pkg:npm/@lobehub/chat

共 11 筆 CVECRITICAL3HIGH1MEDIUM3LOW2

✅ 檢查你的版本

所有已知漏洞

  • CRITICAL9.6CVE-2026-23733Lobe Chat affected by Cross-Site Scripting(XSS) that can escalate to Remote Code Execution(RCE)
    from 0, <= 1.143.2
  • CRITICAL9.0CVE-2024-47066lobe-chat implemented an insufficient fix for GHSA-mxhq-xw3g-rphc (CVE-2024-32964)
    from 0, < 1.19.13
  • CRITICAL9.0CVE-2024-32964lobe-chat `/api/proxy` endpoint Server-Side Request Forgery vulnerability
    from 0, < 0.150.6
  • HIGH8.1CVE-2024-32965@lobehub/chat Server Side Request Forgery vulnerability
    from 0, < 1.19.13
  • MEDIUM5.7CVE-2024-37895Lobe Chat API Key Leak
    from 0, < 0.162.25
  • MEDIUM5.3CVE-2024-24566@lobehub/chat vulnerable to unauthorized access to plugins
    from 0, < 0.122.4
  • MEDIUM4.3CVE-2025-59426lobe-chat has an Open Redirect
    from 0, < 1.130.1
  • LOW3.7CVE-2026-23522Lobe Chat has IDOR in Knowledge Base File Removal that Allows Cross User File Deletion
    from 0, <= 1.143.2
  • LOW3.0CVE-2025-62505Lobe Chat vulnerable to Server-Side Request Forgery with native web fetch module
    from 0, < 1.136.2
  • CVE-2026-23835LobeHub Vulnerable to Improper Authorization in Presigned Upload
    from 0, < 1.143.3
  • CVE-2025-59417Lobe Chat Desktop vulnerable to Remote Code Execution via XSS in Chat Messages
    from 0, < 1.129.4