VYPR

apk package

chainguard/librechat

pkg:apk/chainguard/librechat

Vulnerabilities (128)

  • CVE-2026-24472Jan 27, 2026
    affected < 0.8.2-r1fixed 0.8.2-r1

    Hono is a Web application framework that provides support for any JavaScript runtime. Prior to version 4.11.7, Cache Middleware contains an information disclosure vulnerability caused by improper handling of HTTP cache control directives. The middleware does not respect standard

  • CVE-2026-24398Jan 27, 2026
    affected < 0.8.2-r1fixed 0.8.2-r1

    Hono is a Web application framework that provides support for any JavaScript runtime. Prior to version 4.11.7, IP Restriction Middleware in Hono is vulnerable to an IP address validation bypass. The `IPV4_REGEX` pattern and `convertIPv4ToBinary` function in `src/utils/ipaddr.ts`

  • CVE-2026-24001Jan 22, 2026
    affected < 0.8.1-r5fixed 0.8.1-r5

    jsdiff is a JavaScript text differencing implementation. Prior to versions 8.0.3, 5.2.2, 4.0.4, and 3.5.1, attempting to parse a patch whose filename headers contain the line break characters `\r`, `\u2028`, or `\u2029` can cause the `parsePatch` method to enter an infinite loop.

  • CVE-2025-13465MedJan 21, 2026
    affected < 0.8.2-r3fixed 0.8.2-r3

    Lodash versions 4.0.0 through 4.17.22 are vulnerable to prototype pollution in the _.unset and _.omit functions. An attacker can pass crafted paths which cause Lodash to delete methods from global prototypes. The issue permits deletion of properties but does not allow overwritin

  • CVE-2026-22036Jan 14, 2026
    affected < 0.8.1-r5fixed 0.8.1-r5

    Undici is an HTTP/1.1 client for Node.js. Prior to 7.18.0 and 6.23.0, the number of links in the decompression chain is unbounded and the default maxHeaderSize allows a malicious server to insert thousands compression steps leading to high CPU usage and excessive memory allocatio

  • CVE-2026-22252Jan 12, 2026
    affected < 0.8.01-r5fixed 0.8.01-r5

    LibreChat is a ChatGPT clone with additional features. Prior to v0.8.2-rc2, LibreChat's MCP stdio transport accepts arbitrary commands without validation, allowing any authenticated user to execute shell commands as root inside the container through a single API request. This vul

  • CVE-2025-14505MedJan 8, 2026
    affected < 0.8.4-r7fixed 0.8.4-r7

    The ECDSA implementation of the Elliptic package generates incorrect signatures if an interim value of 'k' (as computed based on step 3.2 of RFC 6979 https://datatracker.ietf.org/doc/html/rfc6979 ) has leading zeros and is susceptible to cryptanalysis, which can lead to secret k

  • CVE-2025-69222Jan 7, 2026
    affected < 0.8.1-r5fixed 0.8.1-r5

    LibreChat is a ChatGPT clone with additional features. Version 0.8.1-rc2 is prone to a server-side request forgery (SSRF) vulnerability due to missing restrictions of the Actions feature in the default configuration. LibreChat enables users to configure agents with predefined ins

  • CVE-2025-69221Jan 7, 2026
    affected < 0.8.1-r5fixed 0.8.1-r5

    LibreChat is a ChatGPT clone with additional features. Version 0.8.1-rc2 does not enforce proper access control when querying agent permissions. An authenticated attacker can read the permissions of arbitrary agents, even if they have no permissions for this agent. LibreChat allo

  • CVE-2025-69220Jan 7, 2026
    affected < 0.8.2-r1fixed 0.8.2-r1

    LibreChat is a ChatGPT clone with additional features. Version 0.8.1-rc2 does not enforce proper access control for file uploads to an agents file context and file search. An authenticated attacker with access to the agent ID can change the behavior of arbitrary agents by uploadi

  • CVE-2026-0621Jan 5, 2026
    affected < 0.8.1-r4fixed 0.8.1-r4

    Anthropic's MCP TypeScript SDK versions up to and including 1.25.1 contain a regular expression denial of service (ReDoS) vulnerability in the UriTemplate class when processing RFC 6570 exploded array patterns. The dynamically generated regular expression used during URI matching

  • CVE-2025-15284Dec 29, 2025
    affected < 0.8.1-r2fixed 0.8.1-r2

    Improper Input Validation vulnerability in qs (parse modules) allows HTTP DoS.This issue affects qs: < 6.14.1. Summary The arrayLimit option in qs did not enforce limits for bracket notation (a[]=1&a[]=2), only for indexed notation (a[0]=1). This is a consistency bug; arrayLim

  • CVE-2025-68665Dec 23, 2025
    affected < 0.8.1-r1fixed 0.8.1-r1

    LangChain is a framework for building LLM-powered applications. Prior to @langchain/core versions 0.3.80 and 1.1.8, and prior to langchain versions 0.3.37 and 1.2.3, a serialization injection vulnerability exists in LangChain JS's toJSON() method (and subsequently when string-ify

  • CVE-2025-14874Dec 18, 2025
    affected < 0.8.0-r5fixed 0.8.0-r5

    A flaw was found in Nodemailer. This vulnerability allows a denial of service (DoS) via a crafted email address header that triggers infinite recursion in the address parser.

  • CVE-2025-66452Dec 11, 2025
    affected < 0.8.2-r1fixed 0.8.2-r1

    LibreChat is a ChatGPT clone with additional features. In versions 0.8.0 and below, there is no handler for JSON parsing errors; SyntaxError from express.json() includes user input in the error message, which gets reflected in responses. User input (including HTML/JavaScript) can

  • CVE-2025-66451Dec 11, 2025
    affected < 0.8.1-r0fixed 0.8.1-r0

    LibreChat is a ChatGPT clone with additional features. In versions 0.8.0 and below, when creating prompts, JSON requests are sent to define and modify the prompts via PATCH endpoint for prompt groups (/api/prompts/groups/:groupId). However, the request bodies are not sufficiently

  • CVE-2025-66450Dec 11, 2025
    affected < 0.8.1-r0fixed 0.8.1-r0

    LibreChat is a ChatGPT clone with additional features. In versions 0.8.0 and below, when a user posts a question, the iconURL parameter of the POST request can be modified by an attacker. The malicious code is then stored in the chat which can then be shared to other users. When

  • CVE-2025-65945Dec 4, 2025
    affected < 0.8.0-r8fixed 0.8.0-r8

    auth0/node-jws is a JSON Web Signature implementation for Node.js. In versions 3.2.2 and earlier and version 4.0.0, auth0/node-jws has an improper signature verification vulnerability when using the HS256 algorithm under specific conditions. Applications are affected when they us

  • CVE-2025-66414Dec 2, 2025
    affected < 0.8.0-r6fixed 0.8.0-r6

    MCP TypeScript SDK is the official TypeScript SDK for Model Context Protocol servers and clients. Prior to 1.24.0, The Model Context Protocol (MCP) TypeScript SDK does not enable DNS rebinding protection by default for HTTP-based servers. When an HTTP-based MCP server is run on l

  • CVE-2025-66400Dec 1, 2025
    affected < 0.8.0-r6fixed 0.8.0-r6

    mdast-util-to-hast is an mdast utility to transform to hast. From 13.0.0 to before 13.2.1, multiple (unprefixed) classnames could be added in markdown source by using character references. This could make rendered user supplied markdown code elements appear like the rest of the p

Page 6 of 7