Package impact
npm / @lobehub/lobehub
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2026-42045 | medium | 6.2 | 6.2 | 17d ago | LobeHub has a Cross-Site Scripting issue that escalates to Remote Code Execution | |||
| CVE-2026-39411 | unknown | — | — | 2mo ago | LobeHub: Unauthenticated authentication bypass on `webapi` routes via forgeable `X-lobe-chat-auth` header |