npm
sillytavern
5 known vulnerabilities · 0 critical · 2 high
CVE-2026-34523MEDIUM
Risk: 26.52/100
SillyTavern: Path Traversal allows file existence oracle
Published Apr 1, 2026
CVE-2026-34524HIGH
Risk: 41.51/100
SillyTavern: Path Traversal in `/api/chats/export` and `/api/chats/delete` allows arbitrary file read/delete within user data root
Published Apr 1, 2026
CVE-2026-34526MEDIUM
Risk: 25.01/100
SillyTavern: Incomplete IP validation in /api/search/visit allows SSRF via localhost and IPv6
Published Apr 1, 2026
CVE-2026-34522HIGH
Risk: 40.52/100
SillyTavern has a path traversal in `/api/chats/import` allows arbitrary file write outside intended chat directory
Published Apr 1, 2026
Check your entire dependency tree at onceRun dependency scan →