Crawl4AI

Latest secure version 0.8.6

🚀🤖 Crawl4AI: Open-source LLM Friendly Web Crawler & scraper

Apache-2.0

Known vulnerabilities and security issues detected in the extension's dependencies and code.

Vulnerability ID	Advisory				Affected Versions
CVE-2026-26216	Affected versions of the Crawl4AI package are vulnerable to Remote Code Execution due to executing user-supplied Python hook code with exec(). The Docker API’s /crawl endpoint processes the hooks para…	Critical	–	–	<0.8.0
CVE-2026-26217	Affected versions of the crawl4ai package are vulnerable to Path Traversal due to insufficient validation of user-supplied URL schemes. The Crawl4AI Docker API endpoints /execute_js, /screenshot, /pdf…	Critical	–	–	<0.8.0
CVE-2025-28197	Crawl4AI affected versions are vulnerable to SSRF in /crawl4ai/async_dispatcher.py.	Critical	–	–	<=0.4.247

Additional security issues found by Safety, exclusive to our platform.

Safety discovered vulnerability data is available for Enterprise customers

Book a call with us to see Safety in action.

Functions linked to known vulnerabilities in this package.

Vulnerable function data is available for Enterprise customers

Book a call with us to see Safety in action.