Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

mintplex-labs — Vulnerabilities & Security Advisories 70

Browse all 70 CVE security advisories affecting mintplex-labs. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Mintplex Labs operates as a software development entity, primarily known for creating blockchain-based applications and smart contract solutions. An analysis of its public vulnerability record reveals 69 assigned CVEs, indicating a significant historical exposure to security flaws. The most prevalent vulnerability classes associated with the organization’s codebase include remote code execution (RCE), cross-site scripting (XSS), and privilege escalation issues. These defects often stem from inadequate input validation and improper access control mechanisms within their web interfaces and backend services. While specific major incidents involving data breaches are not widely documented in public threat intelligence feeds, the high volume of CVEs suggests systemic weaknesses in their software development lifecycle. This pattern highlights the critical need for rigorous static and dynamic analysis in blockchain-related projects to mitigate risks associated with complex smart contract interactions and standard web application vulnerabilities.

Top products by mintplex-labs: mintplex-labs/anything-llm anything-llm vector-admin
CVE IDTitleCVSSSeverityPublished
CVE-2026-42456 AnythingLLM: Cross-User TTS Audio Disclosure via Chat ID (IDOR) — anything-llmCWE-200 4.3 Medium2026-05-08
CVE-2026-41318 AnythingLLM vulnerable to stored DOM XSS in chart caption renderer - LLM-driven prompt injection produces executable HTML via unsanitized renderMarkdown(content.caption) in Chartable component — anything-llmCWE-79 5.4 Medium2026-04-24
CVE-2026-5627 Path Traversal in mintplex-labs/anything-llm — mintplex-labs/anything-llmCWE-29 9.1AICriticalAI2026-04-07
CVE-2026-32719 AnythingLLM has a Zip Slip Path Traversal and Code Execution via Community Hub Plugin Import — anything-llmCWE-22 4.2 Medium2026-03-13
CVE-2026-32717 AnythingLLM access control bypass: suspended users can continue using Browser Extension API keys — anything-llmCWE-863 2.7 Low2026-03-13
CVE-2026-32715 AnythingLLM Manager Privilege Bypass Allows Access to Admin-Only System Preferences — anything-llmCWE-863 3.8 Low2026-03-13
CVE-2026-32628 AnythingLLM has SQL Injection in Built-in SQL Agent Plugin via Unsanitized table_name Parameter — anything-llmCWE-89 8.8 -2026-03-13
CVE-2026-32626 AnythingLLM has a Streaming Phase XSS to RCE via LLM Response Injection — anything-llmCWE-79 9.7 Critical2026-03-13
CVE-2026-32617 AnythingLLM Permissable CORS policy — anything-llmCWE-942 7.1 High2026-03-13
CVE-2026-24478 AnythingLLM vulnerable to Path Traversal — anything-llmCWE-22 7.2 High2026-01-26
CVE-2026-24477 AnythingLLM has key leak in `systemSettings.js` — anything-llmCWE-201 9.1AICriticalAI2026-01-26
CVE-2026-21484 AnythingLLM Vulnerable to Username Enumeration w/ Password Recovery — anything-llmCWE-203 5.3 Medium2026-01-03
CVE-2024-8196 Missing Authentication for Critical Function in mintplex-labs/anything-llm — mintplex-labs/anything-llmCWE-306 9.1 -2025-03-20
CVE-2024-8248 Path Traversal in mintplex-labs/anything-llm — mintplex-labs/anything-llmCWE-29 8.8 -2025-03-20
CVE-2024-6842 Exposure of Sensitive Information in mintplex-labs/anything-llm — mintplex-labs/anything-llmCWE-306 7.5 -2025-03-20
CVE-2024-10513 Path Traversal in mintplex-labs/anything-llm — mintplex-labs/anything-llmCWE-23 7.2 -2025-03-20
CVE-2024-8249 Unauthenticated Denial of Service (DoS) in mintplex-labs/anything-llm — mintplex-labs/anything-llmCWE-248 7.5 -2025-03-20
CVE-2024-10109 Incorrect Authorization in mintplex-labs/anything-llm — mintplex-labs/anything-llmCWE-863 7.6 -2025-03-20
CVE-2024-7771 Denial of Service in mintplex-labs/anything-llm — mintplex-labs/anything-llmCWE-400 7.5 -2025-03-20
CVE-2024-8251 Prisma Injection in mintplex-labs/anything-llm — mintplex-labs/anything-llmCWE-89 7.5 -2025-03-20
CVE-2024-13060 Improper Authorization in mintplex-labs/anything-llm — mintplex-labs/anything-llmCWE-862 4.3 -2025-03-20
CVE-2024-13059 Path Traversal in mintplex-labs/anything-llm — mintplex-labs/anything-llmCWE-29 7.2 -2025-02-10
CVE-2024-7783 Improper Storage of Sensitive Information in Bearer Token in mintplex-labs/anything-llm — mintplex-labs/anything-llmCWE-312 7.5AIHighAI2024-10-29
CVE-2024-3279 Improper Access Control in mintplex-labs/anything-llm — mintplex-labs/anything-llmCWE-306 8.2AIHighAI2024-08-09
CVE-2024-5216 Denial of Service in mintplex-labs/anything-llm — mintplex-labs/anything-llmCWE-400 9.1AICriticalAI2024-06-25
CVE-2024-5213 Exposure of Sensitive Information in mintplex-labs/anything-llm — mintplex-labs/anything-llmCWE-201 7.5AIHighAI2024-06-20
CVE-2024-5208 Uncontrolled Resource Consumption in mintplex-labs/anything-llm — mintplex-labs/anything-llmCWE-770 6.5AIMediumAI2024-06-19
CVE-2024-5211 Path Traversal to Arbitrary File Read/Delete/Overwrite, DoS Attack, and Admin Account Takeover in mintplex-labs/anything-llm — mintplex-labs/anything-llmCWE-29 9.8AICriticalAI2024-06-12
CVE-2024-3150 Privilege Escalation in mintplex-labs/anything-llm — mintplex-labs/anything-llmCWE-755 8.8AIHighAI2024-06-06
CVE-2024-3149 SSRF in mintplex-labs/anything-llm — mintplex-labs/anything-llmCWE-918 8.1AIHighAI2024-06-06

This page lists every published CVE security advisory associated with mintplex-labs. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.