open-source

25 pieces of writing

Every MCPHub instance started with the same admin password. I changed that.

MCPHub shipped every installation with the hardcoded credential admin/admin123 and published it in the README. The fix generates a cryptographically random password per instance.

30 March 2026

vulnerability7 min read

LightRAG's Memgraph backend had a Cypher injection vulnerability hiding in plain sight

28 March 2026

vulnerability7 min read

A single index change bypassed daily_stock_analysis's entire rate limiter

26 March 2026

vulnerability7 min read

PraisonAI let YAML config files set LD_PRELOAD and nobody checked

PraisonAI's schedule config YAML could set LD_PRELOAD, PATH and 26 other dangerous environment variables with no validation. The fix adds a blocklist and fail-closed validation.

25 March 2026

security12 min read

Git tags, package registries and extension marketplaces share the same broken authentication model

24 March 2026

vulnerability8 min read

gptme was passing API keys on the command line where any user could read them

23 March 2026

security7 min read

Hermes Agent's worktree feature copied arbitrary files from your filesystem

Hermes Agent's worktree feature would copy arbitrary files from your filesystem if you cloned a repository with a crafted .worktreeinclude. A two-line path traversal that took four months to land in the codebase.

19 March 2026

security7 min read

Summarize's localhost daemon accepted requests from any website

11 March 2026

vulnerability7 min read

I found SQL injection in Hugging Face's AI skills framework and got it fixed in nine days

2 March 2026

security6 min read

When a GitHub Action rewrites its own history

A compromised GitHub Action silently rewrote every version tag to point at a single malicious commit - exposing secrets across 23,000 repositories in the process.

17 March 2025