danny-avila

Top products

The 15 most recently published vulnerabilities affecting danny-avila.

• CVE-2026-44654LibreChat: Shared-agent editor can globally delete owner's file records — breaks owner's other private agents8.1Jun 2, 2026
• CVE-2026-44653LibreChat Shared MCP Server View Leaks Decrypted Admin Secrets6.5Jun 2, 2026
• CVE-2026-32625LibreChat Exfiltrates Server Secrets via MCP Server URL Injection9.6Jun 2, 2026
• CVE-2026-31942LibreChat has IDOR in API Keys Management that allows any authenticated user to overwrite other users' API keys7.1Jun 2, 2026
• CVE-2026-34371LibreChat Affected by Arbitrary File Write via `execute_code` Artifact Filename Traversal6.3Apr 7, 2026
• CVE-2026-31951LibreChat's MCP Server Header Injection Enables OAuth Token Theft6.8Mar 27, 2026
• CVE-2026-31950LibreChat's IDOR in SSE Stream Subscription Allows Reading Other Users' Chats5.3Mar 27, 2026
• CVE-2026-31945LibreChat Server-Side Request Forgery using DNS resolution7.7Mar 27, 2026
• CVE-2026-31943LibreChat has SSRF protection bypass via IPv4-mapped IPv6 normalization in isPrivateIP8.5Mar 27, 2026
• CVE-2025-41258LibreChat RAG API Authentication Bypass8.0Mar 18, 2026
• CVE-2026-31949LibreChat Denial of Service (DoS) via Unhandled Exception in DELETE /api/convos6.5Mar 13, 2026
• CVE-2026-31944LibreChat MCP OAuth callback does not validate browser session — allows token theft via redirect link7.6Mar 13, 2026
• CVE-2025-7105Denial of Service via JavaScript Memory Overflow in danny-avila/librechat5.7Feb 2, 2026
• CVE-2026-22252LibreChat MCP Stdio Remote Command Execution9.1Jan 12, 2026
• CVE-2025-69222LibreChat is vulnerable to Server-Side Request Forgery due to missing restrictions9.1Jan 7, 2026