Skip to content

RadicalNotion.AI

We do not sell or share your personal information

© 2026 RadicalNotion.AI

Security Data

CWE Directory
CAPEC Directory
CNA Directory
CNA Report Cards
Data Sources

Calculators

CVSS Calculator
CVSS 4.0
CVSS 3.1
CVSS 3.0
CVSS 2.0

Platform

My Vulnerabilities
Insights
Notifications
Account
Pricing

Learn

All guides
What is a CVE?
What is CVSS?
The CISA KEV catalog
What is EPSS?

Company

About us
Blog
Book a demo

Get Started

Sign up
Log in

Legal

Privacy
Terms

Security data

Weaknesses (CWE)The MITRE CWE weakness catalog
Attack Patterns (CAPEC)MITRE CAPEC attack patterns
CNAsNumbering authorities + report cards
VendorsVulnerabilities by vendor

Tools

CVSS CalculatorScore CVSS 4.0, 3.1, 3.0 & 2.0

Resources

LearnPlain-English security guides
Data SourcesHow we source CVE data

About Us Blog Pricing Book a Demo

Log in

Home
Vendors
Mintplex Labs
Anything Llm

mintplex-labs anything-llm Vulnerabilities: CVEs, CISA KEV & Security Advisories

71 CVEs

mintplex-labs anything-llm Vulnerabilities

CVE security advisories and vulnerability history for anything-llm by mintplex-labs.

71

Total CVEs

Published

0

In CISA KEV

Exploited in the wild

56

Public exploits

With known exploit

7.2

Avg CVSS

2023–2026

Last updated May 28, 2026

Overview

mintplex-labs anything-llm has 71 published CVE records since 2023, of which 0 are in CISA's Known Exploited Vulnerabilities catalog and 56 have a known public exploit. The average CVSS base score across scored CVEs is 7.2.

This page aggregates every publicly disclosed vulnerability (CVE) affecting mintplex-labs anything-llm, with a severity breakdown, the affected and patched versions, the most common weakness types, and the full CVE list.

Severity and exploitation

How the CVSS severity of mintplex-labs anything-llm's CVEs breaks down, plus how many are exploited in the wild or have public exploit code.

Critical15

High33

Medium17

Low5

1 additional CVE has no CVSS severity score.

In CISA’s Known Exploited Vulnerabilities catalog

0

None of mintplex-labs anything-llm's CVEs are currently listed in CISA's KEV catalog.

Public exploits

56

56 of mintplex-labs anything-llm's CVEs have a known public exploit available.

Affected versions and CVEs

Browse every mintplex-labs anything-llm version named in a CVE, then pick one to see only the CVEs that affect it.

Specific versions

v1.0.022 CVEs
v1.1.021 CVEs
v1.1.121 CVEs
v1.2.020 CVEs
v1.2.118 CVEs
v1.2.214 CVEs
v1.2.314 CVEs
v1.2.414 CVEs
v1.3.014 CVEs
v1.4.010 CVEs
v1.7.410 CVEs
v1.7.510 CVEs
v1.7.610 CVEs
v1.7.810 CVEs
v1.8.010 CVEs
v1.8.110 CVEs
v1.8.210 CVEs
v1.8.310 CVEs
v1.8.410 CVEs
v1.8.510 CVEs
v1.9.09 CVEs
v1.9.19 CVEs
v1.10.06 CVEs
v1.11.06 CVEs
v1.11.16 CVEs

Fixed in

013c0b9575ae6a87af87275e326041c4e0afeeee31 CVEs
de9f9a0ce81a89cde87a89b66bc7e35626b73a9f4 CVEs
08d33cfd8fc47c5052b6ea29597c964a9da641e23 CVEs
ac8248e08d0a4606eb3c87bcdbab9fa99e73d7df3 CVEs
1b35bcbeab10b77e6dbd263cceecf1b965a407892 CVEs
200bd7f0615347ed2efc07903d510e5a208b0afc2 CVEs
47a5c7126c20e2277ee56e2c7ee11990886a40a72 CVEs
52fac844221a9b951d08ceb93c4c014e9397b1f22 CVEs
7de23dbb2da932fbfb39f56d981784d3702cf5ce2 CVEs
a4ace56a401ffc8ce0082d7444159dfd5dc288342 CVEs
dc3dfbf31495fe316b21ee184b9317b38101d30e

