8 matches found
CVE-2026-34225 Open WebUI has Blind Server Side Request Forgery in its Image Edit Functionality
Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Versions 0.7.2 and below contain a Blind Server Side Request Forgery in the functionality that allows editing an image via a prompt. The affected function performs a GET request to a user-provided U...
EUVD-2025-18953
Malicious code in bioql PyPI...
EUVD-2022-51562
Malicious code in bioql PyPI...
GHSA-H5GC-RM8J-5GPR LangChain Community SSRF vulnerability exists in RequestsToolkit component
A Server-Side Request Forgery SSRF vulnerability exists in the RequestsToolkit component of the langchain-community package specifically, langchaincommunity.agenttoolkits.openapi.toolkit.RequestsToolkit in langchain-ai/langchain version 0.0.27. This vulnerability occurs because the toolkit does n...
PYSEC-2025-70
A Server-Side Request Forgery SSRF vulnerability exists in the RequestsToolkit component of the langchain-community package specifically, langchaincommunity.agenttoolkits.openapi.toolkit.RequestsToolkit in langchain-ai/langchain version 0.0.27. This vulnerability occurs because the toolkit does n...
PT-2025-26643 · Langchain Ai · Langchain
Name of the Vulnerable Software and Affected Versions: langchain-ai/langchain version 0.0.27 Description: A Server-Side Request Forgery SSRF vulnerability exists in the RequestsToolkit component of the langchain-community package. This vulnerability occurs because the toolkit does not enforce...
CVE-2022-4201
A blind SSRF in GitLab CE/EE affecting all from 11.3 prior to 15.4.6, 15.5 prior to 15.5.5, and 15.6 prior to 15.6.1 allows an attacker to connect to local addresses when configuring a malicious GitLab Runner...
UBUNTU-CVE-2022-4201
A blind SSRF in GitLab CE/EE affecting all from 11.3 prior to 15.4.6, 15.5 prior to 15.5.5, and 15.6 prior to 15.6.1 allows an attacker to connect to local addresses when configuring a malicious GitLab Runner...