Lucene search

Anythingllm Security Vulnerabilities

cve

CVE-2023-4897

Relative Path Traversal in GitHub repository mintplex-labs/anything-llm prior to 0.0.1.

9.8CVSS

9.2AI Score

0.001EPSS

2023-09-11 09:15 PM

cve

CVE-2023-5832

Improper Input Validation in GitHub repository mintplex-labs/anything-llm prior to 0.1.0.

9.1CVSS

9.2AI Score

0.0005EPSS

2023-10-30 01:15 PM

cve

CVE-2023-5833

Improper Access Control in GitHub repository mintplex-labs/anything-llm prior to 0.1.0.

8.8CVSS

8.2AI Score

0.001EPSS

2023-10-30 01:15 PM

cve

CVE-2024-22422

AnythingLLM is an application that turns any document, resource, or piece of content into context that any LLM can use as references during chatting. In versions prior to commit 08d33cfd8 an unauthenticated API route (file export) can allow attacker to crash the server resulting in a denial of serv...

7.5CVSS

7.5AI Score

0.0005EPSS

2024-01-19 01:15 AM

cve

CVE-2024-4084

A Server-Side Request Forgery (SSRF) vulnerability exists in the latest version of mintplex-labs/anything-llm, allowing attackers to bypass the official fix intended to restrict access to intranet IP addresses and protocols. Despite efforts to filter out intranet IP addresses starting with 192, 172...

7.5CVSS

7.2AI Score

0.001EPSS

2024-06-05 12:15 AM