Vulnerabilities > Mintplexlabs > High

DATE CVE VULNERABILITY TITLE RISK
2024-10-29 CVE-2024-7783 Cleartext Storage of Sensitive Information vulnerability in Mintplexlabs Anythingllm 0.0.1/0.1.0
mintplex-labs/anything-llm version latest contains a vulnerability where sensitive information, specifically a password, is improperly stored within a JWT (JSON Web Token) used as a bearer token in single user mode.
network
low complexity
mintplexlabs CWE-312
7.5
2024-06-06 CVE-2024-3149 Server-Side Request Forgery (SSRF) vulnerability in Mintplexlabs Anythingllm 0.0.1/0.1.0
A Server-Side Request Forgery (SSRF) vulnerability exists in the upload link feature of mintplex-labs/anything-llm.
network
low complexity
mintplexlabs CWE-918
8.8
2024-06-06 CVE-2024-3150 Improper Handling of Exceptional Conditions vulnerability in Mintplexlabs Anythingllm 0.0.1/0.1.0
In mintplex-labs/anything-llm, a vulnerability exists in the thread update process that allows users with Default or Manager roles to escalate their privileges to Administrator.
network
low complexity
mintplexlabs CWE-755
8.8
2024-06-06 CVE-2024-3110 Cross-site Scripting vulnerability in Mintplexlabs Anythingllm 0.0.1/0.1.0
A stored Cross-Site Scripting (XSS) vulnerability exists in the mintplex-labs/anything-llm application, affecting versions up to and including the latest before 1.0.0.
network
low complexity
mintplexlabs CWE-79
8.7
2024-06-06 CVE-2024-3152 Improper Handling of Exceptional Conditions vulnerability in Mintplexlabs Anythingllm 0.0.1/0.1.0
mintplex-labs/anything-llm is vulnerable to multiple security issues due to improper input validation in several endpoints.
network
low complexity
mintplexlabs CWE-755
8.8
2024-06-05 CVE-2024-4084 Server-Side Request Forgery (SSRF) vulnerability in Mintplexlabs Anythingllm
A Server-Side Request Forgery (SSRF) vulnerability exists in the latest version of mintplex-labs/anything-llm, allowing attackers to bypass the official fix intended to restrict access to intranet IP addresses and protocols.
network
low complexity
mintplexlabs CWE-918
7.5
2024-01-19 CVE-2024-22422 Improper Check for Unusual or Exceptional Conditions vulnerability in Mintplexlabs Anythingllm 0.0.1/0.1.0
AnythingLLM is an application that turns any document, resource, or piece of content into context that any LLM can use as references during chatting.
network
low complexity
mintplexlabs CWE-754
7.5
2023-10-30 CVE-2023-5833 Improper Access Control vulnerability in Mintplexlabs Anythingllm 0.0.1
Improper Access Control in GitHub repository mintplex-labs/anything-llm prior to 0.1.0.
network
low complexity
mintplexlabs CWE-284
8.8
2023-09-12 CVE-2023-4898 Unspecified vulnerability in Mintplexlabs Anything-Llm
Authentication Bypass by Primary Weakness in GitHub repository mintplex-labs/anything-llm prior to 0.0.1.
network
low complexity
mintplexlabs
7.5
2023-09-12 CVE-2023-4899 SQL Injection vulnerability in Mintplexlabs Anything-Llm
SQL Injection in GitHub repository mintplex-labs/anything-llm prior to 0.0.1.
network
low complexity
mintplexlabs CWE-89
8.8