HIGH7.5CVE-2026-45713Mailpit: Unauthenticated remote memory-exhaustion DoS via unlimited SMTP DATA and /api/v1/send body sizes from 0, < 1.30.0
MEDIUM6.5CVE-2026-22689Mailpit is vulnerable to Cross-Site WebSocket Hijacking (CSWSH) allowing unauthenticated access to emails in github.com/axllent/mailpit >= 1.2.6, < 1.28.2
MEDIUM6.5CVE-2026-22689Mailpit is vulnerable to Cross-Site WebSocket Hijacking (CSWSH) allowing unauthenticated access to emails in github.com/axllent/mailpit >= 1.2.6, < 1.28.2
MEDIUM5.9Mailpit: Concurrent map read & write in proxy CSS rewriter - remote unauth crash (fatal error: concurrent map read and map write)
from 0, < 1.30.0
MEDIUM5.9Mailpit: Path traversal & arbitrary file write in mailpit dump --http via attacker-controlled message IDs
from 0, < 1.30.0
MEDIUM5.8Mailpit has an incomplete fix for GHSA-6jxm: HTML check still permits SSRF to private/loopback/IMDS via missing IP-filter dialer
>= 1.28.3, < 1.30.0
MEDIUM5.8Mailpit is Vulnerable to Server-Side Request Forgery (SSRF) via Link Check API in github.com/axllent/mailpit
from 0, < 1.29.2
MEDIUM5.8Mailpit is Vulnerable to Server-Side Request Forgery (SSRF) via Link Check API in github.com/axllent/mailpit
from 0, < 1.29.2
MEDIUM5.8Mailpit has a Server-Side Request Forgery (SSRF) via HTML Check API in github.com/axllent/mailpit
from 0, < 1.28.3
MEDIUM5.8Mailpit has a Server-Side Request Forgery (SSRF) via HTML Check API in github.com/axllent/mailpit
from 0, < 1.28.3
MEDIUM5.8Mailpit Proxy Endpoint has Server-Side Request Forgery (SSRF) vulnerability in github.com/axllent/mailpit
from 0, < 1.28.1
MEDIUM5.8Mailpit Proxy Endpoint has Server-Side Request Forgery (SSRF) vulnerability in github.com/axllent/mailpit
from 0, < 1.28.1
MEDIUM5.3Mailpit has an SMTP Header Injection via Regex Bypass in github.com/axllent/mailpit
from 0, < 1.28.3
MEDIUM5.3Mailpit has an SMTP Header Injection via Regex Bypass in github.com/axllent/mailpit
from 0, < 1.28.3