Effortless security for developers.

Use AI-powered code vulnerability scanning to find and fix broken authentication, logic bugs, outdated dependencies, and more.

Built by the team that helped secure:

Backed by

How it works

Become secure by default

Set up ZeroPath in minutes to get continuous human-level application security, PR reviews, and much more.

1. Install our GitHub app

It takes less than 2 minutes to get ZeroPath working with your existing CI/CD. Supports Github, GitLab, and BitBucket.

2. Find critical bugs

ZeroPath finds more bugs and reports fewer false positives than comparables. Find broken authentication, logic bugs, and more.

3. Approve our patches

Instead of reporting bugs, ZeroPath will issue a PR when it's confident it won't break your application.

Developer-first security

Intelligent security tooling for fast moving teams

Make sure that that the products you ship are secure without slowing down development.

Complex vulnerabilities.

We surface exploitable bugs other scanners can't find & have lower false positive rates on standard evals.

Built to be fast.

Our security checks usually take seconds to run. No more waiting for PR reviews & security checks.

Less noise, more patches.

Instead of creating tickets and growing your backlog, ZeroPath generates PRs that won't break your application.

TESTIMONIALS

Hundreds of developers & companies use ZeroPath to secure their code.

I love how Zeropath catches things I might have missed before the code even merges, and the GitHub Actions integration keeps the whole process seamless!

Zai Shi

Co-Founder, Stack Auth

Zeropath helps us sleep better at night by constantly monitoring code changes for uncaught security bugs and makes it easy to address them.

Josh Wymer

CEO, Central

Handling privileged information across multiple orgs requires consistent pentesting; not only is it far too expensive to get a regular audit, having ZeroPath running around-the-clock meaningfully increases our security standards.

Muhammad Khattak

Co-Founder, Cardinal Grey

ZeroPath is like having an entire security team working alongside our development process to find and fix issues.

Jake Anderson

Co-Founder, BRX.AI

Zeropath significantly accelerates our Secure Software Development Lifecycle by eliminating the noise associated with typical static scanning tools. It is also remarkably easy to use, even for engineers without a security background.

Yaacov Tarko

CTO, Commenda.io

COMPREHENSIVE APPSEC

Features

Consolidated tooling that performs 10x better than the alternatives.

Scanning

Process

SAST

10x better, AI powered code scanning.

Broken Auth

Find, fix broken or missing authZ and authN.

Business Logic

Find and patch critical flaws in application logic.

SCA

Dependency scanning with reachability & exploitability.

Secrets Detection

With validation & no false positives.

IaC Security

Scans IaC configurations for security issues.

Intelligent Severity

Accurately assess and prioritize security risks.

EoL Detection

End of Life detection for dependencies.

CI/CD Checks

Seamless integration with your CI/CD pipeline.

PR Code Reviews

Automated security reviews for pull requests.

Patch Generation

Automatically generate fixes for security issues.

Patch Modification

Customize and refine generated security patches.

ZEROPATH WALL OF FAME

We're on a mission to secure the world's code.

All of the vulnerabilities listed have been found & fixed by ZeroPath. This selection represents a subset of vulnerabilities we've found in open source projects.

CVE-2024-43035

2024-09-20

Local File Inclusion in Fonoster

A Local File Inclusion vulnerability was discovered in the Fonoster project.

CVE TBD

2024-09-20

Unauthorized Access to Any User's Jobs in LibrePhotos

Ability to delete any jobs (admin permission) in the LibrePhotos project.

CVE TBD

2024-09-20

Token Refresh Vulnerability in LibrePhotos

Persistence on any account via continuous token refreshing in the LibrePhotos project.

CVE TBD

2024-09-20

Unauthorized Conversation Deletion in RagFlow

Ability to delete anyone's conversation based on having the ID in the RagFlow project.

CVE TBD

2024-09-20

Unauthorized Canvas Deletion in RagFlow

Ability to delete anyone's canvas in the RagFlow project.

CVE TBD

2024-09-20

Unauthorized Knowledge Base Access in RagFlow

Ability to read anyone's knowledge base just by having the ID in the RagFlow project.

