AnythingLLM - Information Disclosure

AnythingLLM suffers from an information disclosure vulnerability through the /api/setup-complete API endpoint. By accessing this endpoint, a remote and unauthenticated attacker can access sensitive configuration of the target AnythingLLM instance. This detection is included in the AI and LLM...

AnythingLLM 跨站脚本漏洞

AnythingLLM is an integrated AI application developed by Mintplex. Versions of AnythingLLM prior to 1.12.1 contained a cross-site scripting vulnerability. This vulnerability stemmed from the markdown renderer in the chart component not encoding the alt text as HTML, which could lead to storage-ty...

AnythingLLM 安全漏洞

AnythingLLM is an all-in-one AI application open-sourced by Mintplex. AnythingLLM suffers from a security vulnerability that stems from a suspended user not being blocked on the browser extension API key path in multi-user mode, which can be exploited by an attacker to cause the suspended user to...

CVE-2023-4897

Relative Path Traversal in GitHub repository mintplex-labs/anything-llm prior to 0.0.1...

CVE-2023-4899

SQL Injection in GitHub repository mintplex-labs/anything-llm prior to 0.0.1...

CVE-2023-4898

Authentication Bypass by Primary Weakness in GitHub repository mintplex-labs/anything-llm prior to 0.0.1...

AnythingLLM 安全漏洞

AnythingLLM is an all-in-one AI application open-sourced by Mintplex. A security vulnerability exists in AnythingLLM that stems from a password recovery endpoint returning a different error message that could lead to username enumeration...

AnythingLLM 安全漏洞

AnythingLLM is an all-in-one AI application from Mintplex Open Source. A security vulnerability exists in AnythingLLM version 1.8.5 that stems from an authentication bypass that could lead to unauthorized access to workspace information...

EUVD-2024-32154

Malicious code in bioql PyPI...

EUVD-2023-54736

Malicious code in bioql PyPI...

EUVD-2024-31641

Malicious code in bioql PyPI...

EUVD-2023-58115

Malicious code in bioql PyPI...

EUVD-2023-54738

Malicious code in bioql PyPI...

EUVD-2023-58116

Malicious code in bioql PyPI...

EUVD-2023-54737

Malicious code in bioql PyPI...

EUVD-2024-32836

Malicious code in bioql PyPI...

CVE-2024-3166

A Cross-Site Scripting XSS vulnerability exists in mintplex-labs/anything-llm, affecting both the desktop application version 1.2.0 and the latest version of the web application. The vulnerability arises from the application's feature to fetch and embed content from websites into workspaces, whic...

CVE-2023-5832

Improper Input Validation in GitHub repository mintplex-labs/anything-llm prior to 0.1.0...

CVE-2024-8251

A vulnerability in mintplex-labs/anything-llm prior to version 1.2.2 allows for Prisma injection. The issue exists in the API endpoint "/embed/:embedId/stream-chat" where user-provided JSON is directly taken to the Prisma library's where clause. An attacker can exploit this by providing a special...

CVE-2024-10109

A vulnerability in the mintplex-labs/anything-llm repository, as of commit 5c40419, allows low privilege users to access the sensitive API endpoint "/api/system/custom-models". This access enables them to modify the model's API key and base path, leading to potential API key leakage and denial of...