Browse all 5 CVE security advisories affecting miniflux. AI-powered Chinese analysis, POCs, and references for each vulnerability.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2026-21885 | Miniflux Media Proxy SSRF via /proxy endpoint allows access to internal network resources — v2CWE-918 | 6.5 | Medium | 2026-01-08 |
| CVE-2025-67713 | Miniflux 2 has an Open Redirect via protocol-relative `redirect_url` — v2CWE-601 | 6.1AI | MediumAI | 2025-12-11 |
| CVE-2025-31483 | Stored XSS in Miniflux Media Proxy due to improper Content-Security-Policy configuration — v2CWE-79 | 6.1AI | MediumAI | 2025-04-03 |
| CVE-2023-27591 | Unauthenticated Miniflux user can bypass allowed networks check to obtain Prometheus metrics — v2CWE-1220 | 7.5 | High | 2023-03-17 |
| CVE-2023-27592 | Stored XSS in Miniflux when opening a broken image due to unescaped ServerError in proxy handler — v2CWE-79 | 4.8 | Medium | 2023-03-17 |
This page lists every published CVE security advisory associated with miniflux. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.