pkg:Go/github.com/QuantumNous/new-api

All known vulnerabilities

• HIGH8.5CVE-2025-62155new-api is vulnerable to SSRF Bypass in one-api
  from 0, < 0.9.6
• HIGH8.5CVE-2025-62155new-api is vulnerable to SSRF Bypass in one-api
  from 0
• HIGH7.6CVE-2026-25802New API has Potential XSS in its MarkdownRenderer component in github.com/QuantumNous/new-api
  from 0, < 0.10.8-alpha.9
• HIGH7.6New API has Potential XSS in its MarkdownRenderer component in github.com/QuantumNous/new-api
  from 0, < 0.10.8-alpha.9
• HIGH7.1New API: Stripe Webhook Signature Bypass via Empty Secret Enables Unlimited Quota Fraud
  from 0, < 0.12.10
• MEDIUM6.5New API: IDOR in VideoProxy allows cross-user video content access via missing ownership check in github.com/QuantumNous/new-api
  from 0, < 0.11.4-alpha.2
• MEDIUM6.5New API: IDOR in VideoProxy allows cross-user video content access via missing ownership check in github.com/QuantumNous/new-api
  from 0, < 0.11.4-alpha.2
• MEDIUM4.9New API has passkey-based secure step-up verification bypass for root-only channel secret disclosure in github.com/QuantumNous/new-api
  >= 0.10.0, <= 0.11.9-alpha.1
• MEDIUM4.9New API has passkey-based secure step-up verification bypass for root-only channel secret disclosure in github.com/QuantumNous/new-api
  >= 0.10.0
• —QuantumNous/new-api has an SSRF Filter Bypass via 0.0.0.0
  from 0, <= 0.11.9-alpha.1
• —New API has an SQL LIKE Wildcard Injection DoS via Token Search in github.com/QuantumNous/new-api
  from 0, < 0.10.8-alpha.10
• —New API has an SQL LIKE Wildcard Injection DoS via Token Search in github.com/QuantumNous/new-api
  from 0, < 0.10.8-alpha.10