Package impact
GO / github.com/axllent/mailpit
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2026-45713 | high | — | 8.0 | 10d ago | Mailpit: Unauthenticated remote memory-exhaustion DoS via unlimited SMTP DATA and /api/v1/send body sizes | |||
| CVE-2026-45712 | medium | — | 5.5 | 10d ago | Mailpit: Concurrent map read & write in proxy CSS rewriter - remote unauth crash (fatal error: concurrent map read and map write) | |||
| CVE-2026-45711 | medium | — | 5.5 | 10d ago | Mailpit: Path traversal & arbitrary file write in mailpit dump --http via attacker-controlled message IDs | |||
| CVE-2026-45709 | medium | — | 5.5 | 10d ago | Mailpit has an incomplete fix for GHSA-6jxm: HTML check still permits SSRF to private/loopback/IMDS via missing IP-filter dialer |