VYPR

PyPI package

chainlit

pkg:pypi/chainlit

Vulnerabilities (2)

  • CVE-2026-22219Jan 19, 2026
    affected < 2.9.4fixed 2.9.4

    Chainlit versions prior to 2.9.4 contain a server-side request forgery (SSRF) vulnerability in the /project/element update flow when configured with the SQLAlchemy data layer backend. An authenticated client can provide a user-controlled url value in an Element, which is fetched

  • CVE-2025-68492MedJan 14, 2026
    affected < 2.8.5fixed 2.8.5

    Chainlit versions prior to 2.8.5 contain an authorization bypass through user-controlled key vulnerability. If this vulnerability is exploited, threads may be viewed or thread ownership may be obtained by an attacker who can log in to the product.