:// URL in add_remote_skill reads arbitrary local files
CWE-22dashboard/server.py
2026-04-04
cft0808/edict
Potential command injection through subprocess calls with user-influenced paths
CWE-78dashboard/server.py
2026-04-04
jo-inc/camofox-browser
Missing authentication on all browser control endpoints
CWE-306server.js
2026-04-04
jo-inc/camofox-browser
SSRF via navigate endpoint - URL validation allows internal network access
CWE-918server.js
2026-04-04
jo-inc/camofox-browser
Reflected XSS in test site /entered endpoint
CWE-79tests/helpers/testSite.js
2026-04-04
jo-inc/camofox-browser
Error messages leak internal details in non-production mode
CWE-200server.js
2026-04-04
kernel/kernel-images
Stored XSS via markdown rendering with v-html-like template compilation
CWE-79images/chromium-headful/client/src/components/markdown.ts
2026-04-04
kernel/kernel-images
Environment variable injection into sed substitution in init-envoy.sh
CWE-78shared/envoy/init-envoy.sh
2026-04-04
kernel/kernel-images
Shell injection via CHROMIUM_FLAGS environment variable using eval
CWE-78images/chromium-headful/run-unikernel.sh
2026-04-04
vstorm-co/full-stack-ai-agent-template
Open redirect via OAuth error path leaking exception details to URL
CWE-601template/{{cookiecutter.project_slug}}/backend/app/api/routes/v1/oauth.py
2026-04-04
vstorm-co/full-stack-ai-agent-template
Milvus filter injection via unsanitized filter parameter in vector store search
CWE-89template/{{cookiecutter.project_slug}}/backend/app/rag/vectorstore.py
2026-04-04
vstorm-co/full-stack-ai-agent-template
Path traversal in local sync task via user-controlled directory path
CWE-22template/{{cookiecutter.project_slug}}/backend/app/worker/tasks/rag_tasks.py
2026-04-04
CodeGraphContext/CodeGraphContext
Shell command injection via password in setup_macos _set_initial_password
CWE-78src/codegraphcontext/cli/setup_macos.py
2026-04-03
CodeGraphContext/CodeGraphContext
Shell command injection via package_name in package_resolver subprocess calls
CWE-78src/codegraphcontext/tools/package_resolver.py
2026-04-03
CodeGraphContext/CodeGraphContext
Path traversal in add_code_to_graph allows indexing arbitrary filesystem paths
CWE-22src/codegraphcontext/tools/handlers/indexing_handlers.py
2026-04-03
CodeGraphContext/CodeGraphContext
Overly permissive CORS on visualization server enables cross-origin attacks
CWE-942src/codegraphcontext/viz/server.py
2026-04-03
higress-group/himarket
Arbitrary code execution via eval in prompt() functions in install scripts
CWE-78deploy/docker/install.sh
2026-04-03
higress-group/himarket
Shell injection via eval in load_config saved_vars restoration
CWE-78deploy/docker/install.sh
2026-04-03
higress-group/himarket
Jinja2 Server-Side Template Injection via environment variables in replace_var.py
CWE-94himarket-web/himarket-admin/bin/replace_var.py
2026-04-03
higress-group/himarket
Shell injection via HIMARKET_SERVER environment variable in nginx config sed
CWE-78himarket-web/himarket-admin/bin/start.sh
2026-04-03
higress-group/himarket
Shell injection via eval in load_model_vars using indirect variable expansion
CWE-78deploy/helm/hooks/post_ready.d/55-init-ai-model.sh
2026-04-03
jjyaoao/HelloAgents
Skill loader executes arbitrary skill content as agent instructions without sandboxing
CWE-94hello_agents/skills/loader.py
2026-04-03