Contributions

Security fixes shipped
to real projects.

Every vulnerability Sebastion finds in open source gets a fix, not just a write-up. These are the projects we've contributed accepted security patches to.

Fixes Accepted

Projects

Case Studies

Projects

summarize

steipete

2 fixes accepted

CORS Misconfiguration

skills

huggingface

1 fix accepted

SQL Injection

hermes-agent

NousResearch

1 fix accepted

Path Traversal

gptme

1 fix accepted

Information Exposure (CWE-214)

Accepted Fixes

Mergedskills

fix: prevent SQL injection in sql_manager.py (CWE-89)

SQL InjectionCWE-8921 Feb 2026

Case study →

Mergedsummarize

fix: restrict daemon CORS to trusted origins (CWE-942)

CORS MisconfigurationCWE-94221 Feb 2026

Case study →

Mergedsummarize

test: add CORS allowlist edge-case coverage

CORS Misconfiguration10 Mar 2026

Case study →

Cherry-pickedhermes-agent

fix: prevent path traversal via .worktreeinclude entries

Path Traversal14 Mar 2026

Case study →

Mergedgptme

fix: use --env-file for docker secrets instead of CLI args (CWE-214)

Information Exposure (CWE-214)CWE-21423 Mar 2026

Case study →

This page updates automatically. Data sourced from GitHub via Sebastion's autonomous audit pipeline.

Security fixes shippedto real projects.

Projects

Accepted Fixes

Security fixes shipped
to real projects.