Sillytavern

SillyTavern version 1.17.0 is vulnerable to server-side request forgery (SSRF) via the `/api/search/searxng` route, allowing authenticated low-privilege users to control the `baseUrl` parameter for outbound server-side fetches, potentially disclosing sensitive information from internal HTTP services or cloud metadata endpoints.

A path traversal vulnerability in SillyTavern versions 1.16.0 and earlier allows an authenticated attacker to read and delete arbitrary files under their user data root by manipulating the avatar_url parameter in the `/api/chats/export` and `/api/chats/delete` endpoints.