Effortless security for developers.
Use AI-powered code vulnerability scanning to find and fix broken authentication, logic bugs, outdated dependencies, and more.
Built by the team that helped secure:
Backed by
How it works
Become secure by default
Set up ZeroPath in minutes to get continuous human-level application security, PR reviews, and much more.
1. Install our GitHub app
It takes less than 2 minutes to get ZeroPath working with your existing CI/CD. Supports Github, GitLab, and BitBucket.
2. Find critical bugs
ZeroPath finds more bugs and reports fewer false positives than comparables. Find broken authentication, logic bugs, and more.
3. Approve our patches
Instead of reporting bugs, ZeroPath will issue a PR when it's confident it won't break your application.
Developer-first security
Intelligent security tooling for fast moving teams
Make sure that that the products you ship are secure without slowing down development.
Complex vulnerabilities.
We surface exploitable bugs other scanners can't find & have lower false positive rates on standard evals.
Built to be fast.
Our security checks usually take seconds to run. No more waiting for PR reviews & security checks.
Less noise, more patches.
Instead of creating tickets and growing your backlog, ZeroPath generates PRs that won't break your application.
TESTIMONIALS
Hundreds of developers & companies use ZeroPath to secure their code.
I love how Zeropath catches things I might have missed before the code even merges, and the GitHub Actions integration keeps the whole process seamless!
Zai Shi
Co-Founder, Stack Auth
Handling privileged information across multiple orgs requires consistent pentesting; not only is it far too expensive to get a regular audit, having ZeroPath running around-the-clock meaningfully increases our security standards.
Muhammad Khattak
Co-Founder, Cardinal Grey
ZeroPath is like having an entire security team working alongside our development process to find and fix issues.
Jake Anderson
Co-Founder, BRX.AI
Zeropath significantly accelerates our Secure Software Development Lifecycle by eliminating the noise associated with typical static scanning tools. It is also remarkably easy to use, even for engineers without a security background.
Yaacov Tarko
CTO, Commenda.io
ZEROPATH WALL OF FAME
We're on a mission to secure the world's code.
All of the vulnerabilities listed have been found & fixed by ZeroPath. This selection represents a subset of vulnerabilities we've found in open source projects.
CVE-2024-43035
2024-09-20
Local File Inclusion in Fonoster
A Local File Inclusion vulnerability was discovered in the Fonoster project.
CVE TBD
2024-09-20
Unauthorized Access to Any User's Jobs in LibrePhotos
Ability to delete any jobs (admin permission) in the LibrePhotos project.
CVE TBD
2024-09-20
Token Refresh Vulnerability in LibrePhotos
Persistence on any account via continuous token refreshing in the LibrePhotos project.
CVE TBD
2024-09-20
Unauthorized Conversation Deletion in RagFlow
Ability to delete anyone's conversation based on having the ID in the RagFlow project.
CVE TBD
2024-09-20
Unauthorized Canvas Deletion in RagFlow
Ability to delete anyone's canvas in the RagFlow project.
CVE TBD
2024-09-20
Unauthorized Knowledge Base Access in RagFlow
Ability to read anyone's knowledge base just by having the ID in the RagFlow project.
CVE TBD
2024-09-20
Unauthorized File Movement in RagFlow
Ability to move anyone's files just based on ID in the RagFlow project.
CVE TBD
2024-09-20
Unauthorized Conversation Access in RagFlow
Ability to read anyone's conversation just by having the ID in the RagFlow project.
CVE TBD
2024-09-20
Unauthorized API Key Removal in RagFlow
Ability to remove anyone's API key just based on having the ID in the RagFlow project.
CVE TBD
2024-09-20
Unauthorized Knowledge Base Enumeration in RagFlow
Ability to get information on anyone's knowledge base just by having the ID in the RagFlow project.
CVE TBD
2024-09-20
Unauthorized Dialog Deletion in RagFlow
Ability to delete anyone's dialog just by having the ID in the RagFlow project.
CVE TBD
2024-09-20
Local File Inclusion in E2nest
A Local File Inclusion vulnerability was discovered in the E2nest project.
CVE TBD
2024-09-20
Remote Code Execution in Uptrain
A Remote Code Execution vulnerability was discovered in the Uptrain project.
CVE TBD
2024-09-20
Command Injection in Clone-voice
A Command Injection vulnerability was discovered in the Clone-voice project.
CVE TBD
2024-09-20
File Upload and Path Traversal in LibrePhotos
A File Upload vulnerability combined with a Path Traversal vulnerability was discovered in the LibrePhotos project.
CVE-2024-43035
2024-09-20
Local File Inclusion in Fonoster
A Local File Inclusion vulnerability was discovered in the Fonoster project.
CVE TBD
2024-09-20
Unauthorized Access to Any User's Jobs in LibrePhotos
Ability to delete any jobs (admin permission) in the LibrePhotos project.
CVE TBD
2024-09-20
Token Refresh Vulnerability in LibrePhotos
Persistence on any account via continuous token refreshing in the LibrePhotos project.
CVE TBD
2024-09-20
Unauthorized Conversation Deletion in RagFlow
Ability to delete anyone's conversation based on having the ID in the RagFlow project.
CVE TBD
2024-09-20
Unauthorized Canvas Deletion in RagFlow
Ability to delete anyone's canvas in the RagFlow project.
CVE TBD
2024-09-20
Unauthorized Knowledge Base Access in RagFlow
Ability to read anyone's knowledge base just by having the ID in the RagFlow project.
CVE TBD
2024-09-20
Unauthorized File Movement in RagFlow
Ability to move anyone's files just based on ID in the RagFlow project.
CVE TBD
2024-09-20
Unauthorized Conversation Access in RagFlow
Ability to read anyone's conversation just by having the ID in the RagFlow project.
CVE TBD
2024-09-20
Unauthorized API Key Removal in RagFlow
Ability to remove anyone's API key just based on having the ID in the RagFlow project.
CVE TBD
2024-09-20
Unauthorized Knowledge Base Enumeration in RagFlow
Ability to get information on anyone's knowledge base just by having the ID in the RagFlow project.
CVE TBD
2024-09-20
Unauthorized Dialog Deletion in RagFlow
Ability to delete anyone's dialog just by having the ID in the RagFlow project.
CVE TBD
2024-09-20
Local File Inclusion in E2nest
A Local File Inclusion vulnerability was discovered in the E2nest project.
CVE TBD
2024-09-20
Remote Code Execution in Uptrain
A Remote Code Execution vulnerability was discovered in the Uptrain project.
CVE TBD
2024-09-20
Command Injection in Clone-voice
A Command Injection vulnerability was discovered in the Clone-voice project.
CVE TBD
2024-09-20
File Upload and Path Traversal in LibrePhotos
A File Upload vulnerability combined with a Path Traversal vulnerability was discovered in the LibrePhotos project.
Ready for effortless AppSec?
Get a live ZeroPath tour.
Schedule a demo with one of the founders to get started.