Security: decolua/9router
Security
No security policy detected
This project has not set up a SECURITY.md file yet.
Report a vulnerability-
Incomplete Fix: Local-Only Access Gate Bypass in 9router via Host Header SpoofINGGHSA-6g2f-w7g3-77vf published
Jun 13, 2026 by decoluaHigh -
Unauthenticated CRUD on /api/providers and Full API Key Leak via /api/usage/statsGHSA-vjc7-jrh9-9j86 published
Jun 13, 2026 by decoluaCritical -
Missing Authorization and Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') in 9routerGHSA-g6g7-pvmx-m74p published
May 29, 2026 by decoluaCritical -
Hardcoded Default fallback JWT Secret Allows Authentication BypassGHSA-jphh-m39h-6gwx published
May 31, 2026 by decoluaCritical -
Unauthenticated Remote Code Execution via unprotected MCP custom plugin routesGHSA-fhh6-4qxv-rpqj published
May 13, 2026 by decoluaCritical
Learn more about advisories related to decolua/9router in the GitHub Advisory Database