{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/36982?format=json","vulnerability_id":"VCID-5491-113y-w7dm","summary":"Rembg is a tool to remove images background. In Rembg 2.0.57 and earlier, the /api/remove endpoint takes a URL query parameter that allows an image to be fetched, processed and returned. An attacker may be able to query this endpoint to view pictures hosted on the internal network of the rembg server. This issue may lead to Information Disclosure.","aliases":[{"alias":"CVE-2025-25301"},{"alias":"PYSEC-2025-24"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/44474?format=json","purl":"pkg:pypi/rembg@2.0.58","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/rembg@2.0.58"}],"affected_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/44445?format=json","purl":"pkg:pypi/rembg@2.0.28","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5491-113y-w7dm"},{"vulnerability":"VCID-j4jv-uxp8-gqft"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/rembg@2.0.28"},{"url":"http://public2.vulnerablecode.io/api/packages/44446?format=json","purl":"pkg:pypi/rembg@2.0.29","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5491-113y-w7dm"},{"vulnerability":"VCID-j4jv-uxp8-gqft"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/rembg@2.0.29"},{"url":"http://public2.vulnerablecode.io/api/packages/44447?format=json","purl":"pkg:pypi/rembg@2.0.30","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5491-113y-w7dm"},{"vulnerability":"VCID-j4jv-uxp8-gqft"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/rembg@2.0.30"},{"url":"http://public2.vulnerablecode.io/api/packages/44448?format=json","purl":"pkg:pypi/rembg@2.0.31","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5491-113y-w7dm"},{"vulnerability":"VCID-j4jv-uxp8-gqft"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/rembg@2.0.31"},{"url":"http://public2.vulnerablecode.io/api/packages/44449?format=json","purl":"pkg:pypi/rembg@2.0.32","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5491-113y-w7dm"},{"vulnerability":"VCID-j4jv-uxp8-gqft"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/rembg@2.0.32"},{"url":"http://public2.vulnerablecode.io/api/packages/44450?format=json","purl":"pkg:pypi/rembg@2.0.33","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5491-113y-w7dm"},{"vulnerability":"VCID-j4jv-uxp8-gqft"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/rembg@2.0.33"},{"url":"http://public2.vulnerablecode.io/api/packages/44451?format=json","purl":"pkg:pypi/rembg@2.0.34","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5491-113y-w7dm"},{"vulnerability":"VCID-j4jv-uxp8-gqft"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/rembg@2.0.34"},{"url":"http://public2.vulnerablecode.io/api/packages/44452?format=json","purl":"pkg:pypi/rembg@2.0.35","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5491-113y-w7dm"},{"vulnerability":"VCID-j4jv-uxp8-gqft"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/rembg@2.0.35"},{"url":"http://public2.vulnerablecode.io/api/packages/44453?format=json","purl":"pkg:pypi/rembg@2.0.36","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5491-113y-w7dm"},{"vulnerability":"VCID-j4jv-uxp8-gqft"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/rembg@2.0.36"},{"url":"http://public2.vulnerablecode.io/api/packages/44454?format=json","purl":"pkg:pypi/rembg@2.0.37","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5491-113y-w7dm"},{"vulnerability":"VCID-j4jv-uxp8-gqft"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/rembg@2.0.37"},{"url":"http://public2.vulnerablecode.io/api/packages/44455?format=json","purl":"pkg:pypi/rembg@2.0.38","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5491-113y-w7dm"},{"vulnerability":"VCID-j4jv-uxp8-gqft"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/rembg@2.0.38"},{"url":"http://public2.vulnerablecode.io/api/packages/44456?format=json","purl":"pkg:pypi/rembg@2.0.39","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5491-113y-w7dm"},{"vulnerability":"VCID-j4jv-uxp8-gqft"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/rembg@2.0.39"},{"url":"http://public2.vulnerablecode.io/api/packages/44457?format=json","purl":"pkg:pypi/rembg@2.0.40","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5491-113y-w7dm"},{"vulnerability":"VCID-j4jv-uxp8-gqft"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/rembg@2.0.40"},{"url":"http://public2.vulnerablecode.io/api/packages/44458?format=json","purl":"pkg:pypi/rembg@2.0.41","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5491-113y-w7dm"},{"vulnerability":"VCID-j4jv-uxp8-gqft"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/rembg@2.0.41"},{"url