VYPR

apk package

chainguard/librechat-dev

pkg:apk/chainguard/librechat-dev

Vulnerabilities (21)

  • CVE-2026-22252Jan 12, 2026
    affected < 0.8.01-r5fixed 0.8.01-r5

    LibreChat is a ChatGPT clone with additional features. Prior to v0.8.2-rc2, LibreChat's MCP stdio transport accepts arbitrary commands without validation, allowing any authenticated user to execute shell commands as root inside the container through a single API request. This vul

  • CVE-2025-69222Jan 7, 2026
    affected < 0.8.1-r5fixed 0.8.1-r5

    LibreChat is a ChatGPT clone with additional features. Version 0.8.1-rc2 is prone to a server-side request forgery (SSRF) vulnerability due to missing restrictions of the Actions feature in the default configuration. LibreChat enables users to configure agents with predefined ins

  • CVE-2025-69221Jan 7, 2026
    affected < 0.8.1-r5fixed 0.8.1-r5

    LibreChat is a ChatGPT clone with additional features. Version 0.8.1-rc2 does not enforce proper access control when querying agent permissions. An authenticated attacker can read the permissions of arbitrary agents, even if they have no permissions for this agent. LibreChat allo

  • CVE-2025-69220Jan 7, 2026
    affected < 0.8.2-r1fixed 0.8.2-r1

    LibreChat is a ChatGPT clone with additional features. Version 0.8.1-rc2 does not enforce proper access control for file uploads to an agents file context and file search. An authenticated attacker with access to the agent ID can change the behavior of arbitrary agents by uploadi

  • CVE-2026-0621Jan 5, 2026
    affected < 0.8.1-r2fixed 0.8.1-r2

    Anthropic's MCP TypeScript SDK versions up to and including 1.25.1 contain a regular expression denial of service (ReDoS) vulnerability in the UriTemplate class when processing RFC 6570 exploded array patterns. The dynamically generated regular expression used during URI matching

  • CVE-2025-15284Dec 29, 2025
    affected < 0.8.1-r2fixed 0.8.1-r2

    Improper Input Validation vulnerability in qs (parse modules) allows HTTP DoS.This issue affects qs: < 6.14.1. Summary The arrayLimit option in qs did not enforce limits for bracket notation (a[]=1&a[]=2), only for indexed notation (a[0]=1). This is a consistency bug; arrayLim

  • CVE-2025-68665Dec 23, 2025
    affected < 0.8.1-r1fixed 0.8.1-r1

    LangChain is a framework for building LLM-powered applications. Prior to @langchain/core versions 0.3.80 and 1.1.8, and prior to langchain versions 0.3.37 and 1.2.3, a serialization injection vulnerability exists in LangChain JS's toJSON() method (and subsequently when string-ify

  • CVE-2025-14874Dec 18, 2025
    affected < 0.8.0-r5fixed 0.8.0-r5

    A flaw was found in Nodemailer. This vulnerability allows a denial of service (DoS) via a crafted email address header that triggers infinite recursion in the address parser.

  • CVE-2025-66452Dec 11, 2025
    affected < 0.8.2-r1fixed 0.8.2-r1

    LibreChat is a ChatGPT clone with additional features. In versions 0.8.0 and below, there is no handler for JSON parsing errors; SyntaxError from express.json() includes user input in the error message, which gets reflected in responses. User input (including HTML/JavaScript) can

  • CVE-2025-66451Dec 11, 2025
    affected < 0.8.1-r0fixed 0.8.1-r0

    LibreChat is a ChatGPT clone with additional features. In versions 0.8.0 and below, when creating prompts, JSON requests are sent to define and modify the prompts via PATCH endpoint for prompt groups (/api/prompts/groups/:groupId). However, the request bodies are not sufficiently

  • CVE-2025-66450Dec 11, 2025
    affected < 0.8.1-r0fixed 0.8.1-r0

    LibreChat is a ChatGPT clone with additional features. In versions 0.8.0 and below, when a user posts a question, the iconURL parameter of the POST request can be modified by an attacker. The malicious code is then stored in the chat which can then be shared to other users. When

  • CVE-2025-65945Dec 4, 2025
    affected < 0.8.0-r8fixed 0.8.0-r8

    auth0/node-jws is a JSON Web Signature implementation for Node.js. In versions 3.2.2 and earlier and version 4.0.0, auth0/node-jws has an improper signature verification vulnerability when using the HS256 algorithm under specific conditions. Applications are affected when they us

  • CVE-2025-66414Dec 2, 2025
    affected < 0.8.0-r6fixed 0.8.0-r6

    MCP TypeScript SDK is the official TypeScript SDK for Model Context Protocol servers and clients. Prior to 1.24.0, The Model Context Protocol (MCP) TypeScript SDK does not enable DNS rebinding protection by default for HTTP-based servers. When an HTTP-based MCP server is run on l

  • CVE-2025-66400Dec 1, 2025
    affected < 0.8.0-r6fixed 0.8.0-r6

    mdast-util-to-hast is an mdast utility to transform to hast. From 13.0.0 to before 13.2.1, multiple (unprefixed) classnames could be added in markdown source by using character references. This could make rendered user supplied markdown code elements appear like the rest of the p

  • CVE-2025-66201Nov 29, 2025
    affected < 0.8.1-r0fixed 0.8.1-r0

    LibreChat is a ChatGPT clone with additional features. Prior to version 0.8.1-rc2, LibreChat is vulnerable to Server-side Request Forgery (SSRF), by passing specially crafted OpenAPI specs to its "Actions" feature and making the LLM use those actions. It could be used by an authe

  • CVE-2025-13466MedNov 24, 2025
    affected < 0.8.0-r4fixed 0.8.0-r4

    body-parser 2.2.0 is vulnerable to denial of service due to inefficient handling of URL-encoded bodies with very large numbers of parameters. An attacker can send payloads containing thousands of parameters within the default 100KB request size limit, causing elevated CPU and mem

  • CVE-2025-64756Nov 17, 2025
    affected < 0fixed 0

    Glob matches files using patterns the shell uses. Starting in version 10.2.0 and prior to versions 10.5.0 and 11.1.0, the glob CLI contains a command injection vulnerability in its -c/--cmd option that allows arbitrary command execution when processing files with malicious names.

  • CVE-2025-13033HigNov 14, 2025
    affected < 0.8.0-r1fixed 0.8.0-r1

    A vulnerability was identified in the email parsing library due to improper handling of specially formatted recipient email addresses. An attacker can exploit this flaw by crafting a recipient address that embeds an external address within quotes. This causes the application to m

  • CVE-2025-64718Nov 13, 2025
    affected < 0.8.0-r4fixed 0.8.0-r4

    js-yaml is a JavaScript YAML parser and dumper. In js-yaml before 4.1.1 and 3.14.2, it's possible for an attacker to modify the prototype of the result of a parsed yaml document via prototype pollution (`__proto__`). All users who parse untrusted yaml documents may be impacted. T

  • CVE-2025-62522MedOct 20, 2025
    affected < 0.8.0-r2fixed 0.8.0-r2

    Vite is a frontend tooling framework for JavaScript. In versions from 2.9.18 to before 3.0.0, 3.2.9 to before 4.0.0, 4.5.3 to before 5.0.0, 5.2.6 to before 5.4.21, 6.0.0 to before 6.4.1, 7.0.0 to before 7.0.8, and 7.1.0 to before 7.1.11, files denied by server.fs.deny were sent i

Page 1 of 2