DeepAudit - 人人拥有的 AI 审计战队，让漏洞挖掘触手可及 🦸‍♂️

<div style="width: 100%; max-width: 600px; margin: 0 auto;"> <img src="frontend/public/images/logo.png" alt="DeepAudit Logo" style="width: 100%; height: auto; display: block; margin: 0 auto;"> </div> <div align="center">

<a href="https://trendshift.io/repositories/15634" target="_blank"><img src="https://trendshift.io/api/badge/repositories/15634" alt="lintsinghua%2FDeepAudit | Trendshift" style="width: 250px; height: 55px;" width="250" height="55"/></a>

<p align="center"> <strong>简体中文</strong> | <a href="README_EN.md">English</a> </p> </div> <div align="center"> <img src="frontend/public/DeepAudit.gif" alt="DeepAudit Demo" width="90%"> </div>

---

📸 界面预览

<div align="center">

🤖 Agent 审计入口

<img src="frontend/public/images/README-show/Agent审计入口（首页）.png" alt="Agent审计入口" width="90%">

首页快速进入 Multi-Agent 深度审计

</div> <table> <tr> <td width="50%" align="center"> <strong>📋 审计流日志</strong><br/><br/> <img src="frontend/public/images/README-show/审计流日志.png" alt="审计流日志" width="95%"><br/> <em>实时查看 Agent 思考与执行过程</em> </td> <td width="50%" align="center"> <strong>🎛️ 智能仪表盘</strong><br/><br/> <img src="frontend/public/images/README-show/仪表盘.png" alt="仪表盘" width="95%"><br/> <em>一眼掌握项目安全态势</em> </td> </tr> <tr> <td width="50%" align="center"> <strong>⚡ 即时分析</strong><br/><br/> <img src="frontend/public/images/README-show/即时分析.png" alt="即时分析" width="95%"><br/> <em>粘贴代码 / 上传文件，秒出结果</em> </td> <td width="50%" align="center"> <strong>🗂️ 项目管理</strong><br/><br/> <img src="frontend/public/images/README-show/项目管理.png" alt="项目管理" width="95%"><br/> <em>GitHub/GitLab/Gitea 导入，多项目协同管理</em> </td> </tr> </table> <div align="center">

📊 专业报告

<img src="frontend/public/images/README-show/审计报告示例.png" alt="审计报告" width="90%">

一键导出 PDF / Markdown / JSON（图中为快速模式，非Agent模式报告）

</div>

---

🏆 CVE 漏洞发现

<div align="center">

DeepAudit 已成功发现并获得 49 个 CVE 编号 和 6 个 GHSA 安全公告🦞

涉及17个知名开源项目

</div>

OpenClaw🦞 漏洞挖掘成果

DeepAudit 内测版本对 OpenClaw 项目进行了深度安全审计，目前已发现 6 个安全漏洞，均已被官方确认并发布安全公告（GHSA）。漏洞类型覆盖命令注入、签名验证绕过、远程代码执行、凭证泄露、资源耗尽及敏感信息泄露，其中包含多个 High 级别漏洞。更多漏洞仍在持续挖掘中。

| GHSA 编号 | 项目 | 项目热度 | 漏洞类型 | 严重性 | |:---|:---|:---:|:---|:----:| | GHSA-g353-mgv3-8pcj | OpenClaw | | Signature Verification Bypass | 8.6 | | GHSA-99qw-6mr3-36qr | OpenClaw | | Code Execution | 8.5 | | GHSA-7h7g-x2px-94hj | OpenClaw | | Credential Exposure | 6.9 | | GHSA-g2f6-pwvx-r275 | OpenClaw | | Command Injection | Medium | | GHSA-jq3f-vjww-8rq7 | OpenClaw | | Resource Exhaustion | High | | GHSA-xwcj-hwhf-h378 | OpenClaw | | Information Disclosure | Medium |

| CVE 编号 | 项目 | 项目热度 | 漏洞类型 | CVSS | |:---|:---|:---:|:---|:----:| | CVE-2026-1884 | Zentao PMS | | SSRF | 5.1 | | CVE-2025-13789 | Zentao PMS | | SSRF | 5.3 | | CVE-2025-13787 | Zentao PMS | | Privilege Escalation | 9.1 | | CVE-2025-64428 | Dataease | | JNDI Injection | 9.8 | | CVE-2025-13246 | Modulithshop | | SQL Injection | 6.3 | | CVE-2025-64163 | Dataease | | SSRF | 9.8 | | CVE-2025-64164 | Dataease | | JNDI Injection | 9.8 | | CVE-2025-11581 | PowerJob | | Privilege Escalation | 7.5 | | CVE-2025-11580 | PowerJob | | Privilege Escalation | 5.3 | | CVE-2025-10771 | Jimureport | | Deserialization | 9.8 | | CVE-2025-10770 | Jimureport | | Deserialization | 6.5 | | CVE-2025-10769 | H2o-3 | | Deserialization | 9.8 | | CVE-2025-10768 | H2o-3 | | Deserialization | 9.8 | | CVE-2025-58045 | Dataease | | JNDI Injection | 9.8 | | CVE-2025-10423 | Newbee-mall | | Guessable Captcha | 3.7 | | CVE-2025-10422 | Newbee-mall | | Privilege Escalation | 4.3 | | CVE-2025-9835 | Mall | | Privilege Escalation | 4.3 | | CVE-2025-9737 | O2oa | | XSS | 5.4 | | CVE-2025-9736 | O2oa | | XSS | 5.4 | | CVE-2025-9735 | O2oa | | XSS | 5.4 | | CVE-2025-9734 | O2oa | | XSS | 5.4 | | CVE-2025-9719 | O2oa | | XSS | 5.4 | | CVE-2025-9718 | O