21 accepted bugs · open source

Find the bug the code forgot.

Source-to-sink vulnerability research.

$npx vulnfinder@latest
Star on GitHub
finding
10.0Critical

Sandbox escape → host RCE

vm2 · NodeVM denylist

sourcesandbox.process
sinkprocess.binding('spawn_sync')
↳ denylist bypassed via inspector/promises
archetype I · Fadvisory_scope: public_only
0accepted bugs
0critical
0projects
vm2goshsPraisonAIGotenbergnginx-uiWeblateUnifiedtransformStatamicParse Server

Three steps. One report.

01

Point it at a repo

$ vulnfinder owner/repo
02

It traces source to sink

Eight disciplined phases in one warm session.

03

You get a report.md

Structured findings. Public-only. Medium severity and up.

ReconArchitectureIntentHistory + GHSAAttack surfaceDeep analysisValidationReport
The archetypes

Eleven shapes that convert.

AScoped lookup, unscoped serialize
BScoped write, global mutation
CAuth without authorization
DValidation after side effect
EUnsafe archive / bundle
FDeny-list / parser mismatch
GSecondary-protocol bypass
HBrowser-bridge trust failure
ILibrary trust boundary
JCross-user resource lookup
BOOTFirst-run admin claim
Track record

Twenty-one accepted bugs.

Public records, sorted by impact.

CVE-2026-47140vm2Sandbox escape to RCE via denylist bypassI·FCritical10.0CVE-2026-40884goshsEmpty-username SFTP password auth bypassGCritical9.8CVE-2026-47407PraisonAICross-workspace IDOR to admin/owner privescA·JCritical9.4CVE-2026-42596GotenbergUnauthenticated SSRF via deny-list regex bypassFCritical9.4CVE-2026-40189goshsFile-based ACL authz bypass on state-changing routesC·GCritical9.3CVE-2026-40289PraisonAIUnauthenticated WebSocket session hijackHCritical9.1CVE-2026-47394PraisonAIUnauthenticated arbitrary file read via MCP handlersG·JHigh8.7CVE-2026-40876goshsSFTP root escape via prefix-based path validationG·FHigh8.7CVE-2026-47139vm2Network deny-policy bypass via internal HTTP escapesF·IHigh8.6CVE-2026-42221nginx-uiUnauthenticated first-run installer to admin claimBOOTHigh8.1CVE-2026-40885goshsPublic collaborator feed leaks ACL credentialsJHigh7.7CVE-2026-39306PraisonAIRecipe-pull path traversal writes outside output dirEHigh7.3CVE-2026-39308PraisonAIRecipe-publish path traversal to out-of-root writeE·DHigh7.1CVE-2026-33220WeblateArbitrary local file read via JS CDN addonLFIMedium6.8CVE-2025-46203UnifiedtransformBroken access control — student record editingCMedium6.5CVE-2025-46204UnifiedtransformBroken access control — course modificationCMedium6.5CVE-2026-40883goshsCSRF on state-changing GET routes (delete/mkdir)CMedium6.1CVE-2026-33440WeblateAuthenticated SSRF via redirect bypassFMedium5.0CVE-2026-33171StatamicAuthenticated LFI in file dictionary fieldtypeLFIMedium4.3CVE-2026-47141vm2Observability builtins leak host metadataIMediumCVE-2026-33624Parse ServerMFA recovery-code single-use bypass via raceraceLow2.1
The flywheel

Every disclosure sharpens the method.

01

You disclose

Report the outcome — or we auto-detect it from public GitHub advisories that credit you.

02

We learn

What converts, and what maintainers reject — distilled into new archetype and rejection rules.

03

Everyone gains

The next release hunts smarter. Same tool, sharper edge.

Opt-in, always. We only ever see a finding's shape — class, archetype, CVSS — never your repository or the finding itself.

Sign in with GitHub
Verified outcomes

Earned, not claimed.

Outcomes are auto-verified from public advisories that credit your handle. No self-reporting.

#ResearcherVerifiedScore
01
S
Sneh Bavarva
@spbavarva
111,180
02
your handle here
03
your handle here

Sign in with GitHub to claim your verified findings — launching soon.

Start finding bugs.

One command. No API key, no account.

$npx vulnfinder@latest
Star on GitHub

by Sneh Bavarva