CVE-2025-8020
All versions of the package private-ip are vulnerable to Server-Side Request Forgery SSRF where an attacker can provide an IP or hostname that resolves to a multicast IP address 224.0.0.0/4 which is not included as part of the private IP ranges in the package's source code...