controller

package

Go to main page

Versions in this module

v0

v0.12.10

Apr 15, 2026 GO-2025-4154 +1 more

GO-2025-4154: new-api is vulnerable to SSRF Bypass in one-api

GO-2026-4813: New API has passkey-based secure step-up verification bypass for root-only channel secret disclosure in github.com/QuantumNous/new-api

v0.12.9

Apr 13, 2026 GO-2025-4154 +1 more

GO-2025-4154: new-api is vulnerable to SSRF Bypass in one-api

GO-2026-4813: New API has passkey-based secure step-up verification bypass for root-only channel secret disclosure in github.com/QuantumNous/new-api

v0.12.8

Apr 12, 2026 GO-2025-4154 +1 more

GO-2025-4154: new-api is vulnerable to SSRF Bypass in one-api

GO-2026-4813: New API has passkey-based secure step-up verification bypass for root-only channel secret disclosure in github.com/QuantumNous/new-api

v0.12.7

Apr 12, 2026 GO-2025-4154 +1 more

GO-2025-4154: new-api is vulnerable to SSRF Bypass in one-api

GO-2026-4813: New API has passkey-based secure step-up verification bypass for root-only channel secret disclosure in github.com/QuantumNous/new-api

Changes in this version

type ManageRequest

+ Mode string

+ Value int

v0.12.6

Apr 9, 2026 GO-2025-4154 +1 more

GO-2025-4154: new-api is vulnerable to SSRF Bypass in one-api

GO-2026-4813: New API has passkey-based secure step-up verification bypass for root-only channel secret disclosure in github.com/QuantumNous/new-api

v0.12.5

Apr 8, 2026 GO-2025-4154 +1 more

GO-2025-4154: new-api is vulnerable to SSRF Bypass in one-api

GO-2026-4813: New API has passkey-based secure step-up verification bypass for root-only channel secret disclosure in github.com/QuantumNous/new-api

v0.12.4

Apr 8, 2026 GO-2025-4154 +1 more

GO-2025-4154: new-api is vulnerable to SSRF Bypass in one-api

GO-2026-4813: New API has passkey-based secure step-up verification bypass for root-only channel secret disclosure in github.com/QuantumNous/new-api

Changes in this version

+ func GetQuotaDatesByUser(c *gin.Context)

v0.12.3

Apr 7, 2026 GO-2025-4154 +1 more

GO-2025-4154: new-api is vulnerable to SSRF Bypass in one-api

GO-2026-4813: New API has passkey-based secure step-up verification bypass for root-only channel secret disclosure in github.com/QuantumNous/new-api

Changes in this version

+ func GetTokenKeysBatch(c *gin.Context)

v0.12.2

Apr 6, 2026 GO-2025-4154 +1 more

GO-2025-4154: new-api is vulnerable to SSRF Bypass in one-api

GO-2026-4813: New API has passkey-based secure step-up verification bypass for root-only channel secret disclosure in github.com/QuantumNous/new-api

v0.12.1

Apr 2, 2026 GO-2025-4154 +1 more

GO-2025-4154: new-api is vulnerable to SSRF Bypass in one-api

GO-2026-4813: New API has passkey-based secure step-up verification bypass for root-only channel secret disclosure in github.com/QuantumNous/new-api

v0.12.0

Apr 1, 2026 GO-2025-4154 +1 more

GO-2025-4154: new-api is vulnerable to SSRF Bypass in one-api

GO-2026-4813: New API has passkey-based secure step-up verification bypass for root-only channel secret disclosure in github.com/QuantumNous/new-api

v0.12.0-alpha.2

Mar 31, 2026 GO-2025-4154 +1 more

GO-2025-4154: new-api is vulnerable to SSRF Bypass in one-api

GO-2026-4813: New API has passkey-based secure step-up verification bypass for root-only channel secret disclosure in github.com/QuantumNous/new-api

v0.12.0-alpha.1

Mar 31, 2026 GO-2025-4154 +1 more

GO-2025-4154: new-api is vulnerable to SSRF Bypass in one-api

GO-2026-4813: New API has passkey-based secure step-up verification bypass for root-only channel secret disclosure in github.com/QuantumNous/new-api

v0.11.9

Mar 31, 2026 GO-2025-4154 +1 more

GO-2025-4154: new-api is vulnerable to SSRF Bypass in one-api

GO-2026-4813: New API has passkey-based secure step-up verification bypass for root-only channel secret disclosure in github.com/QuantumNous/new-api

v0.11.9-alpha.3

Mar 25, 2026 GO-2025-4154 +1 more

GO-2025-4154: new-api is vulnerable to SSRF Bypass in one-api

GO-2026-4813: New API has passkey-based secure step-up verification bypass for root-only channel secret disclosure in github.com/QuantumNous/new-api

v0.11.9-alpha.2

Mar 24, 2026 GO-2025-4154 +1 more

GO-2025-4154: new-api is vulnerable to SSRF Bypass in one-api

GO-2026-4813: New API has passkey-based secure step-up verification bypass for root-only channel secret disclosure in github.com/QuantumNous/new-api

v0.11.9-alpha.1

Mar 23, 2026 GO-2025-4154 +1 more

GO-2025-4154: new-api is vulnerable to SSRF Bypass in one-api

GO-2026-4813: New API has passkey-based secure step-up verification bypass for root-only channel secret disclosure in github.com/QuantumNous/new-api

v0.11.8

Mar 22, 2026 GO-2025-4154 +1 more

GO-2025-4154: new-api is vulnerable to SSRF Bypass in one-api

GO-2026-4813: New API has passkey-based secure step-up verification bypass for root-only channel secret disclosure in github.com/QuantumNous/new-api

Changes in this version

+ func CleanupLogFiles(c *gin.Context)

+ func GetLogFiles(c *gin.Context)

+ type LogFileInfo struct

+ ModTime time.Time

+ Name string

+ Size int64

+ type LogFilesResponse struct

+ Enabled bool

+ FileCount int

+ Files []LogFileInfo

+ LogDir string

+ NewestTime *time.Time

+ OldestTime *time.Time

+ TotalSize int64

v0.11.7

Mar 19, 2026 GO-2025-4154 +1 more

GO-2025-4154: new-api is vulnerable to SSRF Bypass in one-api

GO-2026-4813: New API has passkey-based secure step-up verification bypass for root-only channel secret disclosure in github.com/QuantumNous/new-api

Changes in this version

+ func RequestWaffoPay(c *gin.Context)

+ func WaffoWebhook(c *gin.Context)

+ type WaffoPayRequest struct

+ Amount int64

+ PayMethodIndex *int

+ PayMethodName string

+ PayMethodType string

v0.11.6

Mar 17, 2026 GO-2025-4154 +1 more

GO-2025-4154: new-api is vulnerable to SSRF Bypass in one-api

GO-2026-4813: New API has passkey-based secure step-up verification bypass for root-only channel secret disclosure in github.com/QuantumNous/new-api

v0.11.6-patch.1

Mar 17, 2026 GO-2025-4154 +1 more

GO-2025-4154: new-api is vulnerable to SSRF Bypass in one-api

GO-2026-4813: New API has passkey-based secure step-up verification bypass for root-only channel secret disclosure in github.com/QuantumNous/new-api

v0.11.5

Mar 14, 2026 GO-2025-4154 +1 more

GO-2025-4154: new-api is vulnerable to SSRF Bypass in one-api

GO-2026-4813: New API has passkey-based secure step-up verification bypass for root-only channel secret disclosure in github.com/QuantumNous/new-api

Changes in this version

+ const PasskeyReadySessionKey

+ const PasskeyReadyTimeout

v0.11.4

Mar 12, 2026 GO-2025-4154 +1 more

GO-2025-4154: new-api is vulnerable to SSRF Bypass in one-api

GO-2026-4813: New API has passkey-based secure step-up verification bypass for root-only channel secret disclosure in github.com/QuantumNous/new-api

Changes in this version

+ func GetTokenKey(c *gin.Context)

v0.11.4-patch.1

Mar 14, 2026 GO-2025-4154 +1 more

GO-2025-4154: new-api is vulnerable to SSRF Bypass in one-api

GO-2026-4813: New API has passkey-based secure step-up verification bypass for root-only channel secret disclosure in github.com/QuantumNous/new-api

v0.11.4-alpha.5

Mar 9, 2026 GO-2025-4154 +1 more

GO-2025-4154: new-api is vulnerable to SSRF Bypass in one-api

GO-2026-4813: New API has passkey-based secure step-up verification bypass for root-only channel secret disclosure in github.com/QuantumNous/new-api

v0.11.4-alpha.4

Mar 8, 2026 GO-2025-4154 +1 more

GO-2025-4154: new-api is vulnerable to SSRF Bypass in one-api

GO-2026-4813: New API has passkey-based secure step-up verification bypass for root-only channel secret disclosure in github.com/QuantumNous/new-api

v0.11.4-alpha.3

Mar 6, 2026 GO-2025-4154 +1 more

GO-2025-4154: new-api is vulnerable to SSRF Bypass in one-api

GO-2026-4813: New API has passkey-based secure step-up verification bypass for root-only channel secret disclosure in github.com/QuantumNous/new-api

v0.11.4-alpha.2

Mar 6, 2026 GO-2025-4154 +1 more

GO-2025-4154: new-api is vulnerable to SSRF Bypass in one-api

GO-2026-4813: New API has passkey-based secure step-up verification bypass for root-only channel secret disclosure in github.com/QuantumNous/new-api

v0.11.4-alpha.1

Mar 6, 2026 GO-2025-4154 +2 more

GO-2025-4154: new-api is vulnerable to SSRF Bypass in one-api

GO-2026-4813: New API has passkey-based secure step-up verification bypass for root-only channel secret disclosure in github.com/QuantumNous/new-api

GO-2026-4814: New API: IDOR in VideoProxy allows cross-user video content access via missing ownership check in github.com/QuantumNous/new-api

v0.11.2

Mar 4, 2026 GO-2025-4154 +2 more

GO-2025-4154: new-api is vulnerable to SSRF Bypass in one-api

GO-2026-4813: New API has passkey-based secure step-up verification bypass for root-only channel secret disclosure in github.com/QuantumNous/new-api

GO-2026-4814: New API: IDOR in VideoProxy allows cross-user video content access via missing ownership check in github.com/QuantumNous/new-api

Changes in this version

+ func ApplyAllChannelUpstreamModelUpdates(c *gin.Context)

+ func ApplyChannelUpstreamModelUpdates(c *gin.Context)

+ func DetectAllChannelUpstreamModelUpdates(c *gin.Context)

+ func DetectChannelUpstreamModelUpdates(c *gin.Context)

+ func StartChannelUpstreamModelUpdateTask()

type UpdateUserSettingRequest

+ UpstreamModelUpdateNotifyEnabled *bool

v0.11.2-patch.2

Mar 6, 2026 GO-2025-4154 +2 more

GO-2025-4154: new-api is vulnerable to SSRF Bypass in one-api

GO-2026-4813: New API has passkey-based secure step-up verification bypass for root-only channel secret disclosure in github.com/QuantumNous/new-api

GO-2026-4814: New API: IDOR in VideoProxy allows cross-user video content access via missing ownership check in github.com/QuantumNous/new-api

v0.11.2-patch.1

Mar 6, 2026 GO-2025-4154 +2 more

GO-2025-4154: new-api is vulnerable to SSRF Bypass in one-api

GO-2026-4813: New API has passkey-based secure step-up verification bypass for root-only channel secret disclosure in github.com/QuantumNous/new-api

GO-2026-4814: New API: IDOR in VideoProxy allows cross-user video content access via missing ownership check in github.com/QuantumNous/new-api

v0.11.2-alpha.3

Mar 4, 2026 GO-2025-4154 +2 more

GO-2025-4154: new-api is vulnerable to SSRF Bypass in one-api

GO-2026-4813: New API has passkey-based secure step-up verification bypass for root-only channel secret disclosure in github.com/QuantumNous/new-api

GO-2026-4814: New API: IDOR in VideoProxy allows cross-user video content access via missing ownership check in github.com/QuantumNous/new-api

v0.11.2-alpha.2

Mar 3, 2026 GO-2025-4154 +2 more

GO-2025-4154: new-api is vulnerable to SSRF Bypass in one-api

GO-2026-4813: New API has passkey-based secure step-up verification bypass for root-only channel secret disclosure in github.com/QuantumNous/new-api

