Vulnerabilities > Mintplexlabs > Anythingllm > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-10-29 | CVE-2024-7783 | Cleartext Storage of Sensitive Information vulnerability in Mintplexlabs Anythingllm 0.0.1/0.1.0 mintplex-labs/anything-llm version latest contains a vulnerability where sensitive information, specifically a password, is improperly stored within a JWT (JSON Web Token) used as a bearer token in single user mode. | 7.5 |
| 2024-06-06 | CVE-2024-3149 | Server-Side Request Forgery (SSRF) vulnerability in Mintplexlabs Anythingllm 0.0.1/0.1.0 A Server-Side Request Forgery (SSRF) vulnerability exists in the upload link feature of mintplex-labs/anything-llm. | 8.8 |
| 2024-06-06 | CVE-2024-3150 | Improper Handling of Exceptional Conditions vulnerability in Mintplexlabs Anythingllm 0.0.1/0.1.0 In mintplex-labs/anything-llm, a vulnerability exists in the thread update process that allows users with Default or Manager roles to escalate their privileges to Administrator. | 8.8 |
| 2024-06-06 | CVE-2024-3110 | Cross-site Scripting vulnerability in Mintplexlabs Anythingllm 0.0.1/0.1.0 A stored Cross-Site Scripting (XSS) vulnerability exists in the mintplex-labs/anything-llm application, affecting versions up to and including the latest before 1.0.0. | 8.7 |
| 2024-06-06 | CVE-2024-3152 | Improper Handling of Exceptional Conditions vulnerability in Mintplexlabs Anythingllm 0.0.1/0.1.0 mintplex-labs/anything-llm is vulnerable to multiple security issues due to improper input validation in several endpoints. | 8.8 |
| 2024-06-05 | CVE-2024-4084 | Server-Side Request Forgery (SSRF) vulnerability in Mintplexlabs Anythingllm A Server-Side Request Forgery (SSRF) vulnerability exists in the latest version of mintplex-labs/anything-llm, allowing attackers to bypass the official fix intended to restrict access to intranet IP addresses and protocols. | 7.5 |
| 2024-01-19 | CVE-2024-22422 | Improper Check for Unusual or Exceptional Conditions vulnerability in Mintplexlabs Anythingllm 0.0.1/0.1.0 AnythingLLM is an application that turns any document, resource, or piece of content into context that any LLM can use as references during chatting. | 7.5 |
| 2023-10-30 | CVE-2023-5833 | Improper Access Control vulnerability in Mintplexlabs Anythingllm 0.0.1 Improper Access Control in GitHub repository mintplex-labs/anything-llm prior to 0.1.0. | 8.8 |