VYPR

Imgproxy

by Imgproxy

Source repositories

CVEs (3)

  • CVE-2025-24354MedJan 27, 2025
    risk 0.28cvss 5.3epss 0.01

    imgproxy is server for resizing, processing, and converting images. Imgproxy does not block the 0.0.0.0 address, even with IMGPROXY_ALLOW_LOOPBACK_SOURCE_ADDRESSES set to false. This can expose services on the local host. This vulnerability is fixed in 3.27.2.

  • CVE-2023-30019MedMay 8, 2023
    risk 0.28cvss 5.3epss 0.02

    imgproxy <=3.14.0 is vulnerable to Server-Side Request Forgery (SSRF) due to a lack of sanitization of the imageURL parameter.

  • CVE-2023-1496MedMar 19, 2023
    risk 0.28cvss 5.4epss 0.02

    Cross-site Scripting (XSS) - Reflected in GitHub repository imgproxy/imgproxy prior to 3.14.0.