Search for packages
| purl | pkg:npm/rsshub@1.0.0-master.bb3f9cd |
| Next non-vulnerable version | 1.0.0-master.c910c4d |
| Latest non-vulnerable version | 1.0.0-master.e2a57e4 |
| Risk | 4.0 |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-gb6h-xzdu-63g6
Aliases: CVE-2022-31110 GHSA-jvxx-v45p-v5vf GMS-2022-2614 |
Denial of Service (DoS) vulnerability in RSSHub ### Impact Passing some special values to the `filter` and `filterout` parameters can cause an abnormally high CPU. Impact on the performance of the servers and RSSHub services. ### Patches It is fixed in 5c4177441417b44a6e45c3c63e9eac2504abeb5b , please update to this or the later versions as soon as possible. ### References Full report: https://github.com/DIYgod/RSSHub/issues/10045 ### For more information If you have any questions or comments about this advisory: * Open an issue in <https://github.com/DIYgod/RSSHub/issues> * Email us at [i@diygod.me](mailto:i@diygod.me) ### Credits @Rongronggg9 | There are no reported fixed by versions. |
|
VCID-syn8-e3ey-9baw
Aliases: CVE-2021-21278 GHSA-pgjj-866w-fc5c |
Injection Vulnerability RSSHub is an open source, easy to use, and extensible RSS feed generator. In RSSHub, there is a risk of code injection. Some routes use `eval` or `Function constructor`, which may be injected by the target site with unsafe code, causing server-side security issues. |
Affected by 1 other vulnerability. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| This package is not known to fix vulnerabilities. | ||
| Date | Actor | Action | Vulnerability | Source | VulnerableCode Version |
|---|---|---|---|---|---|
| 2026-06-06T02:38:31.831269+00:00 | GitLab Importer | Affected by | VCID-gb6h-xzdu-63g6 | https://gitlab.com/gitlab-org/advisories-community/-/blob/main/npm/rsshub/GMS-2022-2614.yml | 38.6.0 |
| 2026-06-04T20:43:51.171584+00:00 | GitLab Importer | Affected by | VCID-syn8-e3ey-9baw | https://gitlab.com/gitlab-org/advisories-community/-/blob/main/npm/rsshub/CVE-2021-21278.yml | 38.6.0 |