":"http://public2.vulnerablecode.io/api/packages/44459?format=json","purl":"pkg:pypi/rembg@2.0.43","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5491-113y-w7dm"},{"vulnerability":"VCID-j4jv-uxp8-gqft"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/rembg@2.0.43"},{"url":"http://public2.vulnerablecode.io/api/packages/44460?format=json","purl":"pkg:pypi/rembg@2.0.44","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5491-113y-w7dm"},{"vulnerability":"VCID-j4jv-uxp8-gqft"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/rembg@2.0.44"},{"url":"http://public2.vulnerablecode.io/api/packages/44461?format=json","purl":"pkg:pypi/rembg@2.0.45","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5491-113y-w7dm"},{"vulnerability":"VCID-j4jv-uxp8-gqft"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/rembg@2.0.45"},{"url":"http://public2.vulnerablecode.io/api/packages/44462?format=json","purl":"pkg:pypi/rembg@2.0.46","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5491-113y-w7dm"},{"vulnerability":"VCID-j4jv-uxp8-gqft"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/rembg@2.0.46"},{"url":"http://public2.vulnerablecode.io/api/packages/44463?format=json","purl":"pkg:pypi/rembg@2.0.47","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5491-113y-w7dm"},{"vulnerability":"VCID-j4jv-uxp8-gqft"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/rembg@2.0.47"},{"url":"http://public2.vulnerablecode.io/api/packages/44464?format=json","purl":"pkg:pypi/rembg@2.0.48","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5491-113y-w7dm"},{"vulnerability":"VCID-j4jv-uxp8-gqft"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/rembg@2.0.48"},{"url":"http://public2.vulnerablecode.io/api/packages/44465?format=json","purl":"pkg:pypi/rembg@2.0.49","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5491-113y-w7dm"},{"vulnerability":"VCID-j4jv-uxp8-gqft"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/rembg@2.0.49"},{"url":"http://public2.vulnerablecode.io/api/packages/44466?format=json","purl":"pkg:pypi/rembg@2.0.50","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5491-113y-w7dm"},{"vulnerability":"VCID-j4jv-uxp8-gqft"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/rembg@2.0.50"},{"url":"http://public2.vulnerablecode.io/api/packages/44467?format=json","purl":"pkg:pypi/rembg@2.0.51","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5491-113y-w7dm"},{"vulnerability":"VCID-j4jv-uxp8-gqft"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/rembg@2.0.51"},{"url":"http://public2.vulnerablecode.io/api/packages/44468?format=json","purl":"pkg:pypi/rembg@2.0.52","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5491-113y-w7dm"},{"vulnerability":"VCID-j4jv-uxp8-gqft"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/rembg@2.0.52"},{"url":"http://public2.vulnerablecode.io/api/packages/44469?format=json","purl":"pkg:pypi/rembg@2.0.53","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5491-113y-w7dm"},{"vulnerability":"VCID-j4jv-uxp8-gqft"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/rembg@2.0.53"},{"url":"http://public2.vulnerablecode.io/api/packages/44470?format=json","purl":"pkg:pypi/rembg@2.0.54","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5491-113y-w7dm"},{"vulnerability":"VCID-j4jv-uxp8-gqft"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/rembg@2.0.54"},{"url":"http://public2.vulnerablecode.io/api/packages/44471?format=json","purl":"pkg:pypi/rembg@2.0.55","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5491-113y-w7dm"},{"vulnerability":"VCID-j4jv-uxp8-gqft"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/rembg@2.0.55"},{"url":"http://public2.vulnerablecode.io/api/packages/44472?format=json","purl":"pkg:pypi/rembg@2.0.56","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5491-113y-w7dm"},{"vulnerability":"VCID-j4jv-uxp8-gqft"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/rembg@2.0.56"},{"url":"http://public2.vulnerablecode.io/api/packages/44473?format=json","purl":"pkg:pypi/rembg@2.0.57","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5491-113y-w7dm"},{"vulnerability":"VCID-j4jv-uxp8-gqft"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/rembg@2.0.57"}],"references":[{"reference_url":"https://securitylab.github.com/advisories/GHSL-2024-161_GHSL-2024-162_rembg/","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"}],"url":"https://securitylab.github.com/advisories/GHSL-2024-161_GHSL-2024-162_rembg/"}],"weaknesses":[],"exploits":[],"severity_range_score":"7.5 - 7.5","exploitability":null,"weighted_severity":null,"risk_score":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-5491-113y-w7dm"}