{"package":"fschat","ecosystem":"pypi","latest_version":"0.2.36","description":"An open platform for training, serving, and evaluating large language model based chatbots.","license":"Apache-2.0","license_risk":"permissive","commercial_use_notes":"Permissive: commercial closed-source use OK; preserve the copyright notice.","homepage":"https://pypi.org/project/fschat/","repository":"https://github.com/lm-sys/fastchat","downloads_weekly":14119,"health":{"score":23,"risk":"critical","breakdown":{"maintenance":0,"popularity":10,"security":1,"maturity":12,"community":0},"deprecated":false,"max_score":100},"vulnerabilities":{"count":6,"critical":0,"high":4,"medium":2,"low":0,"details":[{"vuln_id":"CVE-2024-10908","severity":"medium","summary":"FastChat open redirect vulnerability","affected_versions":"<=0.2.36|=0.1.1|=0.1.10|=0.1.2|=0.1.3|=0.1.4|=0.1.5|=0.1.6|=0.1.7|=0.1.8|=0.1.9|=0.2.0|=0.2.1|=0.2.10|=0.2.11|=0.2.12|=0.2.13|=0.2.14|=0.2.15|=0.2.16|=0.2.17|=0.2.18|=0.2.2|=0.2.20|=0.2.21|=0.2.23|=0.2.24|=0.2.26|=0.2.27|=0.2.28|=0.2.29|=0.2.3|=0.2.30|=0.2.31|=0.2.32|=0.2.33|=0.2.34|=0.2.35|=0.2.36|=0.2.4|=0.2.5|=0.2.6|=0.2.7|=0.2.8|=0.2.9","fixed_version":null,"source":"osv","published_at":"2025-03-20T12:32:41Z","in_kev":false,"epss_prob":0.01369,"epss_percentile":0.80283,"threat_tier":"theoretical"},{"vuln_id":"CVE-2024-10912","severity":"high","summary":"FastChat Denial of Service vulnerability","affected_versions":"<=0.2.36|=0.1.1|=0.1.10|=0.1.2|=0.1.3|=0.1.4|=0.1.5|=0.1.6|=0.1.7|=0.1.8|=0.1.9|=0.2.0|=0.2.1|=0.2.10|=0.2.11|=0.2.12|=0.2.13|=0.2.14|=0.2.15|=0.2.16|=0.2.17|=0.2.18|=0.2.2|=0.2.20|=0.2.21|=0.2.23|=0.2.24|=0.2.26|=0.2.27|=0.2.28|=0.2.29|=0.2.3|=0.2.30|=0.2.31|=0.2.32|=0.2.33|=0.2.34|=0.2.35|=0.2.36|=0.2.4|=0.2.5|=0.2.6|=0.2.7|=0.2.8|=0.2.9","fixed_version":null,"source":"osv","published_at":"2025-03-20T12:32:41Z","in_kev":false,"epss_prob":0.00531,"epss_percentile":0.67316,"threat_tier":"theoretical"},{"vuln_id":"CVE-2026-6608","severity":"medium","summary":"FastChat has a Content Moderation Bypass via Arena Side-by-Side Views","affected_versions":"<=0.2.36|=0.1.1|=0.1.10|=0.1.2|=0.1.3|=0.1.4|=0.1.5|=0.1.6|=0.1.7|=0.1.8|=0.1.9|=0.2.0|=0.2.1|=0.2.10|=0.2.11|=0.2.12|=0.2.13|=0.2.14|=0.2.15|=0.2.16|=0.2.17|=0.2.18|=0.2.2|=0.2.20|=0.2.21|=0.2.23|=0.2.24|=0.2.26|=0.2.27|=0.2.28|=0.2.29|=0.2.3|=0.2.30|=0.2.31|=0.2.32|=0.2.33|=0.2.34|=0.2.35|=0.2.36|=0.2.4|=0.2.5|=0.2.6|=0.2.7|=0.2.8|=0.2.9","fixed_version":null,"source":"osv","published_at":"2026-04-20T06:31:28Z","in_kev":false,"epss_prob":0.00045,"epss_percentile":0.13772,"threat_tier":"theoretical"},{"vuln_id":"CVE-2024-12376","severity":"high","summary":"FastChat Server-Side Request Forgery vulnerability","affected_versions":"<=0.2.36|=0.1.1|=0.1.10|=0.1.2|=0.1.3|=0.1.4|=0.1.5|=0.1.6|=0.1.7|=0.1.8|=0.1.9|=0.2.0|=0.2.1|=0.2.10|=0.2.11|=0.2.12|=0.2.13|=0.2.14|=0.2.15|=0.2.16|=0.2.17|=0.2.18|=0.2.2|=0.2.20|=0.2.21|=0.2.23|=0.2.24|=0.2.26|=0.2.27|=0.2.28|=0.2.29|=0.2.3|=0.2.30|=0.2.31|=0.2.32|=0.2.33|=0.2.34|=0.2.35|=0.2.36|=0.2.4|=0.2.5|=0.2.6|=0.2.7|=0.2.8|=0.2.9","fixed_version":null,"source":"osv","published_at":"2025-03-20T12:32:43Z","in_kev":false,"epss_prob":0.0044,"epss_percentile":0.63247,"threat_tier":"theoretical"},{"vuln_id":"CVE-2024-11603","severity":"high","summary":"FastChat