Browse all 11 CVE security advisories affecting danswer-ai. AI-powered Chinese analysis, POCs, and references for each vulnerability.
Danswer-ai is an open-source search platform for internal knowledge bases and document retrieval. Historically, it has been vulnerable to multiple remote code execution (RCE) flaws, cross-site scripting (XSS), and privilege escalation issues, with 11 CVEs recorded to date. Notable security characteristics include its reliance on third-party dependencies and frequent exposure of sensitive endpoints. The platform has experienced multiple critical vulnerabilities affecting authentication and data access, though no major public security incidents have been widely reported. Its architecture presents several attack surfaces, particularly in API integrations and user authentication mechanisms.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2024-32881 | Unauthorized access to GET/SET of Slack Bot Tokens in Danswer — danswerCWE-285 | 9.8 | Critical | 2024-04-26 |
This page lists every published CVE security advisory associated with danswer-ai. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.