chainlit
PyPI3 known CVEs affecting this package
Aggregated from OSV, GitHub Security Advisories, NVD, and vendor advisories. Each CVE links to its full detail page with vendor advisories, patches, fixed versions, and remediation guidance.
CVEs affecting chainlitpage 1 of 1
- CVE-2025-68492MEDIUMCVSS 4.2EG 4.2✓ Fixed in 2.8.52026-01-14
vulnerable: 0.1.0 ... 2.8.4 (156 versions)
Chainlit versions prior to 2.8.5 contain an authorization bypass through user-controlled key vulnerability. If this vulnerability is exploited, threads may be viewed or thread ownership may be obtained by an attacker who can log in to the …
- CVE-2026-22218MEDIUMCVSS 6.5EG 6.5✓ Fixed in 2.9.42026-01-20
vulnerable: 0.1.0 ... 2.9.3 (161 versions)
Chainlit versions prior to 2.9.4 contain an arbitrary file read vulnerability in the /project/element update flow. An authenticated client can send a custom Element with a user-controlled path value, causing the server to copy the referenc…
- CVE-2026-22219HIGHCVSS 7.7EG 7.7✓ Fixed in 2.9.42026-01-20
vulnerable: 0.1.0 ... 2.9.3 (161 versions)
Chainlit versions prior to 2.9.4 contain a server-side request forgery (SSRF) vulnerability in the /project/element update flow when configured with the SQLAlchemy data layer backend. An authenticated client can provide a user-controlled u…
Check whether chainlit is used in your infrastructure
EchelonGraph scans your cloud and SBOMs to map every package to your actual deployments. See blast radius for chainlit CVEs against the assets you own.
Start Free Scan →