Bounties
Partners
Community
Info
danswer-ai / danswer
Project repository
Gen-AI Chat for Teams - Think ChatGPT if it had access to your team's unique knowledge.
Submit a report
FIRST INTERACTION
WITHIN
N/A DAYS
REVIEW
WITHIN
42 DAYS
FIX
WITHIN
N/A DAYS
Session Management Vulnerability - Name Change Persists Post Logout
Mar 11th 2025
sharmaraghs
•
pending
IDOR in EE patch user group
Mar 7th 2025
r3jn
•
pending
SSRF on Danswer
Jan 7th 2025
samr301
•
spam
Denial of service by memory exhaustion
Jan 21st 2025
patrik-ha
•
High
•
$450
High
•
$450
•
CVE-2025-0182
CVE-2025-0182
Denial of Service due to chrome resource exhaustion
Aug 21st 2024
b0-n0-b0
•
spam
OS command injection
Sep 3rd 2024
tuna18dv
•
informative
Critical
No authentication at `/api/manage/admin/doc-boosts` endpoint, revealing all the...
Jul 31st 2024
srivallikusumba
•
self closed
Password Management: Empty Password
Aug 21st 2024
anonaninda
•
spam
Insecure Randomness
Aug 21st 2024
anonaninda
•
spam
SSRF in many features
Aug 21st 2024
nduy2110
•
informative
Critical
SSRF in Add Connector features
Aug 21st 2024
nduy2110
•
duplicate
Critical
A basic user can create credentials and link them to an existing connector, lead...
Oct 17th 2024
mnqazi
•
Medium
•
$75
Medium
•
$75
•
CVE-2024-8057
CVE-2024-8057
CORS misconfiguration leads to data leak
Oct 15th 2024
srivallikusumba
•
duplicate
High
Misconfigured Danswer instances lead to the leaks of OpenAI API keys, AWS keys e...
Aug 21st 2024
mik0w
•
informative
High
Potential DoS via Unrestricted Folder Name Length, can be exploited remotely via...
Oct 13th 2024
mnqazi
•
duplicate
High
Unauthorized Access to Search Page Functions via API Despite Page Visibility Res...
Oct 12th 2024
fewword
•
Medium
•
$75
Medium
•
$75
•
CVE-2024-9612
CVE-2024-9612
Server-Side Template Injection (SSTI) in Chat Description Field
Jan 2nd 2025
dan-xzero
•
not applicable
•
CVE-2024-7805
CVE-2024-7805
Denial of Service in multipart/form-data while uploading a file in chat
Oct 11th 2024
srivallikusumba
•
High
•
$450
High
•
$450
•
CVE-2024-8028
CVE-2024-8028
Improper Access Control in Admin-User Chat Functionality.
Oct 11th 2024
dan-xzero
•
Medium
•
$75
Medium
•
$75
•
CVE-2024-7767
CVE-2024-7767
IDOR- allow view any file
Oct 10th 2024
fewword
•
Medium
•
$75
Medium
•
$75
•
CVE-2024-9617
CVE-2024-9617
Insufficient protection against enumeration of shared chats
Aug 14th 2024
dastaj
•
informative
High
CSRF leads to performing sensitive action in the context of the victim's browser...
Oct 10th 2024
dastaj
•
High
•
$450
High
•
$450
•
CVE-2024-8065
CVE-2024-8065
CORS misconfiguration leads to sensitive data leak
Oct 10th 2024
dastaj
•
High
•
$450
High
•
$450
•
CVE-2024-7819
CVE-2024-7819
SSRF through web connector
Aug 21st 2024
patrik-ha
•
informative
High
Arbitrary File Overwrite in ZulipConnector when zuliprc- direcetory exists
Oct 10th 2024
retr0reg
•
Critical
•
$900
Critical
•
$900
•
CVE-2024-7957
CVE-2024-7957
Redos (Regular Expression Denial of Service)
Oct 9th 2024
mvlttt
•
High
•
$450
High
•
$450
•
CVE-2024-7779
CVE-2024-7779
CRITICAL
$0
HIGH
$0
MEDIUM
$0
LOW
$0
