GO-2025-4154 new-api is vulnerable to SSRF Bypass in one-api

new-api is vulnerable to SSRF Bypass in one-api. NOTE: The source advisory for this report contains additional versions that could not be automatically mapped to standard Go module versions. If this is causing false-positive reports from vulnerability scanners, please suggest an edit to the repor...

EUVD-2025-11934

Malicious code in bioql PyPI...

CVE-2024-56516

free-one-api allows users to access large language model reverse engineering libraries through the standard OpenAI API format. In versions up to and including 1.0.1, MD5 is used to hash passwords before sending them to the backend. MD5 is a cryptographically broken hashing algorithm and is no...

Cross-Site Scripting (XSS)

github.com/songquanpeng/one-api is vulnerable to Cross-Site Scripting XSS. The vulnerability is due to improper input validation and sanitization of the argument "Homepage Content/About System/Footer.", allows malicious content to be injected and executed in the user's browser...

CVE-2025-3801

A vulnerability was found in songquanpeng one-api up to 0.6.10. It has been classified as problematic. This affects an unknown part of the component System Setting Handler. The manipulation of the argument Homepage Content/About System/Footer leads to cross site scripting. It is possible to...

SUSE CVE-2025-3801

A vulnerability was found in songquanpeng one-api up to 0.6.10. It has been classified as problematic. This affects an unknown part of the component System Setting Handler. The manipulation of the argument Homepage Content/About System/Footer leads to cross site scripting. It is possible to...

GO-2025-3636 one-api Cross-site Scripting vulnerability in github.com/songquanpeng/one-api

one-api Cross-site Scripting vulnerability in github.com/songquanpeng/one-api...

GHSA-WVCX-J62Q-45QW one-api Cross-site Scripting vulnerability

A vulnerability was found in songquanpeng one-api up to 0.6.10. It has been classified as problematic. This affects an unknown part of the component System Setting Handler. The manipulation of the argument Homepage Content leads to cross site scripting. It is possible to initiate the attack...

one-api Cross-site Scripting vulnerability

A vulnerability was found in songquanpeng one-api up to 0.6.10. It has been classified as problematic. This affects an unknown part of the component System Setting Handler. The manipulation of the argument Homepage Content leads to cross site scripting. It is possible to initiate the attack...

CVE-2025-3801

A vulnerability was found in songquanpeng one-api up to 0.6.10. It has been classified as problematic. This affects an unknown part of the component System Setting Handler. The manipulation of the argument Homepage Content/About System/Footer leads to cross site scripting. It is possible to...

CVE-2025-3801

CVE-2025-3801 refers to a cross-site scripting vulnerability in github.com/songquanpeng/one-api up to version 0.6.10. The weakness is in the System Setting Handler where manipulating the arguments Homepage Content/About System/Footer can lead to XSS. The issue is exploitable remotely and, per lin...

CVE-2025-3801 songquanpeng one-api System Setting cross site scripting

A vulnerability was found in songquanpeng one-api up to 0.6.10. It has been classified as problematic. This affects an unknown part of the component System Setting Handler. The manipulation of the argument Homepage Content/About System/Footer leads to cross site scripting. It is possible to...

CVE-2025-3801 songquanpeng one-api System Setting cross site scripting

A vulnerability was found in songquanpeng one-api up to 0.6.10. It has been classified as problematic. This affects an unknown part of the component System Setting Handler. The manipulation of the argument Homepage Content/About System/Footer leads to cross site scripting. It is possible to...

PT-2025-17378 · Unknown · Songquanpeng One-Api

Name of the Vulnerable Software and Affected Versions: songquanpeng one-api versions up to 0.6.10 Description: A vulnerability was found in the System Setting Handler component, allowing for cross-site scripting through the manipulation of the Homepage Content argument. This issue can be exploite...

One API 代码注入漏洞

One API is an LLM API management and distribution system for JustSong individual developers. A code injection vulnerability exists in One API version 0.6.10 and earlier, which stems from a cross-site scripting attack caused by the operation of the Homepage Content parameter in the System Settings...

CVE-2024-56516

free-one-api allows users to access large language model reverse engineering libraries through the standard OpenAI API format. In versions up to and including 1.0.1, MD5 is used to hash passwords before sending them to the backend. MD5 is a cryptographically broken hashing algorithm and is no...

CVE-2024-56516

CVE-2024-56516 affects free-one-api up to version 1.0.1, where MD5 is used to hash passwords before sending to the backend. This hashing approach is cryptographically broken and vulnerable to collision attacks, exposing potential credential compromise. The available connected documents specify th...

CVE-2024-56516 free-one-api uses md5 for password storage

free-one-api allows users to access large language model reverse engineering libraries through the standard OpenAI API format. In versions up to and including 1.0.1, MD5 is used to hash passwords before sending them to the backend. MD5 is a cryptographically broken hashing algorithm and is no...

PT-2024-36826 · Unknown · Free-One-Api

Name of the Vulnerable Software and Affected Versions: free-one-api versions up to and including 1.0.1 Description: The issue concerns the use of MD5, a cryptographically broken hashing algorithm, to hash passwords before sending them to the backend. This makes it vulnerable to collision attacks...

PT-2023-12847 · Intel · Intel Oneapi Toolkit +1

Name of the Vulnerable Software and Affected Versions: IntelR C++ Compiler Classic versions prior to 2021.6 IntelR oneAPI Toolkits versions prior to 2022.2 Description: The issue is related to improper handling of Unicode encoding in source code compiled by the IntelR C++ Compiler Classic. This m...