The probability is the direct output of the EPSS model, and conveys an overall sense of the threat of exploitation in the wild. The percentile measures the EPSS probability relative to all known EPSS scores. Note: This data is updated daily, relying on the latest available EPSS model version. Check out the EPSS documentation for more details.
In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.
Test your applicationsLearn about Server-side Request Forgery (SSRF) vulnerabilities in an interactive lesson.
Start learningA fix was pushed into the master branch but not yet published.
repomix is an A tool to pack repository contents to single file for AI consumption
Affected versions of this package are vulnerable to Server-side Request Forgery (SSRF) through the processRemoteRepo path in POST /api/pack and its repository URL handling before git clone. An attacker can make the server issue arbitrary outbound requests, including requests to private network addresses, cloud metadata services, or local filesystem paths, by supplying a crafted repository URL. The vulnerable code accepts URLs that only match the expected owner/repo shape and passes them to git clone without enforcing an HTTPS-only public-repository allowlist. This lets unauthenticated users trigger outbound network access from the server and, with file:// URLs, local file reads that can expose sensitive data or break the pack endpoint’s normal behavior.