Skip to content
Sebastion public security findings.Browse the research
FoundationMachines
Findings

Audit findings.

Real bugs, not vibes — the security regressions Sebastion catches in live open-source code. Every finding maps to a CWE and is ranked by severity, then published in the open so you can see exactly what a security-first review surfaces before code ships.

1001 findings across 288 repositories — 80 critical, 364 high, 522 medium, 35 low.

Findings come from automated audit runs across public repositories, grouped by scanner severity. They have not all been individually triaged or acknowledged by maintainers; CVE numbers are assigned only after coordinated disclosure where applicable.

High

50 on this page
st-tech/ppf-contact-solver
Shell command injection via MCP `execute_shell_command` debug handler
CWE-78blender_addon/mcp/handlers/debug.py
2026-05-27
CadQuery/cadquery
Arbitrary code execution via CQGI script execution
CWE-94cadquery/cqgi.py
2026-05-26
Datalux/Osintgram
Path traversal via unsanitized target username in file operations
CWE-22src/Osintgram.py
2026-05-26
SylphAI-Inc/AdalFlow
Arbitrary code execution via eval() in ToolManager.execute_func_expr_via_eval
CWE-95adalflow/adalflow/core/tool_manager.py
2026-05-26
areal-project/AReaL
SSRF via /register_model and /chat/completions: attacker-controlled URL is fetched server-side
CWE-918areal/experimental/inference_service/data_proxy/app.py
2026-05-26
areal-project/AReaL
Unauthenticated /set_env allows arbitrary environment variable injection
CWE-94areal/experimental/openai/proxy/proxy_rollout_server.py
2026-05-26
areal-project/AReaL
Deserialization of untrusted data via ray.cloudpickle.loads in SerializedRayObjectRef
CWE-502areal/infra/rpc/serialization.py
2026-05-26
eosphoros-ai/DB-GPT
SQL injection in DuckDB via excel_reader.run()
CWE-89packages/dbgpt-app/src/dbgpt_app/scene/chat_data/chat_excel/excel_reader.py
2026-05-26
eosphoros-ai/DB-GPT
SQL injection in editor_sql_run via parameterization bypass
CWE-89packages/dbgpt-app/src/dbgpt_app/openapi/api_v1/editor/api_editor_v1.py
2026-05-26
eosphoros-ai/DB-GPT
Unsanitized LLM-generated SQL executed against user databases
CWE-89packages/dbgpt-app/src/dbgpt_app/scene/chat_db/auto_execute/out_parser.py
2026-05-26
lsdefine/GenericAgent
Unauthenticated OS command execution via /path/open endpoint
CWE-78frontends/desktop_bridge.py
2026-05-26
lsdefine/GenericAgent
Arbitrary Python code execution via /session.* slash command with inline_eval
CWE-94agentmain.py
2026-05-26
outsourc-e/hermes-workspace
SSRF via claude-proxy splat route
CWE-918src/routes/api/claude-proxy/$.ts
2026-05-26
sgoudelis/ground-station
SQL injection via restore_table with regex bypass
CWE-89backend/handlers/entities/databasebackup.py
2026-05-26
sgoudelis/ground-station
SSRF via user-controlled source_url in WebRTC offer endpoint
CWE-918backend/video/webrtc.py
2026-05-26
sgoudelis/ground-station
Path traversal in serve_spa catch-all route
CWE-22backend/server/startup.py
2026-05-26
zarazhangrui/follow-builders
GitHub Actions command injection via workflow_dispatch input interpolated into shell
CWE-78.github/workflows/generate-feed.yml
2026-05-26
AUTOMATIC1111/stable-diffusion-webui
Unsafe torch.load (pickle deserialization) of hypernetwork files
CWE-502modules/hypernetworks/hypernetwork.py
2026-05-25
AUTOMATIC1111/stable-diffusion-webui
Unsafe torch.load of optimizer state for hypernetworks
CWE-502modules/hypernetworks/hypernetwork.py
2026-05-25
AUTOMATIC1111/stable-diffusion-webui
Unsafe torch.load of textual inversion embeddings
CWE-502modules/textual_inversion/textual_inversion.py
2026-05-25
AUTOMATIC1111/stable-diffusion-webui
Arbitrary git clone and code execution via extension install
CWE-94modules/ui_extensions.py
2026-05-25
