Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

Mintplex-Labs — Vulnerabilities & Security Advisories 69

Browse all 69 CVE security advisories affecting Mintplex-Labs. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Top products by Mintplex-Labs:mintplex-labs/anything-llmanything-llmvector-admin
CVE IDTitleCVSSSeverityPublished
CVE-2026-41318 AnythingLLM vulnerable to stored DOM XSS in chart caption renderer - LLM-driven prompt injection produces executable HTML via unsanitized renderMarkdown(content.caption) in Chartable component — anything-llmCWE-79 5.4 Medium2026-04-24
CVE-2026-5627 Path Traversal in mintplex-labs/anything-llm — mintplex-labs/anything-llmCWE-29 9.1AICriticalAI2026-04-07
CVE-2026-32719 AnythingLLM has a Zip Slip Path Traversal and Code Execution via Community Hub Plugin Import — anything-llmCWE-22 4.2 Medium2026-03-13
CVE-2026-32717 AnythingLLM access control bypass: suspended users can continue using Browser Extension API keys — anything-llmCWE-863 2.7 Low2026-03-13
CVE-2026-32715 AnythingLLM Manager Privilege Bypass Allows Access to Admin-Only System Preferences — anything-llmCWE-863 3.8 Low2026-03-13
CVE-2026-32628 AnythingLLM has SQL Injection in Built-in SQL Agent Plugin via Unsanitized table_name Parameter — anything-llmCWE-89 8.8 -2026-03-13
CVE-2026-32626 AnythingLLM has a Streaming Phase XSS to RCE via LLM Response Injection — anything-llmCWE-79 9.7 Critical2026-03-13
CVE-2026-32617 AnythingLLM Permissable CORS policy — anything-llmCWE-942 7.1 High2026-03-13
CVE-2026-24478 AnythingLLM vulnerable to Path Traversal — anything-llmCWE-22 7.2 High2026-01-26
CVE-2026-24477 AnythingLLM has key leak in `systemSettings.js` — anything-llmCWE-201 9.1AICriticalAI2026-01-26
CVE-2026-21484 AnythingLLM Vulnerable to Username Enumeration w/ Password Recovery — anything-llmCWE-203 5.3 Medium2026-01-03
CVE-2024-8196 Missing Authentication for Critical Function in mintplex-labs/anything-llm — mintplex-labs/anything-llmCWE-306 9.1 -2025-03-20
CVE-2024-8248 Path Traversal in mintplex-labs/anything-llm — mintplex-labs/anything-llmCWE-29 8.8 -2025-03-20
CVE-2024-6842 Exposure of Sensitive Information in mintplex-labs/anything-llm — mintplex-labs/anything-llmCWE-306 7.5 -2025-03-20
CVE-2024-10513 Path Traversal in mintplex-labs/anything-llm — mintplex-labs/anything-llmCWE-23 7.2 -2025-03-20
CVE-2024-8249 Unauthenticated Denial of Service (DoS) in mintplex-labs/anything-llm — mintplex-labs/anything-llmCWE-248 7.5 -2025-03-20
CVE-2024-10109 Incorrect Authorization in mintplex-labs/anything-llm — mintplex-labs/anything-llmCWE-863 7.6 -2025-03-20
CVE-2024-7771 Denial of Service in mintplex-labs/anything-llm — mintplex-labs/anything-llmCWE-400 7.5 -2025-03-20
CVE-2024-8251 Prisma Injection in mintplex-labs/anything-llm — mintplex-labs/anything-llmCWE-89 7.5 -2025-03-20
CVE-2024-13060 Improper Authorization in mintplex-labs/anything-llm — mintplex-labs/anything-llmCWE-862 4.3 -2025-03-20
CVE-2024-13059 Path Traversal in mintplex-labs/anything-llm — mintplex-labs/anything-llmCWE-29 7.2 -2025-02-10
CVE-2024-7783 Improper Storage of Sensitive Information in Bearer Token in mintplex-labs/anything-llm — mintplex-labs/anything-llmCWE-312 7.5AIHighAI2024-10-29
CVE-2024-3279 Improper Access Control in mintplex-labs/anything-llm — mintplex-labs/anything-llmCWE-306 8.2AIHighAI2024-08-09
CVE-2024-5216 Denial of Service in mintplex-labs/anything-llm — mintplex-labs/anything-llmCWE-400 9.1AICriticalAI2024-06-25
CVE-2024-5213 Exposure of Sensitive Information in mintplex-labs/anything-llm — mintplex-labs/anything-llmCWE-201 7.5AIHighAI2024-06-20
CVE-2024-5208 Uncontrolled Resource Consumption in mintplex-labs/anything-llm — mintplex-labs/anything-llmCWE-770 6.5AIMediumAI2024-06-19
CVE-2024-5211 Path Traversal to Arbitrary File Read/Delete/Overwrite, DoS Attack, and Admin Account Takeover in mintplex-labs/anything-llm — mintplex-labs/anything-llmCWE-29 9.8AICriticalAI2024-06-12
CVE-2024-3150 Privilege Escalation in mintplex-labs/anything-llm — mintplex-labs/anything-llmCWE-755 8.8AIHighAI2024-06-06
CVE-2024-3149 SSRF in mintplex-labs/anything-llm — mintplex-labs/anything-llmCWE-918 8.1AIHighAI2024-06-06
CVE-2024-3153 Uncontrolled Resource Consumption in mintplex-labs/anything-llm — mintplex-labs/anything-llmCWE-400 7.5AIHighAI2024-06-06

This page lists every published CVE security advisory associated with Mintplex-Labs. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.