Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

danny-avila/librechat — Vulnerabilities & Security Advisories 18

All 18 CVE vulnerabilities found in danny-avila/librechat, with AI-generated Chinese analysis, references, and POCs.

Vendor: danny-avila

CVE IDTitleCVSSSeverityPublished
CVE-2025-7105 Denial of Service via JavaScript Memory Overflow in danny-avila/librechat CWE-400 7.5AIHighAI2026-02-02
CVE-2025-8849 Denial of Service in danny-avila/librechat CWE-400 7.5 -2025-10-30
CVE-2025-8850 Insecure API Design in danny-avila/librechat CWE-440 6.5AIMediumAI2025-10-30
CVE-2025-8848 HTML Injection in Accept-Language Header in danny-avila/librechat CWE-94 6.1AIMediumAI2025-10-22
CVE-2025-7104 Mass Assignment in danny-avila/librechat CWE-915 9.1AICriticalAI2025-09-29
CVE-2025-7106 Authorization Bypass due to Incorrect Access Control in danny-avila/librechat CWE-284 8.1AIHighAI2025-09-23
CVE-2025-6088 Improper Authorization in danny-avila/librechat CWE-285 4.3AIMediumAI2025-09-11
CVE-2024-10359 Mass Assignment in Preset Creation Allows User ID Manipulation in danny-avila/librechat CWE-915 5.4 -2025-03-20
CVE-2024-11173 Unhandled Exception in danny-avila/librechat CWE-248 7.5 -2025-03-20
CVE-2024-10363 Improper Access Control in danny-avila/LibreChat CWE-862 7.5 -2025-03-20
CVE-2024-11171 Improper Input Validation in danny-avila/librechat CWE-770 7.5 -2025-03-20
CVE-2024-11172 Denial of Service in danny-avila/librechat CWE-248 7.5 -2025-03-20
CVE-2024-11169 Unhandled Exception Leading to Server Crash in danny-avila/librechat CWE-115 7.5 -2025-03-20
CVE-2024-11167 Improper Access Control in danny-avila/librechat CWE-639 4.3 -2025-03-20
CVE-2024-10366 IDOR in delete attachments in danny-avila/librechat CWE-639 4.3 -2025-03-20
CVE-2024-12580 Logs Debug Injection in danny-avila/librechat CWE-117 5.3 -2025-03-20
CVE-2024-10361 Arbitrary File Deletion via Path Traversal in danny-avila/librechat CWE-22 9.1 -2025-03-20
CVE-2024-11170 Path Traversal in danny-avila/librechat CWE-29 9.8 -2025-03-20

All 18 known CVE vulnerabilities affecting danny-avila/librechat with full Chinese analysis, references, and POCs where available.