VYPR

PyPI package

langchain-chatchat

pkg:pypi/langchain-chatchat

Vulnerabilities (6)

  • CVE-2026-7847LowMay 5, 2026
    affected <= 0.3.1.3

    A vulnerability was found in chatchat-space Langchain-Chatchat up to 0.3.1.3. The affected element is the function _get_file_id of the file libs/chatchat-server/chatchat/server/api_server/openai_routes.py of the component Uploaded File Handler. Performing a manipulation results i

  • CVE-2026-7846LowMay 5, 2026
    affected <= 0.3.1.3

    A vulnerability has been found in chatchat-space Langchain-Chatchat up to 0.3.1.3. Impacted is the function files of the file libs/chatchat-server/chatchat/server/api_server/openai_routes.py of the component OpenAI-Compatible File Upload API. Such manipulation of the argument fil

  • CVE-2026-7845LowMay 5, 2026
    affected <= 0.3.1.3

    A flaw has been found in chatchat-space Langchain-Chatchat up to 0.3.1.3. This issue affects the function PIL.Image.tobytes of the file libs/chatchat-server/chatchat/webui_pages/dialogue/dialogue.py of the component Vision Chat Paste Image Handler. This manipulation of the argume

  • CVE-2025-6855MedJun 29, 2025
    affected <= 0.3.1

    A vulnerability, which was classified as critical, has been found in chatchat-space Langchain-Chatchat up to 0.3.1. This issue affects some unknown processing of the file /v1/file. The manipulation of the argument flag leads to path traversal. The exploit has been disclosed to th

  • CVE-2025-6854MedJun 29, 2025
    affected <= 0.3.1

    A vulnerability classified as problematic was found in chatchat-space Langchain-Chatchat up to 0.3.1. This vulnerability affects unknown code of the file /v1/files?purpose=assistants. The manipulation leads to path traversal. The attack can be initiated remotely. The exploit has

  • CVE-2025-6853MedJun 29, 2025
    affected <= 0.3.1.3

    A vulnerability classified as critical has been found in chatchat-space Langchain-Chatchat up to 0.3.1. This affects the function upload_temp_docs of the file /knowledge_base/upload_temp_docs of the component Backend. The manipulation of the argument flag leads to path traversal.