Find a version

71 CVEs

Sort

AnythingLLM: Legacy mobile device tokens bypass multi-user workspace scoping after mode migration
CVE-2026-47713
Public exploit
CWE-639
Low · CVSS 2.0
EPSS 0.0% (10th pct)2026-05-28
AnythingLLM: RCE via ripgrep --pre argument injection in filesystem-search-files agent skill
CVE-2026-48116
Public exploit
Patch
CWE-88
High · CVSS 7.5
EPSS 0.1% (18th pct)2026-05-28
AnythingLLM: filesystem-copy-file follows nested symlinks and copies files from outside the allowed directory
CVE-2026-45403
Public exploit
Patch
CWE-59
Low · CVSS 2.0
EPSS 0.0% (5th pct)2026-05-28
AnythingLLM: Cross-User TTS Audio Disclosure via Chat ID (IDOR)
CVE-2026-42456
Public exploit
Patch
CWE-639
Medium · CVSS 4.3
EPSS 0.0% (1th pct)2026-05-08
AnythingLLM vulnerable to stored DOM XSS in chart caption renderer - LLM-driven prompt injection produces executable HTML via unsanitized renderMarkdown(content.caption) in Chartable component
CVE-2026-41318
Public exploit
Patch
CWE-116
Medium · CVSS 5.4
EPSS 0.0% (12th pct)2026-04-24
AnythingLLM has a Zip Slip Path Traversal and Code Execution via Community Hub Plugin Import
CVE-2026-32719CWE-94
Medium · CVSS 4.2
EPSS 0.1% (25th pct)2026-03-13
AnythingLLM access control bypass: suspended users can continue using Browser Extension API keys
CVE-2026-32717
Public exploit
CWE-863
Low · CVSS 2.7
EPSS 0.0% (16th pct)2026-03-13
AnythingLLM Manager Privilege Bypass Allows Access to Admin-Only System Preferences
CVE-2026-32715
Public exploit
CWE-863
Low · CVSS 3.8
EPSS 0.0% (15th pct)2026-03-13
AnythingLLM has SQL Injection in Built-in SQL Agent Plugin via Unsanitized table_name Parameter
CVE-2026-32628CWE-89
High · CVSS 7.7
EPSS 0.0% (14th pct)2026-03-13
AnythingLLM has a Streaming Phase XSS to RCE via LLM Response Injection
CVE-2026-32626CWE-79
Critical · CVSS 9.7
EPSS 0.1% (26th pct)2026-03-13
AnythingLLM Permissable CORS policy
CVE-2026-32617
Public exploit
CWE-1188
High · CVSS 7.1
EPSS 0.0% (10th pct)2026-03-13
AnythingLLM vulnerable to Path Traversal
CVE-2026-24478
Public exploit
Patch
CWE-22
High · CVSS 7.3
EPSS 0.3% (50th pct)2026-01-26
AnythingLLM has key leak in `systemSettings.js`
CVE-2026-24477
Public exploit
Patch
CWE-201
High · CVSS 8.7
EPSS 10.4% (93th pct)2026-01-26
AnythingLLM Vulnerable to Username Enumeration w/ Password Recovery
CVE-2026-21484
Patch
CWE-204
Medium · CVSS 5.3
EPSS 0.4% (60th pct)2026-01-03
Medium vulnerability · 2025-12-18
CVE-2025-63390CWE-306
Medium · CVSS 5.3
EPSS 0.0% (6th pct)2025-12-18
Critical vulnerability · 2025-03-20
CVE-2024-8196
Public exploit
Patch
CWE-306
Critical · CVSS 9.8
EPSS 0.3% (52th pct)2025-03-20
High vulnerability · 2025-03-20
CVE-2024-8248
Public exploit
Patch
CWE-29
High · CVSS 7.2
EPSS 0.3% (54th pct)2025-03-20
Exposure of Sensitive Information in mintplex-labs/anything-llm
CVE-2024-6842
Public exploit
Patch
CWE-306
High · CVSS 7.5
EPSS 70.2% (99th pct)2025-03-20
High vulnerability · 2025-03-20
CVE-2024-10513
Public exploit
Patch
CWE-23
High · CVSS 7.2
EPSS 0.2% (40th pct)2025-03-20
High vulnerability · 2025-03-20
CVE-2024-8249
Public exploit
Patch
CWE-248
High · CVSS 7.5
EPSS 0.5% (66th pct)2025-03-20
High vulnerability · 2025-03-20
CVE-2024-10109
Public exploit
Patch
CWE-863
High · CVSS 8.3
EPSS 0.1% (35th pct)2025-03-20
Medium vulnerability · 2025-03-20
CVE-2024-7771
Public exploit
Patch
CWE-400
Medium · CVSS 6.5
EPSS 0.3% (56th pct)2025-03-20
Prisma Injection in mintplex-labs/anything-llm
CVE-2024-8251
Public exploit
Patch
CWE-89
Medium · CVSS 5.3
EPSS 0.5% (65th pct)2025-03-20
Improper Authorization in mintplex-labs/anything-llm
CVE-2024-13060
Public exploit
Patch
CWE-862
Medium · CVSS 4.3
EPSS 0.2% (41th pct)2025-03-20
High vulnerability · 2025-02-10
CVE-2024-13059
Public exploit
Patch
CWE-29
High · CVSS 7.2
EPSS 69.2% (99th pct)2025-02-10
Medium vulnerability · 2024-10-29
CVE-2024-7783
Public exploit
Patch
CWE-312
Medium · CVSS 5.9
EPSS 0.1% (32th pct)2024-10-29
Improper Access Control in mintplex-labs/anything-llm
CVE-2024-3279
Public exploit
Patch
CWE-306
Critical · CVSS 9.1
EPSS 0.3% (50th pct)2024-08-09
High vulnerability · 2024-06-25
CVE-2024-5216
Public exploit
Patch
CWE-400
High · CVSS 7.5
EPSS 0.2% (41th pct)2024-06-25
Exposure of Sensitive Information in mintplex-labs/anything-llm
CVE-2024-5213
Patch
CWE-201
Medium · CVSS 5.3
EPSS 0.3% (56th pct)2024-06-20
Uncontrolled Resource Consumption in mintplex-labs/anything-llm
CVE-2024-5208
Public exploit
Patch
CWE-770
Medium · CVSS 6.5
EPSS 0.1% (30th pct)2024-06-19

