PyPI: crawl4ai

CVE-2025-28197

Safety vulnerability ID: SFTY-20250418-47863

Safety legacy ID: pyup.io-76900

Crawl4AI affected versions are vulnerable to SSRF in /crawl4ai/async_dispatcher.py.

PyPI

NVD

GHSA

Created at: Nov 5, 2025Updated at: Nov 5, 2025

Overview

Crawl4AI SSRF vulnerability

Advisory

Crawl4AI affected versions are vulnerable to SSRF in /crawl4ai/async_dispatcher.py.

Affected Package

Affecting crawl4ai package, versions

<=0.4.247

Also affects

---

How to Fix

Upgrade

crawl4ai

0.4.248b3

or higher.

Mitigation and Workarounds

---

Vulnerable Functions

Functions linked to known vulnerabilities.

Vulnerable function data is available for Enterprise customers

Book a call with us to see Safety in action.

References

https://getsafety.com/vulnerabilities/SFTY-20250418-47863/CVE-2025-28197
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-28197
https://github.com/advisories/GHSA-445m-27cf-gr3x
https://nvd.nist.gov/vuln/detail/CVE-2025-28197
https://gist.github.com/AndrewDzzz/f49e79b09ce0643ee1fc2a829e8875e0
https://github.com/advisories/GHSA-445m-27cf-gr3x

Verified by Safety

Our Cybersecurity Intelligence Team reviewed this vulnerability. We combine public data with our own research to find issues not yet reported to public sources.

Learn more