OsVault/npm/@lobehub/chat
npm1 critical

@lobehub/chat

6 known vulnerabilities · 1 critical · 0 high

CVE-2026-23733

Lobe Chat affected by Cross-Site Scripting(XSS) that can escalate to Remote Code Execution(RCE)

Published Jan 20, 2026
CVE-2026-23522

Lobe Chat has IDOR in Knowledge Base File Removal that Allows Cross User File Deletion

Published Jan 20, 2026
CVE-2024-47066

lobe-chat implemented an insufficient fix for GHSA-mxhq-xw3g-rphc (CVE-2024-32964)

Published Sep 23, 2024
CVE-2026-23835

LobeHub Vulnerable to Improper Authorization in Presigned Upload

Published Feb 1, 2026
CVE-2024-32964CRITICAL

lobe-chat `/api/proxy` endpoint Server-Side Request Forgery vulnerability

Published May 10, 2024
CVE-2024-37895MEDIUM

Lobe Chat API Key Leak

Published Jun 17, 2024
Check your entire dependency tree at onceRun dependency scan →