Search CVE reports

Toggle filters

1 – 4 of 4 results

CVE-2025-59437

Medium priority
Needs evaluation

The ip (aka node-ip) package through 2.0.1 (in NPM) might allow SSRF because the IP address value 0 is improperly categorized as globally routable via isPublic. NOTE: this issue exists because of an incomplete fix for...

1 affected package

node-ip

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
node-ip Needs evaluation Needs evaluation Needs evaluation Needs evaluation
Show less packages

CVE-2025-59436

Medium priority
Needs evaluation

The ip (aka node-ip) package through 2.0.1 (in NPM) might allow SSRF because the IP address value 017700000001 is improperly categorized as globally routable via isPublic. NOTE: this issue exists because of an incomplete fix for...

1 affected package

node-ip

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
node-ip Needs evaluation Needs evaluation Needs evaluation Needs evaluation
Show less packages

CVE-2024-29415

Medium priority
Needs evaluation

The ip package through 2.0.1 for Node.js might allow SSRF because some IP addresses (such as 127.1, 01200034567, 012.1.2.3, 000:0:0000::01, and ::fFFf:127.0.0.1) are improperly categorized as globally routable via isPublic. NOTE:...

1 affected package

node-ip

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
node-ip Needs evaluation Needs evaluation Needs evaluation Needs evaluation
Show less packages

CVE-2023-42282

Medium priority
Fixed

The ip package before 1.1.9 for Node.js might allow SSRF because some IP addresses (such as 0x7f.1) are improperly categorized as globally routable via isPublic.

1 affected package

node-ip

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
node-ip Fixed Fixed Fixed Fixed
Show less packages