pkg:Go/github.com/QuantumNous/new-api

12 total CVEsHIGH5MEDIUM4

✅ Check your installed version

All known vulnerabilities

  • HIGH8.5CVE-2025-62155new-api is vulnerable to SSRF Bypass
    from 0, < 0.9.6
  • HIGH8.5CVE-2025-62155new-api is vulnerable to SSRF Bypass
    from 0
  • HIGH7.6CVE-2026-25802New API has Potential XSS in its MarkdownRenderer component
    from 0, < 0.10.8-alpha.9
  • HIGH7.6CVE-2026-25802New API has Potential XSS in its MarkdownRenderer component
    from 0, < 0.10.8-alpha.9
  • HIGH7.1CVE-2026-41432New API: Stripe Webhook Signature Bypass via Empty Secret Enables Unlimited Quota Fraud
    from 0, < 0.12.10
  • MEDIUM6.5CVE-2026-30886New API: IDOR in VideoProxy allows cross-user video content access via missing ownership check
    from 0, < 0.11.4-alpha.2
  • MEDIUM6.5CVE-2026-30886New API: IDOR in VideoProxy allows cross-user video content access via missing ownership check
    from 0, < 0.11.4-alpha.2
  • MEDIUM4.9CVE-2026-32879New API has passkey-based secure step-up verification bypass for root-only channel secret disclosure
    >= 0.10.0, <= 0.11.9-alpha.1
  • MEDIUM4.9CVE-2026-32879New API has passkey-based secure step-up verification bypass for root-only channel secret disclosure
    >= 0.10.0
  • CVE-2026-42339QuantumNous/new-api has an SSRF Filter Bypass via 0.0.0.0
    from 0, <= 0.11.9-alpha.1
  • CVE-2026-25591New API has an SQL LIKE Wildcard Injection DoS via Token Search
    from 0, < 0.10.8-alpha.10
  • CVE-2026-25591New API has an SQL LIKE Wildcard Injection DoS via Token Search
    from 0, < 0.10.8-alpha.10