Vulnerabilities > Mintplexlabs > Anythingllm > High
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2024-10-29 | CVE-2024-7783 | Cleartext Storage of Sensitive Information vulnerability in Mintplexlabs Anythingllm 0.0.1/0.1.0 mintplex-labs/anything-llm version latest contains a vulnerability where sensitive information, specifically a password, is improperly stored within a JWT (JSON Web Token) used as a bearer token in single user mode. | 7.5 |
2024-06-06 | CVE-2024-3149 | Unspecified vulnerability in Mintplexlabs Anythingllm 0.0.1/0.1.0 A Server-Side Request Forgery (SSRF) vulnerability exists in the upload link feature of mintplex-labs/anything-llm. | 8.8 |
2024-06-06 | CVE-2024-3150 | Unspecified vulnerability in Mintplexlabs Anythingllm 0.0.1/0.1.0 In mintplex-labs/anything-llm, a vulnerability exists in the thread update process that allows users with Default or Manager roles to escalate their privileges to Administrator. | 8.8 |
2024-06-06 | CVE-2024-3110 | Unspecified vulnerability in Mintplexlabs Anythingllm 0.0.1/0.1.0 A stored Cross-Site Scripting (XSS) vulnerability exists in the mintplex-labs/anything-llm application, affecting versions up to and including the latest before 1.0.0. | 8.7 |
2024-06-06 | CVE-2024-3152 | Unspecified vulnerability in Mintplexlabs Anythingllm 0.0.1/0.1.0 mintplex-labs/anything-llm is vulnerable to multiple security issues due to improper input validation in several endpoints. | 8.8 |
2024-06-05 | CVE-2024-4084 | Unspecified vulnerability in Mintplexlabs Anythingllm A Server-Side Request Forgery (SSRF) vulnerability exists in the latest version of mintplex-labs/anything-llm, allowing attackers to bypass the official fix intended to restrict access to intranet IP addresses and protocols. | 7.5 |
2024-03-02 | CVE-2024-0795 | Unspecified vulnerability in Mintplexlabs Anythingllm 0.0.1/0.1.0 If an attacked was given access to an instance with the admin or manager role there is no backend authentication that would prevent the attacked from creating a new user with an `admin` role and then be able to use this new account to have elevated privileges on the instance | 7.2 |
2024-01-19 | CVE-2024-22422 | Unspecified vulnerability in Mintplexlabs Anythingllm AnythingLLM is an application that turns any document, resource, or piece of content into context that any LLM can use as references during chatting. | 7.5 |
2023-10-30 | CVE-2023-5833 | Unspecified vulnerability in Mintplexlabs Anythingllm 0.0.1 Improper Access Control in GitHub repository mintplex-labs/anything-llm prior to 0.1.0. | 8.8 |