VYPR

Node IP

by Indutny

Source repositories

CVEs (3)

  • CVE-2024-29415HigMay 27, 2024
    risk 0.52cvss 8.1epss 0.08

    The ip package through 2.0.1 for Node.js might allow SSRF because some IP addresses (such as 127.1, 01200034567, 012.1.2.3, 000:0:0000::01, and ::fFFf:127.0.0.1) are improperly categorized as globally routable via isPublic. NOTE: this issue exists because of an incomplete fix…

  • CVE-2025-59437LowSep 16, 2025
    risk 0.21cvss 3.2epss 0.00

    The ip (aka node-ip) package through 2.0.1 (in NPM) might allow SSRF because the IP address value 0 is improperly categorized as globally routable via isPublic. NOTE: this issue exists because of an incomplete fix for CVE-2024-29415. NOTE: in current versions of several…

  • CVE-2025-59436LowSep 16, 2025
    risk 0.21cvss 3.2epss 0.00

    The ip (aka node-ip) package through 2.0.1 (in NPM) might allow SSRF because the IP address value 017700000001 is improperly categorized as globally routable via isPublic. NOTE: this issue exists because of an incomplete fix for CVE-2024-29415.