GO-2026-4814: New API: IDOR in VideoProxy allows cross-user video content access via missing ownership check in github.com/QuantumNous/new-api

v0.11.2-alpha.1

Mar 2, 2026 GO-2025-4154 +2 more

GO-2025-4154: new-api is vulnerable to SSRF Bypass in one-api

GO-2026-4813: New API has passkey-based secure step-up verification bypass for root-only channel secret disclosure in github.com/QuantumNous/new-api

GO-2026-4814: New API: IDOR in VideoProxy allows cross-user video content access via missing ownership check in github.com/QuantumNous/new-api

v0.11.1-alpha.7

Mar 2, 2026 GO-2025-4154 +2 more

GO-2025-4154: new-api is vulnerable to SSRF Bypass in one-api

GO-2026-4813: New API has passkey-based secure step-up verification bypass for root-only channel secret disclosure in github.com/QuantumNous/new-api

GO-2026-4814: New API: IDOR in VideoProxy allows cross-user video content access via missing ownership check in github.com/QuantumNous/new-api

v0.11.1-alpha.6

Mar 2, 2026 GO-2025-4154 +2 more

GO-2025-4154: new-api is vulnerable to SSRF Bypass in one-api

GO-2026-4813: New API has passkey-based secure step-up verification bypass for root-only channel secret disclosure in github.com/QuantumNous/new-api

GO-2026-4814: New API: IDOR in VideoProxy allows cross-user video content access via missing ownership check in github.com/QuantumNous/new-api

v0.11.1-alpha.4

Mar 2, 2026 GO-2025-4154 +2 more

GO-2025-4154: new-api is vulnerable to SSRF Bypass in one-api

GO-2026-4813: New API has passkey-based secure step-up verification bypass for root-only channel secret disclosure in github.com/QuantumNous/new-api

GO-2026-4814: New API: IDOR in VideoProxy allows cross-user video content access via missing ownership check in github.com/QuantumNous/new-api

v0.11.1-alpha.3

Mar 1, 2026 GO-2025-4154 +2 more

GO-2025-4154: new-api is vulnerable to SSRF Bypass in one-api

GO-2026-4813: New API has passkey-based secure step-up verification bypass for root-only channel secret disclosure in github.com/QuantumNous/new-api

GO-2026-4814: New API: IDOR in VideoProxy allows cross-user video content access via missing ownership check in github.com/QuantumNous/new-api

v0.11.1-alpha.2

Feb 28, 2026 GO-2025-4154 +2 more

GO-2025-4154: new-api is vulnerable to SSRF Bypass in one-api

GO-2026-4813: New API has passkey-based secure step-up verification bypass for root-only channel secret disclosure in github.com/QuantumNous/new-api

GO-2026-4814: New API: IDOR in VideoProxy allows cross-user video content access via missing ownership check in github.com/QuantumNous/new-api

v0.11.1-alpha.1

Feb 28, 2026 GO-2025-4154 +2 more

GO-2025-4154: new-api is vulnerable to SSRF Bypass in one-api

GO-2026-4813: New API has passkey-based secure step-up verification bypass for root-only channel secret disclosure in github.com/QuantumNous/new-api

GO-2026-4814: New API: IDOR in VideoProxy allows cross-user video content access via missing ownership check in github.com/QuantumNous/new-api

v0.11.0

Feb 28, 2026 GO-2025-4154 +2 more

GO-2025-4154: new-api is vulnerable to SSRF Bypass in one-api

GO-2026-4813: New API has passkey-based secure step-up verification bypass for root-only channel secret disclosure in github.com/QuantumNous/new-api

GO-2026-4814: New API: IDOR in VideoProxy allows cross-user video content access via missing ownership check in github.com/QuantumNous/new-api

Changes in this version

+ func AdminClearUserBinding(c *gin.Context)

+ func GetUserOAuthBindingsByAdmin(c *gin.Context)

+ func RelayTaskFetch(c *gin.Context)

+ func UnbindCustomOAuthByAdmin(c *gin.Context)

+ type UserOAuthBindingResponse struct

+ ProviderIcon string

+ ProviderId int

+ ProviderName string

+ ProviderSlug string

+ ProviderUserId string

v0.11.0-alpha.9

Feb 25, 2026 GO-2025-4154 +2 more

GO-2025-4154: new-api is vulnerable to SSRF Bypass in one-api

GO-2026-4813: New API has passkey-based secure step-up verification bypass for root-only channel secret disclosure in github.com/QuantumNous/new-api

GO-2026-4814: New API: IDOR in VideoProxy allows cross-user video content access via missing ownership check in github.com/QuantumNous/new-api

v0.11.0-alpha.8

Feb 24, 2026 GO-2025-4154 +2 more

GO-2025-4154: new-api is vulnerable to SSRF Bypass in one-api

GO-2026-4813: New API has passkey-based secure step-up verification bypass for root-only channel secret disclosure in github.com/QuantumNous/new-api

GO-2026-4814: New API: IDOR in VideoProxy allows cross-user video content access via missing ownership check in github.com/QuantumNous/new-api

v0.11.0-alpha.7

Feb 24, 2026 GO-2025-4154 +2 more

GO-2025-4154: new-api is vulnerable to SSRF Bypass in one-api

GO-2026-4813: New API has passkey-based secure step-up verification bypass for root-only channel secret disclosure in github.com/QuantumNous/new-api

GO-2026-4814: New API: IDOR in VideoProxy allows cross-user video content access via missing ownership check in github.com/QuantumNous/new-api

v0.11.0-alpha.6

Feb 23, 2026 GO-2025-4154 +2 more

GO-2025-4154: new-api is vulnerable to SSRF Bypass in one-api

GO-2026-4813: New API has passkey-based secure step-up verification bypass for root-only channel secret disclosure in github.com/QuantumNous/new-api

GO-2026-4814: New API: IDOR in VideoProxy allows cross-user video content access via missing ownership check in github.com/QuantumNous/new-api

v0.11.0-alpha.5

Feb 23, 2026 GO-2025-4154 +2 more

GO-2025-4154: new-api is vulnerable to SSRF Bypass in one-api

GO-2026-4813: New API has passkey-based secure step-up verification bypass for root-only channel secret disclosure in github.com/QuantumNous/new-api

GO-2026-4814: New API: IDOR in VideoProxy allows cross-user video content access via missing ownership check in github.com/QuantumNous/new-api

v0.11.0-alpha.4

Feb 22, 2026 GO-2025-4154 +2 more

GO-2025-4154: new-api is vulnerable to SSRF Bypass in one-api

GO-2026-4813: New API has passkey-based secure step-up verification bypass for root-only channel secret disclosure in github.com/QuantumNous/new-api

GO-2026-4814: New API: IDOR in VideoProxy allows cross-user video content access via missing ownership check in github.com/QuantumNous/new-api

v0.11.0-alpha.3

Feb 22, 2026 GO-2025-4154 +2 more

GO-2025-4154: new-api is vulnerable to SSRF Bypass in one-api

GO-2026-4813: New API has passkey-based secure step-up verification bypass for root-only channel secret disclosure in github.com/QuantumNous/new-api

GO-2026-4814: New API: IDOR in VideoProxy allows cross-user video content access via missing ownership check in github.com/QuantumNous/new-api

v0.11.0-alpha.2

Feb 22, 2026 GO-2025-4154 +2 more

GO-2025-4154: new-api is vulnerable to SSRF Bypass in one-api

GO-2026-4813: New API has passkey-based secure step-up verification bypass for root-only channel secret disclosure in github.com/QuantumNous/new-api

GO-2026-4814: New API: IDOR in VideoProxy allows cross-user video content access via missing ownership check in github.com/QuantumNous/new-api

v0.11.0-alpha.1

Feb 22, 2026 GO-2025-4154 +2 more

GO-2025-4154: new-api is vulnerable to SSRF Bypass in one-api

GO-2026-4813: New API has passkey-based secure step-up verification bypass for root-only channel secret disclosure in github.com/QuantumNous/new-api

GO-2026-4814: New API: IDOR in VideoProxy allows cross-user video content access via missing ownership check in github.com/QuantumNous/new-api

v0.10.9

Feb 22, 2026 GO-2025-4154 +2 more

GO-2025-4154: new-api is vulnerable to SSRF Bypass in one-api

GO-2026-4813: New API has passkey-based secure step-up verification bypass for root-only channel secret disclosure in github.com/QuantumNous/new-api

GO-2026-4814: New API: IDOR in VideoProxy allows cross-user video content access via missing ownership check in github.com/QuantumNous/new-api

Changes in this version

+ func FetchCustomOAuthDiscovery(c *gin.Context)

type CreateCustomOAuthProviderRequest

+ AccessDeniedMessage string

+ AccessPolicy string

+ Icon string

type CustomOAuthProviderResponse

+ AccessDeniedMessage string

+ AccessPolicy string

+ Icon string

+ type FetchCustomOAuthDiscoveryRequest struct

+ IssuerURL string

+ WellKnownURL string

type UpdateCustomOAuthProviderRequest

+ AccessDeniedMessage *string

+ AccessPolicy *string

+ Icon *string

v0.10.9-alpha.8

Feb 22, 2026 GO-2025-4154 +2 more

GO-2025-4154: new-api is vulnerable to SSRF Bypass in one-api

GO-2026-4813: New API has passkey-based secure step-up verification bypass for root-only channel secret disclosure in github.com/QuantumNous/new-api

GO-2026-4814: New API: IDOR in VideoProxy allows cross-user video content access via missing ownership check in github.com/QuantumNous/new-api

v0.10.9-alpha.7

Feb 20, 2026 GO-2025-4154 +2 more

GO-2025-4154: new-api is vulnerable to SSRF Bypass in one-api

GO-2026-4813: New API has passkey-based secure step-up verification bypass for root-only channel secret disclosure in github.com/QuantumNous/new-api

GO-2026-4814: New API: IDOR in VideoProxy allows cross-user video content access via missing ownership check in github.com/QuantumNous/new-api

v0.10.9-alpha.6

Feb 12, 2026 GO-2025-4154 +2 more

GO-2025-4154: new-api is vulnerable to SSRF Bypass in one-api

GO-2026-4813: New API has passkey-based secure step-up verification bypass for root-only channel secret disclosure in github.com/QuantumNous/new-api

GO-2026-4814: New API: IDOR in VideoProxy allows cross-user video content access via missing ownership check in github.com/QuantumNous/new-api

v0.10.9-alpha.5

Feb 11, 2026 GO-2025-4154 +2 more

GO-2025-4154: new-api is vulnerable to SSRF Bypass in one-api

GO-2026-4813: New API has passkey-based secure step-up verification bypass for root-only channel secret disclosure in github.com/QuantumNous/new-api

GO-2026-4814: New API: IDOR in VideoProxy allows cross-user video content access via missing ownership check in github.com/QuantumNous/new-api

v0.10.9-alpha.4

Feb 10, 2026 GO-2025-4154 +2 more

GO-2025-4154: new-api is vulnerable to SSRF Bypass in one-api

GO-2026-4813: New API has passkey-based secure step-up verification bypass for root-only channel secret disclosure in github.com/QuantumNous/new-api

GO-2026-4814: New API: IDOR in VideoProxy allows cross-user video content access via missing ownership check in github.com/QuantumNous/new-api

v0.10.9-alpha.3

Feb 8, 2026 GO-2025-4154 +2 more

GO-2025-4154: new-api is vulnerable to SSRF Bypass in one-api

GO-2026-4813: New API has passkey-based secure step-up verification bypass for root-only channel secret disclosure in github.com/QuantumNous/new-api

GO-2026-4814: New API: IDOR in VideoProxy allows cross-user video content access via missing ownership check in github.com/QuantumNous/new-api

v0.10.9-alpha.2

Feb 8, 2026 GO-2025-4154 +2 more

GO-2025-4154: new-api is vulnerable to SSRF Bypass in one-api

GO-2026-4813: New API has passkey-based secure step-up verification bypass for root-only channel secret disclosure in github.com/QuantumNous/new-api

