Skip to content
View 13ernkastel's full-sized avatar
0 followers · 12 following

Achievements

Achievement: Pair ExtraordinaireAchievement: QuickdrawAchievement: Pull Shark

Achievements

Achievement: Pair ExtraordinaireAchievement: QuickdrawAchievement: Pull Shark

Block or report 13ernkastel

Block user

Prevent this user from interacting with your repositories and sending you notifications. Learn more about blocking users.

You must be logged in to block users.

Maximum 250 characters. Please don't include any personal information such as legal names or email addresses. Markdown supported. This note will be visible to only you.
Report abuse

Contact GitHub support about this user’s behavior. Learn more about reporting abuse.

Report abuse
13ernkastel/README.md

header

typing intro

merged prs security fixes auth and retrieval linkedin

Key Highlights

  • Fixed a critical host-shell escape in deer-flow by hardening LocalSandboxProvider.
  • Closed unauthenticated bot proxy access in OpenViking.
  • Fixed task API ownership leakage in OpenViking.
  • Mitigated stored XSS in deer-flow by enforcing safe downloads for active artifact content.
  • Blocked unsafe .ovpack ZIP member paths during OpenViking import.
  • Fixed stale commit-state recovery on current main in the OpenViking opencode plugin.

Merged Fixes

Issue Class Repo Merged PR
Critical shell escape bytedance/deer-flow #1547
Stored XSS hardening bytedance/deer-flow #1389
Task ownership leakage volcengine/OpenViking #1182
Unauthenticated bot proxy access volcengine/OpenViking #996
Unsafe archive import paths volcengine/OpenViking #344
Stale commit-state recovery volcengine/OpenViking #1187

footer

Popular repositories Loading

  1. ai ai Public

    Forked from vercel/ai

    The AI Toolkit for TypeScript. From the creators of Next.js, the AI SDK is a free open-source library for building AI-powered applications and agents

    TypeScript

  2. Security-Detections-MCP Security-Detections-MCP Public

    Forked from MHaggis/Security-Detections-MCP

    MCP to help Defenders Detection Engineer Harder and Smarter

    TypeScript

  3. PatchEval PatchEval Public

    Forked from bytedance/PatchEval

    PatchEval: A New Benchmark for Evaluating LLMs on Patching Real-World Vulnerabilities

    Python

  4. deer-flow deer-flow Public

    Forked from bytedance/deer-flow

    An open-source long-horizon SuperAgent harness that researches, codes, and creates. With the help of sandboxes, memories, tools, skill, subagents and message gateway, it handles different levels of…

    Python

  5. OpenViking OpenViking Public

    Forked from volcengine/OpenViking

    OpenViking is an open-source context database designed specifically for AI Agents(such as openclaw). OpenViking unifies the management of context (memory, resources, and skills) that Agents need th…

    Python

  6. trae-agent trae-agent Public

    Forked from bytedance/trae-agent

    Trae Agent is an LLM-based agent for general purpose software engineering tasks.

    Python