VIR Vulnerability Intelligence Relay

Package impact

golang Go / miniflux.app

Severitycriticalhighmediumlowunknown
0
KEVHas exploit
Reset
CVE Severity CVSS Risk Flags OS Vendor Published Description
CVE-2026-21885 unknown 5mo ago Miniflux 2 is an open source feed reader. Prior to version 2.2.16, Miniflux's media proxy endpoint (`GET /proxy/{encodedDigest}/{encodedURL}`) can be abused to perform Server-Side Request Forgery (SS…
CVE-2025-67713 unknown 6mo ago Miniflux 2 is an open source feed reader. Versions 2.2.14 and below treat redirect_url as safe when url.Parse(...).IsAbs() is false, enabling phishing flows after login. Protocol-relative URLs like /…
CVE-2025-31483 unknown 1y ago Miniflux Media Proxy vulnerable to Stored Cross-site Scripting due to improper Content-Security-Policy configuration in miniflux.app
CVE-2023-27591 unknown 1y ago Unauthenticated Miniflux user can bypass allowed networks check to obtain Prometheus metrics