CVE-2025-28197: Crawl4AI SSRF vulnerability

April 18, 2025 (updated April 21, 2025)

Crawl4AI <=0.4.247 is vulnerable to SSRF in /crawl4ai/async_dispatcher.py.

References

gist.github.com/AndrewDzzz/f49e79b09ce0643ee1fc2a829e8875e0
github.com/advisories/GHSA-445m-27cf-gr3x
github.com/unclecode/crawl4ai
nvd.nist.gov/vuln/detail/CVE-2025-28197

Code Behaviors & Features

Detect and mitigate CVE-2025-28197 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →