CVE-2023-22493

RSSHub is an open source RSS feed generator. RSSHub is vulnerable to Server-Side Request Forgery SSRF attacks. This vulnerability allows an attacker to send arbitrary HTTP requests from the server to other servers or resources on the network. An attacker can exploit this vulnerability by sending ...

CVE-2024-47179

RSSHub is an RSS network. Prior to commit 64e00e7, RSSHub's docker-test-cont.yml workflow is vulnerable to Artifact Poisoning, which could have lead to a full repository takeover. Downstream users of RSSHub are not vulnerable to this issue, and commit 64e00e7 fixed the underlying issue and made t...

RSSHub 安全漏洞

RSSHub is an RSS feed generator written in Node.js, distributed under the MIT license and maintained by DIYgod and other GitHub users. A security vulnerability exists in versions prior to RSSHub 1.0.0-master.a429472, which stems from a vulnerability that could allow a remote attacker to use the...

CVE-2024-27927 RSSHub vulnerable to SSRF in /mastodon, /zjoi, and /m4

RSSHub is an open source RSS feed generator. Prior to version 1.0.0-master.a429472, RSSHub allows remote attackers to use the server as a proxy to send HTTP GET requests to arbitrary targets and retrieve information in the internal network or conduct Denial-of-Service DoS attacks. The attacker ca...

CVE-2023-26491 RSSHub is vulnerable to cross-site scripting (XSS) via unvalidated URL parameters

RSSHub is an open source and extensible RSS feed generator. When the URL parameters contain certain special characters, it returns an error page that does not properly handle XSS vulnerabilities, allowing for the execution of arbitrary JavaScript code. Users who access the deliberately constructe...

PT-2023-20681 · Rsshub · Rsshub

Name of the Vulnerable Software and Affected Versions: RSSHub versions prior to c910c4d28717fb860fbe064736641f379fab2c91 Description: RSSHub is an open source and extensible RSS feed generator. When the URL parameters contain certain special characters, it returns an error page that does not...

CVE-2023-22493 RSSHub is vulnerable to SSRF (Server-Side Request Forgery)

RSSHub is an open source RSS feed generator. RSSHub is vulnerable to Server-Side Request Forgery SSRF attacks. This vulnerability allows an attacker to send arbitrary HTTP requests from the server to other servers or resources on the network. An attacker can exploit this vulnerability by sending ...

CVE-2022-31110 Denial of Service (DoS) vulnerability in RSSHub

RSSHub is an open source, extensible RSS feed generator. In commits prior to 5c4177441417 passing some special values to the filter and filterout parameters can cause an abnormally high CPU. This results in an impact on the performance of the servers and RSSHub services which may lead to a denial...