Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:npm/rsshub@1.0.0-master.a458b06
Typenpm
Namespace
Namersshub
Version1.0.0-master.a458b06
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version1.0.0-master.c910c4d
Latest_non_vulnerable_version1.0.0-master.e2a57e4
Affected_by_vulnerabilities
0
url VCID-gb6h-xzdu-63g6
vulnerability_id VCID-gb6h-xzdu-63g6
summary 
Denial of Service (DoS) vulnerability in RSSHub
### Impact

Passing some special values to the `filter` and `filterout` parameters can cause an abnormally high CPU. Impact on the performance of the servers and RSSHub services.

### Patches

It is fixed in 5c4177441417b44a6e45c3c63e9eac2504abeb5b , please update to this or the later versions as soon as possible.

### References

Full report: https://github.com/DIYgod/RSSHub/issues/10045

### For more information

If you have any questions or comments about this advisory:
* Open an issue in <https://github.com/DIYgod/RSSHub/issues>
* Email us at [i@diygod.me](mailto:i@diygod.me)

### Credits

@Rongronggg9
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-31110
reference_id
reference_type
scores
0
value 0.00557
scoring_system epss
scoring_elements 0.68587
published_at 2026-06-05T12:55:00Z
1
value 0.00557
scoring_system epss
scoring_elements 0.68545
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-31110
1
reference_url https://github.com/DIYgod/RSSHub
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/DIYgod/RSSHub
2
reference_url https://github.com/DIYgod/RSSHub/commit/4671720f4c5e1aaaad8fcc1dce684b6546baf2ff
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/DIYgod/RSSHub/commit/4671720f4c5e1aaaad8fcc1dce684b6546baf2ff
3
reference_url https://github.com/DIYgod/RSSHub/commit/5c4177441417b44a6e45c3c63e9eac2504abeb5b
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:40:33Z/
url https://github.com/DIYgod/RSSHub/commit/5c4177441417b44a6e45c3c63e9eac2504abeb5b
4
reference_url https://github.com/DIYgod/RSSHub/issues/10045
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:40:33Z/
url https://github.com/DIYgod/RSSHub/issues/10045
5
reference_url https://github.com/DIYgod/RSSHub/security/advisories/GHSA-jvxx-v45p-v5vf
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:40:33Z/
url https://github.com/DIYgod/RSSHub/security/advisories/GHSA-jvxx-v45p-v5vf
6
reference_url https://nvd.nist.gov/vuln/detail/CVE-2022-31110
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2022-31110
7
reference_url https://github.com/advisories/GHSA-jvxx-v45p-v5vf
reference_id GHSA-jvxx-v45p-v5vf
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-jvxx-v45p-v5vf
fixed_packages
aliases CVE-2022-31110, GHSA-jvxx-v45p-v5vf, GMS-2022-2614
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-gb6h-xzdu-63g6
1
url VCID-pkz1-skk1-qkae
vulnerability_id VCID-pkz1-skk1-qkae
summary 
Duplicate
This advisory duplicates another.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-26491
reference_id
reference_type
scores
0
value 0.00838
scoring_system epss
scoring_elements 0.75034
published_at 2026-06-04T12:55:00Z
1
value 0.00838
scoring_system epss
scoring_elements 0.75063
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-26491
1
reference_url https://github.com/DIYgod/RSSHub
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/DIYgod/RSSHub
2
reference_url https://github.com/DIYgod/RSSHub/commit/c910c4d28717fb860fbe064736641f379fab2c91
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L
1
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-25T14:30:31Z/
url https://github.com/DIYgod/RSSHub/commit/c910c4d28717fb860fbe064736641f379fab2c91
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-26491
reference_id CVE-2023-26491
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-26491
4
reference_url https://github.com/advisories/GHSA-32gr-4cq6-5w5q
reference_id GHSA-32gr-4cq6-5w5q
reference_type
scores
url https://github.com/advisories/GHSA-32gr-4cq6-5w5q
5
reference_url https://github.com/DIYgod/RSSHub/security/advisories/GHSA-32gr-4cq6-5w5q
reference_id GHSA-32gr-4cq6-5w5q
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L
1
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-25T14:30:31Z/
url https://github.com/DIYgod/RSSHub/security/advisories/GHSA-32gr-4cq6-5w5q
fixed_packages
0
url pkg:npm/rsshub@1.0.0-master.c910c4d
purl pkg:npm/rsshub@1.0.0-master.c910c4d
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/rsshub@1.0.0-master.c910c4d
aliases CVE-2023-26491, GHSA-32gr-4cq6-5w5q, GMS-2023-534
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-pkz1-skk1-qkae
2
url VCID-syn8-e3ey-9baw
vulnerability_id VCID-syn8-e3ey-9baw
summary 
Injection Vulnerability
RSSHub is an open source, easy to use, and extensible RSS feed generator. In RSSHub, there is a risk of code injection. Some routes use `eval` or `Function constructor`, which may be injected by the target site with unsafe code, causing server-side security issues.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-21278
reference_id
reference_type
scores
