Search for packages
| purl | pkg:npm/rsshub@1.0.0-master.2191ece |
| Next non-vulnerable version | 1.0.0-master.a429472 |
| Latest non-vulnerable version | 1.0.0-master.e2a57e4 |
| Risk | 4.0 |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-71kw-1vvk-wyfg
Aliases: CVE-2024-27927 GHSA-3p3p-cgj7-vgw3 |
RSSHub vulnerable to Server-Side Request Forgery ### Summary Serveral Server-Side Request Forgery (SSRF) vulnerabilities in RSSHub allow remote attackers to use the server as a proxy to send HTTP GET requests to arbitrary targets and retrieve information in the internal network or conduct Denial-of-Service (DoS) attacks. |
Affected by 0 other vulnerabilities. |
|
VCID-gb6h-xzdu-63g6
Aliases: CVE-2022-31110 GHSA-jvxx-v45p-v5vf GMS-2022-2614 |
Denial of Service (DoS) vulnerability in RSSHub ### Impact Passing some special values to the `filter` and `filterout` parameters can cause an abnormally high CPU. Impact on the performance of the servers and RSSHub services. ### Patches It is fixed in 5c4177441417b44a6e45c3c63e9eac2504abeb5b , please update to this or the later versions as soon as possible. ### References Full report: https://github.com/DIYgod/RSSHub/issues/10045 ### For more information If you have any questions or comments about this advisory: * Open an issue in <https://github.com/DIYgod/RSSHub/issues> * Email us at [i@diygod.me](mailto:i@diygod.me) ### Credits @Rongronggg9 | There are no reported fixed by versions. |
|
VCID-pkz1-skk1-qkae
Aliases: CVE-2023-26491 GHSA-32gr-4cq6-5w5q GMS-2023-534 |
Duplicate This advisory duplicates another. |
Affected by 0 other vulnerabilities. |
|
VCID-syn8-e3ey-9baw
Aliases: CVE-2021-21278 GHSA-pgjj-866w-fc5c |
Injection Vulnerability RSSHub is an open source, easy to use, and extensible RSS feed generator. In RSSHub, there is a risk of code injection. Some routes use `eval` or `Function constructor`, which may be injected by the target site with unsafe code, causing server-side security issues. |
Affected by 3 other vulnerabilities. |
|
VCID-w5uc-r4pz-8feb
Aliases: CVE-2023-22493 GHSA-64wp-jh9p-5cg2 GMS-2023-27 |
RSSHub is an open source RSS feed generator. RSSHub is vulnerable to Server-Side Request Forgery (SSRF) attacks. This vulnerability allows an attacker to send arbitrary HTTP requests from the server to other servers or resources on the network. An attacker can exploit this vulnerability by sending a request to the affected routes with a malicious URL. An attacker could also use this vulnerability to send requests to internal or any other servers or resources on the network, potentially gain access to sensitive information that would not normally be accessible and amplifying the impact of the attack. The patch for this issue can be found in commit a66cbcf. |
Affected by 2 other vulnerabilities. Affected by 0 other vulnerabilities. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| This package is not known to fix vulnerabilities. | ||
| Date | Actor | Action | Vulnerability | Source | VulnerableCode Version |
|---|---|---|---|---|---|
| 2026-06-06T04:44:11.177904+00:00 | GitLab Importer | Affected by | VCID-71kw-1vvk-wyfg | https://gitlab.com/gitlab-org/advisories-community/-/blob/main/npm/rsshub/CVE-2024-27927.yml | 38.6.0 |
| 2026-06-06T03:31:51.515428+00:00 | GitLab Importer | Affected by | VCID-pkz1-skk1-qkae | https://gitlab.com/gitlab-org/advisories-community/-/blob/main/npm/rsshub/CVE-2023-26491.yml | 38.6.0 |
| 2026-06-06T03:22:51.759350+00:00 | GitLab Importer | Affected by | VCID-w5uc-r4pz-8feb | https://gitlab.com/gitlab-org/advisories-community/-/blob/main/npm/rsshub/CVE-2023-22493.yml | 38.6.0 |
| 2026-06-06T02:38:27.541246+00:00 | GitLab Importer | Affected by | VCID-gb6h-xzdu-63g6 | https://gitlab.com/gitlab-org/advisories-community/-/blob/main/npm/rsshub/GMS-2022-2614.yml | 38.6.0 |
| 2026-06-04T20:43:49.185474+00:00 | GitLab Importer | Affected by | VCID-syn8-e3ey-9baw | https://gitlab.com/gitlab-org/advisories-community/-/blob/main/npm/rsshub/CVE-2021-21278.yml | 38.6.0 |