VulnerableCode Package Details - pkg:npm/rsshub@1.0.0-master.a66cbcf

Search for packages

Vulnerability	Summary	Fixed by
VCID-pkz1-skk1-qkae Aliases: CVE-2023-26491 GHSA-32gr-4cq6-5w5q GMS-2023-534	Duplicate This advisory duplicates another.	1.0.0-master.c910c4d Affected by 0 other vulnerabilities.
VCID-w5uc-r4pz-8feb Aliases: CVE-2023-22493 GHSA-64wp-jh9p-5cg2 GMS-2023-27	RSSHub is an open source RSS feed generator. RSSHub is vulnerable to Server-Side Request Forgery (SSRF) attacks. This vulnerability allows an attacker to send arbitrary HTTP requests from the server to other servers or resources on the network. An attacker can exploit this vulnerability by sending a request to the affected routes with a malicious URL. An attacker could also use this vulnerability to send requests to internal or any other servers or resources on the network, potentially gain access to sensitive information that would not normally be accessible and amplifying the impact of the attack. The patch for this issue can be found in commit a66cbcf.	1.0.0-master.e2a57e4 Affected by 0 other vulnerabilities.

Vulnerability

Summary

Fixed by

VCID-pkz1-skk1-qkae
Aliases:
CVE-2023-26491
GHSA-32gr-4cq6-5w5q
GMS-2023-534

Duplicate This advisory duplicates another.

1.0.0-master.c910c4d
Affected by 0 other vulnerabilities.

VCID-w5uc-r4pz-8feb
Aliases:
CVE-2023-22493
GHSA-64wp-jh9p-5cg2
GMS-2023-27

RSSHub is an open source RSS feed generator. RSSHub is vulnerable to Server-Side Request Forgery (SSRF) attacks. This vulnerability allows an attacker to send arbitrary HTTP requests from the server to other servers or resources on the network. An attacker can exploit this vulnerability by sending a request to the affected routes with a malicious URL. An attacker could also use this vulnerability to send requests to internal or any other servers or resources on the network, potentially gain access to sensitive information that would not normally be accessible and amplifying the impact of the attack. The patch for this issue can be found in commit a66cbcf.

1.0.0-master.e2a57e4
Affected by 0 other vulnerabilities.

Vulnerability	Summary	Aliases
VCID-w5uc-r4pz-8feb	RSSHub is an open source RSS feed generator. RSSHub is vulnerable to Server-Side Request Forgery (SSRF) attacks. This vulnerability allows an attacker to send arbitrary HTTP requests from the server to other servers or resources on the network. An attacker can exploit this vulnerability by sending a request to the affected routes with a malicious URL. An attacker could also use this vulnerability to send requests to internal or any other servers or resources on the network, potentially gain access to sensitive information that would not normally be accessible and amplifying the impact of the attack. The patch for this issue can be found in commit a66cbcf.	CVE-2023-22493 GHSA-64wp-jh9p-5cg2 GMS-2023-27

Vulnerability

Summary

Aliases

VCID-w5uc-r4pz-8feb

CVE-2023-22493
GHSA-64wp-jh9p-5cg2
GMS-2023-27

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-06-06T03:31:56.102225+00:00	GitLab Importer	Affected by	VCID-pkz1-skk1-qkae	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/npm/rsshub/CVE-2023-26491.yml	38.6.0
2026-06-06T03:22:56.329823+00:00	GitLab Importer	Affected by	VCID-w5uc-r4pz-8feb	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/npm/rsshub/CVE-2023-22493.yml	38.6.0
2026-06-04T17:16:56.088934+00:00	GithubOSV Importer	Fixing	VCID-w5uc-r4pz-8feb	https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2023/01/GHSA-64wp-jh9p-5cg2/GHSA-64wp-jh9p-5cg2.json	38.6.0