CVE TBD

2024-09-20

Unauthorized File Movement in RagFlow

Ability to move anyone's files just based on ID in the RagFlow project.

CVE TBD

2024-09-20

Unauthorized Conversation Access in RagFlow

Ability to read anyone's conversation just by having the ID in the RagFlow project.

CVE TBD

2024-09-20

Unauthorized API Key Removal in RagFlow

Ability to remove anyone's API key just based on having the ID in the RagFlow project.

CVE TBD

2024-09-20

Unauthorized Knowledge Base Enumeration in RagFlow

Ability to get information on anyone's knowledge base just by having the ID in the RagFlow project.

CVE TBD

2024-09-20

Unauthorized Dialog Deletion in RagFlow

Ability to delete anyone's dialog just by having the ID in the RagFlow project.

CVE TBD

2024-09-20

Local File Inclusion in E2nest

A Local File Inclusion vulnerability was discovered in the E2nest project.

CVE TBD

2024-09-20

Remote Code Execution in Uptrain

A Remote Code Execution vulnerability was discovered in the Uptrain project.

CVE TBD

2024-09-20

Command Injection in Clone-voice

A Command Injection vulnerability was discovered in the Clone-voice project.

CVE TBD

2024-09-20

File Upload and Path Traversal in LibrePhotos

A File Upload vulnerability combined with a Path Traversal vulnerability was discovered in the LibrePhotos project.

CVE-2024-43035

2024-09-20

Local File Inclusion in Fonoster

A Local File Inclusion vulnerability was discovered in the Fonoster project.

CVE TBD

2024-09-20

Unauthorized Access to Any User's Jobs in LibrePhotos

Ability to delete any jobs (admin permission) in the LibrePhotos project.

CVE TBD

2024-09-20

Token Refresh Vulnerability in LibrePhotos

Persistence on any account via continuous token refreshing in the LibrePhotos project.

CVE TBD

2024-09-20

Unauthorized Conversation Deletion in RagFlow

Ability to delete anyone's conversation based on having the ID in the RagFlow project.

CVE TBD

2024-09-20

Unauthorized Canvas Deletion in RagFlow

Ability to delete anyone's canvas in the RagFlow project.

CVE TBD

2024-09-20

Unauthorized Knowledge Base Access in RagFlow

Ability to read anyone's knowledge base just by having the ID in the RagFlow project.

CVE TBD

2024-09-20

Unauthorized File Movement in RagFlow

Ability to move anyone's files just based on ID in the RagFlow project.

CVE TBD

2024-09-20

Unauthorized Conversation Access in RagFlow

Ability to read anyone's conversation just by having the ID in the RagFlow project.

CVE TBD

2024-09-20

Unauthorized API Key Removal in RagFlow

Ability to remove anyone's API key just based on having the ID in the RagFlow project.

CVE TBD

2024-09-20

Unauthorized Knowledge Base Enumeration in RagFlow

Ability to get information on anyone's knowledge base just by having the ID in the RagFlow project.

CVE TBD

2024-09-20

Unauthorized Dialog Deletion in RagFlow

Ability to delete anyone's dialog just by having the ID in the RagFlow project.

CVE TBD

2024-09-20

Local File Inclusion in E2nest

A Local File Inclusion vulnerability was discovered in the E2nest project.

CVE TBD

2024-09-20

Remote Code Execution in Uptrain

A Remote Code Execution vulnerability was discovered in the Uptrain project.

CVE TBD

2024-09-20

Command Injection in Clone-voice

A Command Injection vulnerability was discovered in the Clone-voice project.

CVE TBD

2024-09-20

File Upload and Path Traversal in LibrePhotos

A File Upload vulnerability combined with a Path Traversal vulnerability was discovered in the LibrePhotos project.

Ready for effortless AppSec?

Get a live ZeroPath tour.

Schedule a demo with one of the founders Dean Valentine Raphael Karger Nathan Hrncirik Yaacov Tarko to get started.

Schedule a demo