Findings

Audit findings.

Real bugs, not vibes — the security regressions Sebastion catches in live open-source code. Every finding maps to a CWE and is ranked by severity, then published in the open so you can see exactly what a security-first review surfaces before code ships.

1001 findings across 288 repositories — 80 critical, 364 high, 522 medium, 35 low.

Findings come from automated audit runs across public repositories, grouped by scanner severity. They have not all been individually triaged or acknowledged by maintainers; CVE numbers are assigned only after coordinated disclosure where applicable.

High

50 on this page

arabold/docs-mcp-server

SSRF via ScrapeTool allows scraping arbitrary internal URLs

CWE-918src/tools/ScrapeTool.ts

2026-04-02

browserwing/browserwing

npm install script downloads and executes binaries from GitHub without integrity verification

CWE-94npm/install.js

2026-04-02

browserwing/browserwing

install.sh passes unvalidated user input and curl-fetched data to shell execution

CWE-78install.sh

2026-04-02

BAI-LAB/MemoryOS

Path traversal via user_id in Flask web app allows arbitrary directory creation/deletion

CWE-22memoryos-playground/memdemo/app.py

2026-04-01

BAI-LAB/MemoryOS

Arbitrary directory deletion via path traversal in /clear_memory endpoint

CWE-22memoryos-playground/memdemo/app.py

2026-04-01

BAI-LAB/MemoryOS

Path traversal via user_id/assistant_id in MCP server tool calls

CWE-22memoryos-mcp/server_new.py

2026-04-01

BAI-LAB/MemoryOS

Path traversal via user_id/assistant_id in ChromaDB storage provider

CWE-22memoryos-chromadb/storage_provider.py

2026-04-01

BAI-LAB/MemoryOS

Path traversal via user_id/assistant_id in memoryos-pypi Memoryos constructor

CWE-22memoryos-pypi/memoryos.py

2026-04-01

Flux159/mcp-server-kubernetes

Argument injection in kubectl_generic via arbitrary flags

CWE-88src/tools/kubectl-generic.ts

2026-04-01

Flux159/mcp-server-kubernetes

Arbitrary file read via filename parameter in kubectl_apply

CWE-22src/tools/kubectl-apply.ts

2026-04-01

modelscope/AgentEvolver

Arbitrary module loading via user-controlled env_type in EnvService

CWE-94env_service/env_service.py

2026-04-01

modelscope/AgentEvolver

Path traversal in import_and_register_env via --env CLI argument

CWE-22env_service/env_service.py

2026-04-01

modelscope/AgentEvolver

Arbitrary code execution via dynamic_import with user-supplied module path

CWE-94agentevolver/utils/agentscope_utils.py

2026-04-01

jeremylongshore/claude-code-plugins-plus-skills

Shell command injection via unsanitized LOCATION parameter in curl URL

CWE-78plugins/productivity/travel-assistant/scripts/fetch-weather.sh

2026-03-31

timescale/pg-aiguide

Shell injection via git tag name in checkout_tag()

CWE-78ingest/postgres_docs.py

2026-03-31

timescale/pg-aiguide

SQL injection via table name string interpolation in DocumentImporter

CWE-89ingest/document_importer.py

2026-03-31

timescale/pg-aiguide

Workflow command injection via workflow_dispatch input in ingest-postgis.yaml

CWE-77.github/workflows/ingest-postgis.yaml

2026-03-31

timescale/pg-aiguide

Workflow command injection via workflow_dispatch input in ingest-postgres-docs.yaml

CWE-77.github/workflows/ingest-postgres-docs.yaml

2026-03-31

ForLoopCodes/contextplus

Path traversal in propose_commit allows writing arbitrary files

CWE-22src/tools/propose-commit.ts

2026-03-30

ForLoopCodes/contextplus

Path traversal in get_file_skeleton allows reading arbitrary files

CWE-22src/tools/file-skeleton.ts

2026-03-30

ForLoopCodes/contextplus

Path traversal in shadow restore system allows reading/writing arbitrary files

CWE-22src/git/shadow.ts

2026-03-30

cloudflare/mcp-server-cloudflare

Path traversal in container file operations allows reading/writing arbitrary files

CWE-22apps/sandbox-container/container/sandbox.container.app.ts

2026-03-30

taylorwilsdon/google_workspace_mcp

GitHub Actions workflow runs attacker-controlled code from fork PRs

CWE-77.github/workflows/ruff.yml

2026-03-30

GLips/Figma-Context-MCP

Server-Side Request Forgery (SSRF) via Figma image URL fetch in downloadFigmaImage

