VYPR

npm package

ssrfcheck

pkg:npm/ssrfcheck

Vulnerabilities (2)

  • CVE-2026-43929HigMay 12, 2026
    affected <= 1.3.0

    ssrfcheck is a library that checks if a string contains a potential SSRF attack. In 1.3.0 and earlier, ssrfcheck fails to block Server-Side Request Forgery attacks when the target private IP address is encoded as an IPv4-mapped IPv6 address (e.g. http://[::ffff:127.0.0.1]/). The

  • CVE-2025-8267HigJul 28, 2025
    affected < 1.2.0fixed 1.2.0

    Versions of the package ssrfcheck before 1.2.0 are vulnerable to Server-Side Request Forgery (SSRF) due to an incomplete denylist of IP address ranges. Specifically, the package fails to classify the reserved IP address space 224.0.0.0/4 (Multicast) as invalid. This oversight all