GO-2026-4814: New API: IDOR in VideoProxy allows cross-user video content access via missing ownership check in github.com/QuantumNous/new-api

v0.10.9-alpha.1

Feb 7, 2026 GO-2025-4154 +2 more

GO-2025-4154: new-api is vulnerable to SSRF Bypass in one-api

GO-2026-4813: New API has passkey-based secure step-up verification bypass for root-only channel secret disclosure in github.com/QuantumNous/new-api

GO-2026-4814: New API: IDOR in VideoProxy allows cross-user video content access via missing ownership check in github.com/QuantumNous/new-api

v0.10.8

Feb 7, 2026 GO-2025-4154 +2 more

GO-2025-4154: new-api is vulnerable to SSRF Bypass in one-api

GO-2026-4813: New API has passkey-based secure step-up verification bypass for root-only channel secret disclosure in github.com/QuantumNous/new-api

GO-2026-4814: New API: IDOR in VideoProxy allows cross-user video content access via missing ownership check in github.com/QuantumNous/new-api

Changes in this version

+ func AdminBindSubscription(c *gin.Context)

+ func AdminCreateSubscriptionPlan(c *gin.Context)

+ func AdminCreateUserSubscription(c *gin.Context)

+ func AdminDeleteUserSubscription(c *gin.Context)

+ func AdminInvalidateUserSubscription(c *gin.Context)

+ func AdminListSubscriptionPlans(c *gin.Context)

+ func AdminListUserSubscriptions(c *gin.Context)

+ func AdminUpdateSubscriptionPlan(c *gin.Context)

+ func AdminUpdateSubscriptionPlanStatus(c *gin.Context)

+ func CreateCustomOAuthProvider(c *gin.Context)

+ func DeleteCustomOAuthProvider(c *gin.Context)

+ func GetCustomOAuthProvider(c *gin.Context)

+ func GetCustomOAuthProviders(c *gin.Context)

+ func GetSubscriptionPlans(c *gin.Context)

+ func GetSubscriptionSelf(c *gin.Context)

+ func GetUserOAuthBindings(c *gin.Context)

+ func HandleOAuth(c *gin.Context)

+ func SubscriptionEpayNotify(c *gin.Context)

+ func SubscriptionEpayReturn(c *gin.Context)

+ func SubscriptionRequestCreemPay(c *gin.Context)

+ func SubscriptionRequestEpay(c *gin.Context)

+ func SubscriptionRequestStripePay(c *gin.Context)

+ func UnbindCustomOAuth(c *gin.Context)

+ func UpdateCustomOAuthProvider(c *gin.Context)

+ func UpdateSubscriptionPreference(c *gin.Context)

+ type AdminBindSubscriptionRequest struct

+ PlanId int

+ UserId int

+ type AdminCreateUserSubscriptionRequest struct

+ PlanId int

+ type AdminUpdateSubscriptionPlanStatusRequest struct

+ Enabled *bool

+ type AdminUpsertSubscriptionPlanRequest struct

+ Plan model.SubscriptionPlan

+ type BillingPreferenceRequest struct

+ BillingPreference string

+ type CreateCustomOAuthProviderRequest struct

+ AuthStyle int

+ AuthorizationEndpoint string

+ ClientId string

+ ClientSecret string

+ DisplayNameField string

+ EmailField string

+ Enabled bool

+ Name string

+ Scopes string

+ Slug string

+ TokenEndpoint string

+ UserIdField string

+ UserInfoEndpoint string

+ UsernameField string

+ WellKnown string

+ type CustomOAuthProviderResponse struct

+ AuthStyle int

+ AuthorizationEndpoint string

+ ClientId string

+ DisplayNameField string

+ EmailField string

+ Enabled bool

+ Id int

+ Name string

+ Scopes string

+ Slug string

+ TokenEndpoint string

+ UserIdField string

+ UserInfoEndpoint string

+ UsernameField string

+ WellKnown string

+ type OAuthRegistrationDisabledError struct

+ func (e *OAuthRegistrationDisabledError) Error() string

+ type OAuthUserDeletedError struct

+ func (e *OAuthUserDeletedError) Error() string

type PerformanceConfig

+ MonitorCPUThreshold int

+ MonitorDiskThreshold int

+ MonitorEnabled bool

+ MonitorMemoryThreshold int

+ type SubscriptionCreemPayRequest struct

+ PlanId int

+ type SubscriptionEpayPayRequest struct

+ PaymentMethod string

+ PlanId int

+ type SubscriptionPlanDTO struct

+ Plan model.SubscriptionPlan

+ type SubscriptionStripePayRequest struct

+ PlanId int

+ type UpdateCustomOAuthProviderRequest struct

+ AuthStyle int

+ AuthorizationEndpoint string

+ ClientId string

+ ClientSecret string

+ DisplayNameField string

+ EmailField string

+ Enabled bool

+ Name string

+ Scopes string

+ Slug string

+ TokenEndpoint string

+ UserIdField string

+ UserInfoEndpoint string

+ UsernameField string

+ WellKnown string

v0.10.8-alpha.12

Feb 6, 2026 GO-2025-4154 +2 more

GO-2025-4154: new-api is vulnerable to SSRF Bypass in one-api

GO-2026-4813: New API has passkey-based secure step-up verification bypass for root-only channel secret disclosure in github.com/QuantumNous/new-api

GO-2026-4814: New API: IDOR in VideoProxy allows cross-user video content access via missing ownership check in github.com/QuantumNous/new-api

v0.10.8-alpha.11

Feb 6, 2026 GO-2025-4154 +2 more

GO-2025-4154: new-api is vulnerable to SSRF Bypass in one-api

GO-2026-4813: New API has passkey-based secure step-up verification bypass for root-only channel secret disclosure in github.com/QuantumNous/new-api

GO-2026-4814: New API: IDOR in VideoProxy allows cross-user video content access via missing ownership check in github.com/QuantumNous/new-api

v0.10.8-alpha.10

Feb 6, 2026 GO-2025-4154 +2 more

GO-2025-4154: new-api is vulnerable to SSRF Bypass in one-api

GO-2026-4813: New API has passkey-based secure step-up verification bypass for root-only channel secret disclosure in github.com/QuantumNous/new-api

GO-2026-4814: New API: IDOR in VideoProxy allows cross-user video content access via missing ownership check in github.com/QuantumNous/new-api

v0.10.8-alpha.9

Feb 6, 2026 GO-2025-4154 +3 more

GO-2025-4154: new-api is vulnerable to SSRF Bypass in one-api

GO-2026-4531: New API has an SQL LIKE Wildcard Injection DoS via Token Search in github.com/QuantumNous/new-api

GO-2026-4813: New API has passkey-based secure step-up verification bypass for root-only channel secret disclosure in github.com/QuantumNous/new-api

GO-2026-4814: New API: IDOR in VideoProxy allows cross-user video content access via missing ownership check in github.com/QuantumNous/new-api

v0.10.8-alpha.8

Feb 5, 2026 GO-2025-4154 +4 more

GO-2025-4154: new-api is vulnerable to SSRF Bypass in one-api

GO-2026-4531: New API has an SQL LIKE Wildcard Injection DoS via Token Search in github.com/QuantumNous/new-api

GO-2026-4532: New API has Potential XSS in its MarkdownRenderer component in github.com/QuantumNous/new-api

GO-2026-4813: New API has passkey-based secure step-up verification bypass for root-only channel secret disclosure in github.com/QuantumNous/new-api

GO-2026-4814: New API: IDOR in VideoProxy allows cross-user video content access via missing ownership check in github.com/QuantumNous/new-api

v0.10.8-alpha.7

Feb 4, 2026 GO-2025-4154 +4 more

GO-2025-4154: new-api is vulnerable to SSRF Bypass in one-api

GO-2026-4531: New API has an SQL LIKE Wildcard Injection DoS via Token Search in github.com/QuantumNous/new-api

GO-2026-4532: New API has Potential XSS in its MarkdownRenderer component in github.com/QuantumNous/new-api

GO-2026-4813: New API has passkey-based secure step-up verification bypass for root-only channel secret disclosure in github.com/QuantumNous/new-api

GO-2026-4814: New API: IDOR in VideoProxy allows cross-user video content access via missing ownership check in github.com/QuantumNous/new-api

v0.10.8-alpha.6

Feb 4, 2026 GO-2025-4154 +4 more

GO-2025-4154: new-api is vulnerable to SSRF Bypass in one-api

GO-2026-4531: New API has an SQL LIKE Wildcard Injection DoS via Token Search in github.com/QuantumNous/new-api

GO-2026-4532: New API has Potential XSS in its MarkdownRenderer component in github.com/QuantumNous/new-api

GO-2026-4813: New API has passkey-based secure step-up verification bypass for root-only channel secret disclosure in github.com/QuantumNous/new-api

GO-2026-4814: New API: IDOR in VideoProxy allows cross-user video content access via missing ownership check in github.com/QuantumNous/new-api

v0.10.8-alpha.5

Feb 4, 2026 GO-2025-4154 +4 more

GO-2025-4154: new-api is vulnerable to SSRF Bypass in one-api

GO-2026-4531: New API has an SQL LIKE Wildcard Injection DoS via Token Search in github.com/QuantumNous/new-api

GO-2026-4532: New API has Potential XSS in its MarkdownRenderer component in github.com/QuantumNous/new-api

GO-2026-4813: New API has passkey-based secure step-up verification bypass for root-only channel secret disclosure in github.com/QuantumNous/new-api

GO-2026-4814: New API: IDOR in VideoProxy allows cross-user video content access via missing ownership check in github.com/QuantumNous/new-api

v0.10.8-alpha.4

Feb 3, 2026 GO-2025-4154 +4 more

GO-2025-4154: new-api is vulnerable to SSRF Bypass in one-api

GO-2026-4531: New API has an SQL LIKE Wildcard Injection DoS via Token Search in github.com/QuantumNous/new-api

GO-2026-4532: New API has Potential XSS in its MarkdownRenderer component in github.com/QuantumNous/new-api

GO-2026-4813: New API has passkey-based secure step-up verification bypass for root-only channel secret disclosure in github.com/QuantumNous/new-api

GO-2026-4814: New API: IDOR in VideoProxy allows cross-user video content access via missing ownership check in github.com/QuantumNous/new-api

v0.10.8-alpha.3

Feb 3, 2026 GO-2025-4154 +4 more

GO-2025-4154: new-api is vulnerable to SSRF Bypass in one-api

GO-2026-4531: New API has an SQL LIKE Wildcard Injection DoS via Token Search in github.com/QuantumNous/new-api

GO-2026-4532: New API has Potential XSS in its MarkdownRenderer component in github.com/QuantumNous/new-api

GO-2026-4813: New API has passkey-based secure step-up verification bypass for root-only channel secret disclosure in github.com/QuantumNous/new-api

GO-2026-4814: New API: IDOR in VideoProxy allows cross-user video content access via missing ownership check in github.com/QuantumNous/new-api

v0.10.8-alpha.2

Feb 3, 2026 GO-2025-4154 +4 more

GO-2025-4154: new-api is vulnerable to SSRF Bypass in one-api

GO-2026-4531: New API has an SQL LIKE Wildcard Injection DoS via Token Search in github.com/QuantumNous/new-api

GO-2026-4532: New API has Potential XSS in its MarkdownRenderer component in github.com/QuantumNous/new-api

GO-2026-4813: New API has passkey-based secure step-up verification bypass for root-only channel secret disclosure in github.com/QuantumNous/new-api

GO-2026-4814: New API: IDOR in VideoProxy allows cross-user video content access via missing ownership check in github.com/QuantumNous/new-api

v0.10.8-alpha.1

Feb 3, 2026 GO-2025-4154 +4 more

GO-2025-4154: new-api is vulnerable to SSRF Bypass in one-api

GO-2026-4531: New API has an SQL LIKE Wildcard Injection DoS via Token Search in github.com/QuantumNous/new-api

GO-2026-4532: New API has Potential XSS in its MarkdownRenderer component in github.com/QuantumNous/new-api

GO-2026-4813: New API has passkey-based secure step-up verification bypass for root-only channel secret disclosure in github.com/QuantumNous/new-api

GO-2026-4814: New API: IDOR in VideoProxy allows cross-user video content access via missing ownership check in github.com/QuantumNous/new-api

v0.10.7

Feb 3, 2026 GO-2025-4154 +4 more

GO-2025-4154: new-api is vulnerable to SSRF Bypass in one-api

GO-2026-4531: New API has an SQL LIKE Wildcard Injection DoS via Token Search in github.com/QuantumNous/new-api

