VYPR
Vendor

Sillytavern

Products
1
CVEs
7
Across products
7
Status
Private

Products

1

Recent CVEs

7
  • CVE-2025-59159CriOct 6, 2025
    risk 0.55cvss 9.6epss 0.00

    SillyTavern is a locally installed user interface that allows users to interact with text generation large language models, image generation engines, and text-to-speech voice models. In versions prior to 1.13.4, the web user interface for SillyTavern is susceptible to DNS…

  • CVE-2026-46372HigMay 29, 2026
    risk 0.48cvss 8.5epss 0.01

    SillyTavern is a locally installed user interface that allows users to interact with text generation large language models, image generation engines, and text-to-speech voice models. Prior to 1.18.0, SillyTavern exposes /api/search/searxng, which accepts attacker-controlled…

  • CVE-2026-34524HigApr 2, 2026
    risk 0.47cvss 8.3epss 0.01

    SillyTavern is a locally installed user interface that allows users to interact with text generation large language models, image generation engines, and text-to-speech voice models. Prior to version 1.17.0, a path traversal vulnerability in chat endpoints allows an…

  • CVE-2026-34522HigApr 2, 2026
    risk 0.46cvss 8.1epss 0.00

    SillyTavern is a locally installed user interface that allows users to interact with text generation large language models, image generation engines, and text-to-speech voice models. Prior to version 1.17.0, a path traversal vulnerability in /api/chats/import allows an…

  • CVE-2026-34523MedApr 2, 2026
    risk 0.27cvss 5.3epss 0.00

    SillyTavern is a locally installed user interface that allows users to interact with text generation large language models, image generation engines, and text-to-speech voice models. Prior to version 1.17.0, a path traversal vulnerability in the static file route handler allows…

  • CVE-2026-34526MedApr 2, 2026
    risk 0.26cvss 5.0epss 0.00

    SillyTavern is a locally installed user interface that allows users to interact with text generation large language models, image generation engines, and text-to-speech voice models. Prior to version 1.17.0, in src/endpoints/search.js, the hostname is checked against…

  • CVE-2026-26286Feb 19, 2026
    risk 0.00cvss epss 0.00

    SillyTavern is a locally installed user interface that allows users to interact with text generation large language models, image generation engines, and text-to-speech voice models. In versions prior to 1.16.0, a Server-Side Request Forgery (SSRF) vulnerability in the asset…