huntr: danswer-ai/danswer

danswer-ai / danswer

Gen-AI Chat for Teams - Think ChatGPT if it had access to your team's unique knowledge.

Submit a report

FIRST INTERACTION

WITHINN/A DAYS

REVIEW

WITHIN42 DAYS

FIX

WITHINN/A DAYS

danswer-ai

Server Request to Arbitrary URL

Aug 25th 2025

pending

danswer-ai

ssrf in danswer-ai/danswer

Aug 16th 2025

pending

danswer-ai

Session Management Vulnerability - Name Change Persists Post Logout

Mar 11th 2025

pending

danswer-ai

IDOR in EE patch user group

Mar 7th 2025

pending

danswer-ai

SSRF on Danswer

Jan 7th 2025

spam

danswer-ai

Denial of service by memory exhaustion

Jan 21st 2025

High

•$450

High

•$450•CVE-2025-0182

danswer-ai

Denial of Service due to chrome resource exhaustion

Aug 21st 2024

spam

danswer-ai

OS command injection

Sep 3rd 2024

informative

Critical

danswer-ai

No authentication at `/api/manage/admin/doc-boosts` endpoint, revealing all the...

Jul 31st 2024

srivallikusumba•

self closed

danswer-ai

Password Management: Empty Password

Aug 21st 2024

spam

danswer-ai

Insecure Randomness

Aug 21st 2024

spam

danswer-ai

SSRF in many features

Aug 21st 2024

informative

Critical

danswer-ai

SSRF in Add Connector features

Aug 21st 2024

duplicate

Critical

danswer-ai

A basic user can create credentials and link them to an existing connector, lead...

Oct 17th 2024

Medium

•$75

Medium

•$75•CVE-2024-8057

danswer-ai

CORS misconfiguration leads to data leak

Oct 15th 2024

srivallikusumba•

duplicate

High

danswer-ai

Misconfigured Danswer instances lead to the leaks of OpenAI API keys, AWS keys e...

Aug 21st 2024

informative

High

danswer-ai

Potential DoS via Unrestricted Folder Name Length, can be exploited remotely via...

Oct 13th 2024

duplicate

High

danswer-ai

Unauthorized Access to Search Page Functions via API Despite Page Visibility Res...

Oct 12th 2024

Medium

•$75

Medium

•$75•CVE-2024-9612

danswer-ai

Server-Side Template Injection (SSTI) in Chat Description Field

Jan 2nd 2025

not applicable

•CVE-2024-7805

danswer-ai

Denial of Service in multipart/form-data while uploading a file in chat

Oct 11th 2024

srivallikusumba•

High

•$450

High

•$450•CVE-2024-8028

danswer-ai

Improper Access Control in Admin-User Chat Functionality.

Oct 11th 2024

Medium

•$75

Medium

•$75•CVE-2024-7767

danswer-ai

IDOR- allow view any file

Oct 10th 2024

Medium

•$75

Medium

•$75•CVE-2024-9617

danswer-ai

Insufficient protection against enumeration of shared chats

Aug 14th 2024

informative

High

danswer-ai

CSRF leads to performing sensitive action in the context of the victim's browser...

Oct 10th 2024

High

•$450

High

•$450•CVE-2024-8065

danswer-ai

CORS misconfiguration leads to sensitive data leak

Oct 10th 2024

High

•$450

High

•$450•CVE-2024-7819

danswer-ai

SSRF through web connector

Aug 21st 2024

informative

High

danswer-ai

Arbitrary File Overwrite in ZulipConnector when zuliprc- direcetory exists

Oct 10th 2024

Critical

•$900

Critical

•$900•CVE-2024-7957

danswer-ai

Redos (Regular Expression Denial of Service)

Oct 9th 2024

High

•$450

High

•$450•CVE-2024-7779

CRITICAL

$0

HIGH

$0

MEDIUM

$0

LOW

$0