VYPR
Vendor

Karakeep App

Products
1
CVEs
3
Across products
3
Status
Private

Products

1

Recent CVEs

3
  • CVE-2026-45082HigMay 26, 2026
    risk 0.49cvss 7.6epss 0.00

    Karakeep is a elf-hostable bookmark-everything app. A Server-Side Request Forgery (SSRF) protection bypass vulnerability was identified in versions prior to 0.32.0 affecting redirect-following processing components. Although the application implements protections intended to…

  • CVE-2025-60540MedOct 14, 2025
    risk 0.42cvss 6.5epss 0.00

    karakeep v0.26.0 to v0.7.0 was discovered to contain a Server-Side Request Forgery (SSRF).

  • CVE-2026-27627Feb 25, 2026
    risk 0.00cvss epss 0.00

    Karakeep is a elf-hostable bookmark-everything app. In version 0.30.0, when the Reddit metascraper plugin returns `readableContentHtml`, the HTML parsing subprocess uses it directly without running it through DOMPurify. Every other content source in the crawler goes through…