Vulnerabilities

Aggregated CVE / GHSA / KEV / OSV — filter by tag and category.

Filtering: Tag: crawl4ai Clear
ID Title
CVE-2026-57572 Vulnerability in kidocode (CVE-2026-57572)
vulnerability in kidocode (CVE-2026-57572). Successful exploitation can lead to full system takeover.
CVE-2026-57573 SSRF (Server-Side Request Forgery) in ssrf (CVE-2026-57573)
SSRF in ssrf (CVE-2026-57573). Confidential information can be exposed externally. Exploitable via `POST /crawl/stream`.
CVE-2026-57571 Path Traversal in kidocode (CVE-2026-57571)
path traversal in kidocode (CVE-2026-57571). Successful exploitation can lead to full system takeover.
CVE-2026-56264 Code Injection in kidocode (CVE-2026-56264)
code injection in kidocode (CVE-2026-56264). Successful exploitation can lead to full system takeover.
CVE-2026-56262 Vulnerability in kidocode (CVE-2026-56262)
vulnerability in kidocode (CVE-2026-56262). Risk of unauthorized operations or information disclosure.
CVE-2026-56258 Path Traversal in kidocode (CVE-2026-56258)
path traversal in kidocode (CVE-2026-56258). Successful exploitation can lead to full system takeover.
CVE-2026-56263 Cross-Site Scripting (XSS) in kidocode (CVE-2026-56263)
cross-site scripting in kidocode (CVE-2026-56263). Risk of unauthorized operations or information disclosure.
CVE-2026-56265 Vulnerability in kidocode (CVE-2026-56265)
vulnerability in kidocode (CVE-2026-56265). Successful exploitation can lead to full system takeover.
CVE-2026-53755 SSRF (Server-Side Request Forgery) in crawl4ai (CVE-2026-53755)
SSRF in crawl4ai (CVE-2026-53755). Confidential information can be exposed externally. Exploitable via ``browser_config``. Mitigation: upgrade to `0.8.9` or later.
CVE-2026-53754 SSRF (Server-Side Request Forgery) in crawl4ai (CVE-2026-53754)
SSRF in crawl4ai (CVE-2026-53754). Confidential information can be exposed externally. Exploitable via `POST /crawl`. Mitigation: upgrade to `0.8.8` or later.
CVE-2026-56266 SSRF (Server-Side Request Forgery) in crawl4ai (CVE-2026-56266)
SSRF in crawl4ai (CVE-2026-56266). Confidential information can be exposed externally. Exploitable via ``output_path``. Mitigation: upgrade to `0.8.7` or later.
CVE-2026-53753 Code Injection in crawl4ai (CVE-2026-53753)
code injection in crawl4ai (CVE-2026-53753). Successful exploitation can lead to full system takeover. Exploitable via `POST /crawl`. Mitigation: upgrade to `0.8.7` or later.

🍪 About cookies

We use cookies to keep you logged in, remember your language, and improve the service.

Details →