DSSRF is a Node.js library that provides a wide range of utilities and advanced SSRF defense checks. Prior to 1.0.3, every IPv6 category bypasses is_url_safe. This vulnerability is fixed in 1.0.3.
The ip (aka node-ip) package through 2.0.1 (in NPM) might allow SSRF because the IP address value 017700000001 is improperly categorized as globally routable via isPublic. NOTE: this issue exists beca
Versions of the package nossrf before 1.0.4 are vulnerable to Server-Side Request Forgery (SSRF) where an attacker can provide a hostname that resolves to a local or reserved IP address space and bypa
ssrfcheck is a library that checks if a string contains a potential SSRF attack. In 1.3.0 and earlier, ssrfcheck fails to block Server-Side Request Forgery attacks when the target private IP address i
A Server-Side Request Forgery (SSRF) vulnerability was discovered in the videx-legacy-ssl web service of Videx’s CyberAudit-Web, affecting versions prior to 1.1.3. This vulnerability has been patched
The ip-utils package through 2.4.0 for Node.js might allow SSRF because some IP addresses (such as 0x7f.1) are improperly categorized as globally routable via a falsy isPrivate return value.
A server-side request forgery (SSRF) vulnerability was identified in the GitHub Enterprise Server notebook viewer that allowed an attacker to access internal services by exploiting URL parser confusio
** UNSUPPORTED WHEN ASSIGNED ** Server-Side Request Forgery (SSRF) vulnerability in Apache IoTDB Workbench.
This issue affects Apache IoTDB Workbench: from 0.13.0.
As this project is retired, we do
Server-Side Request Forgery (SSRF) vulnerability in Yannick Lefebvre Link Library link-library allows Server Side Request Forgery.This issue affects Link Library: from n/a through <= 7.8.7.
A server-side request forgery (SSRF) vulnerability was identified in GitHub Enterprise Server that allowed an unauthenticated attacker to send crafted requests to internal services by exploiting insuf
A Server-Side Request Forgery (SSRF) vulnerability in SMA1000 appliance firmware versions 12.4.3-02676 and earlier allows a remote, unauthenticated attacker to cause the SMA1000 server-side applicatio
A server-side request forgery (SSRF) vulnerability was identified in GitHub Enterprise Server that allowed an attacker to extract sensitive environment variables from the instance through a timing sid
A restriction bypass vulnerability in is-localhost-ip could allow attackers to perform Server-Side Request Forgery (SSRF).
This issue affects is-localhost-ip: 2.0.0.
Server-Side Request Forgery (SSRF) vulnerability in kodeshpa Simplified simplified allows Server Side Request Forgery.This issue affects Simplified: from n/a through <= 1.0.11.
A Server-Side Request Forgery (SSRF) vulnerability exists in the jpress <= v5.1.1, which can be exploited by an attacker to obtain sensitive information, resulting in an information disclosure.
A Server-Side Request Forgery (SSRF) vulnerability exists in composiohq/composio version v0.4.2, specifically in the /api/actions/execute/WEBTOOL_SCRAPE_WEBSITE_CONTENT endpoint. This vulnerability al
Server-Side Request Forgery (SSRF) vulnerability in podigee Podigee podigee allows Server Side Request Forgery.This issue affects Podigee: from n/a through <= 1.4.0.
The ip (aka node-ip) package through 2.0.1 (in NPM) might allow SSRF because the IP address value 0 is improperly categorized as globally routable via isPublic. NOTE: this issue exists because of an i
New API is a large language mode (LLM) gateway and artificial intelligence (AI) asset management system. An authenticated Server-Side Request Forgery (SSRF) vulnerability exists in versions prior to 0
Flowise is a drag & drop user interface to build a customized large language model flow. Prior to 3.1.0, a Server-Side Request Forgery (SSRF) protection bypass vulnerability exists in the Custom Funct
Page 1+ Next →