Browse all 4 CVE security advisories affecting khoj-ai. AI-powered Chinese analysis, POCs, and references for each vulnerability.
Khoj-ai develops an AI-powered search and knowledge management tool that helps users organize and retrieve information from various sources. Historically, the platform has been susceptible to multiple remote code execution vulnerabilities, cross-site scripting flaws, and privilege escalation issues, as evidenced by its four recorded CVEs. These vulnerabilities often stem from improper input validation and insufficient access controls in web interfaces and API endpoints. While no major public security incidents have been widely reported, the consistent pattern of vulnerabilities suggests potential risks for organizations implementing the solution, particularly in environments handling sensitive data where unpatched instances could lead to system compromise or data breaches.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2025-69207 | Khoj has an IDOR in Notion OAuth Flow Enables Index Poisoning — khojCWE-639 | 5.4 | Medium | 2026-02-02 |
| CVE-2024-52294 | khoj has an IDOR in subscription management that allows unauthorized subscription modifications — khojCWE-639 | 4.3 | Medium | 2024-12-30 |
| CVE-2024-43396 | Khoj Vulnerable to Stored Cross-site Scripting In Automate (Preview feature) — khojCWE-79 | 5.4 | Medium | 2024-08-20 |
| CVE-2024-25639 | Prompt Injection triggered XSS vulnerability in Khoj Obsidian, Desktop and Web clients — khojCWE-80 | 5.9 | Medium | 2024-07-08 |
This page lists every published CVE security advisory associated with khoj-ai. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.