python

9 pieces of writing

RAGFlow PR #14803 removed a CWE-502 pickle RCE footgun from deserialize_b64

RAGFlow's deserialize_b64 helper defaulted to bare pickle.loads behind an unset safety flag. PR #14803 makes RestrictedUnpickler the only path.

15 May 2026

vulnerability9 min read

AReaL PR #1323 refuses the default admin API key on network-facing proxy binds

11 May 2026

vulnerability7 min read

CodeGraphContext PR #882 rejects write Cypher on /api/graph

8 May 2026

vulnerability5 min read

Edict's file:// handler let anyone read files outside the project directory (CWE-22)

The add_remote_skill endpoint in cft0808/edict applied path traversal protection to local and relative paths but skipped the file:// branch entirely. One .resolve() and an allowed_roots check closed the gap.

5 April 2026

vulnerability7 min read

LightRAG's Memgraph backend had a Cypher injection vulnerability hiding in plain sight

28 March 2026

security9 min read

TeamPCP compromised the AI proxy that holds everyone's API keys

25 March 2026

vulnerability7 min read

PraisonAI let YAML config files set LD_PRELOAD and nobody checked

PraisonAI's schedule config YAML could set LD_PRELOAD, PATH and 26 other dangerous environment variables with no validation. The fix adds a blocklist and fail-closed validation.

25 March 2026

vulnerability8 min read

gptme was passing API keys on the command line where any user could read them

23 March 2026

vulnerability7 min read

I found SQL injection in Hugging Face's AI skills framework and got it fixed in nine days

2 March 2026