Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

mintplex-labs — Vulnerabilities & Security Advisories 70

Browse all 70 CVE security advisories affecting mintplex-labs. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Mintplex Labs operates as a software development entity, primarily known for creating blockchain-based applications and smart contract solutions. An analysis of its public vulnerability record reveals 69 assigned CVEs, indicating a significant historical exposure to security flaws. The most prevalent vulnerability classes associated with the organization’s codebase include remote code execution (RCE), cross-site scripting (XSS), and privilege escalation issues. These defects often stem from inadequate input validation and improper access control mechanisms within their web interfaces and backend services. While specific major incidents involving data breaches are not widely documented in public threat intelligence feeds, the high volume of CVEs suggests systemic weaknesses in their software development lifecycle. This pattern highlights the critical need for rigorous static and dynamic analysis in blockchain-related projects to mitigate risks associated with complex smart contract interactions and standard web application vulnerabilities.

Top products by mintplex-labs: mintplex-labs/anything-llm anything-llm vector-admin
CVE IDTitleCVSSSeverityPublished
CVE-2024-3153 Uncontrolled Resource Consumption in mintplex-labs/anything-llm — mintplex-labs/anything-llmCWE-400 7.5AIHighAI2024-06-06
CVE-2024-3166 Cross-Site Scripting (XSS) Vulnerability in mintplex-labs/anything-llm — mintplex-labs/anything-llmCWE-79 8.8AIHighAI2024-06-06
CVE-2024-3102 JSON Injection in mintplex-labs/anything-llm — mintplex-labs/anything-llmCWE-307 7.5AIHighAI2024-06-06
CVE-2024-3110 Stored XSS leading to admin account takeover in mintplex-labs/anything-llm — mintplex-labs/anything-llmCWE-79 4.8AIMediumAI2024-06-06
CVE-2024-3104 Remote Code Execution in mintplex-labs/anything-llm — mintplex-labs/anything-llmCWE-78 10.0AICriticalAI2024-06-06
CVE-2024-3033 Improper Authorization in mintplex-labs/anything-llm — mintplex-labs/anything-llmCWE-863 8.2AIHighAI2024-06-06
CVE-2024-3152 Privilege Escalation and Local File Inclusion in mintplex-labs/anything-llm — mintplex-labs/anything-llmCWE-918 9.8AICriticalAI2024-06-06
CVE-2024-4084 SSRF vulnerability in mintplex-labs/anything-llm — mintplex-labs/anything-llmCWE-918 9.1 -2024-06-05
CVE-2024-4286 Improper Neutralization of Special Elements in mintplex-labs/anything-llm — mintplex-labs/anything-llmCWE-917 6.5 -2024-05-26
CVE-2024-4287 Improper Input Validation in mintplex-labs/anything-llm — mintplex-labs/anything-llmCWE-20 7.2AIHighAI2024-05-20
CVE-2024-4284 Denial of Service in mintplex-labs/anything-llm — mintplex-labs/anything-llmCWE-400 7.5 -2024-05-19
CVE-2024-2913 Race Condition Vulnerability in mintplex-labs/anything-llm — mintplex-labs/anything-llmCWE-367 3.7AILowAI2024-05-06
CVE-2024-3029 Improper Input Validation in mintplex-labs/anything-llm — mintplex-labs/anything-llmCWE-20 9.8 -2024-04-16
CVE-2024-3028 Improper Input Validation in mintplex-labs/anything-llm — mintplex-labs/anything-llmCWE-20 9.8 -2024-04-16
CVE-2024-0549 Relative Path Traversal in mintplex-labs/anything-llm — mintplex-labs/anything-llmCWE-23 8.1 -2024-04-16
CVE-2024-0404 Mass Assignment Vulnerability in mintplex-labs/anything-llm — mintplex-labs/anything-llmCWE-915 9.8 -2024-04-16
CVE-2024-3570 Stored XSS leading to Admin Account Takeover in mintplex-labs/anything-llm — mintplex-labs/anything-llmCWE-79 7.6AIHighAI2024-04-10
CVE-2024-3101 Privilege Escalation via Improper Input Validation in mintplex-labs/anything-llm — mintplex-labs/anything-llmCWE-20 9.8AICriticalAI2024-04-10
CVE-2024-3283 Privilege Escalation via Mass Assignment in mintplex-labs/anything-llm — mintplex-labs/anything-llmCWE-915 7.2AIHighAI2024-04-10
CVE-2024-3569 Denial of Service (DoS) Vulnerability in mintplex-labs/anything-llm — mintplex-labs/anything-llmCWE-400 7.5AIHighAI2024-04-10
CVE-2024-3025 Path Traversal in mintplex-labs/anything-llm — mintplex-labs/anything-llmCWE-23 9.1AICriticalAI2024-04-10
CVE-2024-0765 Default user role exporting save state of instance — mintplex-labs/anything-llmCWE-200 6.5 -2024-03-03
CVE-2024-0795 Create user API role not enforced — mintplex-labs/anything-llmCWE-284 9.8 -2024-03-02
CVE-2024-0550 Privileged User using traversal to read system files — mintplex-labs/anything-llmCWE-23 4.9 -2024-02-28
CVE-2024-0763 Improper validation of document removal parameter — mintplex-labs/anything-llmCWE-22 8.1 -2024-02-27
CVE-2024-0551 Download and export of file via default user role — mintplex-labs/anything-llmCWE-284 7.1 -2024-02-27
CVE-2024-0759 Collection of internally resolving IPs — mintplex-labs/anything-llmCWE-918 9.3 -2024-02-27
CVE-2024-0439 User can manually send request at manager permission to modify system configurations — mintplex-labs/anything-llmCWE-269 4.3 -2024-02-25
CVE-2024-0440 SSRF - file:// unsanitized access to underlying host files — mintplex-labs/anything-llmCWE-918 6.5 -2024-02-25
CVE-2024-0435 User can submit message to self-XSS — mintplex-labs/anything-llmCWE-79 5.4 -2024-02-25

This page lists every published CVE security advisory associated with mintplex-labs. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.