Security: unclecode/crawl4ai
Security Advisories
View information about security vulnerabilities from this repository's maintainers.
-
Unauthenticated SSRF on the Docker server streaming crawl path (/crawl/stream)GHSA-wm69-2pc3-rmmf published
Jun 18, 2026 by unclecodeHigh -
Unauthenticated RCE via Chromium launch-argument injection in browser_config.extra_argsGHSA-r253-r9jw-qg44 published
Jun 18, 2026 by unclecodeCritical -
Arbitrary file write (path traversal) in crawler downloads can lead to RCEGHSA-2jq4-q6vv-4cp3 published
Jun 18, 2026 by unclecodeCritical -
SSRF via proxy settings in the Docker server bypasses the crawl-URL SSRF checkGHSA-6qhc-x826-342c published
Jun 4, 2026 by unclecodeHigh -
Arbitrary file write (symlink/TOCTOU) plus log and webhook-header injection in Docker serverGHSA-7cx2-g3h9-382p published
Jun 4, 2026 by unclecodeHigh -
LLM credential exfiltration in Docker server via request base_url and env: token resolutionGHSA-f989-c77f-r2cq published
Jun 4, 2026 by unclecodeHigh -
SSRF filter bypass in Docker server via IPv6 transition forms (NAT64 / 6to4 / unspecified / v4-mapped)GHSA-4qqr-vv2q-cmr5 published
Jun 4, 2026 by unclecodeHigh -
Multiple Docker API Vulnerabilities - File Write, SSRF, Auth Bypass, XSS, JS ExecutionGHSA-365w-hqf6-vxfg published
Jun 2, 2026 by unclecodeCritical -
AST Sandbox Escape via gi_frame.f_back Chain - Pre-Auth RCE in Docker APIGHSA-qxjp-w3pj-48m7 published
Jun 2, 2026 by unclecodeCritical -
Local File Inclusion in Docker API via file:// URLsGHSA-vx9w-5cx4-9796 published
Jan 16, 2026 by unclecodeHigh