Hacktivity
Public disclosure log of security vulnerabilities autonomously discovered and patched by winfunc.
Showing recent 5
AnthropicCritical
Authentication bypass on FastMCP custom routes
Read Analysis
BunHigh
Exponential merge keys in Bun's YAML implementation leads to DoS
Read Analysis
SupabaseCritical
SQL Injection via queueName in getDatabaseQueuesMetrics
Read Analysis
GumroadCritical
0-click Account Takeover and Admin Operations via helper endpoint authorization bypass
Read Analysis
Better-AuthMedium
Multi-session sign-out hook allows forged cookies to revoke arbitrary sessions
Read Analysis
End of transmission.