FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The VUXML data was last processed by FreshPorts on 2026-03-29 11:53:11 UTC

List all Vulnerabilities, by package

List all Vulnerabilities, by date

These are the vulnerabilities relating to the commit you have selected:

VuXML IDDescription
01f34a27-f560-11f0-bbdc-10ffe07f9334mail/mailpit -- multiple vulnerabilities

Mailpit author reports:

Ensure SMTP TO & FROM addresses are RFC 5322 compliant and prevent header injection (GHSA-54wq-72mp-cq7c)

Prevent Server-Side Request Forgery (SSRF) via HTML Check API (GHSA-6jxm-fv7w-rw5j)


Discovery 2026-01-18
Entry 2026-01-19
mailpit
< 1.28.3

CVE-2026-23829
https://github.com/axllent/mailpit/security/advisories/GHSA-54wq-72mp-cq7c
CVE-2026-23845
https://github.com/axllent/mailpit/security/advisories/GHSA-6jxm-fv7w-rw5j
fe6209a3-126c-11f1-8a62-0897988a1c07mail/mailpit -- Server-Side Request Forgery (SSRF) via Link Check API

Mailpit author reports:

The Link Check API (/api/v1/message/{ID}/link-check) is vulnerable to Server-Side Request Forgery (SSRF). The server performs HTTP HEAD requests to every URL found in an email without validating target hosts or filtering private/internal IP addresses. The response returns status codes and status text per link, making this a non-blind SSRF. In the default configuration (no authentication on SMTP or API), this is fully exploitable remotely with zero user interaction.


Discovery 2026-02-25
Entry 2026-02-25
mailpit
< 1.29.2

CVE-2026-27808
https://github.com/axllent/mailpit/security/advisories/GHSA-mpf7-p9x7-96r3