Server-Side Request Forgery vulnerability","affected_versions":"<=0.2.36|=0.1.1|=0.1.10|=0.1.2|=0.1.3|=0.1.4|=0.1.5|=0.1.6|=0.1.7|=0.1.8|=0.1.9|=0.2.0|=0.2.1|=0.2.10|=0.2.11|=0.2.12|=0.2.13|=0.2.14|=0.2.15|=0.2.16|=0.2.17|=0.2.18|=0.2.2|=0.2.20|=0.2.21|=0.2.23|=0.2.24|=0.2.26|=0.2.27|=0.2.28|=0.2.29|=0.2.3|=0.2.30|=0.2.31|=0.2.32|=0.2.33|=0.2.34|=0.2.35|=0.2.36|=0.2.4|=0.2.5|=0.2.6|=0.2.7|=0.2.8|=0.2.9","fixed_version":null,"source":"osv","published_at":"2025-03-20T12:32:42Z","in_kev":false,"epss_prob":0.0028,"epss_percentile":0.51358,"threat_tier":"theoretical"},{"vuln_id":"CVE-2024-10907","severity":"high","summary":"FastChat Uncontrolled Resource Consumption vulnerability","affected_versions":"<=0.2.36|=0.1.1|=0.1.10|=0.1.2|=0.1.3|=0.1.4|=0.1.5|=0.1.6|=0.1.7|=0.1.8|=0.1.9|=0.2.0|=0.2.1|=0.2.10|=0.2.11|=0.2.12|=0.2.13|=0.2.14|=0.2.15|=0.2.16|=0.2.17|=0.2.18|=0.2.2|=0.2.20|=0.2.21|=0.2.23|=0.2.24|=0.2.26|=0.2.27|=0.2.28|=0.2.29|=0.2.3|=0.2.30|=0.2.31|=0.2.32|=0.2.33|=0.2.34|=0.2.35|=0.2.36|=0.2.4|=0.2.5|=0.2.6|=0.2.7|=0.2.8|=0.2.9","fixed_version":null,"source":"osv","published_at":"2025-03-20T12:32:41Z","in_kev":false,"epss_prob":0.00176,"epss_percentile":0.38676,"threat_tier":"theoretical"}],"actively_exploited_count":0,"likely_exploited_count":0},"versions":{"latest":"0.2.36","total_count":44,"recent":["0.2.14","0.2.15","0.2.16","0.2.17","0.2.18","0.2.20","0.2.21","0.2.23","0.2.24","0.2.26","0.2.27","0.2.28","0.2.29","0.2.30","0.2.31","0.2.32","0.2.33","0.2.34","0.2.35","0.2.36"]},"metadata":{"deprecated":false,"deprecated_message":null,"maintainers_count":0,"first_published":null,"last_published":"2024-02-11T15:42:24.819121Z","dependencies_count":28,"dependencies":["aiohttp","fastapi","httpx","markdown2[all]","nh3","numpy","prompt-toolkit >=3.0.0","pydantic","requests","rich >=10.0.0","shortuuid","tiktoken","uvicorn","black ==23.3.0 ; extra == 'dev'","pylint ==2.8.2 ; extra == 'dev'","openai <1 ; extra == 'llm_judge'","anthropic >=0.3 ; extra == 'llm_judge'","ray ; extra == 'llm_judge'","accelerate >=0.21 ; extra == 'model_worker'","peft ; extra == 'model_worker'","sentencepiece ; extra == 'model_worker'","torch ; extra == 'model_worker'","transformers >=4.31.0 ; extra == 'model_worker'","protobuf ; extra == 'model_worker'","einops ; extra == 'train'","flash-attn >=2.0 ; extra == 'train'","wandb ; extra == 'train'","gradio >=4.10 ; extra == 'webui'"]},"github_stats":null,"bundle":null,"typescript":null,"known_issues":{"bugs_count":0,"bugs_severity":{},"status_breakdown":{},"link":null,"scope":"none"},"historical_compromise":null,"recommendation":{"action":"update_required","issues":["Low health score (23/100)","4 high severity vulnerabilities"],"use_version":"0.2.36","version_hint":null,"summary":"fschat@0.2.36 has vulnerabilities — update to latest"},"version_scoped":null,"requested_version":null,"_cache":"hit","_response_ms":0,"_powered_by":"depscope.dev — free package intelligence for AI agents","typosquat":{"is_suspected":false},"maintainer_trust":{"available":false},"malicious":{"is_malicious":false},"scorecard":{"available":false},"quality":{"available":false},"version_history_summary":{"total_versions":20,"first_release_age_days":null,"last_release_days_ago":807,"avg_days_between_releases":null,"release_velocity":"stale"}}