VYPR

Librechat

by Librechat

Source repositories

CVEs (43)

  • CVE-2024-11170Mar 20, 2025
    risk 0.00cvss epss 0.02

    A vulnerability in danny-avila/librechat version git 81f2936 allows for path traversal due to improper sanitization of file paths by the multer middleware. This can lead to arbitrary file write and potentially remote code execution. The issue is fixed in version 0.7.6.

  • CVE-2024-41703Jul 22, 2024
    risk 0.00cvss epss 0.00

    LibreChat through 0.7.4-rc1 has incorrect access control for message updates.

  • CVE-2024-41704Jul 22, 2024
    risk 0.00cvss epss 0.01

    LibreChat through 0.7.4-rc1 does not validate the normalized pathnames of images.

Page 3 of 3