rok Python ProxyShare can be used as an SSRF proxy through absolute URL paths

Summary Alice exposes a Python SDK ProxyShare with a fixed target URL. Bob sends a request to the share with an absolute URL in the path. The Flask handler passes that path to urllib.parse.urljoin, which replaces Alice's configured target host with Bob's host and returns the server-side response ...

GHSA-JH67-HWQW-M5R7 rok Python ProxyShare can be used as an SSRF proxy through absolute URL paths

Summary Alice exposes a Python SDK ProxyShare with a fixed target URL. Bob sends a request to the share with an absolute URL in the path. The Flask handler passes that path to urllib.parse.urljoin, which replaces Alice's configured target host with Bob's host and returns the server-side response ...

EUVD-2026-16313

Tandoor Recipes is an application for managing recipes, planning meals, and building shopping lists. Versions up to and including 2.5.3 set ALLOWEDHOSTS = '' by default, which causes Django to accept any value in the HTTP Host header without validation. The application uses request.buildabsoluteu...

Server-side Request Forgery (SSRF)

Overview Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the URL construction process. An attacker can cause requests, including authentication headers, cookies, or tokens, to be sent to an attacker-controlled host by supplying a crafted absolute URL as th...

CVE-2026-33182 Saloon is vulnerable to SSRF and credential leakage via absolute URL in endpoint overriding base URL

Saloon is a PHP library that gives users tools to build API integrations and SDKs. Prior to version 4.0.0, when building the request URL, Saloon combined the connector's base URL with the request endpoint. If the endpoint was a valid absolute URL, the code used that URL as-is and ignored the base...

EUVD-2026-16058

Saloon is vulnerable to SSRF and credential leakage via absolute URL in endpoint overriding base URL...

GHSA-C83F-3XP6-HFCP Saloon is vulnerable to SSRF and credential leakage via absolute URL in endpoint overriding base URL

Impact Users providing user generated input into the resolveEndpoint method on requests. Patches Upgrade to Saloon v4+ Upgrade guide: https://docs.saloon.dev/upgrade/upgrading-from-v3-to-v4 Description When building the request URL, Saloon combined the connector's base URL with the request...

CVE-2023-49799

nuxt-api-party is an open source module to proxy API requests. nuxt-api-party attempts to check if the user has passed an absolute URL to prevent the aforementioned attack. This has been recently changed to use the regular expression ^https?://, however this regular expression can be bypassed by ...

SUSE CVE-2025-67713

Miniflux 2 is an open source feed reader. Versions 2.2.14 and below treat redirecturl as safe when url.Parse....IsAbs is false, enabling phishing flows after login. Protocol-relative URLs like //ikotaslabs.com have an empty scheme and pass that check, allowing post-login redirects to...

Server-side Request Forgery (SSRF)

Overview Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the path parameter when an absolute URL is provided, causing the baseuri to be ignored. An attacker can cause sensitive credentials such as API keys to be sent to unintended third-party hosts or forc...

httparty Has Potential SSRF Vulnerability That Leads to API Key Leakage

Summary There may be an SSRF vulnerability in httparty. This issue can pose a risk of leaking API keys, and it can also allow third parties to issue requests to internal servers. Details When httparty receives a path argument that is an absolute URL, it ignores the baseuri field. As a result, if ...

GHSA-HM5P-X4RQ-38W4 httparty Has Potential SSRF Vulnerability That Leads to API Key Leakage

Summary There may be an SSRF vulnerability in httparty. This issue can pose a risk of leaking API keys, and it can also allow third parties to issue requests to internal servers. Details When httparty receives a path argument that is an absolute URL, it ignores the baseuri field. As a result, if ...

Possible SSRF and Credential Leakage via Absolute URL in axios Requests

...

Security update for pgadmin4

This update for pgadmin4 fixes the following issues: CVE-2025-27152: Fixed SSRF and creadential leakage due to requests sent to absolute URL even when baseURL is set bsc1239308 CVE-2023-1907: Fixed an issue which could result in users being authenticated in another user's session if two users...

SUSE-SU-2025:01326-1 Security update for pgadmin4

This update for pgadmin4 fixes the following issues: - CVE-2025-27152: Fixed SSRF and creadential leakage due to requests sent to absolute URL even when baseURL is set bsc1239308 - CVE-2023-1907: Fixed an issue which could result in users being authenticated in another user's session if two users...

Security update for pgadmin4

This update for pgadmin4 fixes the following issues: CVE-2025-27152: axios: Fixed SSRF and creadential leakage due to requests sent to absolute URL even when baseURL is set bsc1239308 Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST...

GHSA-JR5F-V2JV-69X6 axios Requests Vulnerable To Possible SSRF and Credential Leakage via Absolute URL

Summary A previously reported issue in axios demonstrated that using protocol-relative URLs could lead to SSRF Server-Side Request Forgery. Reference: axios/axios6463 A similar problem that occurs when passing absolute URLs rather than protocol-relative URLs to axios has been identified. Even if...

axios Requests Vulnerable To Possible SSRF and Credential Leakage via Absolute URL

Summary A previously reported issue in axios demonstrated that using protocol-relative URLs could lead to SSRF Server-Side Request Forgery. Reference: axios/axios6463 A similar problem that occurs when passing absolute URLs rather than protocol-relative URLs to axios has been identified. Even if...

CVE-2025-27152

axios is a promise based HTTP client for the browser and node.js. The issue occurs when passing absolute URLs rather than protocol-relative URLs to axios. Even if ⁠baseURL is set, axios sends the request to the specified absolute URL, potentially causing SSRF and credential leakage. This issue...

CVE-2025-27152 Possible SSRF and Credential Leakage via Absolute URL in axios Requests

axios is a promise based HTTP client for the browser and node.js. The issue occurs when passing absolute URLs rather than protocol-relative URLs to axios. Even if ⁠baseURL is set, axios sends the request to the specified absolute URL, potentially causing SSRF and credential leakage. This issue...