Skip to content

security-recipes.ai Quick Start

Overview
Threat Model
Emerging Patterns

Overview
Integrate an AI Agent

Overview
GitHub Copilot
Devin
Cursor
Codex
Claude

Overview
Claude
GitHub Copilot
Cursor
Codex
Devin
General
Reputable Sources
CVE Recipes
Classic Vulnerable Defaults

Overview
Reviewer Playbook
Gatekeeping Patterns
Runtime Controls
Compliance & Audit

Automation Contribute

CTRL K

Quick Start
Fundamentals
Docs
- Overview
- Integrate an AI Agent
Agents
Prompt Library
MCP Servers
Security Remediation
Automation
Contribute
More
Contribute

Uplift

Python pickle / dill on untrusted input

April 25, 2026

PyYAML `yaml.load` without a safe Loader

April 25, 2026

Java ObjectInputStream and friends

April 25, 2026

XML external entities (XXE) — parser defaults

April 25, 2026

JWT — `alg: none` and algorithm confusion

April 25, 2026

JavaScript `eval()` / `new Function()` on untrusted input

April 25, 2026

Disabled TLS verification — `verify=False` and friends

April 25, 2026

Prototype pollution — `merge`, `assign`, and friends

April 25, 2026

© 2026 security-recipes.ai · An open, community-driven playbook for security engineering teams