Vulnerabilities

Aggregated CVE / GHSA / KEV / OSV — filter by tag and category.

Filtering: Tag: newapi Clear
ID Title
CVE-2026-42339 SSRF (Server-Side Request Forgery) in github.com/QuantumNous/new-api (CVE-2026-42339)
SSRF in github.com/QuantumNous/new-api (CVE-2026-42339). Data can be tampered with by attackers. Exploitable via `POST /v1/chat/completions`. Mitigation: upgrade to `0.9.0.5` or later.
CVE-2026-41432 Vulnerability in github.com/QuantumNous/new-api (CVE-2026-41432)
vulnerability in github.com/QuantumNous/new-api (CVE-2026-41432). Data can be tampered with by attackers. Exploitable via `POST /api/user/pay`. Mitigation: upgrade to `0.12.10` or later.

🍪 About cookies

We use cookies to keep you logged in, remember your language, and improve the service.

Details →