Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

lm-sys — Vulnerabilities & Security Advisories 9

Browse all 9 CVE security advisories affecting lm-sys. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Lm-sys develops open-source web application frameworks primarily used for building dynamic websites and APIs. Historically, the project has been vulnerable to multiple remote code execution flaws, cross-site scripting (XSS) vulnerabilities, and privilege escalation issues, accounting for its nine recorded CVEs. Security researchers have identified recurring problems in input validation and access control mechanisms. While no major public security incidents have been documented, the consistent pattern of vulnerabilities suggests developers should implement strict input sanitization and proper authentication controls when using this framework in production environments.

Top products by lm-sys: lm-sys/fastchat fastchat
CVE IDTitleCVSSSeverityPublished
CVE-2026-6608 lm-sys fastchat Arena Side-by-Side View add_text control flow — fastchatCWE-670 5.3 Medium2026-04-20
CVE-2026-6607 lm-sys fastchat Worker API Endpoint api_generate resource consumption — fastchatCWE-400 5.3 Medium2026-04-20
CVE-2025-3677 lm-sys fastchat apply_delta.py apply_delta_low_cpu_mem deserialization — fastchatCWE-502 5.3 Medium2025-04-16
CVE-2024-10912 Denial of Service in lm-sys/fastchat — lm-sys/fastchatCWE-400 7.5 -2025-03-20
CVE-2024-12376 Server Side Request Forgery in lm-sys/fastchat — lm-sys/fastchatCWE-918 7.5 -2025-03-20
CVE-2024-10907 Denial of Service (DoS) via Multipart Boundary in lm-sys/fastchat — lm-sys/fastchatCWE-835 7.5 -2025-03-20
CVE-2024-11603 Server-Side Request Forgery in lm-sys/fastchat — lm-sys/fastchatCWE-918 7.5 -2025-03-20
CVE-2024-10908 Open Redirect in lm-sys/fastchat — lm-sys/fastchatCWE-601 6.1 -2025-03-20
CVE-2024-10044 SSRF in POST /worker_generate_stream API endpoint in lm-sys/fastchat — lm-sys/fastchatCWE-918 9.8 -2024-12-30

This page lists every published CVE security advisory associated with lm-sys. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.