GO-2026-4532: New API has Potential XSS in its MarkdownRenderer component in github.com/QuantumNous/new-api

GO-2026-4813: New API has passkey-based secure step-up verification bypass for root-only channel secret disclosure in github.com/QuantumNous/new-api

GO-2026-4814: New API: IDOR in VideoProxy allows cross-user video content access via missing ownership check in github.com/QuantumNous/new-api

Changes in this version

+ const CreemSignatureHeader

+ const PaymentMethodCreem

+ const PaymentMethodStripe

+ const SecureVerificationSessionKey

+ const SecureVerificationTimeout

+ func AddChannel(c *gin.Context)

+ func AddRedemption(c *gin.Context)

+ func AddToken(c *gin.Context)

+ func Admin2FAStats(c *gin.Context)

+ func AdminCompleteTopUp(c *gin.Context)

+ func AdminDisable2FA(c *gin.Context)

+ func AdminResetPasskey(c *gin.Context)

+ func AutomaticallyTestChannels()

+ func AutomaticallyUpdateChannels(frequency int)

+ func BatchSetChannelTag(c *gin.Context)

+ func ChannelListModels(c *gin.Context)

+ func CheckClusterNameAvailability(c *gin.Context)

+ func CheckSecureVerification(c *gin.Context) bool

+ func ClearChannelAffinityCache(c *gin.Context)

+ func ClearDiskCache(c *gin.Context)

+ func CompleteCodexOAuth(c *gin.Context)

+ func CompleteCodexOAuthForChannel(c *gin.Context)

+ func CopyChannel(c *gin.Context)

+ func CreateDeployment(c *gin.Context)

+ func CreateModelMeta(c *gin.Context)

+ func CreatePrefillGroup(c *gin.Context)

+ func CreateUser(c *gin.Context)

+ func CreateVendorMeta(c *gin.Context)

+ func CreemWebhook(c *gin.Context)

+ func DashboardListModels(c *gin.Context)

+ func DeleteChannel(c *gin.Context)

+ func DeleteChannelBatch(c *gin.Context)

+ func DeleteDeployment(c *gin.Context)

+ func DeleteDisabledChannel(c *gin.Context)

+ func DeleteHistoryLogs(c *gin.Context)

+ func DeleteInvalidRedemption(c *gin.Context)

+ func DeleteModelMeta(c *gin.Context)

+ func DeletePrefillGroup(c *gin.Context)

+ func DeleteRedemption(c *gin.Context)

+ func DeleteSelf(c *gin.Context)

+ func DeleteToken(c *gin.Context)

+ func DeleteTokenBatch(c *gin.Context)

+ func DeleteUser(c *gin.Context)

+ func DeleteVendorMeta(c *gin.Context)

+ func Disable2FA(c *gin.Context)

+ func DisableTagChannels(c *gin.Context)

+ func DiscordBind(c *gin.Context)

+ func DiscordOAuth(c *gin.Context)

+ func DoCheckin(c *gin.Context)

+ func EditTagChannels(c *gin.Context)

+ func EmailBind(c *gin.Context)

+ func Enable2FA(c *gin.Context)

+ func EnableTagChannels(c *gin.Context)

+ func EnabledListModels(c *gin.Context)

+ func EpayNotify(c *gin.Context)

+ func ExtendDeployment(c *gin.Context)

+ func FetchModels(c *gin.Context)

+ func FetchUpstreamModels(c *gin.Context)

+ func FetchUpstreamRatios(c *gin.Context)

+ func FixChannelsAbilities(c *gin.Context)

+ func ForceGC(c *gin.Context)

+ func GenerateAccessToken(c *gin.Context)

+ func GenerateOAuthCode(c *gin.Context)

+ func Get2FAStatus(c *gin.Context)

+ func GetAbout(c *gin.Context)

+ func GetAffCode(c *gin.Context)

+ func GetAllChannels(c *gin.Context)

+ func GetAllDeployments(c *gin.Context)

+ func GetAllLogs(c *gin.Context)

+ func GetAllMidjourney(c *gin.Context)

+ func GetAllModelsMeta(c *gin.Context)

+ func GetAllQuotaDates(c *gin.Context)

+ func GetAllRedemptions(c *gin.Context)

+ func GetAllTask(c *gin.Context)

+ func GetAllTokens(c *gin.Context)

+ func GetAllTopUps(c *gin.Context)

+ func GetAllUsers(c *gin.Context)

+ func GetAllVendors(c *gin.Context)

+ func GetAuthHeader(token string) http.Header

+ func GetAvailableReplicas(c *gin.Context)

+ func GetChannel(c *gin.Context)

+ func GetChannelAffinityCacheStats(c *gin.Context)

+ func GetChannelAffinityUsageCacheStats(c *gin.Context)

+ func GetChannelKey(c *gin.Context)

+ func GetChargedAmount(count float64, user model.User) float64

+ func GetCheckinStatus(c *gin.Context)

+ func GetClaudeAuthHeader(token string) http.Header

+ func GetCodexChannelUsage(c *gin.Context)

+ func GetContainerDetails(c *gin.Context)

+ func GetDeployment(c *gin.Context)

+ func GetDeploymentLogs(c *gin.Context)

+ func GetEpayClient() *epay.Client

+ func GetGroups(c *gin.Context)

+ func GetHardwareTypes(c *gin.Context)

+ func GetHomePageContent(c *gin.Context)

+ func GetImage(c *gin.Context)

+ func GetLocations(c *gin.Context)

+ func GetLogByKey(c *gin.Context)

+ func GetLogsSelfStat(c *gin.Context)

+ func GetLogsStat(c *gin.Context)

+ func GetMidjourney(c *gin.Context)

+ func GetMissingModels(c *gin.Context)

+ func GetModelDeploymentSettings(c *gin.Context)

+ func GetModelMeta(c *gin.Context)

+ func GetNotice(c *gin.Context)

+ func GetOptions(c *gin.Context)

+ func GetPerformanceStats(c *gin.Context)

+ func GetPrefillGroups(c *gin.Context)

+ func GetPriceEstimation(c *gin.Context)

+ func GetPricing(c *gin.Context)

+ func GetPrivacyPolicy(c *gin.Context)

+ func GetRatioConfig(c *gin.Context)

+ func GetRedemption(c *gin.Context)

+ func GetResponseBody(method, url string, channel *model.Channel, headers http.Header) ([]byte, error)

+ func GetSelf(c *gin.Context)

+ func GetSetup(c *gin.Context)

+ func GetStatus(c *gin.Context)

+ func GetSubscription(c *gin.Context)

+ func GetSyncableChannels(c *gin.Context)

+ func GetTagModels(c *gin.Context)

+ func GetToken(c *gin.Context)

+ func GetTokenStatus(c *gin.Context)

+ func GetTokenUsage(c *gin.Context)

+ func GetTopUpInfo(c *gin.Context)

+ func GetUptimeKumaStatus(c *gin.Context)

+ func GetUsage(c *gin.Context)

+ func GetUser(c *gin.Context)

+ func GetUserAgreement(c *gin.Context)

+ func GetUserGroups(c *gin.Context)

+ func GetUserLogs(c *gin.Context)

+ func GetUserMidjourney(c *gin.Context)

+ func GetUserModels(c *gin.Context)

+ func GetUserQuotaDates(c *gin.Context)

+ func GetUserTask(c *gin.Context)

+ func GetUserTopUps(c *gin.Context)

+ func GetVendorMeta(c *gin.Context)

+ func GetVerificationStatus(c *gin.Context)

+ func GitHubBind(c *gin.Context)

+ func GitHubOAuth(c *gin.Context)

+ func KlingImage2VideoGenerations(c *gin.Context)

+ func KlingImage2videoTaskId(c *gin.Context)

+ func KlingText2VideoGenerations(c *gin.Context)

+ func KlingText2videoTaskId(c *gin.Context)

+ func LinuxDoBind(c *gin.Context)

+ func LinuxdoOAuth(c *gin.Context)

+ func ListDeploymentContainers(c *gin.Context)

+ func ListModels(c *gin.Context, modelType int)

+ func LockOrder(tradeNo string)

+ func Login(c *gin.Context)

+ func Logout(c *gin.Context)

+ func ManageMultiKeys(c *gin.Context)

+ func ManageUser(c *gin.Context)

+ func MigrateConsoleSetting(c *gin.Context)

+ func OidcAuth(c *gin.Context)

+ func OidcBind(c *gin.Context)

+ func OllamaDeleteModel(c *gin.Context)

+ func OllamaPullModel(c *gin.Context)

+ func OllamaPullModelStream(c *gin.Context)

+ func OllamaVersion(c *gin.Context)

+ func PasskeyDelete(c *gin.Context)

+ func PasskeyLoginBegin(c *gin.Context)

+ func PasskeyLoginFinish(c *gin.Context)

+ func PasskeyRegisterBegin(c *gin.Context)

+ func PasskeyRegisterFinish(c *gin.Context)

+ func PasskeyStatus(c *gin.Context)

+ func PasskeyVerifyAndSetSession(c *gin.Context)

+ func PasskeyVerifyBegin(c *gin.Context)

+ func PasskeyVerifyFinish(c *gin.Context)

+ func PasskeyVerifyForSecure(c *gin.Context)

+ func Playground(c *gin.Context)

+ func PostSetup(c *gin.Context)

+ func RefreshCodexChannelCredential(c *gin.Context)

+ func RegenerateBackupCodes(c *gin.Context)

+ func Register(c *gin.Context)

+ func Relay(c *gin.Context, relayFormat types.RelayFormat)

+ func RelayMidjourney(c *gin.Context)

+ func RelayNotFound(c *gin.Context)

+ func RelayNotImplemented(c *gin.Context)

+ func RelayTask(c *gin.Context)

+ func RequestAmount(c *gin.Context)

+ func RequestCreemPay(c *gin.Context)

+ func RequestEpay(c *gin.Context)

+ func RequestStripeAmount(c *gin.Context)

+ func RequestStripePay(c *gin.Context)

+ func ResetModelRatio(c *gin.Context)

+ func ResetPassword(c *gin.Context)

+ func ResetPerformanceStats(c *gin.Context)

+ func RetrieveModel(c *gin.Context, modelType int)

+ func SearchAllLogs(c *gin.Context)

+ func SearchChannels(c *gin.Context)

+ func SearchDeployments(c *gin.Context)

+ func SearchModelsMeta(c *gin.Context)

+ func SearchRedemptions(c *gin.Context)

+ func SearchTokens(c *gin.Context)

+ func SearchUserLogs(c *gin.Context)

+ func SearchUsers(c *gin.Context)

+ func SearchVendors(c *gin.Context)

+ func SendEmailVerification(c *gin.Context)

+ func SendPasswordResetEmail(c *gin.Context)

+ func Setup2FA(c *gin.Context)

+ func StartCodexOAuth(c *gin.Context)

+ func StartCodexOAuthForChannel(c *gin.Context)

+ func StripeWebhook(c *gin.Context)

+ func SyncUpstreamModels(c *gin.Context)

+ func SyncUpstreamPreview(c *gin.Context)

+ func TelegramBind(c *gin.Context)

+ func TelegramLogin(c *gin.Context)

+ func TestAllChannels(c *gin.Context)

+ func TestChannel(c *gin.Context)

+ func TestIoNetConnection(c *gin.Context)

+ func TestStatus(c *gin.Context)

+ func TopUp(c *gin.Context)

+ func TransferAffQuota(c *gin.Context)

+ func UniversalVerify(c *gin.Context)

+ func UnlockOrder(tradeNo string)

+ func UpdateAllChannelsBalance(c *gin.Context)

+ func UpdateChannel(c *gin.Context)

+ func UpdateChannelBalance(c *gin.Context)

+ func UpdateDeployment(c *gin.Context)

+ func UpdateDeploymentName(c *gin.Context)

+ func UpdateMidjourneyTaskBulk()

+ func UpdateModelMeta(c *gin.Context)

+ func UpdateOption(c *gin.Context)

+ func UpdatePrefillGroup(c *gin.Context)

+ func UpdateRedemption(c *gin.Context)

+ func UpdateSelf(c *gin.Context)

+ func UpdateSunoTaskAll(ctx context.Context, taskChannelM map[int][]string, ...) error

+ func UpdateTaskBulk()

+ func UpdateTaskByPlatform(platform constant.TaskPlatform, taskChannelM map[int][]string, ...)

