⌘K

All Posts

Openfix: handle deserialization in user input#42

src/api/views.py

21 data = request.body

- obj = pickle.loads(data)

+ obj = json.loads(data)

code-pathfinder•HIGH

python/deserialization: unsafe pickle.loads() call — arbitrary code execution risk

code-pathfinder

ProductGitHub ActionsPull RequestSASTCI/CDGitHub Code ScanningCodeQL AlternativeDevSecOpsSARIF

Automated GitHub PR Security Comments & Inline SAST Findings with Code Pathfinder

Code Pathfinder's GitHub Action now posts security scan results as PR summary comments and inline review annotations. Browse 100+ open-source SAST rules at codepathfinder.dev/registry.

•February 21, 2026

Reading 847 files...

⏱️ ~30 seconds

Indexed call graph

Stop Grepping, Start Querying

ProductMCPSecurityProductCode AnalysisAI AgentsStatic Analysis

Stop Grepping, Start Querying: MCP Server for Code-Pathfinder

Connect Code-Pathfinder's indexed code analysis directly to Claude Code, Codex, and MCP-enabled AI agents. Query call graphs, resolve imports, and find vulnerabilities instantly without grep or file reads. Open-source MCP server for Python codebases.

•January 11, 2026

Latest

ProductSecureFlowAISecurityVSCode

One API Key to Rule Them All: SecureFlow Adds OpenRouter Support

|December 27, 2025

ProductDocker SecurityContainer SecurityDocker ComposeDockerfile SecuritySASTStatic AnalysisSecurity ScanningCWE-250Privilege EscalationContainer EscapeDevSecOpsCI/CD SecurityInfrastructure as CodeDocker SocketContainer Hardening

Docker Security Rules: Detect 47 Container Vulnerabilities & Misconfigurations [2025]

|December 10, 2025

ProductSASTSecuritySecureFlowCLI

Introducing SecureFlow CLI to Hunt Vulnerabilities

|October 1, 2025

ProductSASTSecuritySecureFlow

Introducing SecureFlow Extension to Vibe Code Securely

Start securing your code

Install Code Pathfinder and eliminate false positives from your security workflow.