Launch Week Day 1: Announcing Security Design Review
Start for Free
npm

sillytavern

View on npm registry
11 Total advisories
11 Vulnerabilities
0 Malware

Vulnerabilities

UNKNOWN
npm

CVE-2026-44651

SillyTavern has a reflected XSS vulnerability in the CORS proxy middleware
HIGH 7.5
npm

CVE-2026-44648

SillyTavern: Existing sessions are not invalidated after password change, allowing session reuse and account takeover
HIGH 8.5
npm

CVE-2026-46372

SillyTavern: SSRF in SearXNG Search Proxy via Unvalidated baseUrl
CRITICAL 9.8
npm

CVE-2026-44649

SillyTavern has Authentication Bypass via SSO Header Injection
UNKNOWN
npm

CVE-2026-44652

SillyTavern has a SSRF vulnerability in the CORS proxy middleware
CRITICAL 9.1
npm

CVE-2026-44650

SillyTavern has a Path Traversal issue
HIGH 8.1
npm

CVE-2026-34522

SillyTavern has a path traversal in `/api/chats/import` allows arbitrary file write outside intended chat directory
MEDIUM 5.0
npm

CVE-2026-34526

SillyTavern: Incomplete IP validation in /api/search/visit allows SSRF via localhost and IPv6
HIGH 8.3
npm

CVE-2026-34524

SillyTavern: Path Traversal in `/api/chats/export` and `/api/chats/delete` allows arbitrary file read/delete within user data root
MEDIUM 5.3
npm

CVE-2026-34523

SillyTavern: Path Traversal allows file existence oracle
CRITICAL 9.6
npm

CVE-2025-59159

SillyTavern Web Interface Vulnerable DNS Rebinding

Ready to move

Start Securing

Start for Free Get Demo

Free, no credit card | First findings in minutes