VYPR
Vendor

Apify

Products
3
CVEs
2
Across products
2
Status
Private

Products

3

Recent CVEs

2
  • CVE-2026-46497LowJun 10, 2026
    risk 0.08cvss epss 0.00

    Crawlee is a web scraping and browser automation library. From version 1.0.0 to before version 1.7.0, Crawlee is vulnerable to SSRF via sitemap-derived URLs. This issue has been patched in version 1.7.0.

  • CVE-2026-46341May 19, 2026
    risk 0.00cvss epss 0.00

    ### Summary The `fetch-apify-docs` tool validates URLs against a domain allowlist using `String.startsWith()` instead of proper URL hostname comparison. This allows bypass via attacker-controlled subdomains (e.g., `https://docs.apify.com.evil.com/`), enabling the tool to fetch…