chainlit

PyPI2 known CVEs affecting this package

Aggregated from OSV, GitHub Security Advisories, NVD, and vendor advisories. Each CVE links to its full detail page with vendor advisories, patches, fixed versions, and remediation guidance.

CVEs affecting chainlitpage 1 of 1

CVE-2025-68492MEDIUMCVSS 4.2EG 4.2✓ Fixed in 2.8.5
2026-01-14
vulnerable: 0.1.0 ... 2.8.4 (156 versions)
Chainlit versions prior to 2.8.5 contain an authorization bypass through user-controlled key vulnerability. If this vulnerability is exploited, threads may be viewed or thread ownership may be obtained by an attacker who can log in to the …
CVE-2026-22219HIGHCVSS 7.7EG 7.7✓ Fixed in 2.9.4
2026-01-20
vulnerable: 0.1.0 ... 2.9.3 (161 versions)
Chainlit versions prior to 2.9.4 contain a server-side request forgery (SSRF) vulnerability in the /project/element update flow when configured with the SQLAlchemy data layer backend. An authenticated client can provide a user-controlled u…

Check whether chainlit is used in your infrastructure

EchelonGraph scans your cloud and SBOMs to map every package to your actual deployments. See blast radius for chainlit CVEs against the assets you own.

Start Free Scan →