CVE-2026-26216

Crawl4AI versions prior to 0.8.0 contain a remote code execution vulnerability in the Docker API deployment. The /crawl endpoint accepts a hooks parameter containing Python code that is executed using exec. The import builtin was included in the allowed builtins, allowing unauthenticated remote...

EUVD-2025-11903

Malicious code in bioql PyPI...

Server-Side Request Forgery (SSRF)

Crawl4AI is vulnerable to Server-Side Request Forgery SSRF. The vulnerability is due to improper input validation and insufficient sanitization of user-controlled URLs in /crawl4ai/asyncdispatcher.py, allowing unauthorized internal network access...

adorable-cli (>=0.1.10 <=0.2.9), agent-memory-labs (>=0.1.0 <=0.1.14) +139 more potentially affected by CVE-2025-28197 via crawl4ai (>=0.3.5 <=0.8.6)

crawl4ai PYPI version =0.3.5, =0.1.10, =0.1.0, =0.2.1, =0.1.6, =0.1.0, =0.1.2, =0.1.0, =0.1.10, =0.10.0, =0.1.0, =2.0.1, =0.1.1, =0.1.2 and more Source cves: CVE-2025-28197 Source advisory: SNYK:PYTHON-CRAWL4AI-10116190...

GHSA-445M-27CF-GR3X Crawl4AI SSRF vulnerability

Crawl4AI =0.4.247 is vulnerable to SSRF in /crawl4ai/asyncdispatcher.py...

Crawl4AI SSRF vulnerability

Crawl4AI =0.4.247 is vulnerable to SSRF in /crawl4ai/asyncdispatcher.py...

CVE-2025-28197

Crawl4AI =0.4.247 is vulnerable to SSRF in /crawl4ai/asyncdispatcher.py...

CVE-2025-28197

Crawl4AI =0.4.247 is vulnerable to SSRF in /crawl4ai/asyncdispatcher.py...

CVE-2025-28197

CVE-2025-28197 relates to Crawl4AI