+ func UpdateToken(c *gin.Context)

+ func UpdateUser(c *gin.Context)

+ func UpdateUserSetting(c *gin.Context)

+ func UpdateVendorMeta(c *gin.Context)

+ func UpdateVideoTaskAll(ctx context.Context, platform constant.TaskPlatform, ...) error

+ func Verify2FALogin(c *gin.Context)

+ func VideoGenerations(c *gin.Context)

+ func VideoGenerationsTaskId(c *gin.Context)

+ func VideoProxy(c *gin.Context)

+ func WeChatAuth(c *gin.Context)

+ func WeChatBind(c *gin.Context)

+ type AIProxyUserOverviewResponse struct

+ Data struct{ ... }

+ ErrorCode int

+ Message string

+ Success bool

+ type APGC2DGPTUsageResponse struct

+ Object string

+ TotalAvailable float64

+ TotalGranted float64

+ TotalUsed float64

+ type API2GPTUsageResponse struct

+ Object string

+ TotalGranted float64

+ TotalRemaining float64

+ TotalUsed float64

+ type AddChannelRequest struct

+ BatchAddSetKeyPrefix2Name bool

+ Channel *model.Channel

+ Mode string

+ MultiKeyMode constant.MultiKeyMode

+ type AdminCompleteTopupRequest struct

+ TradeNo string

+ type AmountRequest struct

+ Amount int64

+ TopUpCode string

+ type ChannelBatch struct

+ Ids []int

+ Tag *string

+ type ChannelTag struct

+ Groups *string

+ HeaderOverride *string

+ ModelMapping *string

+ Models *string

+ NewTag *string

+ ParamOverride *string

+ Priority *int64

+ Tag string

+ Weight *uint

+ type CreemAdaptor struct

+ func (*CreemAdaptor) RequestPay(c *gin.Context, req *CreemPayRequest)

+ type CreemCheckoutRequest struct

+ Customer struct{ ... }

+ Metadata map[string]string

+ ProductId string

+ RequestId string

+ type CreemCheckoutResponse struct

+ CheckoutUrl string

+ Id string

+ type CreemPayRequest struct

+ PaymentMethod string

+ ProductId string

+ type CreemProduct struct

+ Currency string

+ Name string

+ Price float64

+ ProductId string

+ Quota int64

+ type CreemWebhookData struct

+ Data struct{ ... }

+ Type string

+ type CreemWebhookEvent struct

+ CreatedAt int64

+ EventType string

+ Id string

+ Object struct{ ... }

+ type DeepSeekUsageResponse struct

+ BalanceInfos []struct{ ... }

+ IsAvailable bool

+ type DiscordResponse struct

+ AccessToken string

+ ExpiresIn int

+ IDToken string

+ RefreshToken string

+ Scope string

+ TokenType string

+ type DiscordUser struct

+ ID string

+ Name string

+ UID string

+ type DiskCacheInfo struct

+ Exists bool

+ FileCount int

+ Path string

+ TotalSize int64

+ type DiskSpaceInfo struct

+ Free uint64

+ Total uint64

+ Used uint64

+ UsedPercent float64

+ type EpayRequest struct

+ Amount int64

+ PaymentMethod string

+ TopUpCode string

+ type GitHubOAuthResponse struct

+ AccessToken string

+ Scope string

+ TokenType string

+ type GitHubUser struct

+ Email string

+ Login string

+ Name string

+ type KeyStatus struct

+ DisabledTime int64

+ Index int

+ KeyPreview string

+ Reason string

+ Status int

+ type KlingCameraConfig struct

+ Horizontal float64

+ Pan float64

+ Roll float64

+ Tilt float64

+ Vertical float64

+ Zoom float64

+ type KlingCameraControl struct

+ Config *KlingCameraConfig

+ Type string

+ type KlingImage2VideoRequest struct

+ AspectRatio string

+ CallbackURL string

+ CameraControl *KlingCameraControl

+ CfgScale float64

+ Duration string

+ ExternalTaskId string

+ Image string

+ Mode string

+ ModelName string

+ NegativePrompt string

+ Prompt string

+ type KlingText2VideoRequest struct

+ AspectRatio string

+ CallbackURL string

+ CameraControl *KlingCameraControl

+ CfgScale float64

+ Duration string

+ ExternalTaskId string

+ Mode string

+ ModelName string

+ NegativePrompt string

+ Prompt string

+ type LinuxdoUser struct

+ Active bool

+ Id int

+ Name string

+ Silenced bool

+ TrustLevel int

+ Username string

+ type LoginRequest struct

+ Password string

+ Username string

+ type ManageRequest struct

+ Action string

+ Id int

+ type MemoryStats struct

+ Alloc uint64

+ NumGC uint32

+ NumGoroutine int

+ Sys uint64

+ TotalAlloc uint64

+ type Monitor struct

+ Group string

+ Name string

+ Status int

+ Uptime float64

+ type MultiKeyManageRequest struct

+ Action string

+ ChannelId int

+ KeyIndex *int

+ Page int

+ PageSize int

+ Status *int

+ type MultiKeyStatusResponse struct

+ AutoDisabledCount int

+ EnabledCount int

+ Keys []KeyStatus

+ ManualDisabledCount int

+ Page int

+ PageSize int

+ Total int

+ TotalPages int

+ type OidcResponse struct

+ AccessToken string

+ ExpiresIn int

+ IDToken string

+ RefreshToken string

+ Scope string

+ TokenType string

+ type OidcUser struct

+ Email string

+ Name string

+ OpenID string

+ Picture string

+ PreferredUsername string

+ type OpenAICreditGrants struct

+ Object string

+ TotalAvailable float64

+ TotalGranted float64

+ TotalUsed float64

+ type OpenAIModel struct

+ Created int64

+ ID string

+ Metadata map[string]any

+ Object string

+ OwnedBy string

+ Parent string

+ Permission []struct{ ... }

+ Root string

+ type OpenAIModelsResponse struct

+ Data []OpenAIModel

+ Success bool

+ type OpenAISBUsageResponse struct

+ Data ...

+ Msg string

+ type OpenAISubscriptionResponse struct

+ AccessUntil int64

+ HardLimitUSD float64

+ HasPaymentMethod bool

+ Object string

+ SoftLimitUSD float64

+ SystemHardLimitUSD float64

+ type OpenAIUsageDailyCost struct

+ LineItems []struct{ ... }

+ Timestamp float64

+ type OpenAIUsageResponse struct

+ Object string

+ TotalUsage float64

+ type OpenRouterCreditResponse struct

+ Data struct{ ... }

+ type OptionUpdateRequest struct

+ Key string

+ Value any

+ type PasswordResetRequest struct

+ Email string

+ Token string

+ type PatchChannel struct

+ KeyMode *string

+ MultiKeyMode *string

+ type PerformanceConfig struct

+ DiskCacheEnabled bool

+ DiskCacheMaxSizeMB int

+ DiskCachePath string

+ DiskCacheThresholdMB int

+ IsRunningInContainer bool

+ type PerformanceStats struct

+ CacheStats common.DiskCacheStats

+ Config PerformanceConfig

+ DiskCacheInfo DiskCacheInfo

+ DiskSpaceInfo DiskSpaceInfo

+ MemoryStats MemoryStats

+ type Setup struct

+ DatabaseType string

+ RootInit bool

+ Status bool

+ type Setup2FARequest struct

+ Code string

+ type Setup2FAResponse struct

+ BackupCodes []string

+ QRCodeData string

+ Secret string

+ type SetupRequest struct

+ ConfirmPassword string

+ DemoSiteEnabled bool

+ Password string

+ SelfUseModeEnabled bool

+ Username string

+ type SiliconFlowUsageResponse struct

+ Code int

+ Data struct{ ... }

+ Message string

+ Status bool

+ type StripeAdaptor struct

+ func (*StripeAdaptor) RequestAmount(c *gin.Context, req *StripePayRequest)

+ func (*StripeAdaptor) RequestPay(c *gin.Context, req *StripePayRequest)

+ type StripePayRequest struct

+ Amount int64

+ CancelURL string

+ PaymentMethod string

+ SuccessURL string

+ type TokenBatch struct

+ Ids []int

+ type TransferAffQuotaRequest struct

+ Quota int

+ type UniversalVerifyRequest struct

+ Code string

+ Method string

+ type UpdateUserSettingRequest struct

+ AcceptUnsetModelRatioModel bool

+ BarkUrl string

+ GotifyPriority int

+ GotifyToken string

+ GotifyUrl string

+ NotificationEmail string

+ QuotaWarningThreshold float64

+ QuotaWarningType string

+ RecordIpLog bool

+ WebhookSecret string

+ WebhookUrl string

+ type UptimeGroupResult struct

+ CategoryName string

+ Monitors []Monitor

+ type VerificationStatusResponse struct

+ ExpiresAt int64

+ Verified bool

+ type Verify2FARequest struct

+ Code string

v0.10.7-alpha.2

Jan 29, 2026 GO-2025-4154 +4 more

GO-2025-4154: new-api is vulnerable to SSRF Bypass in one-api

GO-2026-4531: New API has an SQL LIKE Wildcard Injection DoS via Token Search in github.com/QuantumNous/new-api

GO-2026-4532: New API has Potential XSS in its MarkdownRenderer component in github.com/QuantumNous/new-api

GO-2026-4813: New API has passkey-based secure step-up verification bypass for root-only channel secret disclosure in github.com/QuantumNous/new-api

GO-2026-4814: New API: IDOR in VideoProxy allows cross-user video content access via missing ownership check in github.com/QuantumNous/new-api

v0.10.7-alpha.1

Jan 26, 2026 GO-2025-4154 +4 more

GO-2025-4154: new-api is vulnerable to SSRF Bypass in one-api

GO-2026-4531: New API has an SQL LIKE Wildcard Injection DoS via Token Search in github.com/QuantumNous/new-api

GO-2026-4532: New API has Potential XSS in its MarkdownRenderer component in github.com/QuantumNous/new-api

GO-2026-4813: New API has passkey-based secure step-up verification bypass for root-only channel secret disclosure in github.com/QuantumNous/new-api

GO-2026-4814: New API: IDOR in VideoProxy allows cross-user video content access via missing ownership check in github.com/QuantumNous/new-api

v0.10.6-alpha.4

Jan 21, 2026 GO-2025-4154 +4 more

GO-2025-4154: new-api is vulnerable to SSRF Bypass in one-api

GO-2026-4531: New API has an SQL LIKE Wildcard Injection DoS via Token Search in github.com/QuantumNous/new-api

GO-2026-4532: New API has Potential XSS in its MarkdownRenderer component in github.com/QuantumNous/new-api

GO-2026-4813: New API has passkey-based secure step-up verification bypass for root-only channel secret disclosure in github.com/QuantumNous/new-api

GO-2026-4814: New API: IDOR in VideoProxy allows cross-user video content access via missing ownership check in github.com/QuantumNous/new-api

v0.10.6-alpha.3

Jan 14, 2026 GO-2025-4154 +4 more

GO-2025-4154: new-api is vulnerable to SSRF Bypass in one-api

GO-2026-4531: New API has an SQL LIKE Wildcard Injection DoS via Token Search in github.com/QuantumNous/new-api

GO-2026-4532: New API has Potential XSS in its MarkdownRenderer component in github.com/QuantumNous/new-api

GO-2026-4813: New API has passkey-based secure step-up verification bypass for root-only channel secret disclosure in github.com/QuantumNous/new-api

GO-2026-4814: New API: IDOR in VideoProxy allows cross-user video content access via missing ownership check in github.com/QuantumNous/new-api

v0.10.6-alpha.2

Jan 12, 2026 GO-2025-4154 +4 more

GO-2025-4154: new-api is vulnerable to SSRF Bypass in one-api

GO-2026-4531: New API has an SQL LIKE Wildcard Injection DoS via Token Search in github.com/QuantumNous/new-api

GO-2026-4532: New API has Potential XSS in its MarkdownRenderer component in github.com/QuantumNous/new-api

