pkg:Go/github.com/axllent/mailpit

14 total CVEsHIGH1MEDIUM13

✅ Check your installed version

All known vulnerabilities

  • HIGH7.5CVE-2026-45713Mailpit: Unauthenticated remote memory-exhaustion DoS via unlimited SMTP DATA and /api/v1/send body sizes
    from 0, < 1.30.0
  • MEDIUM6.5CVE-2026-22689Mailpit is vulnerable to Cross-Site WebSocket Hijacking (CSWSH) allowing unauthenticated access to emails
    >= 1.2.6, < 1.28.2
  • MEDIUM6.5CVE-2026-22689Mailpit is vulnerable to Cross-Site WebSocket Hijacking (CSWSH) allowing unauthenticated access to emails
    >= 1.2.6, < 1.28.2
  • MEDIUM5.9CVE-2026-45712Mailpit: Concurrent map read & write in proxy CSS rewriter - remote unauth crash (fatal error: concurrent map read and map write)
    from 0, < 1.30.0
  • MEDIUM5.9CVE-2026-45711Mailpit: Path traversal & arbitrary file write in mailpit dump --http via attacker-controlled message IDs
    from 0, < 1.30.0
  • MEDIUM5.8CVE-2026-45709Mailpit has an incomplete fix for GHSA-6jxm: HTML check still permits SSRF to private/loopback/IMDS via missing IP-filter dialer
    >= 1.28.3, < 1.30.0
  • MEDIUM5.8CVE-2026-27808Mailpit is Vulnerable to Server-Side Request Forgery (SSRF) via Link Check API in github.com/axllent/mailpit
    from 0, < 1.29.2
  • MEDIUM5.8CVE-2026-27808Mailpit is Vulnerable to Server-Side Request Forgery (SSRF) via Link Check API in github.com/axllent/mailpit
    from 0, < 1.29.2
  • MEDIUM5.8CVE-2026-23845Mailpit has a Server-Side Request Forgery (SSRF) via HTML Check API in github.com/axllent/mailpit
    from 0, < 1.28.3
  • MEDIUM5.8CVE-2026-23845Mailpit has a Server-Side Request Forgery (SSRF) via HTML Check API in github.com/axllent/mailpit
    from 0, < 1.28.3
  • MEDIUM5.8CVE-2026-21859Mailpit Proxy Endpoint has Server-Side Request Forgery (SSRF) vulnerability in github.com/axllent/mailpit
    from 0, < 1.28.1
  • MEDIUM5.8CVE-2026-21859Mailpit Proxy Endpoint has Server-Side Request Forgery (SSRF) vulnerability in github.com/axllent/mailpit
    from 0, < 1.28.1
  • MEDIUM5.3CVE-2026-23829Mailpit has an SMTP Header Injection via Regex Bypass in github.com/axllent/mailpit
    from 0, < 1.28.3
  • MEDIUM5.3CVE-2026-23829Mailpit has an SMTP Header Injection via Regex Bypass in github.com/axllent/mailpit
    from 0, < 1.28.3