CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

18 matches found

Positive Technologies•added 2026/02/25 12:0 a.m.•5 views

PT-2026-21933

Name of the Vulnerable Software and Affected Versions esm.sh versions prior to 137 Description esm.sh is susceptible to a full-response Server-Side Request Forgery SSRF issue. This allows an attacker to retrieve information from internal websites. The issue resides in the routing logic,...

9.9CVSS5.4AI score0.00733EPSS

Exploits44References122

EUVD•added 2025/10/03 8:7 p.m.•4 views

EUVD-2023-0298

Malicious code in bioql PyPI...

5.3CVSS5.5AI score0.00089EPSS

Exploits1References4

RedhatCVE•added 2025/05/23 3:22 a.m.•6 views

CVE-2023-24622

isInList in the safeurl-python package before 1.2 for Python has an insufficiently restrictive regular expression for external domains, leading to SSRF...

5.3CVSS6.8AI score0.00089EPSS

Exploits1References1

OSV•added 2023/06/29 3:2 p.m.•40 views

GHSA-373W-RJ84-PV6X SafeURL-Python's hostname blocklist does not block FQDNs

Description If a hostname was blacklisted, it was possible to bypass the blacklist by requesting the FQDN of the host e.g. adding . to the end. Impact The main purpose of this library is to block requests to internal/private IPs and these cannot be bypassed using this finding. But if a library us...

7AI score

Exploits0References4

Github Security Blog•added 2023/06/29 3:2 p.m.•534 views

SafeURL-Python's hostname blocklist does not block FQDNs

6.8AI score

Exploits0References4Affected Software1

Positive Technologies•added 2023/06/29 12:0 a.m.•2 views

PT-2023-32967 · Pypi · Safeurl-Python

Name of the Vulnerable Software and Affected Versions: safeurl-python affected versions not specified Description: The issue allows bypassing of blacklisted hostnames by requesting the FQDN of the host, for example, by adding a . to the end. This could enable an attacker to circumvent blocks set ...

6.9AI score

Exploits0References5

OSV•added 2023/01/30 6:30 a.m.•2 views

GHSA-RW83-V3PW-M362 Withdrawn: safeurl-python contains Server-Side Request Forgery

Withdrawn This advisory has been withdrawn as a duplicate of GHSA-jgh8-vchw-q3g7. Original Description isInList in the safeurl-python package before 1.2 for Python has an insufficiently restrictive regular expression for external domains, leading to SSRF...

5.3CVSS5.2AI score0.00089EPSS

Exploits1References3

Github Security Blog•added 2023/01/30 6:30 a.m.•31 views

Withdrawn: safeurl-python contains Server-Side Request Forgery

5.3CVSS2.3AI score0.00089EPSS

Exploits1References3Affected Software1

OSV•added 2023/01/30 5:15 a.m.•1 views

CVE-2023-24622

isInList in the safeurl-python package before 1.2 for Python has an insufficiently restrictive regular expression for external domains, leading to SSRF...

5.3CVSS6.1AI score

Exploits0References1

NVD•added 2023/01/30 5:15 a.m.•12 views

CVE-2023-24622

isInList in the safeurl-python package before 1.2 for Python has an insufficiently restrictive regular expression for external domains, leading to SSRF...

5.3CVSS5.3AI score0.00089EPSS

Exploits1References1

Prion•added 2023/01/30 5:15 a.m.•23 views

Server side request forgery (ssrf)

isInList in the safeurl-python package before 1.2 for Python has an insufficiently restrictive regular expression for external domains, leading to SSRF...

5CVSS5.3AI score0.00089EPSS

Exploits1References1Affected Software1

PyPA•added 2023/01/30 5:15 a.m.•5 views

PYSEC-2023-298

isInList in the safeurl-python package before 1.2 for Python has an insufficiently restrictive regular expression for external domains, leading to SSRF...

5.3CVSS7AI score0.00089EPSS

Exploits1References2Affected Software1

Cvelist•added 2023/01/30 12:0 a.m.•17 views

CVE-2023-24622

isInList in the safeurl-python package before 1.2 for Python has an insufficiently restrictive regular expression for external domains, leading to SSRF...

5.6AI score0.00089EPSS

Exploits1References1

Vulnrichment•added 2023/01/30 12:0 a.m.•4 views

CVE-2023-24622

isInList in the safeurl-python package before 1.2 for Python has an insufficiently restrictive regular expression for external domains, leading to SSRF...

5.5AI score0.00089EPSS

Exploits1References1

CVE•added 2023/01/30 12:0 a.m.•81 views

CVE-2023-24622

CVE-2023-24622 affects the safeurl-python package (Python) prior to 1.2. The vulnerability stems from an insufficiently restrictive regular expression in isInList for external domains, enabling server-side request forgery (SSRF). Multiple sources (NVD, Red Hat, OSV, PRION, others) corroborate the...

5.3CVSS5.3AI score0.00089EPSS

Exploits1References1Affected Software1

CNNVD•added 2023/01/30 12:0 a.m.•1 views

SafeURL for Python 代码问题漏洞

SafeURL for Python is an open source library from Include Security. To help developers prevent a class of vulnerabilities called server-side request forgery . SafeURL for Python prior to version 1.2 has a security vulnerability that stems from an insufficient restriction of regular expressions in...

5.3CVSS5.6AI score0.00089EPSS

Exploits1References2

OSV•added 2023/01/27 1:4 a.m.•29 views

GHSA-JGH8-VCHW-Q3G7 safeurl-python contains Server-Side Request Forgery

Description In SafeURL it is possible to specify a list of domains that should be matched before a request is sent out. The regex used to compare domains did not work as intended. Impact The regex used was: re.match"?i^%s" % domain, value This has two problems, first that only the beginning and n...

6.9CVSS5.2AI score0.00089EPSS

Exploits1References4

Github Security Blog•added 2023/01/27 1:4 a.m.•64 views

safeurl-python contains Server-Side Request Forgery

5.3CVSS5.5AI score0.00089EPSS

Exploits1References4Affected Software1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by