Author here. We built a security scanner called Kolega that does semantic analysis instead of pattern matching. To see if it actually worked, we ran it against 45 open source projects and reported what it found through responsible disclosure.
225 vulnerabilities. 41 reviewed by maintainers so far, 37 accepted, 4 rejected. 90% acceptance rate.
The bugs weren't exotic. They were things like:
if not user_id is not None - a double negative in Phase that means the permission check never runs. Nine auth bypasses total.
torch.load() without weights_only=True in vLLM - RCE via pickle deserialization in one of the most popular inference frameworks.
RestrictedPython sandbox in Agenta where __import__ was explicitly added to safe_builtins. Four different escape routes to arbitrary code execution.
SQL injection in NocoDB's Oracle client - Semgrep scanned the same codebase and found 222 issues, 208 of which were false positives, and missed this one entirely.
The interesting part to me wasn't that we found bugs. It's that these are all syntactically correct - the code compiles, runs, looks fine in review. The problems are semantic. No pattern matcher catches not X is not None because it's valid Python. You have to understand what the developer intended.
135 findings are still waiting on maintainer response. 4 were rejected - some we thought were exploitable, maintainers disagreed. We document those too.
Happy to discuss specifics on any of the projects or argue about methodology.
jfaganel99•1h ago
225 vulnerabilities. 41 reviewed by maintainers so far, 37 accepted, 4 rejected. 90% acceptance rate.
The bugs weren't exotic. They were things like:
if not user_id is not None - a double negative in Phase that means the permission check never runs. Nine auth bypasses total.
torch.load() without weights_only=True in vLLM - RCE via pickle deserialization in one of the most popular inference frameworks.
RestrictedPython sandbox in Agenta where __import__ was explicitly added to safe_builtins. Four different escape routes to arbitrary code execution.
SQL injection in NocoDB's Oracle client - Semgrep scanned the same codebase and found 222 issues, 208 of which were false positives, and missed this one entirely.
The interesting part to me wasn't that we found bugs. It's that these are all syntactically correct - the code compiles, runs, looks fine in review. The problems are semantic. No pattern matcher catches not X is not None because it's valid Python. You have to understand what the developer intended.
Every finding is published with full details - code locations, CWEs, PR numbers, disclosure timelines: https://www.kolega.dev/security-wins/
135 findings are still waiting on maintainer response. 4 were rejected - some we thought were exploitable, maintainers disagreed. We document those too.
Happy to discuss specifics on any of the projects or argue about methodology.