Lichess Lila

3 CVEs affecting Lichess Lila. Latest disclosed: 2026-04-06. Critical: 0, High: 0.

Top CVEs affecting Lichess Lila
CVESeverityScorePublishedSummary
CVE-2025-52186Medium6.52025-11-13Lichess lila before commit 11b4c0fb00f0ffd823246f839627005459c8f05c (2025-06-02) contains a Server-Side Request Forgery (SSRF) vulnerability in the game export…
CVE-2026-35208Medium5.42026-04-06lichess.org is the forever free, adless and open source chess server. Any approved streamer can inject arbitrary HTML into /streamer and the homepage “Live str…
CVE-2025-48051Medium4.72025-05-15powertip.ts in Lila (for Lichess) before ab0beaf allows XSS in some applications because of an innerHTML usage pattern in which text is extracted from a DOM no…