Skip to content
Sebastion public security findings.Browse the research
FoundationMachines
Findings

Audit findings.

Real bugs, not vibes — the security regressions Sebastion catches in live open-source code. Every finding maps to a CWE and is ranked by severity, then published in the open so you can see exactly what a security-first review surfaces before code ships.

1001 findings across 288 repositories — 80 critical, 364 high, 522 medium, 35 low.

Findings come from automated audit runs across public repositories, grouped by scanner severity. They have not all been individually triaged or acknowledged by maintainers; CVE numbers are assigned only after coordinated disclosure where applicable.

High

50 on this page
jackwener/OpenCLI
Shell command injection via unsanitized prompt in autoresearch debug.ts
CWE-78autoresearch/commands/debug.ts
2026-05-19
MobSF/Mobile-Security-Framework-MobSF
Command injection via ADB command execution
CWE-78mobsf/DynamicAnalyzer/views/android/operations.py
2026-05-18
MobSF/Mobile-Security-Framework-MobSF
Arbitrary command execution via SSH on Corellium instance
CWE-78mobsf/DynamicAnalyzer/views/ios/corellium_instance.py
2026-05-18
agalwood/Motrix
Command injection via crafted config values passed to aria2c spawn
CWE-78src/main/core/Engine.js
2026-05-18
docmirror/dev-sidecar
Command injection via port parameter in kill-by-port
CWE-78packages/core/src/shell/scripts/kill-by-port.js
2026-05-18
docmirror/dev-sidecar
Command injection via certPath in setup-ca
CWE-78packages/core/src/shell/scripts/setup-ca.js
2026-05-18
docmirror/dev-sidecar
Arbitrary API invocation via IPC with no allowlist
CWE-94packages/gui/src/bridge/api/backend.js
2026-05-18
docmirror/dev-sidecar
Command injection via environment variable key/value in set-system-env (PowerShell)
CWE-78packages/core/src/shell/scripts/set-system-env.js
2026-05-18
lfnovo/open-notebook
SurrealQL injection via string interpolation in repo_update and repo_upsert
CWE-89open_notebook/database/repository.py
2026-05-18
nanocoai/nanoclaw
Command injection via imageTag in execSync docker build command
CWE-78src/container-runner.ts
2026-05-18
nanocoai/nanoclaw
Shell script injection via task script content from database
CWE-78container/agent-runner/src/scheduling/task-script.ts
2026-05-18
HKUDS/CLI-Anything
Code injection via unsanitized output_path in generated FreeCAD macro
CWE-94freecad/agent-harness/cli_anything/freecad/utils/freecad_macro_gen.py
2026-05-17
HKUDS/CLI-Anything
Arbitrary script execution via render_scene_headless bpy_script_content
CWE-78blender/agent-harness/cli_anything/blender/utils/blender_backend.py
2026-05-17
opendatalab/MinerU
OS command injection via sys.argv in lmdeploy_server
CWE-78mineru/model/vlm/lmdeploy_server.py
2026-05-16
maboloshi/github-chinese
XSS via unsanitized translation result injected with insertAdjacentHTML
CWE-79main(greasyfork).user.js
2026-05-14
openinterpreter/open-interpreter
exec() on local profile .py files without sandboxing
CWE-94interpreter/terminal_interface/profiles/profiles.py
2026-05-13
openinterpreter/open-interpreter
Server /settings endpoint allows setting auto_run despite attempted restriction
CWE-284interpreter/core/async_core.py
2026-05-13
openinterpreter/open-interpreter
Arbitrary file write and read via /upload and /download endpoints
CWE-22interpreter/core/async_core.py
2026-05-13
directus/directus
SQL injection via JSON path in Oracle FnHelper
CWE-89api/src/database/helpers/fn/dialects/oracle.ts
2026-05-12
NaiboWang/EasySpider
Path traversal in /queryTask, /queryExecutionInstance, /deleteTask via parseInt-bypassed id (manageTask/invokeTask file write)
CWE-22ElectronJS/server.js
2026-05-11
NaiboWang/EasySpider
No auth + permissive CORS on local HTTP server enabling CSRF to spawn child processes
CWE-352ElectronJS/server.js
2026-05-11
NaiboWang/EasySpider
Eval injection via Field["..."] template substitution in replace_field_values
CWE-95ExecuteStage/utils.py
2026-05-11
lllyasviel/Fooocus
