VYPR

Quivr

by QuivrHQ

Source repositories

CVEs (5)

  • CVE-2024-9229HigMar 20, 2025
    risk 0.49cvss 7.5epss 0.01

    A Denial of Service (DoS) vulnerability in the file upload feature of stangirard/quivr v0.0.298 allows unauthenticated attackers to cause excessive resource consumption by appending characters to the end of a multipart boundary in an HTTP request. This leads to the server…

  • CVE-2024-6583Mar 20, 2025
    risk 0.00cvss epss 0.01

    A path traversal vulnerability exists in the latest version of stangirard/quivr. This vulnerability allows an attacker to upload files to arbitrary paths in an S3 bucket by manipulating the file path in the upload request.

  • CVE-2024-6229Jul 7, 2024
    risk 0.00cvss epss 0.00

    A stored cross-site scripting (XSS) vulnerability exists in the 'Upload Knowledge' feature of stangirard/quivr, affecting the latest version. Users can upload files via URL, which allows the insertion of malicious JavaScript payloads. These payloads are stored on the server and…

  • CVE-2024-5885Jun 27, 2024
    risk 0.00cvss epss 0.01

    stangirard/quivr version 0.0.236 contains a Server-Side Request Forgery (SSRF) vulnerability. The application does not provide sufficient controls when crawling a website, allowing an attacker to access applications on the local network. This vulnerability could allow a…

  • CVE-2024-4851Jun 6, 2024
    risk 0.00cvss epss 0.01

    A Server-Side Request Forgery (SSRF) vulnerability exists in the stangirard/quivr application, version 0.0.204, which allows attackers to access internal networks. The vulnerability is present in the crawl endpoint where the 'url' parameter can be manipulated to send HTTP…