VYPR

quivr

by Stangirard

CVEs (4)

  • CVE-2024-5885HigJun 27, 2024
    risk 0.56cvss 8.6epss 0.01

    stangirard/quivr version 0.0.236 contains a Server-Side Request Forgery (SSRF) vulnerability. The application does not provide sufficient controls when crawling a website, allowing an attacker to access applications on the local network. This vulnerability could allow a…

  • CVE-2024-4851HigJun 6, 2024
    risk 0.50cvss 7.7epss 0.01

    A Server-Side Request Forgery (SSRF) vulnerability exists in the stangirard/quivr application, version 0.0.204, which allows attackers to access internal networks. The vulnerability is present in the crawl endpoint where the 'url' parameter can be manipulated to send HTTP…

  • CVE-2024-6229MedJul 7, 2024
    risk 0.35cvss 5.4epss 0.00

    A stored cross-site scripting (XSS) vulnerability exists in the 'Upload Knowledge' feature of stangirard/quivr, affecting the latest version. Users can upload files via URL, which allows the insertion of malicious JavaScript payloads. These payloads are stored on the server and…

  • CVE-2024-6583MedMar 20, 2025
    risk 0.28cvss 4.3epss 0.01

    A path traversal vulnerability exists in the latest version of stangirard/quivr. This vulnerability allows an attacker to upload files to arbitrary paths in an S3 bucket by manipulating the file path in the upload request.