VYPR
Vendor

AnythingLLM

Products
1
CVEs
6
Across products
6
Status
Private

Products

1

Recent CVEs

6
  • CVE-2026-24477Jan 26, 2026
    risk 0.01cvss epss 0.02

    AnythingLLM is an application that turns pieces of content into context that any LLM can use as references during chatting. If AnythingLLM prior to version 1.10.0 is configured to use Qdrant as the vector database with an API key, this QdrantApiKey could be exposed in plain text…

  • CVE-2026-32626Mar 13, 2026
    risk 0.00cvss epss 0.01

    AnythingLLM is an application that turns pieces of content into context that any LLM can use as references during chatting. In 1.11.1 and earlier, AnythingLLM Desktop contains a Streaming Phase XSS vulnerability in the chat rendering pipeline that escalates to Remote Code…

  • CVE-2026-24478Jan 26, 2026
    risk 0.00cvss epss 0.01

    AnythingLLM is an application that turns pieces of content into context that any LLM can use as references during chatting. Prior to version 1.10.0, a critical Path Traversal vulnerability in the DrupalWiki integration allows a malicious admin (or an attacker who can convince an…

  • CVE-2024-13060MedMar 20, 2025
    risk 0.00cvss 4.3epss 0.00

    A vulnerability in AnythingLLM Docker version 1.3.1 allows users with 'Default' permission to access other users' profile pictures by changing the 'id' parameter in the user cookie. This issue is present in versions prior to 1.3.1.

  • CVE-2024-0765MedMar 3, 2024
    risk 0.00cvss 6.5epss 0.01

    As a default user on a multi-user instance of AnythingLLM, you could execute a call to the `/export-data` endpoint of the system and then unzip and read that export that would enable you do exfiltrate data of the system at that save state. This would require the attacked to be…

  • CVE-2024-0759HigFeb 27, 2024
    risk 0.00cvss 7.5epss 0.01

    Should an instance of AnythingLLM be hosted on an internal network and the attacked be explicitly granted a permission level of manager or admin, they could link-scrape internally resolving IPs of other services that are on the same network as AnythingLLM. This would require…