Every CVE whose affected-product data names Lobehub Lobe Chat, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (7)
CVE-2024-47066 — CVSS 9.0 (critical): Lobe Chat is an open-source artificial intelligence chat framework. Prior to version 1.19.13, server-side request forgery protection…
CVE-2024-32964 — CVSS 9.0 (critical): Lobe Chat is a chatbot framework that supports speech synthesis, multimodal, and extensible Function Call plugin system. Prior to 0.150.6…
CVE-2024-32965 — CVSS 8.1 (high): Lobe Chat is an open-source, AI chat framework. Versions of lobe-chat prior to 1.19.13 have an unauthorized ssrf vulnerability. An attacker…
CVE-2025-59417 — CVSS 6.1 (medium): Lobe Chat is an open-source artificial intelligence chat framework. Prior to version 1.129.4, there is a a cross-site scripting (XSS)…
CVE-2024-37895 — CVSS 5.7 (medium): Lobe Chat is an open-source LLMs/AI chat framework. In affected versions if an attacker can successfully authenticate through SSO/Access…
CVE-2024-24566 — CVSS 5.3 (medium): Lobe Chat is a chatbot framework that supports speech synthesis, multimodal, and extensible Function Call plugin system. When the…
CVE-2025-59426 — CVSS 4.3 (medium): Lobe Chat is an open-source artificial intelligence chat framework. Prior to version 1.130.1, the project's OIDC redirect handling logic…