0
value 0.00451
scoring_system epss
scoring_elements 0.64075
published_at 2026-06-05T12:55:00Z
1
value 0.00451
scoring_system epss
scoring_elements 0.64033
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-21278
1
reference_url https://github.com/DIYgod/RSSHub
reference_id
reference_type
scores
0
value 8.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/DIYgod/RSSHub
2
reference_url https://github.com/DIYgod/RSSHub/commit/7f1c43094e8a82e4d8f036ff7d42568fed00699d
reference_id
reference_type
scores
0
value 8.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/DIYgod/RSSHub/commit/7f1c43094e8a82e4d8f036ff7d42568fed00699d
3
reference_url https://github.com/DIYgod/RSSHub/security/advisories/GHSA-pgjj-866w-fc5c
reference_id
reference_type
scores
0
value 8.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/DIYgod/RSSHub/security/advisories/GHSA-pgjj-866w-fc5c
4
reference_url https://www.npmjs.com/package/rsshub
reference_id
reference_type
scores
0
value 8.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.npmjs.com/package/rsshub
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2021-21278
reference_id CVE-2021-21278
reference_type
scores
0
value 8.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2021-21278
fixed_packages
0
url pkg:npm/rsshub@1.0.0-master.bda9d72
purl pkg:npm/rsshub@1.0.0-master.bda9d72
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-gb6h-xzdu-63g6
1
vulnerability VCID-pkz1-skk1-qkae
2
vulnerability VCID-w5uc-r4pz-8feb
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/rsshub@1.0.0-master.bda9d72
aliases CVE-2021-21278, GHSA-pgjj-866w-fc5c
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-syn8-e3ey-9baw
3
url VCID-w5uc-r4pz-8feb
vulnerability_id VCID-w5uc-r4pz-8feb
summary RSSHub is an open source RSS feed generator. RSSHub is vulnerable to Server-Side Request Forgery (SSRF) attacks. This vulnerability allows an attacker to send arbitrary HTTP requests from the server to other servers or resources on the network. An attacker can exploit this vulnerability by sending a request to the affected routes with a malicious URL. An attacker could also use this vulnerability to send requests to internal or any other servers or resources on the network, potentially gain access to sensitive information that would not normally be accessible and amplifying the impact of the attack. The patch for this issue can be found in commit a66cbcf.
references
0
reference_url https://advisory.dw1.io/56
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:L
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://advisory.dw1.io/56
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-22493
reference_id
reference_type
scores
0
value 0.00124
scoring_system epss
scoring_elements 0.31218
published_at 2026-06-05T12:55:00Z
1
value 0.00124
scoring_system epss
scoring_elements 0.31151
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-22493
2
reference_url https://github.com/DIYgod/RSSHub
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:L
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/DIYgod/RSSHub
3
reference_url https://github.com/DIYgod/RSSHub/commit/a66cbcf6eebc700bf97ab097f404f16ab415506a
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:L
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-10T21:01:38Z/
url https://github.com/DIYgod/RSSHub/commit/a66cbcf6eebc700bf97ab097f404f16ab415506a
4
reference_url https://github.com/DIYgod/RSSHub/pull/11588
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:L
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-10T21:01:38Z/
url https://github.com/DIYgod/RSSHub/pull/11588
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-22493
reference_id CVE-2023-22493
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:L
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-22493
6
reference_url https://github.com/advisories/GHSA-64wp-jh9p-5cg2
reference_id GHSA-64wp-jh9p-5cg2
reference_type
scores
url https://github.com/advisories/GHSA-64wp-jh9p-5cg2
7
reference_url https://github.com/DIYgod/RSSHub/security/advisories/GHSA-64wp-jh9p-5cg2
reference_id GHSA-64wp-jh9p-5cg2
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:L
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-10T21:01:38Z/
url https://github.com/DIYgod/RSSHub/security/advisories/GHSA-64wp-jh9p-5cg2
fixed_packages
0
url pkg:npm/rsshub@1.0.0-master.a66cbcf
purl pkg:npm/rsshub@1.0.0-master.a66cbcf
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-pkz1-skk1-qkae
1
vulnerability VCID-w5uc-r4pz-8feb
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/rsshub@1.0.0-master.a66cbcf
1
url pkg:npm/rsshub@1.0.0-master.e2a57e4
purl pkg:npm/rsshub@1.0.0-master.e2a57e4
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/rsshub@1.0.0-master.e2a57e4
aliases CVE-2023-22493, GHSA-64wp-jh9p-5cg2, GMS-2023-27
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-w5uc-r4pz-8feb
Fixing_vulnerabilities
Risk_score4.0
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:npm/rsshub@1.0.0-master.a458b06