Vulnerability Database

299,038

Total vulnerabilities in the database

CVE-2024-10363

In version 0.7.5 of danny-avila/LibreChat, there is an improper access control vulnerability. Users can share, use, and create prompts without being granted permission by the admin. This can break application logic and permissions, allowing unauthorized actions.

Published: Mar 20, 2025
Updated: Jul 12, 2025
CVE: CVE-2024-10363
Exploit:

No technical information available.

CWEs:

CWE-284

OWASP TOP 10:

A5 - Broken Access Control

Affected Software
References

Software	From	Fixed in
librechat / librechat	0.7.5	0.7.5.x

https://github.com/danny-avila/librechat/commit/42a4d02c62e2a6cf677d1cb6cfcb36d136aaa599
https://huntr.com/bounties/41a1137d-e725-4fec-b04c-58555cb16b6b

Deep Security Visibility Without the Complexity

SynScan provides clear, real-time security insights so you can monitor your attack surface, spot risks early, and act fast—without extra complexity.

No setup fees
5-min deployment
Cancel anytime

Book a Demo