Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

danny-avila — Vulnerabilities & Security Advisories 35

Browse all 35 CVE security advisories affecting danny-avila. AI-powered Chinese analysis, POCs, and references for each vulnerability.

danny-avila is a prolific independent security researcher who has contributed significantly to the vulnerability disclosure ecosystem, with thirty-five CVEs currently on record. His work primarily targets web applications and server-side software, focusing on identifying critical flaws in widely used open-source projects and commercial products. Historically, his discoveries frequently involve remote code execution, cross-site scripting, and authentication bypass vulnerabilities, reflecting a strong emphasis on backend logic and input validation weaknesses. Notable incidents include his early contributions to the security of popular PHP frameworks and database management tools, which helped mitigate widespread exploitation vectors. His research style is characterized by detailed proof-of-concept demonstrations that facilitate rapid patching by vendors. By consistently reporting high-severity issues, danny-avila has played a crucial role in hardening the internet infrastructure, demonstrating the value of coordinated vulnerability disclosure in improving overall software security posture.

Top products by danny-avila: danny-avila/librechat LibreChat
CVE IDTitleCVSSSeverityPublished
CVE-2026-34371 LibreChat Affected by Arbitrary File Write via `execute_code` Artifact Filename Traversal — LibreChatCWE-22 6.3 Medium2026-04-07
CVE-2026-31951 LibreChat's MCP Server Header Injection Enables OAuth Token Theft — LibreChatCWE-200 6.8 Medium2026-03-27
CVE-2026-31950 LibreChat's IDOR in SSE Stream Subscription Allows Reading Other Users' Chats — LibreChatCWE-284 5.3 Medium2026-03-27
CVE-2026-31945 LibreChat Server-Side Request Forgery using DNS resolution — LibreChatCWE-918 7.7 High2026-03-27
CVE-2026-31943 LibreChat has SSRF protection bypass via IPv4-mapped IPv6 normalization in isPrivateIP — LibreChatCWE-918 8.5 High2026-03-27
CVE-2025-41258 LibreChat RAG API Authentication Bypass — LibreChatCWE-284 8.0 High2026-03-18
CVE-2026-31949 LibreChat Denial of Service (DoS) via Unhandled Exception in DELETE /api/convos — LibreChatCWE-248 6.5 Medium2026-03-13
CVE-2026-31944 LibreChat MCP OAuth callback does not validate browser session — allows token theft via redirect link — LibreChatCWE-306 7.6 High2026-03-13
CVE-2025-7105 Denial of Service via JavaScript Memory Overflow in danny-avila/librechat — danny-avila/librechatCWE-400 7.5AIHighAI2026-02-02
CVE-2026-22252 LibreChat MCP Stdio Remote Command Execution — LibreChatCWE-285 9.1 Critical2026-01-12
CVE-2025-69222 LibreChat is vulnerable to Server-Side Request Forgery due to missing restrictions — LibreChatCWE-918 9.1 Critical2026-01-07
CVE-2025-69221 LibreChat has Insufficient Access Control for Agent Permission Queries — LibreChatCWE-862 4.3 Medium2026-01-07
CVE-2025-69220 LibreChat has Insufficient Access Control for Agent Files — LibreChatCWE-862 7.1 High2026-01-07
CVE-2025-66452 LibreChat's lack of JSON parsing error handling can lead to XSS — LibreChatCWE-79 6.1AIMediumAI2025-12-11
CVE-2025-66451 LibreChat's Improper Input Validation in Prompt Creation API Enables Unauthorized Permission Changes — LibreChatCWE-20 4.3AIMediumAI2025-12-11
CVE-2025-66450 LibreChat JSON Injection in Chat POST Allows Remote Resource Inclusion and PXSS via Image Upload — LibreChatCWE-80 6.3AIMediumAI2025-12-11
CVE-2025-66201 LibreChat is Vulnerable to Server-Side Request Forgery (SSRF) in Actions Capability — LibreChatCWE-20 8.1 -2025-11-29
CVE-2025-8849 Denial of Service in danny-avila/librechat — danny-avila/librechatCWE-400 7.5 -2025-10-30
CVE-2025-8850 Insecure API Design in danny-avila/librechat — danny-avila/librechatCWE-440 6.5AIMediumAI2025-10-30
CVE-2025-8848 HTML Injection in Accept-Language Header in danny-avila/librechat — danny-avila/librechatCWE-94 6.1AIMediumAI2025-10-22
CVE-2025-7104 Mass Assignment in danny-avila/librechat — danny-avila/librechatCWE-915 9.1AICriticalAI2025-09-29
CVE-2025-7106 Authorization Bypass due to Incorrect Access Control in danny-avila/librechat — danny-avila/librechatCWE-284 8.1AIHighAI2025-09-23
CVE-2025-6088 Improper Authorization in danny-avila/librechat — danny-avila/librechatCWE-285 4.3AIMediumAI2025-09-11
CVE-2025-54868 LibreChat exposes arbitrary chats through Meilisearch engine — LibreChatCWE-285 7.5 High2025-08-05
CVE-2024-10359 Mass Assignment in Preset Creation Allows User ID Manipulation in danny-avila/librechat — danny-avila/librechatCWE-915 5.4 -2025-03-20
CVE-2024-11173 Unhandled Exception in danny-avila/librechat — danny-avila/librechatCWE-248 7.5 -2025-03-20
CVE-2024-10363 Improper Access Control in danny-avila/LibreChat — danny-avila/librechatCWE-862 7.5 -2025-03-20
CVE-2024-11171 Improper Input Validation in danny-avila/librechat — danny-avila/librechatCWE-770 7.5 -2025-03-20
CVE-2024-11172 Denial of Service in danny-avila/librechat — danny-avila/librechatCWE-248 7.5 -2025-03-20
CVE-2024-11169 Unhandled Exception Leading to Server Crash in danny-avila/librechat — danny-avila/librechatCWE-115 7.5 -2025-03-20

This page lists every published CVE security advisory associated with danny-avila. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.