crawl4ai vulnerabilities

Browse known CVEs and advisories by package and ecosystem. Severity tells you the worst case. What determines real risk is whether the vulnerable code actually runs in your applications.

Get a demo

Browse by ecosystem

npmPyPIMavenGoRubyGemsCargoNuGetComposerpubSwiftGitHub Actions
CVE-IDSeverityPackage summary
GHSA-WM69-2PC3-RMMFHighcrawl4ai: Crawl4AI: Unauthenticated SSRF on the Docker server streaming crawl path (/crawl/stream)GHSA-R253-R9JW-QG44Criticalcrawl4ai: Crawl4AI: Unauthenticated RCE via Chromium launch-argument injection in browser_config.extra_argsGHSA-2JQ4-Q6VV-4CP3Criticalcrawl4ai: Crawl4AI: Arbitrary file write (path traversal) in crawler downloads can lead to RCECVE-2026-53755Highcrawl4ai: Crawl4AI: SSRF via proxy settings in the Docker server bypasses the crawl-URL SSRF checkGHSA-7CX2-G3H9-382PHighcrawl4ai: Crawl4AI: Arbitrary file write (symlink/TOCTOU) plus log and webhook-header injection in Docker…GHSA-F989-C77F-R2CQHighcrawl4ai: Crawl4AI: LLM credential exfiltration in Docker server via request base_url and env: token…CVE-2026-53754Highcrawl4ai: Crawl4AI: SSRF filter bypass in Docker server via IPv6 transition forms (NAT64 / 6to4 / unspecified…CVE-2026-56266Criticalcrawl4ai: Crawl4AI: Multiple Docker API Vulnerabilities - File Write, SSRF, Auth Bypass, XSS, JS ExecutionCVE-2026-53753Criticalcrawl4ai: Crawl4AI: AST Sandbox Escape via gi_frame.f_back Chain - Pre-Auth RCE in Docker APICVE-2026-26216CriticalCrawl4AI: Crawl4AI is Vulnerable to Remote Code Execution in Docker API via Hooks ParameterCVE-2026-26217Criticalcrawl4ai: Crawl4AI Has Local File Inclusion in Docker API via file:// URLsCVE-2025-28197MediumCrawl4AI: Crawl4AI SSRF vulnerability

Stop the waste.
Protect your environment with Kodem.