Showing 30 of 71

Common weakness types

The CWE weakness categories most often found in mintplex-labs anything-llm CVEs. Follow any weakness for its full explanation.

CWE-23Relative Path Traversal5 CVEs
CWE-918Server-Side Request Forgery (SSRF)5 CVEs
CWE-79Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')5 CVEs
CWE-400Uncontrolled Resource Consumption5 CVEs
CWE-20Improper Input Validation5 CVEs
CWE-306Missing Authentication for Critical Function4 CVEs
CWE-863Incorrect Authorization4 CVEs
CWE-29Path Traversal: '\..\filename'3 CVEs

Disclosure activity by year

How many mintplex-labs anything-llm CVEs were published each year.

2023

5

2024

41

2025

11

2026

14

Other mintplex-labs products

Browse vulnerabilities for other products by mintplex-labs.

mintplex-labs/anything-llm57 CVEs mintplex-labs\/anything-llm3 CVEs AnythingLLM Docker1 CVEs vector-admin1 CVEs

All mintplex-labs vulnerabilities

Frequently asked questions

Common questions about mintplex-labs anything-llm vulnerabilities.

How many CVEs does mintplex-labs anything-llm have?

mintplex-labs anything-llm has 71 published CVE records since 2023.

How many mintplex-labs anything-llm CVEs are in CISA KEV?

None of mintplex-labs anything-llm's CVEs are currently listed in CISA's Known Exploited Vulnerabilities catalog.

Are there public exploits for mintplex-labs anything-llm vulnerabilities?

Yes — 56 of mintplex-labs anything-llm's CVEs have a known public exploit.

Which versions of mintplex-labs anything-llm are affected?

77 distinct mintplex-labs anything-llm versions are named across its CVEs. Use the version filter above to see the CVEs affecting a specific version.

What are the most common weakness types in mintplex-labs anything-llm CVEs?

mintplex-labs anything-llm's CVEs most often map to these CWE weakness types: CWE-23 (Relative Path Traversal), CWE-918 (Server-Side Request Forgery (SSRF)), CWE-79 (Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')), CWE-400 (Uncontrolled Resource Consumption).

