EUVD-2025-9704

Malicious code in bioql PyPI...

EUVD-2025-0240

Malicious code in bioql PyPI...

EUVD-2024-3613

Malicious code in bioql PyPI...

CVE-2022-41706

Browsershot version 3.57.2 allows an external attacker to remotely obtain arbitrary local files. This is possible because the application does not validate the URL protocol passed to the Browsershot::url method...

Browsershot Server-Side Request Forgery (SSRF) via setURL() Function

Versions of the package spatie/browsershot from 0.0.0 to 5.0.3 are vulnerable to Server-side Request Forgery SSRF in the setUrl function due to a missing restriction on user input, enabling attackers to access localhost and list all of its directories...

Improper Input Validation

Browsershot is vulnerable to Improper Input Validation. The vulnerability is due to missing validation checks due to the setHtml function failing to block file URI schemes, allowing an attacker to bypass restrictions by omitting slashes in the file path...

Browsershot Local File Inclusion

Versions of the package spatie/browsershot before 5.0.5 are vulnerable to Improper Input Validation due to improper URL validation through the setUrl method, which results in a Local File Inclusion allowing the attacker to read sensitive files. Note: This is a bypass of the fix for CVE-2024-21549...

CVE-2025-1026

Versions of the package spatie/browsershot before 5.0.5 are vulnerable to Improper Input Validation due to improper URL validation through the setUrl method, which results in a Local File Inclusion allowing the attacker to read sensitive files. Note: This is a bypass of the fix for CVE-2024-21549...

CVE-2025-1022

Versions of the package spatie/browsershot before 5.0.5 are vulnerable to Improper Input Validation in the setHtml function, invoked by Browsershot::html, which can be bypassed by omitting the slashes in the file URI e.g., file:../../../../etc/passwd. This is due to missing validations of the use...

CVE-2025-1022

Versions of spatie/browsershot before 5.0.5 are vulnerable to Improper Input Validation in the setHtml function, invoked by Browsershot::html(). An attacker can bypass validation by omitting slashes in the file URI (for example, file:../../../../etc/passwd), due to missing input filtering that sh...

CVE-2025-1026

Versions of the package spatie/browsershot before 5.0.5 are vulnerable to Improper Input Validation due to improper URL validation through the setUrl method, which results in a Local File Inclusion allowing the attacker to read sensitive files. Note: This is a bypass of the fix for CVE-2024-21549...

GHSA-C9F5-29F6-C35W Browsershot Improper Input Validation vulnerability

Versions of the package spatie/browsershot before 5.0.3 are vulnerable to Improper Input Validation due to improper URL validation through the setUrl method. An attacker can exploit this vulnerability by utilizing view-source:file://, which allows for arbitrary file reading on a local file. Note:...

Spatie Browsershot Directory Traversal vulnerability

Versions of the package spatie/browsershot before 5.0.2 are vulnerable to Directory Traversal due to URI normalisation in the browser where the file:// check can be bypassed with file:\. An attacker could read any file on the server by exploiting the normalization of \ into /...

CVE-2024-21547

Versions of the package spatie/browsershot before 5.0.2 are vulnerable to Directory Traversal due to URI normalisation in the browser where the file:// check can be bypassed with file:\. An attacker could read any file on the server by exploiting the normalization of \ into /...

CVE-2024-21547

Versions of the package spatie/browsershot before 5.0.2 are vulnerable to Directory Traversal due to URI normalisation in the browser where the file:// check can be bypassed with file:\. An attacker could read any file on the server by exploiting the normalization of \ into /...

Browsershot 安全漏洞

Browsershot is an open source tool from Spatie. It is used to convert web pages into images or pdfs. Browsershot 5.0.1 and earlier versions have a security vulnerability , the vulnerability stems from the vulnerability to directory traversal attacks , the attacker can read any file on the server...

Directory Traversal

Overview spatie/browsershot is a library for converting a webpage to an image or pdf using headless Chrome. Affected versions of this package are vulnerable to Directory Traversal due to URI normalisation in the browser where the file:// check can be bypassed with file:\. An attacker could read...

GHSA-G2R4-PHV7-5FGV Browsershot Local File Inclusion

Versions of the package spatie/browsershot before 5.0.1 are vulnerable to Improper Input Validation due to improper URL validation through the setUrl method. An attacker can exploit this vulnerability by using leading whitespace %20 before the file:// protocol, resulting in Local File Inclusion,...

Browsershot Local File Inclusion

Versions of the package spatie/browsershot before 5.0.1 are vulnerable to Improper Input Validation due to improper URL validation through the setUrl method. An attacker can exploit this vulnerability by using leading whitespace %20 before the file:// protocol, resulting in Local File Inclusion,...

CVE-2024-21544

Versions of the package spatie/browsershot before 5.0.1 are vulnerable to Improper Input Validation due to improper URL validation in the setUrl method. An attacker can exploit this vulnerability by using leading whitespace %20 before the file:// protocol, resulting in Local File Inclusion, which...