EPSS
Percentile
78.8%
rsshub is vulnerable to remote code execution. An attacker is able to inject malicious code via the eval or Function constructor which allows an attacker to inject and execute codes in the system.
eval
Function constructor
github.com/DIYgod/RSSHub/commit/7f1c43094e8a82e4d8f036ff7d42568fed00699d
github.com/DIYgod/RSSHub/security/advisories/GHSA-pgjj-866w-fc5c
www.npmjs.com/package/rsshub