Go/miniflux.app — 4 CVEs

HIGH7.5CVE-2023-27591Unauthenticated Miniflux user can bypass allowed networks check to obtain Prometheus metrics

from 0, <= 1.0.46

MEDIUM6.5CVE-2026-21885Miniflux Media Proxy SSRF via /proxy endpoint allows access to internal network resources in miniflux.app

from 0

MEDIUM6.1CVE-2025-67713Miniflux has an Open Redirect via protocol-relative redirect_url in miniflux.app

from 0

—Miniflux Media Proxy vulnerable to Stored Cross-site Scripting due to improper Content-Security-Policy configuration in miniflux.app

from 0

pkg:Go/miniflux.app