Server-Side Request Forgery (SSRF)

FrontMCP is vulnerable to Server-Side Request Forgery SSRF. The vulnerability is due to unsafe dereferencing of $ref pointers in OpenAPI specifications without URL restrictions, which allows an attacker to trigger requests to internal network resources or read local files through malicious OpenAP...

Orval command injection vulnerability

Orval is an open-source interface development tool developed by Orval. Versions of Orval 7.19.0 and earlier, as well as versions 8.0.0-rc.0 to 8.0.2, have a command injection vulnerability. This vulnerability stems from untrusted OpenAPI specifications that allow arbitrary TypeScript/JavaScript...

CVE-2026-24132

Orval generates type-safe JS clients TypeScript from any valid OpenAPI v3 or Swagger v2 specification. Versions 7.19.0 and below and 8.0.0-rc.0 through 8.0.2 allow untrusted OpenAPI specifications to inject arbitrary TypeScript/JavaScript into generated mock files via the const keyword on schema...

CVE-2025-69222

LibreChat is a ChatGPT clone with additional features. Version 0.8.1-rc2 is prone to a server-side request forgery SSRF vulnerability due to missing restrictions of the Actions feature in the default configuration. LibreChat enables users to configure agents with predefined instructions and actio...

CVE-2025-69222

LibreChat is a ChatGPT clone with additional features. Version 0.8.1-rc2 is prone to a server-side request forgery SSRF vulnerability due to missing restrictions of the Actions feature in the default configuration. LibreChat enables users to configure agents with predefined instructions and actio...

EUVD-2025-199888

LibreChat is a ChatGPT clone with additional features. Prior to version 0.8.1-rc2, LibreChat is vulnerable to Server-side Request Forgery SSRF, by passing specially crafted OpenAPI specs to its "Actions" feature and making the LLM use those actions. It could be used by an authenticated user with...

CVE-2025-66201

CVE-2025-66201 affects LibreChat. The vulnerability is a Server-Side Request Forgery (SSRF) in the LibreChat tions feature that can be triggered by passing specially crafted OpenAPI specs, allowing an authenticated user with access to the feature to reach URLs only accessible to the LibreChat se...

How to Make API Security an Integral Part of Your Application Security Strategy

The farther your organization travels down the digital transformation path, the more critical API protection is to your overall security posture. Every day, your development teams are innovating; they rely more on microservices to save time and money as they automate business-to-business processe...

GHSA-Q7PF-QR96-2VQ5 Deserialization of Untrusted Data in swagger-parser

A vulnerability in Swagger-Parser's version = 1.0.30 yaml parsing functionality results in arbitrary code being executed when a maliciously crafted yaml Open-API specification is parsed. This in particular, affects the 'generate' and 'validate' command in swagger-codegen = 2.2.2 and can lead to...