Browse all 8 CVE security advisories affecting LycheeOrg. AI-powered Chinese analysis, POCs, and references for each vulnerability.
LycheeOrg develops a self-hosted photo management application for organizing and sharing images. Historically, the project has been vulnerable to multiple remote code execution flaws, cross-site scripting vulnerabilities, and privilege escalation issues, with eight CVEs documented to date. Security researchers have identified common weaknesses in file upload mechanisms, insufficient input validation, and improper access controls. While no major public security incidents have been widely reported, the consistent pattern of vulnerabilities suggests potential risks for organizations deploying the software without hardening. The project's open-source nature allows for community scrutiny but also means vulnerabilities may be exploited before patches are applied.
CVE-2026-399572026-04-10CVE-2026-227842026-01-20Showing up to 20 recent security advisories. View all →
This page lists every published CVE security advisory associated with LycheeOrg. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.