Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

mintplex-labs/anything-llm — Vulnerabilities & Security Advisories 57

All 57 CVE vulnerabilities found in mintplex-labs/anything-llm, with AI-generated Chinese analysis, references, and POCs.

Vendor: mintplex-labs

CVE IDTitleCVSSSeverityPublished
CVE-2024-2913 Race Condition Vulnerability in mintplex-labs/anything-llm CWE-367 3.7AILowAI2024-05-06
CVE-2024-3029 Improper Input Validation in mintplex-labs/anything-llm CWE-20 9.8 -2024-04-16
CVE-2024-3028 Improper Input Validation in mintplex-labs/anything-llm CWE-20 9.8 -2024-04-16
CVE-2024-0549 Relative Path Traversal in mintplex-labs/anything-llm CWE-23 8.1 -2024-04-16
CVE-2024-0404 Mass Assignment Vulnerability in mintplex-labs/anything-llm CWE-915 9.8 -2024-04-16
CVE-2024-3570 Stored XSS leading to Admin Account Takeover in mintplex-labs/anything-llm CWE-79 7.6AIHighAI2024-04-10
CVE-2024-3101 Privilege Escalation via Improper Input Validation in mintplex-labs/anything-llm CWE-20 9.8AICriticalAI2024-04-10
CVE-2024-3283 Privilege Escalation via Mass Assignment in mintplex-labs/anything-llm CWE-915 7.2AIHighAI2024-04-10
CVE-2024-3569 Denial of Service (DoS) Vulnerability in mintplex-labs/anything-llm CWE-400 7.5AIHighAI2024-04-10
CVE-2024-3025 Path Traversal in mintplex-labs/anything-llm CWE-23 9.1AICriticalAI2024-04-10
CVE-2024-0765 Default user role exporting save state of instance CWE-200 6.5 -2024-03-03
CVE-2024-0795 Create user API role not enforced CWE-284 9.8 -2024-03-02
CVE-2024-0550 Privileged User using traversal to read system files CWE-23 4.9 -2024-02-28
CVE-2024-0763 Improper validation of document removal parameter CWE-22 8.1 -2024-02-27
CVE-2024-0551 Download and export of file via default user role CWE-284 7.1 -2024-02-27
CVE-2024-0759 Collection of internally resolving IPs CWE-918 9.3 -2024-02-27
CVE-2024-0439 User can manually send request at manager permission to modify system configurations CWE-269 4.3 -2024-02-25
CVE-2024-0440 SSRF - file:// unsanitized access to underlying host files CWE-918 6.5 -2024-02-25
CVE-2024-0435 User can submit message to self-XSS CWE-79 5.4 -2024-02-25
CVE-2024-0798 Privilege Escalation in mintplex-labs/anything-llm CWE-272 4.9 -2024-02-25
CVE-2024-0436 Prevent timing attack for single-user password check CWE-203 6.7 -2024-02-25
CVE-2024-0455 SSRF on AWS deployed instances of AnythingLLM via /metadata CWE-918 8.8 -2024-02-25
CVE-2023-5833 Improper Access Control in mintplex-labs/anything-llm CWE-284 9.1 -2023-10-30
CVE-2023-5832 Improper Input Validation in mintplex-labs/anything-llm CWE-20 9.8 -2023-10-30
CVE-2023-4899 SQL Injection in mintplex-labs/anything-llm CWE-89 9.8 -2023-09-11
CVE-2023-4898 Authentication Bypass by Primary Weakness in mintplex-labs/anything-llm CWE-305 9.8 -2023-09-11
CVE-2023-4897 Relative Path Traversal in mintplex-labs/anything-llm CWE-23 9.1 -2023-09-11

All 57 known CVE vulnerabilities affecting mintplex-labs/anything-llm with full Chinese analysis, references, and POCs where available.