How many critical mintplex-labs anything-llm vulnerabilities are there?

mintplex-labs anything-llm has 15 critical and 33 high-severity CVEs.

What is the average severity of mintplex-labs anything-llm CVEs?

The average CVSS base score across mintplex-labs anything-llm's scored CVEs is 7.2.

References

All mintplex-labs vulnerabilities
The MITRE CVE Program (opens in a new tab)
Learn: What is a CVE?
CWE directory: the weakness types these CVEs map to

Vulnerability data is sourced from the CVE Program; severity, KEV, and exploit signals are aggregated by RadicalNotion.AI.

Track mintplex-labs anything-llm vulnerabilities

Monitor new mintplex-labs anything-llm vulnerabilities as they are disclosed, with AI-written analysis and remediation guidance.

Start free See pricing

On this page

Overview
Severity and exploitation
Affected versions and CVEs
Common weakness types
Disclosure activity
Other products
FAQ
References

2 CVEs

026849df0224b6a8754f4103530bc015874def621 CVE

0b7bf68f2c02ca68075970fbf85d5a70ca5e94ca1 CVE

0db6c3b2aa1787a7054ffdaba975474f122c20eb1 CVE

1563a1b20f72846d617a88510970d0426ab880d31 CVE

18798c5b640018aaee924e0afd941705d88df92e1 CVE

2374939ffb551ab2929d7f9d5827fe6597fa8caa1 CVE

334fd9cdd02ad4aa6a3c9bdfc95e7764651c13f41 CVE

3c859ba3038121b67fb98e87dc52617fa27cbef01 CVE

3c88aec034934bcbad30c5ef1cab62cbbdb98e641 CVE

3ef009de73c837f9025df8bba62572885c70c72f1 CVE

4430ddb05988470bc8f0479e7d07db1f7d4646ba1 CVE

49f30e051c9f6e28977d57d0e5f49c1294094e411 CVE

548da9ade30368289c5beaf0a8ee2ed2b5c1d81c1 CVE

696af19c45473172ad4d3ca749281800a4d1a45a1 CVE

7200a06ef07d92eef5f3c4c8be29824aa001d6881 CVE

74d5f3adc588868fd8c026d31527b50904432e911 CVE

7aaa4b38e7112a6cd879c1238310c56b1844c6d81 CVE

8a7324d0e77a15186e1ad5e5119fca4fb224c39c1 CVE

8b1ceb30c159cf3a10efa16275bc6849d84e4ea81 CVE

8cd3a92c660b202655d99bee90b2864694c999461 CVE

8d302c3f670c582b09d47e96132c248101447a111 CVE

94b58249a37a21b1c08deaa2d1edfdecbb6deb181 CVE

99cfee1e7025fe9a0919a4d506ba1e1b819f60731 CVE

9a237db3d1f66cdbcf5079599258f5fb251c55641 CVE

9bfe477f10b188bfe3508ac29105df80d4522ece1 CVE

9df4521113ddb9a3adb5d0e3941e7d494992629c1 CVE

b2b2c2afe15c48952d57b4d01e7108f9515c5f551 CVE

b8d37d9f43af2facab4c51146a46229a58cb53d91 CVE

bf8df60c02b9ddc7ba682809ca12c5637606393a1 CVE

bfedfebfab032e6f4d5a369c8a2f947c5d0c52861 CVE

cb7cb2d9764536b2e9f4d47cb56442160a68058b1 CVE

d5b1f84a4c7991987eac3454d4f1b4067841d7831 CVE

d5cde8b7c27a47ab45b05b441db16751537f17331 CVE

dd017c6cbbf42abdef7861a66558c53b66424d071 CVE

e1dcd5ded010b03abd6aa32d1bf0668a48e38e171 CVE

e208074ef4c240fe03e4147ab097ec3b52b976191 CVE

e2439c6d4c3cfdacd96cd1b7b92d1f89c3cc84591 CVE

e287fab56089cf8fcea9ba579a3ecdeca0daa3131 CVE

efe9dfa5e3550d12abd34d06ab7f8fbcf2206cfa1 CVE

f4088d9348fa86dcebe9f97a18d39c0a6e92f15e1 CVE

fa27103d032c58904c49b92ee13fabc19a20a5ce1 CVE