43 matches found
CVE-2026-31949
LibreChat is a ChatGPT clone with additional features. Prior to 0.8.3-rc1, a Denial of Service DoS vulnerability exists in the DELETE /api/convos endpoint that allows an authenticated attacker to crash the Node.js server process by sending malformed requests. The DELETE /api/convos route handler...
CVE-2026-31949
LibreChat is a ChatGPT clone with additional features. Prior to 0.8.3-rc1, a Denial of Service DoS vulnerability exists in the DELETE /api/convos endpoint that allows an authenticated attacker to crash the Node.js server process by sending malformed requests. The DELETE /api/convos route handler...
EUVD-2026-12093
LibreChat is a ChatGPT clone with additional features. Prior to 0.8.3-rc1, a Denial of Service DoS vulnerability exists in the DELETE /api/convos endpoint that allows an authenticated attacker to crash the Node.js server process by sending malformed requests. The DELETE /api/convos route handler...
CVE-2026-31949 LibreChat Denial of Service (DoS) via Unhandled Exception in DELETE /api/convos
LibreChat is a ChatGPT clone with additional features. Prior to 0.8.3-rc1, a Denial of Service DoS vulnerability exists in the DELETE /api/convos endpoint that allows an authenticated attacker to crash the Node.js server process by sending malformed requests. The DELETE /api/convos route handler...
CVE-2026-31949 LibreChat Denial of Service (DoS) via Unhandled Exception in DELETE /api/convos
LibreChat is a ChatGPT clone with additional features. Prior to 0.8.3-rc1, a Denial of Service DoS vulnerability exists in the DELETE /api/convos endpoint that allows an authenticated attacker to crash the Node.js server process by sending malformed requests. The DELETE /api/convos route handler...
CVE-2026-31949
LibreChat (GitHub project) is affected through CVE-2026-31949 prior to version 0.8.3-rc1. The vulnerability is a DoS in the DELETE /api/convos endpoint: the route handler destructures req.body.arg without validating its existence, causing an unhandled TypeError that bypasses Express error handlin...
PT-2026-25367
LibreChat is a ChatGPT clone with additional features. Prior to 0.8.3-rc1, a Denial of Service DoS vulnerability exists in the DELETE /api/convos endpoint that allows an authenticated attacker to crash the Node.js server process by sending malformed requests. The DELETE /api/convos route handler...
EUVD-2025-206617
A vulnerability in danny-avila/librechat allows attackers to exploit the unrestricted Fork Function in /api/convos/fork to fork numerous contents rapidly. If the forked content includes a Mermaid graph with a large number of nodes, it can lead to a JavaScript heap out of memory error upon service...
CVE-2025-7105
A vulnerability in danny-avila/librechat allows attackers to exploit the unrestricted Fork Function in /api/convos/fork to fork numerous contents rapidly. If the forked content includes a Mermaid graph with a large number of nodes, it can lead to a JavaScript heap out of memory error upon service...
PT-2026-5653
A vulnerability in danny-avila/librechat allows attackers to exploit the unrestricted Fork Function in /api/convos/fork to fork numerous contents rapidly. If the forked content includes a Mermaid graph with a large number of nodes, it can lead to a JavaScript heap out of memory error upon service...
EUVD-2020-6562
Malware in sbrugna...
EUVD-2022-26871
Malicious code in bioql PyPI...
EUVD-2021-29548
Malicious code in bioql PyPI...
CVE-2022-21649
Convos is an open source multi-user chat that runs in a web browser. Characters starting with "https://" in the chat window create an tag. Stored XSS vulnerability using onfocus and autofocus occurs because escaping exists for "" but escaping for double quotes does not exist. Through this...
CVE-2022-21650
Convos is an open source multi-user chat that runs in a web browser. You can't use SVG extension in Convos' chat window, but you can upload a file with an .html extension. By uploading an SVG file with an html extension the upload filter can be bypassed. This causes Stored XSS. Also, after...
CVE-2022-21649
Convos is an open source multi-user chat that runs in a web browser. Characters starting with "https://" in the chat window create an tag. Stored XSS vulnerability using onfocus and autofocus occurs because escaping exists for "" but escaping for double quotes does not exist. Through this...
CVE-2022-21650
Convos is an open source multi-user chat that runs in a web browser. You can't use SVG extension in Convos' chat window, but you can upload a file with an .html extension. By uploading an SVG file with an html extension the upload filter can be bypassed. This causes Stored XSS. Also, after...
Design/Logic Flaw
Convos is an open source multi-user chat that runs in a web browser. You can't use SVG extension in Convos' chat window, but you can upload a file with an .html extension. By uploading an SVG file with an html extension the upload filter can be bypassed. This causes Stored XSS. Also, after...
CVE-2022-21649 Stored XSS via attribute in convos
Convos is an open source multi-user chat that runs in a web browser. Characters starting with "https://" in the chat window create an tag. Stored XSS vulnerability using onfocus and autofocus occurs because escaping exists for "" but escaping for double quotes does not exist. Through this...
CVE-2022-21649 Stored XSS via attribute in convos
Convos is an open source multi-user chat that runs in a web browser. Characters starting with "https://" in the chat window create an tag. Stored XSS vulnerability using onfocus and autofocus occurs because escaping exists for "" but escaping for double quotes does not exist. Through this...