Imgproxy < 3.27.2 - Server-Side Request Forgery (SSRF)

imgproxy contains an issue caused by not blocking the 0.0.0.0 address even when IMGPROXYALLOWLOOPBACKSOURCEADDRESSES is set to false, letting local services be exposed, exploit requires network access. id: CVE-2025-24354 info: name: Imgproxy 3.27.2 - Server-Side Request Forgery SSRF author:...

Imgproxy < 3.14.0 - Cross-site Scripting (XSS)

Cross-site Scripting XSS - Reflected in GitHub repository imgproxy/imgproxy prior to 3.14.0. id: CVE-2023-1496 info: name: Imgproxy 3.14.0 - Cross-site Scripting XSS author: pdteam severity: medium description: Cross-site Scripting XSS - Reflected in GitHub repository imgproxy/imgproxy prior to...

Imgproxy <= 3.14.0 - Server-side request forgery (SSRF)

imgproxy =3.14.0 is vulnerable to Server-Side Request Forgery SSRF due to a lack of sanitization of the imageURL parameter. id: CVE-2023-30019 info: name: Imgproxy = 3.14.0 - Server-side request forgery SSRF author: DhiyaneshDK severity: medium description: | imgproxy =3.14.0 is vulnerable to...

VulnCheck KEV: CVE-2025-24354

imgproxy is server for resizing, processing, and converting images. Imgproxy does not block the 0.0.0.0 address, even with IMGPROXYALLOWLOOPBACKSOURCEADDRESSES set to false. This can expose services on the local host. This vulnerability is fixed in 3.27.2...

EUVD-2025-0172

Malicious code in bioql PyPI...

Linux Distros Unpatched Vulnerability : CVE-2020-25788

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in Tiny Tiny RSS aka tt-rss before 2020-09-16. imgproxy in plugins/afproxyhttp/init.php mishandles $REQUESTurl in an error message...

CVE-2025-24354

imgproxy is server for resizing, processing, and converting images. Imgproxy does not block the 0.0.0.0 address, even with IMGPROXYALLOWLOOPBACKSOURCEADDRESSES set to false. This can expose services on the local host. This vulnerability is fixed in 3.27.2...

CVE-2023-30019

imgproxy =3.14.0 is vulnerable to Server-Side Request Forgery SSRF due to a lack of sanitization of the imageURL parameter...

CVE-2023-1496

Cross-site Scripting XSS - Reflected in GitHub repository imgproxy/imgproxy prior to 3.14.0...

Server-Side Request Forgery (SSRF)

github.com/imgproxy/imgproxy is vulnerable to Server-Side Request Forgery SSRF. The vulnerability is due to improper restriction of loopback addresses, allowing access to local services by not blocking the 0.0.0.0 address even when IMGPROXYALLOWLOOPBACKSOURCEADDRESSES is set to false...

SUSE CVE-2025-24354

imgproxy is server for resizing, processing, and converting images. Imgproxy does not block the 0.0.0.0 address, even with IMGPROXYALLOWLOOPBACKSOURCEADDRESSES set to false. This can expose services on the local host. This vulnerability is fixed in 3.27.2...

GO-2025-3422 imgproxy is vulnerable to SSRF against 0.0.0.0 in github.com/imgproxy/imgproxy

imgproxy is vulnerable to SSRF against 0.0.0.0 in github.com/imgproxy/imgproxy...

imgproxy is vulnerable to SSRF against 0.0.0.0

Summary Imgproxy does not block the 0.0.0.0 address, even with IMGPROXYALLOWLOOPBACKSOURCEADDRESSES set to false. This can expose services on the local host. Details imgproxy protects against SSRF against a loopback address with the following check source: if !config.AllowLoopbackSourceAddresses ...

GHSA-J2HP-6M75-V4J4 imgproxy is vulnerable to SSRF against 0.0.0.0

Summary Imgproxy does not block the 0.0.0.0 address, even with IMGPROXYALLOWLOOPBACKSOURCEADDRESSES set to false. This can expose services on the local host. Details imgproxy protects against SSRF against a loopback address with the following check source: if !config.AllowLoopbackSourceAddresses ...

CVE-2025-24354

imgproxy is server for resizing, processing, and converting images. Imgproxy does not block the 0.0.0.0 address, even with IMGPROXYALLOWLOOPBACKSOURCEADDRESSES set to false. This can expose services on the local host. This vulnerability is fixed in 3.27.2...

CVE-2025-24354

Imgproxy (affected version: prior to 3.27.2) is vulnerable to SSRF through the 0.0.0.0 address when IMGPROXY_ALLOW_LOOPBACK_SOURCE_ADDRESSES is false. The check only blocks loopback addresses (127.x.x.x) and does not consider 0.0.0.0, allowing access to local-host services. The issue is confirmed...

CVE-2025-24354 imgproxy is vulnerable to SSRF against 0.0.0.0

imgproxy is server for resizing, processing, and converting images. Imgproxy does not block the 0.0.0.0 address, even with IMGPROXYALLOWLOOPBACKSOURCEADDRESSES set to false. This can expose services on the local host. This vulnerability is fixed in 3.27.2...

CVE-2025-24354 imgproxy is vulnerable to SSRF against 0.0.0.0

imgproxy is server for resizing, processing, and converting images. Imgproxy does not block the 0.0.0.0 address, even with IMGPROXYALLOWLOOPBACKSOURCEADDRESSES set to false. This can expose services on the local host. This vulnerability is fixed in 3.27.2...

imgproxy 代码问题漏洞

imgproxy is imgproxy individual developer's fast and secure standalone server for tweaking and converting remote mirrors. A code issue vulnerability exists in imgproxy that stems from the presence of a server-side request forgery vulnerability against 0.0.0.0...

PT-2025-5337 · Imgproxy +1 · Imgproxy +1

Name of the Vulnerable Software and Affected Versions: imgproxy versions prior to 3.27.2 Description: The issue concerns imgproxy, a server for resizing, processing, and converting images. It does not block the 0.0.0.0 address, even when IMGPROXY ALLOW LOOPBACK SOURCE ADDRESSES is set to false...