OsVault/npm/sillytavern
npm

sillytavern

11 known vulnerabilities · 0 critical · 2 high

GHSA-ccfq-2454-f5xw

SillyTavern has a SSRF vulnerability in the CORS proxy middleware

Published May 12, 2026
GHSA-xc4x-2452-5gc9

SillyTavern has a reflected XSS vulnerability in the CORS proxy middleware

Published May 12, 2026
GHSA-qg89-qwwh-5f3j

SillyTavern: SSRF in SearXNG Search Proxy via Unvalidated baseUrl

Published May 19, 2026
CVE-2026-34523MEDIUM
Risk: 26.52/100

SillyTavern: Path Traversal allows file existence oracle

Published Apr 1, 2026
CVE-2025-59159

SillyTavern Web Interface Vulnerable DNS Rebinding

Published Oct 6, 2025
CVE-2026-34524HIGH
Risk: 41.51/100

SillyTavern: Path Traversal in `/api/chats/export` and `/api/chats/delete` allows arbitrary file read/delete within user data root

Published Apr 1, 2026
GHSA-886q-f44j-h6wh

SillyTavern has a Path Traversal issue

Published May 12, 2026
GHSA-wmm3-h9qj-p5v6

SillyTavern: Existing sessions are not invalidated after password change, allowing session reuse and account takeover

Published May 12, 2026
CVE-2026-34526MEDIUM
Risk: 25.01/100

SillyTavern: Incomplete IP validation in /api/search/visit allows SSRF via localhost and IPv6

Published Apr 1, 2026
CVE-2026-34522HIGH
Risk: 40.52/100

SillyTavern has a path traversal in `/api/chats/import` allows arbitrary file write outside intended chat directory

Published Apr 1, 2026
GHSA-gxx6-h3g6-vwjh

SillyTavern has Authentication Bypass via SSO Header Injection

Published May 12, 2026
Check your entire dependency tree at onceRun dependency scan →