AUTOMATIC1111/stable-diffusion-webui
Shell injection via environment variables in launch_utils.run()
CWE-78modules/launch_utils.py
2026-05-25
Anil-matcha/Open-Generative-AI
SSRF via user-controlled target URL in upload-binary proxy
CWE-918app/api/upload-binary/route.js
2026-05-25
Anil-matcha/Open-Generative-AI
SSRF via user-controlled target URL in v1/upload-binary proxy
CWE-918app/api/v1/upload-binary/route.js
2026-05-25
EvoMap/evolver
Command injection via unsanitized branch/title in selfPR git/gh commands
CWE-78src/gep/selfPR.js
2026-05-25
bleachbit/bleachbit
SQL injection via unescaped path in ATTACH DATABASE statement
CWE-89bleachbit/Special.py
2026-05-25
bleachbit/bleachbit
SQL injection via unescaped path in ATTACH DATABASE in delete_mozilla_favicons
CWE-89bleachbit/Special.py
2026-05-25
gildas-lormeau/SingleFile
Path traversal in MCP server write_file tool
CWE-22tools/mcp-server/server.js
2026-05-25
infiniflow/ragflow
SSRF in Invoke component via user-controlled URL
CWE-918agent/component/invoke.py
2026-05-25
infiniflow/ragflow
SQL injection via LLM-generated SQL in ExeSQL tool
CWE-89agent/tools/exesql.py
2026-05-25
ltaoo/wx_channels_download
SSRF via open proxy endpoint in Cloudflare Worker
CWE-918internal/officialaccount/worker/index.js
2026-05-25
open-webui/open-webui
Command injection via frontmatter requirements in pip install
CWE-78backend/open_webui/utils/plugin.py
2026-05-25
AIDC-AI/Pixelle-Video
Path traversal in file serving endpoint
CWE-22api/routers/files.py
2026-05-24
AIDC-AI/Pixelle-Video
Server-Side XSS via HTML template injection leading to local file read
CWE-79pixelle_video/services/frame_html.py
2026-05-24
Flowseal/tg-ws-proxy
TLS certificate verification disabled for all outbound WebSocket connections
CWE-295proxy/raw_websocket.py
2026-05-24
ItzCrazyKns/Vane
SSRF via unauthenticated config update of searxngURL
CWE-918src/lib/searxng.ts
2026-05-24
ItzCrazyKns/Vane
SSRF via scraper — unauthenticated search triggers arbitrary URL fetching
CWE-918src/lib/scraper.ts
2026-05-24
NVIDIA/Isaac-GR00T
Arbitrary code execution via numpy pickle deserialization of untrusted .npz file
CWE-502gr00t/utils/initial_actions.py
2026-05-24
NVlabs/Sana
Unsafe torch.load of FSDP checkpoint metadata without weights_only=True
CWE-502diffusion/utils/checkpoint.py
2026-05-24
NVlabs/Sana
Unsafe torch.load of FSDP model bin without weights_only=True
CWE-502diffusion/utils/checkpoint.py
2026-05-24
NVlabs/Sana
Unsafe torch.load of null_embed_path without weights_only=True
CWE-502diffusion/utils/checkpoint.py
2026-05-24
NVlabs/Sana
OS command injection via pipe: URLs in wids downloader
CWE-78diffusion/data/wids/wids_dl.py
2026-05-24
OneUptime/oneuptime
Command injection via repository branch names in git operations
CWE-78AIAgent/Utils/RepositoryManager.ts
2026-05-24
OpenSignLabs/OpenSign
Path traversal via originalname in decryptpdf multer disk storage
CWE-22apps/OpenSignServer/cloud/customRoute/decryptpdf.js
2026-05-24
OpenSignLabs/OpenSign
Weak 4-digit OTP with no rate limiting enables brute-force account takeover
CWE-330apps/OpenSignServer/cloud/parsefunction/SendMailOTPv1.js
2026-05-24
OpenSignLabs/OpenSign
User account created with email as password in ContactBook aftersave
CWE-521apps/OpenSignServer/cloud/parsefunction/ContactBookAftersave.js
2026-05-24
argosopentech/argos-translate
Zip Slip via extractall on untrusted .argosmodel packages
CWE-22argostranslate/package.py
2026-05-24
tiagozip/cap
Session authentication bypass via attacker-controlled hash parameter
CWE-287standalone/src/auth.js
2026-05-24
web-infra-dev/midscene
Arbitrary module import via YAML `interface.module` field
CWE-94packages/cli/src/create-yaml-player.ts
2026-05-24
zai-org/GLM-OCR
Path traversal in file serving endpoint
CWE-22apps/backend/app/api/tasks.py
2026-05-24