Vulnerabilities > Mintplexlabs > Anythingllm > 1.5.3
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-06-20 | CVE-2024-5213 | Unspecified vulnerability in Mintplexlabs Anythingllm 0.0.1/0.1.0/1.5.3 In mintplex-labs/anything-llm versions up to and including 1.5.3, an issue was discovered where the password hash of a user is returned in the response after login (`POST /api/request-token`) and after account creations (`POST /api/admin/users/new`). | 6.5 |
| 2024-06-05 | CVE-2024-4084 | Unspecified vulnerability in Mintplexlabs Anythingllm A Server-Side Request Forgery (SSRF) vulnerability exists in the latest version of mintplex-labs/anything-llm, allowing attackers to bypass the official fix intended to restrict access to intranet IP addresses and protocols. | 7.5 |
| 2024-01-19 | CVE-2024-22422 | Unspecified vulnerability in Mintplexlabs Anythingllm AnythingLLM is an application that turns any document, resource, or piece of content into context that any LLM can use as references during chatting. | 7.5 |