Security: decolua/9router
Security
No security policy detected
This project has not set up a SECURITY.md file yet.
Report a vulnerability-
Kiro region injection allows authenticated SSRF with Authorization header forwardingGHSA-6mwv-4mrm-5p3m published
Jul 10, 2026 by decoluaModerate -
Authenticated RCE via Unvalidated MCP Plugin ArgumentsGHSA-63p9-g54h-prrp published
Jul 10, 2026 by decoluaHigh -
Mass assignment in PATCH /api/settings allows authenticated authorization downgradeGHSA-vmjq-hvgq-2wv4 published
Jul 10, 2026 by decoluaHigh -
Reverse proxy locality collapse allows unauthenticated access to 9router /v1 APIsGHSA-x5c9-v98j-722r published
Jul 7, 2026 by decoluaHigh -
Image prefetch DNS rebinding allows SSRF to internal servicesGHSA-cmhj-wh2f-9cgx published
Jul 7, 2026 by decoluaHigh -
Unauthenticated `/v1` proxy access in 9router@0.4.71 via `Host`-header spoofing → open AI relay + SSRFGHSA-86m2-fcxq-5q7c published
Jul 7, 2026 by decoluaHigh -
Unauthenticated LLM proxy access via /codex rewrite authorization bypassGHSA-8gmq-j984-vp4r published
Jul 7, 2026 by decoluaHigh -
Server-Side Request Forgery (SSRF) via /v1/web/fetch EndpointGHSA-qj3v-64wj-q825 published
Jul 3, 2026 by decoluaHigh -
Exposure of Sensitive Information and Unprotected Database Import/Export Allows Complete Credential Theft and Database TakeoverGHSA-qvfm-67h2-2qfx published
Jun 20, 2026 by decoluaCritical -
Login brute-force protection bypass via spoofed X-Forwarded-For headerGHSA-7cfm-pqrj-xgq7 published
Jun 20, 2026 by decoluaHigh
Learn more about advisories related to decolua/9router in the GitHub Advisory Database