1
Download
Install the local Companion.
21 accepted bugs · open source
Find the bug devs forgot.
Source-to-sink vulnerability research.
Prefer the terminal?
In Claude Code
/plugin marketplace add vulnfinderio/vulnfinder
/plugin install vulnfinder@vulnfinder
Prefer the browser?
finding
10.0Critical
Sandbox escape → host RCE
vm2 · CVE-2026-47140
sourcesandbox.process
↓
sinkprocess.binding('spawn_sync')
↳ denylist bypassed via inspector/promises
archetype I·Fadvisory_scope: public_only
0accepted bugs
0critical
0projects
vm2goshsPraisonAIGotenbergnginx-uiWeblateUnifiedtransformStatamicParse Server
Three steps. One report.
01
Choose a public repo
Enter owner/repository in the Workspace or CLI.
02
It traces source to sink
Eight disciplined phases in one warm session.
03
Review the report
Validated findings, evidence, and a downloadable report.
Recon→Architecture→Intent→History + GHSA→Attack surface→Deep analysis→Validation→Report
Browser workflow
Control the research from the web.
Install the Companion once. Start scans, steer research, review findings, and download reports from the Workspace.
Open Workspace2
Pair
Connect it to your Workspace.
3
Scan
Run everything from the browser.
The archetypes
Eleven shapes that convert.
AScoped lookup, unscoped serialize
BScoped write, global mutation
CAuth without authorization
DValidation after side effect
EUnsafe archive / bundle
FDeny-list / parser mismatch
GSecondary-protocol bypass
HBrowser-bridge trust failure
ILibrary trust boundary
JCross-user resource lookup
BOOTFirst-run admin claim
Track record
Twenty-one accepted bugs.
Public records, sorted by impact.
CVEFindingTypeCVSS
CVE-2026-47140vm2Sandbox escape to RCE via denylist bypassI·FCritical10.0CVE-2026-40884goshsEmpty-username SFTP password auth bypassGCritical9.8CVE-2026-47407PraisonAICross-workspace IDOR to admin/owner privescA·JCritical9.4CVE-2026-42596GotenbergUnauthenticated SSRF via deny-list regex bypassFCritical9.4CVE-2026-40189goshsFile-based ACL authz bypass on state-changing routesC·GCritical9.3CVE-2026-40289PraisonAIUnauthenticated WebSocket session hijackHCritical9.1CVE-2026-47394PraisonAIUnauthenticated arbitrary file read via MCP handlersG·JHigh8.7CVE-2026-40876goshsSFTP root escape via prefix-based path validationG·FHigh8.7CVE-2026-47139vm2Network deny-policy bypass via internal HTTP escapesF·IHigh8.6CVE-2026-42221nginx-uiUnauthenticated first-run installer to admin claimBOOTHigh8.1CVE-2026-40885goshsPublic collaborator feed leaks ACL credentialsJHigh7.7CVE-2026-39306PraisonAIRecipe-pull path traversal writes outside output dirEHigh7.3CVE-2026-39308PraisonAIRecipe-publish path traversal to out-of-root writeE·DHigh7.1CVE-2026-33220WeblateArbitrary local file read via JS CDN addonLFIMedium6.8CVE-2025-46203UnifiedtransformBroken access control — student record editingCMedium6.5CVE-2025-46204UnifiedtransformBroken access control — course modificationCMedium6.5CVE-2026-40883goshsCSRF on state-changing GET routes (delete/mkdir)CMedium6.1CVE-2026-33440WeblateAuthenticated SSRF via redirect bypassFMedium5.0CVE-2026-33171StatamicAuthenticated LFI in file dictionary fieldtypeLFIMedium4.3CVE-2026-47141vm2Observability builtins leak host metadataIMedium—CVE-2026-33624Parse ServerMFA recovery-code single-use bypass via raceraceLow2.1
The flywheel
Every disclosure sharpens the method.
01
You disclose
Report the outcome — or we auto-detect it from public GitHub advisories that credit you.
02
We learn
What converts, and what maintainers reject — distilled into new archetype and rejection rules.
03
Everyone gains
The next release hunts smarter. Same tool, sharper edge.
Opt-in, always. We only ever see a finding's shape — class, archetype, CVSS — never your repository or the finding itself.
Verified outcomes
Earned, not claimed.
Outcomes are auto-verified from public advisories that credit your handle. No self-reporting.
#ResearcherVerifiedScore
Loading verified credits…
Synced hourly from GitHub advisory credits.
Start finding bugs.
Use the browser or run it from your terminal.
by Sneh Bavarva