Pribai Privategpt
10 CVEs affecting Pribai Privategpt. Latest disclosed: 2025-05-10. Critical: 1, High: 4.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2024-4343 | Critical | 9.8 | 2024-11-14 | A Python command injection vulnerability exists in the `SagemakerLLM` class's `complete()` method within `./private_gpt/components/llm/custom/sagemaker.py` of… |
CVE-2024-8018 | High | 7.5 | 2025-03-20 | A vulnerability in imartinez/privategpt version 0.5.0 allows for a Denial of Service (DOS) attack. When uploading a file, if an attacker appends a large number… |
CVE-2024-12063 | High | 7.5 | 2025-03-20 | A Denial of Service (DoS) vulnerability exists in the file upload feature of imartinez/privategpt version v0.6.2. The vulnerability is due to improper handling… |
CVE-2024-3403 | High | 7.5 | 2024-05-16 | imartinez/privategpt version 0.2.0 is vulnerable to a local file inclusion vulnerability that allows attackers to read arbitrary files from the filesystem. By… |
CVE-2024-5186 | High | 7.2 | 2024-06-06 | A Server-Side Request Forgery (SSRF) vulnerability exists in the file upload section of imartinez/privategpt version 0.5.0. This vulnerability allows attackers… |
CVE-2024-8029 | Medium | 6.1 | 2025-03-20 | An XSS vulnerability was discovered in the upload file(s) process of imartinez/privategpt v0.5.0. Attackers can upload malicious SVG files, which execute JavaS… |
CVE-2024-5936 | Medium | 6.1 | 2024-06-27 | An open redirect vulnerability exists in imartinez/privategpt version 0.5.0 due to improper handling of the 'file' parameter. This vulnerability allows attacke… |
CVE-2024-5935 | Medium | 5.4 | 2024-06-27 | A Cross-Site Request Forgery (CSRF) vulnerability in version 0.5.0 of imartinez/privategpt allows an attacker to delete all uploaded files on the server. This… |
CVE-2024-3851 | Medium | 5.4 | 2024-05-16 | A stored Cross-Site Scripting (XSS) vulnerability exists in the 'imartinez/privategpt' repository due to improper validation of file uploads. Attackers can exp… |
CVE-2025-4515 | Medium | 4.3 | 2025-05-10 | A vulnerability, which was classified as problematic, was found in Zylon PrivateGPT up to 0.6.2. This affects an unknown part of the file settings.yaml. The ma… |