1 CVE of this weakness class.
ntfy before 2.22.0 allows SSRF because of an unanchored regular expression for web push endpoint URLs.