VulnerableCode Package Details - pkg:pypi/khoj-assistant@0.3.0

Staging Environment: Content and features may be unstable or change without notice.

Search for packages

Package details: pkg:pypi/khoj-assistant@0.3.0

Essentials
History (1)

purl	pkg:pypi/khoj-assistant@0.3.0

Next non-vulnerable version	1.14.0
Latest non-vulnerable version	1.14.0
Risk

Vulnerabilities affecting this package (1)

Vulnerability	Summary	Fixed by
VCID-qydt-a8c4-suh2 Aliases: GHSA-564j-v29w-rqr6	Khoj Open Redirect Vulnerability in Login Page ### Summary An attacker can use the `next` parameter on the login page to redirect a victim to a malicious page, while masking this using a legit-looking `app.khoj.dev` url. For example, `https://app.khoj.dev/login?next=//example.com` will redirect to the https://example.com page. ### Details The problem seems to be in this method: https://github.com/khoj-ai/khoj/blob/2667ef45449eb408ce1d7c393be04845be31e15f/src/khoj/routers/auth.py#L95 ### PoC Open the `https://app.khoj.dev/login?next=//example.com` url in a Gecko-based browser (Firefox). ### Impact The impact is low, and this could only be used in phishing attempts, but it's still a problem nonetheless.	1.14.0 Affected by 0 other vulnerabilities.

Vulnerabilities fixed by this package (0)

Vulnerability	Summary	Aliases
This package is not known to fix vulnerabilities.

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-05-30T06:53:07.157442+00:00	GitLab Importer	Affected by	VCID-qydt-a8c4-suh2	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/khoj-assistant/GHSA-564j-v29w-rqr6.yml	38.6.0