GO-2026-4813: New API has passkey-based secure step-up verification bypass for root-only channel secret disclosure in github.com/QuantumNous/new-api

GO-2026-4814: New API: IDOR in VideoProxy allows cross-user video content access via missing ownership check in github.com/QuantumNous/new-api

v0.10.6-alpha.1

Jan 11, 2026 GO-2025-4154 +4 more

GO-2025-4154: new-api is vulnerable to SSRF Bypass in one-api

GO-2026-4531: New API has an SQL LIKE Wildcard Injection DoS via Token Search in github.com/QuantumNous/new-api

GO-2026-4532: New API has Potential XSS in its MarkdownRenderer component in github.com/QuantumNous/new-api

GO-2026-4813: New API has passkey-based secure step-up verification bypass for root-only channel secret disclosure in github.com/QuantumNous/new-api

GO-2026-4814: New API: IDOR in VideoProxy allows cross-user video content access via missing ownership check in github.com/QuantumNous/new-api

v0.10.5

Jan 5, 2026 GO-2025-4154 +4 more

GO-2025-4154: new-api is vulnerable to SSRF Bypass in one-api

GO-2026-4531: New API has an SQL LIKE Wildcard Injection DoS via Token Search in github.com/QuantumNous/new-api

GO-2026-4532: New API has Potential XSS in its MarkdownRenderer component in github.com/QuantumNous/new-api

GO-2026-4813: New API has passkey-based secure step-up verification bypass for root-only channel secret disclosure in github.com/QuantumNous/new-api

GO-2026-4814: New API: IDOR in VideoProxy allows cross-user video content access via missing ownership check in github.com/QuantumNous/new-api

v0.10.5-ionet.2

Jan 3, 2026 GO-2025-4154 +4 more

GO-2025-4154: new-api is vulnerable to SSRF Bypass in one-api

GO-2026-4531: New API has an SQL LIKE Wildcard Injection DoS via Token Search in github.com/QuantumNous/new-api

GO-2026-4532: New API has Potential XSS in its MarkdownRenderer component in github.com/QuantumNous/new-api

GO-2026-4813: New API has passkey-based secure step-up verification bypass for root-only channel secret disclosure in github.com/QuantumNous/new-api

GO-2026-4814: New API: IDOR in VideoProxy allows cross-user video content access via missing ownership check in github.com/QuantumNous/new-api

v0.10.5-ionet.1

Dec 28, 2025 GO-2025-4154 +4 more

GO-2025-4154: new-api is vulnerable to SSRF Bypass in one-api

GO-2026-4531: New API has an SQL LIKE Wildcard Injection DoS via Token Search in github.com/QuantumNous/new-api

GO-2026-4532: New API has Potential XSS in its MarkdownRenderer component in github.com/QuantumNous/new-api

GO-2026-4813: New API has passkey-based secure step-up verification bypass for root-only channel secret disclosure in github.com/QuantumNous/new-api

GO-2026-4814: New API: IDOR in VideoProxy allows cross-user video content access via missing ownership check in github.com/QuantumNous/new-api

v0.10.5-checkin.1

Jan 2, 2026 GO-2025-4154 +4 more

GO-2025-4154: new-api is vulnerable to SSRF Bypass in one-api

GO-2026-4531: New API has an SQL LIKE Wildcard Injection DoS via Token Search in github.com/QuantumNous/new-api

GO-2026-4532: New API has Potential XSS in its MarkdownRenderer component in github.com/QuantumNous/new-api

GO-2026-4813: New API has passkey-based secure step-up verification bypass for root-only channel secret disclosure in github.com/QuantumNous/new-api

GO-2026-4814: New API: IDOR in VideoProxy allows cross-user video content access via missing ownership check in github.com/QuantumNous/new-api

v0.10.5-bailian.2

Dec 30, 2025 GO-2025-4154 +4 more

GO-2025-4154: new-api is vulnerable to SSRF Bypass in one-api

GO-2026-4531: New API has an SQL LIKE Wildcard Injection DoS via Token Search in github.com/QuantumNous/new-api

GO-2026-4532: New API has Potential XSS in its MarkdownRenderer component in github.com/QuantumNous/new-api

GO-2026-4813: New API has passkey-based secure step-up verification bypass for root-only channel secret disclosure in github.com/QuantumNous/new-api

GO-2026-4814: New API: IDOR in VideoProxy allows cross-user video content access via missing ownership check in github.com/QuantumNous/new-api

v0.10.5-bailian.1

Dec 29, 2025 GO-2025-4154 +4 more

GO-2025-4154: new-api is vulnerable to SSRF Bypass in one-api

GO-2026-4531: New API has an SQL LIKE Wildcard Injection DoS via Token Search in github.com/QuantumNous/new-api

GO-2026-4532: New API has Potential XSS in its MarkdownRenderer component in github.com/QuantumNous/new-api

GO-2026-4813: New API has passkey-based secure step-up verification bypass for root-only channel secret disclosure in github.com/QuantumNous/new-api

GO-2026-4814: New API: IDOR in VideoProxy allows cross-user video content access via missing ownership check in github.com/QuantumNous/new-api

v0.10.4

Dec 26, 2025 GO-2025-4154 +4 more

GO-2025-4154: new-api is vulnerable to SSRF Bypass in one-api

GO-2026-4531: New API has an SQL LIKE Wildcard Injection DoS via Token Search in github.com/QuantumNous/new-api

GO-2026-4532: New API has Potential XSS in its MarkdownRenderer component in github.com/QuantumNous/new-api

GO-2026-4813: New API has passkey-based secure step-up verification bypass for root-only channel secret disclosure in github.com/QuantumNous/new-api

GO-2026-4814: New API: IDOR in VideoProxy allows cross-user video content access via missing ownership check in github.com/QuantumNous/new-api

v0.10.3

Dec 25, 2025 GO-2025-4154 +4 more

GO-2025-4154: new-api is vulnerable to SSRF Bypass in one-api

GO-2026-4531: New API has an SQL LIKE Wildcard Injection DoS via Token Search in github.com/QuantumNous/new-api

GO-2026-4532: New API has Potential XSS in its MarkdownRenderer component in github.com/QuantumNous/new-api

GO-2026-4813: New API has passkey-based secure step-up verification bypass for root-only channel secret disclosure in github.com/QuantumNous/new-api

GO-2026-4814: New API: IDOR in VideoProxy allows cross-user video content access via missing ownership check in github.com/QuantumNous/new-api

v0.10.2

Dec 21, 2025 GO-2025-4154 +4 more

GO-2025-4154: new-api is vulnerable to SSRF Bypass in one-api

GO-2026-4531: New API has an SQL LIKE Wildcard Injection DoS via Token Search in github.com/QuantumNous/new-api

GO-2026-4532: New API has Potential XSS in its MarkdownRenderer component in github.com/QuantumNous/new-api

GO-2026-4813: New API has passkey-based secure step-up verification bypass for root-only channel secret disclosure in github.com/QuantumNous/new-api

GO-2026-4814: New API: IDOR in VideoProxy allows cross-user video content access via missing ownership check in github.com/QuantumNous/new-api

v0.10.1

Dec 20, 2025 GO-2025-4154 +4 more

GO-2025-4154: new-api is vulnerable to SSRF Bypass in one-api

GO-2026-4531: New API has an SQL LIKE Wildcard Injection DoS via Token Search in github.com/QuantumNous/new-api

GO-2026-4532: New API has Potential XSS in its MarkdownRenderer component in github.com/QuantumNous/new-api

GO-2026-4813: New API has passkey-based secure step-up verification bypass for root-only channel secret disclosure in github.com/QuantumNous/new-api

GO-2026-4814: New API: IDOR in VideoProxy allows cross-user video content access via missing ownership check in github.com/QuantumNous/new-api

v0.10.1-alpha.8

Dec 13, 2025 GO-2025-4154 +4 more

GO-2025-4154: new-api is vulnerable to SSRF Bypass in one-api

GO-2026-4531: New API has an SQL LIKE Wildcard Injection DoS via Token Search in github.com/QuantumNous/new-api

GO-2026-4532: New API has Potential XSS in its MarkdownRenderer component in github.com/QuantumNous/new-api

GO-2026-4813: New API has passkey-based secure step-up verification bypass for root-only channel secret disclosure in github.com/QuantumNous/new-api

GO-2026-4814: New API: IDOR in VideoProxy allows cross-user video content access via missing ownership check in github.com/QuantumNous/new-api

v0.10.1-alpha.6

Dec 13, 2025 GO-2025-4154 +4 more

GO-2025-4154: new-api is vulnerable to SSRF Bypass in one-api

GO-2026-4531: New API has an SQL LIKE Wildcard Injection DoS via Token Search in github.com/QuantumNous/new-api

GO-2026-4532: New API has Potential XSS in its MarkdownRenderer component in github.com/QuantumNous/new-api

GO-2026-4813: New API has passkey-based secure step-up verification bypass for root-only channel secret disclosure in github.com/QuantumNous/new-api

GO-2026-4814: New API: IDOR in VideoProxy allows cross-user video content access via missing ownership check in github.com/QuantumNous/new-api

v0.10.1-alpha.5

Dec 13, 2025 GO-2025-4154 +4 more

GO-2025-4154: new-api is vulnerable to SSRF Bypass in one-api

GO-2026-4531: New API has an SQL LIKE Wildcard Injection DoS via Token Search in github.com/QuantumNous/new-api

GO-2026-4532: New API has Potential XSS in its MarkdownRenderer component in github.com/QuantumNous/new-api

GO-2026-4813: New API has passkey-based secure step-up verification bypass for root-only channel secret disclosure in github.com/QuantumNous/new-api

GO-2026-4814: New API: IDOR in VideoProxy allows cross-user video content access via missing ownership check in github.com/QuantumNous/new-api

v0.10.1-alpha.4

Dec 12, 2025 GO-2025-4154 +4 more

GO-2025-4154: new-api is vulnerable to SSRF Bypass in one-api

GO-2026-4531: New API has an SQL LIKE Wildcard Injection DoS via Token Search in github.com/QuantumNous/new-api

GO-2026-4532: New API has Potential XSS in its MarkdownRenderer component in github.com/QuantumNous/new-api

GO-2026-4813: New API has passkey-based secure step-up verification bypass for root-only channel secret disclosure in github.com/QuantumNous/new-api

GO-2026-4814: New API: IDOR in VideoProxy allows cross-user video content access via missing ownership check in github.com/QuantumNous/new-api

v0.10.1-alpha.3

Dec 12, 2025 GO-2025-4154 +4 more

GO-2025-4154: new-api is vulnerable to SSRF Bypass in one-api

GO-2026-4531: New API has an SQL LIKE Wildcard Injection DoS via Token Search in github.com/QuantumNous/new-api

GO-2026-4532: New API has Potential XSS in its MarkdownRenderer component in github.com/QuantumNous/new-api

GO-2026-4813: New API has passkey-based secure step-up verification bypass for root-only channel secret disclosure in github.com/QuantumNous/new-api

GO-2026-4814: New API: IDOR in VideoProxy allows cross-user video content access via missing ownership check in github.com/QuantumNous/new-api

v0.10.1-alpha.2

Dec 12, 2025 GO-2025-4154 +4 more

GO-2025-4154: new-api is vulnerable to SSRF Bypass in one-api

GO-2026-4531: New API has an SQL LIKE Wildcard Injection DoS via Token Search in github.com/QuantumNous/new-api

GO-2026-4532: New API has Potential XSS in its MarkdownRenderer component in github.com/QuantumNous/new-api

GO-2026-4813: New API has passkey-based secure step-up verification bypass for root-only channel secret disclosure in github.com/QuantumNous/new-api

GO-2026-4814: New API: IDOR in VideoProxy allows cross-user video content access via missing ownership check in github.com/QuantumNous/new-api

v0.10.1-alpha.1

Dec 12, 2025 GO-2025-4154 +4 more

GO-2025-4154: new-api is vulnerable to SSRF Bypass in one-api

GO-2026-4531: New API has an SQL LIKE Wildcard Injection DoS via Token Search in github.com/QuantumNous/new-api

GO-2026-4532: New API has Potential XSS in its MarkdownRenderer component in github.com/QuantumNous/new-api

GO-2026-4813: New API has passkey-based secure step-up verification bypass for root-only channel secret disclosure in github.com/QuantumNous/new-api

