pkg:npm/@lobehub/chat

All known vulnerabilities

• CRITICAL9.6CVE-2026-23733Lobe Chat affected by Cross-Site Scripting(XSS) that can escalate to Remote Code Execution(RCE)
  from 0, <= 1.143.2
• CRITICAL9.0CVE-2024-47066lobe-chat implemented an insufficient fix for GHSA-mxhq-xw3g-rphc (CVE-2024-32964)
  from 0, < 1.19.13
• CRITICAL9.0lobe-chat `/api/proxy` endpoint Server-Side Request Forgery vulnerability
  from 0, < 0.150.6
• HIGH8.1@lobehub/chat Server Side Request Forgery vulnerability
  from 0, < 1.19.13
• MEDIUM5.7Lobe Chat API Key Leak
  from 0, < 0.162.25
• MEDIUM5.3@lobehub/chat vulnerable to unauthorized access to plugins
  from 0, < 0.122.4
• MEDIUM4.3lobe-chat has an Open Redirect
  from 0, < 1.130.1
• LOW3.7Lobe Chat has IDOR in Knowledge Base File Removal that Allows Cross User File Deletion
  from 0, <= 1.143.2
• LOW3.0Lobe Chat vulnerable to Server-Side Request Forgery with native web fetch module
  from 0, < 1.136.2
• —LobeHub Vulnerable to Improper Authorization in Presigned Upload
  from 0, < 1.143.3
• —Lobe Chat Desktop vulnerable to Remote Code Execution via XSS in Chat Messages
  from 0, < 1.129.4