CWE-918src/utils/common.ts

2026-03-29

MCPJam/inspector

Server-Side Request Forgery (SSRF) via OAuth proxy endpoints

CWE-918mcpjam-inspector/server/routes/mcp/oauth.ts

2026-03-29

nottelabs/notte

Arbitrary code execution via exec() on agent-generated code

CWE-94docs/src/testers/agents/workflows/test-generated-functions.py

2026-03-29

samanhappy/mcphub

getMcpSettingsJson leaks all user password hashes, OAuth secrets, and bearer tokens

CWE-862src/controllers/configController.ts

2026-03-29

HolmesGPT/holmesgpt

Shell command injection via YAML test case definitions

CWE-78scripts/run_eval_setup.py

2026-03-28

HolmesGPT/holmesgpt

Path traversal in prompt loading via file:// prefix

CWE-22holmes/plugins/prompts/__init__.py

2026-03-28

HolmesGPT/holmesgpt

Path traversal in openshift token file reading via TOKEN_LOCATION env var

CWE-22holmes/common/openshift.py

2026-03-28

bytebase/dbhub

SQL Injection in MariaDB/MySQL getStoredProcedureDetail via unparameterized SHOW CREATE

CWE-89src/connectors/mariadb/index.ts

2026-03-28

bytebase/dbhub

SQL Injection in MySQL getStoredProcedureDetail via unparameterized SHOW CREATE

CWE-89src/connectors/mysql/index.ts

2026-03-28

google/adk-python

Arbitrary module import via custom_function_path in custom metric evaluator

CWE-502src/google/adk/evaluation/custom_metric_evaluator.py

2026-03-28

HKUDS/LightRAG

Cypher injection via workspace label in Neo4j graph operations

CWE-89lightrag/kg/neo4j_impl.py

2026-03-27

HKUDS/LightRAG

Cypher injection via workspace label in Memgraph graph operations

CWE-89lightrag/kg/memgraph_impl.py

2026-03-27

HKUDS/LightRAG

Cypher injection via entity_type in Memgraph upsert_node

CWE-89lightrag/kg/memgraph_impl.py

2026-03-27

HKUDS/LightRAG

SQL injection via Apache AGE graph_name in PostgreSQL configure_age()

CWE-89lightrag/kg/postgres_impl.py

2026-03-27

HKUDS/LightRAG

SQL injection via entity_type in PostgreSQL AGE Cypher queries

CWE-89lightrag/kg/postgres_impl.py

2026-03-27

HKUDS/LightRAG

Cypher injection via entity_type in Neo4j upsert_node

CWE-89lightrag/kg/neo4j_impl.py

2026-03-27

HKUDS/LightRAG

MongoDB NoSQL injection via unsanitized entity names in graph queries

CWE-89lightrag/kg/mongo_impl.py

2026-03-27

VibiumDev/vibium

Command injection via shell: true on Windows in timeout.mjs

CWE-78scripts/timeout.mjs

2026-03-27

langbot-app/LangBot

Path traversal in local storage provider via user-controlled key parameter

CWE-22src/langbot/pkg/storage/providers/localstorage.py

2026-03-27

mobile-next/mobile-mcp

GitHub Actions script injection via tag name

CWE-78.github/workflows/build.yml

2026-03-27

mukul975/Anthropic-Cybersecurity-Skills

SQL injection via unsanitized table names in mobile data storage scanner

CWE-89skills/exploiting-insecure-data-storage-in-mobile/scripts/process.py

2026-03-27

openai/openai-agents-python

SQL Injection via unsanitized table names in SQLiteSession and AsyncSQLiteSession

CWE-89src/agents/memory/sqlite_session.py

2026-03-27

openai/openai-agents-python

SQL Injection via unsanitized table names in AsyncSQLiteSession

CWE-89src/agents/extensions/memory/async_sqlite_session.py

2026-03-27

openlit/openlit

SQL Injection in vault secret operations via unsanitized string concatenation

CWE-89src/client/src/lib/platform/vault/index.ts

2026-03-27

openlit/openlit

SQL Injection in vault upsert via string concatenation of secret value

CWE-89src/client/src/lib/platform/vault/index.ts

2026-03-27

operacle/checkcle

Stored XSS via custom_css field rendered with dangerouslySetInnerHTML

CWE-79application/src/components/public/PublicStatusPage.tsx

2026-03-27

ruc-datalab/DeepAnalyze

Arbitrary code execution via eval() on file contents in show_result.py

CWE-95playground/DSBench/data_modeling/show_result.py

2026-03-27