GO-2026-4814: New API: IDOR in VideoProxy allows cross-user video content access via missing ownership check in github.com/QuantumNous/new-api

v0.10.0

Dec 11, 2025 GO-2025-4154 +4 more

GO-2025-4154: new-api is vulnerable to SSRF Bypass in one-api

GO-2026-4531: New API has an SQL LIKE Wildcard Injection DoS via Token Search in github.com/QuantumNous/new-api

GO-2026-4532: New API has Potential XSS in its MarkdownRenderer component in github.com/QuantumNous/new-api

GO-2026-4813: New API has passkey-based secure step-up verification bypass for root-only channel secret disclosure in github.com/QuantumNous/new-api

GO-2026-4814: New API: IDOR in VideoProxy allows cross-user video content access via missing ownership check in github.com/QuantumNous/new-api

v0.10.0-alpha.3

Dec 9, 2025 GO-2025-4154 +3 more

GO-2025-4154: new-api is vulnerable to SSRF Bypass in one-api

GO-2026-4531: New API has an SQL LIKE Wildcard Injection DoS via Token Search in github.com/QuantumNous/new-api

GO-2026-4532: New API has Potential XSS in its MarkdownRenderer component in github.com/QuantumNous/new-api

GO-2026-4814: New API: IDOR in VideoProxy allows cross-user video content access via missing ownership check in github.com/QuantumNous/new-api

v0.10.0-alpha.2

Dec 2, 2025 GO-2025-4154 +3 more

GO-2025-4154: new-api is vulnerable to SSRF Bypass in one-api

GO-2026-4531: New API has an SQL LIKE Wildcard Injection DoS via Token Search in github.com/QuantumNous/new-api

GO-2026-4532: New API has Potential XSS in its MarkdownRenderer component in github.com/QuantumNous/new-api

GO-2026-4814: New API: IDOR in VideoProxy allows cross-user video content access via missing ownership check in github.com/QuantumNous/new-api

v0.10.0-alpha.1

Dec 2, 2025 GO-2025-4154 +3 more

GO-2025-4154: new-api is vulnerable to SSRF Bypass in one-api

GO-2026-4531: New API has an SQL LIKE Wildcard Injection DoS via Token Search in github.com/QuantumNous/new-api

GO-2026-4532: New API has Potential XSS in its MarkdownRenderer component in github.com/QuantumNous/new-api

GO-2026-4814: New API: IDOR in VideoProxy allows cross-user video content access via missing ownership check in github.com/QuantumNous/new-api

v0.9.28

Dec 1, 2025 GO-2025-4154 +3 more

GO-2025-4154: new-api is vulnerable to SSRF Bypass in one-api

GO-2026-4531: New API has an SQL LIKE Wildcard Injection DoS via Token Search in github.com/QuantumNous/new-api

GO-2026-4532: New API has Potential XSS in its MarkdownRenderer component in github.com/QuantumNous/new-api

GO-2026-4814: New API: IDOR in VideoProxy allows cross-user video content access via missing ownership check in github.com/QuantumNous/new-api

v0.9.27

Nov 30, 2025 GO-2025-4154 +3 more

GO-2025-4154: new-api is vulnerable to SSRF Bypass in one-api

GO-2026-4531: New API has an SQL LIKE Wildcard Injection DoS via Token Search in github.com/QuantumNous/new-api

GO-2026-4532: New API has Potential XSS in its MarkdownRenderer component in github.com/QuantumNous/new-api

GO-2026-4814: New API: IDOR in VideoProxy allows cross-user video content access via missing ownership check in github.com/QuantumNous/new-api

v0.9.27-patch.1

Nov 30, 2025 GO-2025-4154 +3 more

GO-2025-4154: new-api is vulnerable to SSRF Bypass in one-api

GO-2026-4531: New API has an SQL LIKE Wildcard Injection DoS via Token Search in github.com/QuantumNous/new-api

GO-2026-4532: New API has Potential XSS in its MarkdownRenderer component in github.com/QuantumNous/new-api

GO-2026-4814: New API: IDOR in VideoProxy allows cross-user video content access via missing ownership check in github.com/QuantumNous/new-api

v0.9.26

Nov 30, 2025 GO-2025-4154 +3 more

GO-2025-4154: new-api is vulnerable to SSRF Bypass in one-api

GO-2026-4531: New API has an SQL LIKE Wildcard Injection DoS via Token Search in github.com/QuantumNous/new-api

GO-2026-4532: New API has Potential XSS in its MarkdownRenderer component in github.com/QuantumNous/new-api

GO-2026-4814: New API: IDOR in VideoProxy allows cross-user video content access via missing ownership check in github.com/QuantumNous/new-api

v0.9.25

Nov 23, 2025 GO-2025-4154 +3 more

GO-2025-4154: new-api is vulnerable to SSRF Bypass in one-api

GO-2026-4531: New API has an SQL LIKE Wildcard Injection DoS via Token Search in github.com/QuantumNous/new-api

GO-2026-4532: New API has Potential XSS in its MarkdownRenderer component in github.com/QuantumNous/new-api

GO-2026-4814: New API: IDOR in VideoProxy allows cross-user video content access via missing ownership check in github.com/QuantumNous/new-api

v0.9.24

Nov 20, 2025 GO-2025-4154 +3 more

GO-2025-4154: new-api is vulnerable to SSRF Bypass in one-api

GO-2026-4531: New API has an SQL LIKE Wildcard Injection DoS via Token Search in github.com/QuantumNous/new-api

GO-2026-4532: New API has Potential XSS in its MarkdownRenderer component in github.com/QuantumNous/new-api

GO-2026-4814: New API: IDOR in VideoProxy allows cross-user video content access via missing ownership check in github.com/QuantumNous/new-api

v0.9.23

Nov 20, 2025 GO-2025-4154 +3 more

GO-2025-4154: new-api is vulnerable to SSRF Bypass in one-api

GO-2026-4531: New API has an SQL LIKE Wildcard Injection DoS via Token Search in github.com/QuantumNous/new-api

GO-2026-4532: New API has Potential XSS in its MarkdownRenderer component in github.com/QuantumNous/new-api

GO-2026-4814: New API: IDOR in VideoProxy allows cross-user video content access via missing ownership check in github.com/QuantumNous/new-api

v0.9.22

Nov 16, 2025 GO-2025-4154 +3 more

GO-2025-4154: new-api is vulnerable to SSRF Bypass in one-api

GO-2026-4531: New API has an SQL LIKE Wildcard Injection DoS via Token Search in github.com/QuantumNous/new-api

GO-2026-4532: New API has Potential XSS in its MarkdownRenderer component in github.com/QuantumNous/new-api

GO-2026-4814: New API: IDOR in VideoProxy allows cross-user video content access via missing ownership check in github.com/QuantumNous/new-api

v0.9.22-patch.1

Nov 18, 2025 GO-2025-4154 +3 more

GO-2025-4154: new-api is vulnerable to SSRF Bypass in one-api

GO-2026-4531: New API has an SQL LIKE Wildcard Injection DoS via Token Search in github.com/QuantumNous/new-api

GO-2026-4532: New API has Potential XSS in its MarkdownRenderer component in github.com/QuantumNous/new-api

GO-2026-4814: New API: IDOR in VideoProxy allows cross-user video content access via missing ownership check in github.com/QuantumNous/new-api

v0.9.21

Nov 14, 2025 GO-2025-4154 +3 more

GO-2025-4154: new-api is vulnerable to SSRF Bypass in one-api

GO-2026-4531: New API has an SQL LIKE Wildcard Injection DoS via Token Search in github.com/QuantumNous/new-api

GO-2026-4532: New API has Potential XSS in its MarkdownRenderer component in github.com/QuantumNous/new-api

GO-2026-4814: New API: IDOR in VideoProxy allows cross-user video content access via missing ownership check in github.com/QuantumNous/new-api

v0.9.20

Nov 11, 2025 GO-2025-4154 +3 more

GO-2025-4154: new-api is vulnerable to SSRF Bypass in one-api

GO-2026-4531: New API has an SQL LIKE Wildcard Injection DoS via Token Search in github.com/QuantumNous/new-api

GO-2026-4532: New API has Potential XSS in its MarkdownRenderer component in github.com/QuantumNous/new-api

GO-2026-4814: New API: IDOR in VideoProxy allows cross-user video content access via missing ownership check in github.com/QuantumNous/new-api

v0.9.20-patch.2

Nov 12, 2025 GO-2025-4154 +3 more

GO-2025-4154: new-api is vulnerable to SSRF Bypass in one-api

GO-2026-4531: New API has an SQL LIKE Wildcard Injection DoS via Token Search in github.com/QuantumNous/new-api

GO-2026-4532: New API has Potential XSS in its MarkdownRenderer component in github.com/QuantumNous/new-api

GO-2026-4814: New API: IDOR in VideoProxy allows cross-user video content access via missing ownership check in github.com/QuantumNous/new-api

v0.9.20-patch.1

Nov 11, 2025 GO-2025-4154 +3 more

GO-2025-4154: new-api is vulnerable to SSRF Bypass in one-api

GO-2026-4531: New API has an SQL LIKE Wildcard Injection DoS via Token Search in github.com/QuantumNous/new-api

GO-2026-4532: New API has Potential XSS in its MarkdownRenderer component in github.com/QuantumNous/new-api

GO-2026-4814: New API: IDOR in VideoProxy allows cross-user video content access via missing ownership check in github.com/QuantumNous/new-api

v0.9.19

Nov 10, 2025 GO-2025-4154 +3 more

GO-2025-4154: new-api is vulnerable to SSRF Bypass in one-api

GO-2026-4531: New API has an SQL LIKE Wildcard Injection DoS via Token Search in github.com/QuantumNous/new-api

GO-2026-4532: New API has Potential XSS in its MarkdownRenderer component in github.com/QuantumNous/new-api

GO-2026-4814: New API: IDOR in VideoProxy allows cross-user video content access via missing ownership check in github.com/QuantumNous/new-api

v0.9.18

Nov 7, 2025 GO-2025-4154 +3 more

GO-2025-4154: new-api is vulnerable to SSRF Bypass in one-api

GO-2026-4531: New API has an SQL LIKE Wildcard Injection DoS via Token Search in github.com/QuantumNous/new-api

GO-2026-4532: New API has Potential XSS in its MarkdownRenderer component in github.com/QuantumNous/new-api

GO-2026-4814: New API: IDOR in VideoProxy allows cross-user video content access via missing ownership check in github.com/QuantumNous/new-api

v0.9.17

Nov 6, 2025 GO-2025-4154 +3 more

GO-2025-4154: new-api is vulnerable to SSRF Bypass in one-api

GO-2026-4531: New API has an SQL LIKE Wildcard Injection DoS via Token Search in github.com/QuantumNous/new-api

GO-2026-4532: New API has Potential XSS in its MarkdownRenderer component in github.com/QuantumNous/new-api

GO-2026-4814: New API: IDOR in VideoProxy allows cross-user video content access via missing ownership check in github.com/QuantumNous/new-api

v0.9.16

Nov 3, 2025 GO-2025-4154 +3 more

GO-2025-4154: new-api is vulnerable to SSRF Bypass in one-api

GO-2026-4531: New API has an SQL LIKE Wildcard Injection DoS via Token Search in github.com/QuantumNous/new-api

GO-2026-4532: New API has Potential XSS in its MarkdownRenderer component in github.com/QuantumNous/new-api

GO-2026-4814: New API: IDOR in VideoProxy allows cross-user video content access via missing ownership check in github.com/QuantumNous/new-api

v0.9.16-patch.1

Nov 5, 2025 GO-2025-4154 +3 more

GO-2025-4154: new-api is vulnerable to SSRF Bypass in one-api

GO-2026-4531: New API has an SQL LIKE Wildcard Injection DoS via Token Search in github.com/QuantumNous/new-api

GO-2026-4532: New API has Potential XSS in its MarkdownRenderer component in github.com/QuantumNous/new-api

GO-2026-4814: New API: IDOR in VideoProxy allows cross-user video content access via missing ownership check in github.com/QuantumNous/new-api

v0.9.15

Oct 31, 2025 GO-2025-4154 +3 more

GO-2025-4154: new-api is vulnerable to SSRF Bypass in one-api

GO-2026-4531: New API has an SQL LIKE Wildcard Injection DoS via Token Search in github.com/QuantumNous/new-api

