Workflow

PyPi: Browser-Use

CVE-2025-47241

Safety vulnerability ID: 77047

This vulnerability was reviewed by experts

The information on this page was manually curated by our Cybersecurity Intelligence Team.

Created at May 03, 2025 Updated at May 15, 2025
Scan your Python projects for vulnerabilities →

Advisory

In browser-use (aka Browser Use) before 0.1.45, URL parsing of allowed_domains is mishandled because userinfo can be placed in the authority component.

Affected package

browser-use

Latest version: 0.1.48

Make websites accessible for AI agents

Affected versions

Fixed versions

Vulnerability changelog

What's Changed

<img src="https://github.com/user-attachments/assets/bce7b8ef-77b2-4bb4-a4c8-2def1e949f11" width="47%"><img src="https://github.com/user-attachments/assets/9cf04289-f9a9-46a7-b02d-3c8cd33e1a87" width="53%">


* ✨Add NEW interactive CLI like `claude` code for `browser-use` by pirate in https://github.com/browser-use/browser-use/pull/1559
* 💔 BREAKING CHANGE: `BrowserWindowContextSize` object removed, switch to flat attrs instead. sorry for the trouble!
change: `BrowserContextConfig(window_size=BrowserWindowContextSize(width=1280, height=900)`
to: flat `BrowserContextConfig(window_width=1280, window_height=900)`, used for viewport as well when `no_viewport=False`
in https://github.com/browser-use/browser-use/pull/1557
* 🔒 fix security issue with url parsing of `allowed_domains` by pirate in https://github.com/browser-use/browser-use/pull/1561
_ _
* fix(eval): update GOOGLE_API_KEY comment to GEMINI_API_KEY by morugu in https://github.com/browser-use/browser-use/pull/1554
* Fix: Make viewport_expansion=-1 parameter work properly to include all page elements by pyoneerC in https://github.com/browser-use/browser-use/pull/1552
* refactor: add caching for client rects and improve highlight cleanup logic by satya-nutella in https://github.com/browser-use/browser-use/pull/1551
* fix: add cursor:pointer handling in buildDomTree and update test URLs to handle expander icons by satya-nutella in https://github.com/browser-use/browser-use/pull/1502
* removing the browser channel from the _setup_browser in browser.py by pmajor74 in https://github.com/browser-use/browser-use/pull/1538

New Contributors
* morugu made their first contribution in https://github.com/browser-use/browser-use/pull/1554
* satya-nutella made their first contribution in https://github.com/browser-use/browser-use/pull/1551
* pmajor74 made their first contribution in https://github.com/browser-use/browser-use/pull/1538

**Full Changelog**: https://github.com/browser-use/browser-use/compare/0.1.44...0.1.45

Resources

Use this package?

Scan your Python project for dependency vulnerabilities in two minutes

Scan your application