Lobehub Lobe-chat
11 CVEs affecting Lobehub Lobe-chat. Latest disclosed: 2026-01-30. Critical: 2, High: 1.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2024-47066 | Critical | 9.0 | 2024-09-23 | Lobe Chat is an open-source artificial intelligence chat framework. Prior to version 1.19.13, server-side request forgery protection implemented in `src/app/ap… |
CVE-2024-32964 | Critical | 9.0 | 2024-05-10 | Lobe Chat is a chatbot framework that supports speech synthesis, multimodal, and extensible Function Call plugin system. Prior to 0.150.6, lobe-chat had an una… |
CVE-2024-32965 | High | 8.1 | 2024-11-26 | Lobe Chat is an open-source, AI chat framework. Versions of lobe-chat prior to 1.19.13 have an unauthorized ssrf vulnerability. An attacker can construct malic… |
CVE-2026-23733 | Medium | 6.4 | 2026-01-18 | LobeChat is an open source chat application platform. Prior to version 2.0.0-next.180, a stored Cross-Site Scripting (XSS) vulnerability in the Mermaid artifac… |
CVE-2024-37895 | Medium | 5.7 | 2024-06-17 | Lobe Chat is an open-source LLMs/AI chat framework. In affected versions if an attacker can successfully authenticate through SSO/Access Code, they can obtain… |
CVE-2024-24566 | Medium | 5.3 | 2024-01-31 | Lobe Chat is a chatbot framework that supports speech synthesis, multimodal, and extensible Function Call plugin system. When the application is password-prote… |
CVE-2025-59426 | Medium | 4.3 | 2025-09-25 | Lobe Chat is an open-source artificial intelligence chat framework. Prior to version 1.130.1, the project's OIDC redirect handling logic constructs the host an… |
CVE-2026-23522 | Low | 3.7 | 2026-01-19 | LobeChat is an open source chat application platform. Prior to version 2.0.0-next.193, `knowledgeBase.removeFilesFromKnowledgeBase` tRPC ep allows authenticate… |
CVE-2025-62505 | Low | 3.0 | 2025-10-17 | LobeChat is an open source chat application platform. The web-crawler package in LobeChat version 1.136.1 allows server-side request forgery (SSRF) in the tool… |
CVE-2026-23835 | | 2026-01-30 | LobeHub is an open source human-and-AI-agent network. Prior to version 1.143.3, the file upload feature in `Knowledge Base > File Upload` does not validate the… | |
CVE-2025-59417 | | 2025-09-18 | Lobe Chat is an open-source artificial intelligence chat framework. Prior to version 1.129.4, there is a a cross-site scripting (XSS) vulnerability when handli… |