GO-2026-4532: New API has Potential XSS in its MarkdownRenderer component in github.com/QuantumNous/new-api

GO-2026-4814: New API: IDOR in VideoProxy allows cross-user video content access via missing ownership check in github.com/QuantumNous/new-api

v0.9.15-patch.2

Nov 1, 2025 GO-2025-4154 +3 more

GO-2025-4154: new-api is vulnerable to SSRF Bypass in one-api

GO-2026-4531: New API has an SQL LIKE Wildcard Injection DoS via Token Search in github.com/QuantumNous/new-api

GO-2026-4532: New API has Potential XSS in its MarkdownRenderer component in github.com/QuantumNous/new-api

GO-2026-4814: New API: IDOR in VideoProxy allows cross-user video content access via missing ownership check in github.com/QuantumNous/new-api

v0.9.15-patch.1

Oct 31, 2025 GO-2025-4154 +3 more

GO-2025-4154: new-api is vulnerable to SSRF Bypass in one-api

GO-2026-4531: New API has an SQL LIKE Wildcard Injection DoS via Token Search in github.com/QuantumNous/new-api

GO-2026-4532: New API has Potential XSS in its MarkdownRenderer component in github.com/QuantumNous/new-api

GO-2026-4814: New API: IDOR in VideoProxy allows cross-user video content access via missing ownership check in github.com/QuantumNous/new-api

v0.9.14

Oct 29, 2025 GO-2025-4154 +3 more

GO-2025-4154: new-api is vulnerable to SSRF Bypass in one-api

GO-2026-4531: New API has an SQL LIKE Wildcard Injection DoS via Token Search in github.com/QuantumNous/new-api

GO-2026-4532: New API has Potential XSS in its MarkdownRenderer component in github.com/QuantumNous/new-api

GO-2026-4814: New API: IDOR in VideoProxy allows cross-user video content access via missing ownership check in github.com/QuantumNous/new-api

v0.9.14-patch.1

Oct 30, 2025 GO-2025-4154 +3 more

GO-2025-4154: new-api is vulnerable to SSRF Bypass in one-api

GO-2026-4531: New API has an SQL LIKE Wildcard Injection DoS via Token Search in github.com/QuantumNous/new-api

GO-2026-4532: New API has Potential XSS in its MarkdownRenderer component in github.com/QuantumNous/new-api

GO-2026-4814: New API: IDOR in VideoProxy allows cross-user video content access via missing ownership check in github.com/QuantumNous/new-api

v0.9.13

Oct 29, 2025 GO-2025-4154 +3 more

GO-2025-4154: new-api is vulnerable to SSRF Bypass in one-api

GO-2026-4531: New API has an SQL LIKE Wildcard Injection DoS via Token Search in github.com/QuantumNous/new-api

GO-2026-4532: New API has Potential XSS in its MarkdownRenderer component in github.com/QuantumNous/new-api

GO-2026-4814: New API: IDOR in VideoProxy allows cross-user video content access via missing ownership check in github.com/QuantumNous/new-api

v0.9.12

Oct 29, 2025 GO-2025-4154 +3 more

GO-2025-4154: new-api is vulnerable to SSRF Bypass in one-api

GO-2026-4531: New API has an SQL LIKE Wildcard Injection DoS via Token Search in github.com/QuantumNous/new-api

GO-2026-4532: New API has Potential XSS in its MarkdownRenderer component in github.com/QuantumNous/new-api

GO-2026-4814: New API: IDOR in VideoProxy allows cross-user video content access via missing ownership check in github.com/QuantumNous/new-api

v0.9.12-patch.1

Oct 29, 2025 GO-2025-4154 +3 more

GO-2025-4154: new-api is vulnerable to SSRF Bypass in one-api

GO-2026-4531: New API has an SQL LIKE Wildcard Injection DoS via Token Search in github.com/QuantumNous/new-api

GO-2026-4532: New API has Potential XSS in its MarkdownRenderer component in github.com/QuantumNous/new-api

GO-2026-4814: New API: IDOR in VideoProxy allows cross-user video content access via missing ownership check in github.com/QuantumNous/new-api

v0.9.11

Oct 28, 2025 GO-2025-4154 +3 more

GO-2025-4154: new-api is vulnerable to SSRF Bypass in one-api

GO-2026-4531: New API has an SQL LIKE Wildcard Injection DoS via Token Search in github.com/QuantumNous/new-api

GO-2026-4532: New API has Potential XSS in its MarkdownRenderer component in github.com/QuantumNous/new-api

GO-2026-4814: New API: IDOR in VideoProxy allows cross-user video content access via missing ownership check in github.com/QuantumNous/new-api

v0.9.10

Oct 18, 2025 GO-2025-4154 +3 more

GO-2025-4154: new-api is vulnerable to SSRF Bypass in one-api

GO-2026-4531: New API has an SQL LIKE Wildcard Injection DoS via Token Search in github.com/QuantumNous/new-api

GO-2026-4532: New API has Potential XSS in its MarkdownRenderer component in github.com/QuantumNous/new-api

GO-2026-4814: New API: IDOR in VideoProxy allows cross-user video content access via missing ownership check in github.com/QuantumNous/new-api

v0.9.9

Oct 15, 2025 GO-2025-4154 +3 more

GO-2025-4154: new-api is vulnerable to SSRF Bypass in one-api

GO-2026-4531: New API has an SQL LIKE Wildcard Injection DoS via Token Search in github.com/QuantumNous/new-api

GO-2026-4532: New API has Potential XSS in its MarkdownRenderer component in github.com/QuantumNous/new-api

GO-2026-4814: New API: IDOR in VideoProxy allows cross-user video content access via missing ownership check in github.com/QuantumNous/new-api

v0.9.9-patch.4

Oct 17, 2025 GO-2025-4154 +3 more

GO-2025-4154: new-api is vulnerable to SSRF Bypass in one-api

GO-2026-4531: New API has an SQL LIKE Wildcard Injection DoS via Token Search in github.com/QuantumNous/new-api

GO-2026-4532: New API has Potential XSS in its MarkdownRenderer component in github.com/QuantumNous/new-api

GO-2026-4814: New API: IDOR in VideoProxy allows cross-user video content access via missing ownership check in github.com/QuantumNous/new-api

v0.9.9-patch.3

Oct 16, 2025 GO-2025-4154 +3 more

GO-2025-4154: new-api is vulnerable to SSRF Bypass in one-api

GO-2026-4531: New API has an SQL LIKE Wildcard Injection DoS via Token Search in github.com/QuantumNous/new-api

GO-2026-4532: New API has Potential XSS in its MarkdownRenderer component in github.com/QuantumNous/new-api

GO-2026-4814: New API: IDOR in VideoProxy allows cross-user video content access via missing ownership check in github.com/QuantumNous/new-api

v0.9.9-patch.2

Oct 16, 2025 GO-2025-4154 +3 more

GO-2025-4154: new-api is vulnerable to SSRF Bypass in one-api

GO-2026-4531: New API has an SQL LIKE Wildcard Injection DoS via Token Search in github.com/QuantumNous/new-api

GO-2026-4532: New API has Potential XSS in its MarkdownRenderer component in github.com/QuantumNous/new-api

GO-2026-4814: New API: IDOR in VideoProxy allows cross-user video content access via missing ownership check in github.com/QuantumNous/new-api

v0.9.9-patch.1

Oct 15, 2025 GO-2025-4154 +3 more

GO-2025-4154: new-api is vulnerable to SSRF Bypass in one-api

GO-2026-4531: New API has an SQL LIKE Wildcard Injection DoS via Token Search in github.com/QuantumNous/new-api

GO-2026-4532: New API has Potential XSS in its MarkdownRenderer component in github.com/QuantumNous/new-api

GO-2026-4814: New API: IDOR in VideoProxy allows cross-user video content access via missing ownership check in github.com/QuantumNous/new-api

v0.9.9-aws.3

Oct 15, 2025 GO-2025-4154 +3 more

GO-2025-4154: new-api is vulnerable to SSRF Bypass in one-api

GO-2026-4531: New API has an SQL LIKE Wildcard Injection DoS via Token Search in github.com/QuantumNous/new-api

GO-2026-4532: New API has Potential XSS in its MarkdownRenderer component in github.com/QuantumNous/new-api

GO-2026-4814: New API: IDOR in VideoProxy allows cross-user video content access via missing ownership check in github.com/QuantumNous/new-api

v0.9.9-aws.2

Oct 15, 2025 GO-2025-4154 +3 more

GO-2025-4154: new-api is vulnerable to SSRF Bypass in one-api

GO-2026-4531: New API has an SQL LIKE Wildcard Injection DoS via Token Search in github.com/QuantumNous/new-api

GO-2026-4532: New API has Potential XSS in its MarkdownRenderer component in github.com/QuantumNous/new-api

GO-2026-4814: New API: IDOR in VideoProxy allows cross-user video content access via missing ownership check in github.com/QuantumNous/new-api

v0.9.9-aws.1

Oct 15, 2025 GO-2025-4154 +3 more

GO-2025-4154: new-api is vulnerable to SSRF Bypass in one-api

GO-2026-4531: New API has an SQL LIKE Wildcard Injection DoS via Token Search in github.com/QuantumNous/new-api

GO-2026-4532: New API has Potential XSS in its MarkdownRenderer component in github.com/QuantumNous/new-api

GO-2026-4814: New API: IDOR in VideoProxy allows cross-user video content access via missing ownership check in github.com/QuantumNous/new-api

v0.9.8

Oct 14, 2025 GO-2025-4154 +3 more

GO-2025-4154: new-api is vulnerable to SSRF Bypass in one-api

GO-2026-4531: New API has an SQL LIKE Wildcard Injection DoS via Token Search in github.com/QuantumNous/new-api

GO-2026-4532: New API has Potential XSS in its MarkdownRenderer component in github.com/QuantumNous/new-api

GO-2026-4814: New API: IDOR in VideoProxy allows cross-user video content access via missing ownership check in github.com/QuantumNous/new-api

v0.9.8-patch.1

Oct 14, 2025 GO-2025-4154 +3 more

GO-2025-4154: new-api is vulnerable to SSRF Bypass in one-api

GO-2026-4531: New API has an SQL LIKE Wildcard Injection DoS via Token Search in github.com/QuantumNous/new-api

GO-2026-4532: New API has Potential XSS in its MarkdownRenderer component in github.com/QuantumNous/new-api

GO-2026-4814: New API: IDOR in VideoProxy allows cross-user video content access via missing ownership check in github.com/QuantumNous/new-api

v0.9.7

Oct 12, 2025 GO-2025-4154 +3 more

GO-2025-4154: new-api is vulnerable to SSRF Bypass in one-api

GO-2026-4531: New API has an SQL LIKE Wildcard Injection DoS via Token Search in github.com/QuantumNous/new-api

GO-2026-4532: New API has Potential XSS in its MarkdownRenderer component in github.com/QuantumNous/new-api

GO-2026-4814: New API: IDOR in VideoProxy allows cross-user video content access via missing ownership check in github.com/QuantumNous/new-api

v0.9.7-patch.2

Oct 13, 2025 GO-2025-4154 +3 more

GO-2025-4154: new-api is vulnerable to SSRF Bypass in one-api

GO-2026-4531: New API has an SQL LIKE Wildcard Injection DoS via Token Search in github.com/QuantumNous/new-api

GO-2026-4532: New API has Potential XSS in its MarkdownRenderer component in github.com/QuantumNous/new-api

GO-2026-4814: New API: IDOR in VideoProxy allows cross-user video content access via missing ownership check in github.com/QuantumNous/new-api

v0.9.7-patch.1

Oct 12, 2025 GO-2025-4154 +3 more

GO-2025-4154: new-api is vulnerable to SSRF Bypass in one-api

GO-2026-4531: New API has an SQL LIKE Wildcard Injection DoS via Token Search in github.com/QuantumNous/new-api

GO-2026-4532: New API has Potential XSS in its MarkdownRenderer component in github.com/QuantumNous/new-api

GO-2026-4814: New API: IDOR in VideoProxy allows cross-user video content access via missing ownership check in github.com/QuantumNous/new-api

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL