Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

6 matches found

vulnersOsv
vulnersOsvadded 2026/01/19 11:48 p.m.1 views

agentengine-sdk-python (>=0.2.0 <=0.4.0), agentic-chat-ui (>=0.1.0 <=0.2.4) +42 more potentially affected by CVE-2026-22219 via chainlit (>=2.0.0 <=2.6.3)

chainlit PYPI version =2.0.0, =0.2.0, =0.1.0, =0.3.0, =0.0.3, =0.14.0, =0.0.0, =0.1.1, =0.1.0, =0.1.0, =0.1.0, =1.0.0, =0.1.1, =0.1.0, =1.3.0 and more Source cves: CVE-2026-22219 Source advisory: SNYK:PYTHON-CHAINLIT-15037182...

8.3CVSS5.9AI score0.04443EPSS
Exploits1
Cvelist
Cvelistadded 2026/01/19 11:15 p.m.24 views

CVE-2026-22219 Chainlit < 2.9.4 SQLAlchemy Data Layer SSRF via /project/element

Chainlit versions prior to 2.9.4 contain a server-side request forgery SSRF vulnerability in the /project/element update flow when configured with the SQLAlchemy data layer backend. An authenticated client can provide a user-controlled url value in an Element, which is fetched by the SQLAlchemy...

8.3CVSS0.04443EPSS
Exploits1References3
Vulnrichment
Vulnrichmentadded 2026/01/19 11:14 p.m.3 views

CVE-2026-22218 Chainlit < 2.9.4 Arbitrary File Read via /project/element

Chainlit versions prior to 2.9.4 contain an arbitrary file read vulnerability in the /project/element update flow. An authenticated client can send a custom Element with a user-controlled path value, causing the server to copy the referenced file into the attacker’s session. The resulting element...

7.1CVSS5.7AI score0.08843EPSS
Exploits1References3
Cvelist
Cvelistadded 2026/01/19 11:14 p.m.21 views

CVE-2026-22218 Chainlit < 2.9.4 Arbitrary File Read via /project/element

Chainlit versions prior to 2.9.4 contain an arbitrary file read vulnerability in the /project/element update flow. An authenticated client can send a custom Element with a user-controlled path value, causing the server to copy the referenced file into the attacker’s session. The resulting element...

7.1CVSS0.08843EPSS
Exploits1References3
vulnersOsv
vulnersOsvadded 2024/11/01 6:28 a.m.0 views

akita-ai (>=0.1.1 <=0.1.102), edubotics-core (>=0.1.3 <=0.1.7) potentially affected by unknown CVE via chainlit (>=1.0.0 <=1.2.0)

chainlit PYPI version =1.0.0, =0.1.1, =0.1.3, =0.1.7 Source cves: unknown CVE Source advisory: SNYK:PYTHON-CHAINLIT-8320952...

5.8AI score
Exploits0
Snyk
Snykadded 2024/10/01 6:28 a.m.1 views

Directory Traversal

Overview chainlit is a Build Conversational AI. Affected versions of this package are vulnerable to Directory Traversal via functions like getfile, servefile, and getavatar due to improperly restricting file paths. Attackers can access sensitive files via crafted requests containing malicious pat...

8.7CVSS7.6AI score
Exploits0References3
Rows per page
Query Builder