Skip to main content

Apprise

2 CVEs product

Monthly

CVE-2026-59180 LOW PATCH Monitor

HTTP redirect handling in Apprise prior to 1.11.0 leaks user-configured secrets - including Authorization headers, bearer tokens, custom headers, and service API keys - by blindly resending them on redirected requests to attacker-controlled endpoints. Any deployment using Apprise's HTTP-based notification plugins or its HTTP attachment and config loaders (apprise/attachment/http.py, apprise/config/http.py) is affected. An on-path attacker or a compromised notification destination can silently harvest these credentials. No public exploit has been identified at time of analysis, and EPSS data is not present in the source intel, but the credential-theft impact on third-party service integrations elevates real-world risk above the Low CVSS score suggests.

Information Disclosure Apprise
NVD GitHub VulDB
CVSS 3.1
3.1
EPSS
0.2%
CVE-2021-39229 PyPI HIGH POC PATCH This Week

Apprise is an open source library which allows you to send a notification to almost all of the most popular notification services available. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Apprise
NVD GitHub
CVSS 3.1
7.5
EPSS
1.8%
EPSS 0% CVSS 3.1
LOW PATCH Monitor

HTTP redirect handling in Apprise prior to 1.11.0 leaks user-configured secrets - including Authorization headers, bearer tokens, custom headers, and service API keys - by blindly resending them on redirected requests to attacker-controlled endpoints. Any deployment using Apprise's HTTP-based notification plugins or its HTTP attachment and config loaders (apprise/attachment/http.py, apprise/config/http.py) is affected. An on-path attacker or a compromised notification destination can silently harvest these credentials. No public exploit has been identified at time of analysis, and EPSS data is not present in the source intel, but the credential-theft impact on third-party service integrations elevates real-world risk above the Low CVSS score suggests.

Information Disclosure Apprise
NVD GitHub VulDB
EPSS 2% CVSS 7.5
HIGH POC PATCH This Week

Apprise is an open source library which allows you to send a notification to almost all of the most popular notification services available. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Apprise
NVD GitHub

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy