Overview · Aas-ee/open-webSearch · GitHub

Security

No security policy detected

This project has not set up a SECURITY.md file yet.

Report a vulnerability

SSRF in `fetchWebContent` MCP tool: bracketed IPv6 literals and non-resolving hostname check bypass `isPrivateOrLocalHostname`
GHSA-v228-72c7-fx8j published Apr 26, 2026 by Aas-ee

High

Learn more about advisories related to Aas-ee/open-webSearch in the GitHub Advisory Database