pkg:npm/open-websearch

1 total CVEHIGH1

✅ Check your installed version

HIGH8.2CVE-2026-42260open-websearch has SSRF in `fetchWebContent` MCP tool: bracketed IPv6 literals and non-resolving hostname check bypass `isPrivateOrLocalHostname`
from 0, < 2.1.7