@lobehub/chat vulnerabilities

Browse known CVEs and advisories by package and ecosystem. Severity tells you the worst case. What determines real risk is whether the vulnerable code actually runs in your applications.

Get a demo

Browse by ecosystem

npmPyPIMavenGoRubyGemsCargoNuGetComposerpubSwiftGitHub Actions
CVE-IDSeverityPackage summary
CVE-2026-23835Medium@lobehub/chat: LobeHub Vulnerable to Improper Authorization in Presigned UploadCVE-2026-23733Critical@lobehub/chat: Lobe Chat affected by Cross-Site Scripting(XSS) that can escalate to Remote Code Execution(RCE)CVE-2026-23522Low@lobehub/chat: Lobe Chat has IDOR in Knowledge Base File Removal that Allows Cross User File DeletionCVE-2025-62505Low@lobehub/chat: Lobe Chat vulnerable to Server-Side Request Forgery with native web fetch moduleCVE-2025-59426Medium@lobehub/chat: lobe-chat has an Open RedirectCVE-2025-59417Medium@lobehub/chat: Lobe Chat Desktop vulnerable to Remote Code Execution via XSS in Chat MessagesCVE-2024-32965High@lobehub/chat: @lobehub/chat Server Side Request Forgery vulnerabilityCVE-2024-47066Medium@lobehub/chat: lobe-chat implemented an insufficient fix for GHSA-mxhq-xw3g-rphc (CVE-2024-32964)CVE-2024-37895Medium@lobehub/chat: Lobe Chat API Key LeakCVE-2024-32964Critical@lobehub/chat: lobe-chat `/api/proxy` endpoint Server-Side Request Forgery vulnerabilityCVE-2024-24566Medium@lobehub/chat: @lobehub/chat vulnerable to unauthorized access to plugins

Stop the waste.
Protect your environment with Kodem.