Environment variable values evaluated via literal_eval into config; potential type confusion / path injection via env
CWE-94modules/extra_utils.py
2026-05-11
ultralytics/ultralytics
Arbitrary Python code execution via dataset YAML 'download' key
CWE-95ultralytics/data/utils.py
2026-05-11
Eugeny/tabby
tabby:// URL handler can trigger arbitrary command execution via 'run' command
CWE-94app/lib/urlHandler.ts
2026-05-06
firecrawl/open-lovable
SSRF via unvalidated URL in scrape endpoints
CWE-918app/api/scrape-url-enhanced/route.ts
2026-04-30
firecrawl/open-lovable
Code injection via unescaped path in E2B Python sandbox runCode
CWE-94lib/sandbox/providers/e2b-provider.ts
2026-04-30
firecrawl/open-lovable
Shell command injection in vercel-provider writeFile fallback
CWE-78lib/sandbox/providers/vercel-provider.ts
2026-04-30
koodo-reader/koodo-reader
Arbitrary code execution via plugin script eval in TTS handler
CWE-94main.js
2026-04-30
koodo-reader/koodo-reader
Renderer eval() of remote plugin marketplace script
CWE-94src/containers/settings/pluginSetting/component.tsx
2026-04-30
koodo-reader/koodo-reader
Update installer spawned with shell:true; no signature verification
CWE-78main.js
2026-04-30
gitroomhq/postiz-app
Arbitrary file read via upload proxy path traversal
CWE-22apps/frontend/src/app/(app)/api/uploads/[[...path]]/route.ts
2026-04-27
lobehub/lobehub
Unvalidated skill archive hash allows arbitrary file deletion and write outside the skill cache
CWE-22apps/desktop/src/main/controllers/LocalFileCtr.ts
2026-04-26
lobehub/lobehub
MCP installation validation executes attacker-controlled shell commands
CWE-78apps/desktop/src/main/controllers/McpCtr.ts
2026-04-26
louislam/uptime-kuma
Command injection via Apprise notification URL
CWE-78server/notification-providers/apprise.js
2026-04-25
louislam/uptime-kuma
Command injection via Tailscale ping hostname
CWE-78server/monitor-types/tailscale-ping.js
2026-04-25
DavidHDev/react-bits
eval() on file content in generateSitemap.js
CWE-94scripts/generateSitemap.js
2026-04-24
datawhalechina/hello-agents
Shell injection via shell=True despite whitelist bypass in UniversalAgent terminal tool
CWE-78Co-creation-projects/haoye2-UnivesalAgent/src/tools/terminal_tool.py
2026-04-24
datawhalechina/hello-agents
Path traversal in PDF analysis endpoint
CWE-22Co-creation-projects/Apricity-InnocoreAI/api/routes/analysis.py
2026-04-24
datawhalechina/hello-agents
Path traversal in PDF upload endpoint via filename
CWE-22Co-creation-projects/Apricity-InnocoreAI/api/routes/analysis.py
2026-04-24
datawhalechina/hello-agents
Shell command injection via TerminalTool with shell=True in HelloCodeAgentCli
CWE-78Co-creation-projects/YYHDBL-HelloCodeAgentCli/tools/builtin/terminal_tool.py
2026-04-24
datawhalechina/hello-agents
Shell injection in context_fetch_tool grep fallback via unsanitized query
CWE-78Co-creation-projects/YYHDBL-HelloCodeAgentCli/tools/builtin/context_fetch_tool.py
2026-04-24
siyuan-note/siyuan
JS code snippets execute arbitrary user-supplied JavaScript
CWE-94app/src/config/util/snippets.ts
2026-04-24
siyuan-note/siyuan
Plugin code execution via eval with server-supplied JavaScript
CWE-94app/src/plugin/loader.ts
2026-04-24
siyuan-note/siyuan
CSP and X-Frame-Options headers stripped from all responses
CWE-346app/electron/main.js
2026-04-24
Stirling-Tools/Stirling-PDF
SQL injection via collection name in SqliteVecStore
CWE-89engine/src/stirling/rag/sqlite_vec_store.py
2026-04-23
hiroi-sora/Umi-OCR
Arbitrary function invocation via /argv command endpoint
CWE-94UmiOCR-data/py_src/server/cmd_server.py
2026-04-23
marktext/marktext
Command injection via MARKTEXT_PANDOC environment variable
CWE-78src/main/utils/pandoc.js
2026-04-23
marktext/marktext
Command injection via shell in image upload (picgo)
CWE-78src/renderer/util/fileSystem.js
2026-04-23
marktext/marktext
HTML injection via unsanitized image attributes in updateImage/replaceImage
CWE-79src/muya/lib/contentState/imageCtrl.js
2026-04-23