VYPR

npm package

link-preview-js

pkg:npm/link-preview-js

Vulnerabilities (2)

  • CVE-2026-43897HigMay 11, 2026
    affected < 4.0.1fixed 4.0.1

    Link Preview JS extracts web links information. Prior to 4.0.1, the library did not check for IPv6 loopback attacks. There was also a DNS attack, where an address could be resolved into an internal IP. This could cause internal data leaks. This vulnerability is fixed in 4.0.1.

  • CVE-2022-25876Jul 1, 2022
    affected < 2.1.17fixed 2.1.17

    The package link-preview-js before 2.1.16 are vulnerable to Server-side Request Forgery (SSRF) which allows attackers to send arbitrary requests to the local network and read the response. This is due to flawed DNS rebinding protection.