Systematic defect research across open source.
undefect catalogs structural defects found at scale in open source software and publishes patches to fix them. Each MOAD (Mother of All Defects) represents a class of defect replicated across hundreds of projects.
log in for full access to research, patches, and intel. donate to support our work.
Active Research
1,264 confirmed defects · 7 programs · 60+ ecosystems · stress on our shared heart →
ID
Codename
CWE
Scope
Status
MOAD-2026-0001
a sedimentary defect
CWE-407
1000+ sites · 60+ ecosystems
active
MOAD-2026-0002
an intertangled defect
TBD
93 confirmed · 113+ targets · 15 domains
active
MOAD-2026-0003
a leaked context
TBD
26 confirmed · 52 targets · 6 domains
active
MOAD-2026-0004
a logged secret
CWE-312
22 confirmed · 60+ targets · 10 layers
active
MOAD-2026-0005
a thundering herd
CWE-362
15 confirmed sites · 3 languages · 11 ecosystems
active
MOAD-2026-0006
a glass safe
CWE-257
candidate · mailing list software · web frameworks · configuration stores · logging pipelines
candidate
MOAD-2026-0007
a flatland defect
CWE-407
4 confirmed · 2 identified · 3D engines · physics · renderers · geospatial
confirmed
MOAD-2026-0009
a metered heart
TBD
1 confirmed · platforms · distributed systems · SaaS · CI/CD · scheduler ecosystems
candidate
MOAD-2026-0011
a catastrophic inheritance
CWE-1333
8 confirmed · Python bleach · Salt pcre/grain_pcre · Ansible inventory · Capistrano host/role filter · Puppet match()/ =~ · Mastodon email validator · ktor cookie/OAuth2 · PCRE ecosystem · infrastructure automation · input validators · web frameworks
active