Every CVE whose affected-product data names Pribai Privategpt, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (10)
CVE-2024-4343 — CVSS 9.8 (critical): A Python command injection vulnerability exists in the `SagemakerLLM` class's `complete()` method within `./private_gpt/components/llm/custo…
CVE-2024-3403 — CVSS 7.5 (high): imartinez/privategpt version 0.2.0 is vulnerable to a local file inclusion vulnerability that allows attackers to read arbitrary files from…
CVE-2024-8018 — CVSS 7.5 (high): A vulnerability in imartinez/privategpt version 0.5.0 allows for a Denial of Service (DOS) attack. When uploading a file, if an attacker…
CVE-2024-12063 — CVSS 7.5 (high): A Denial of Service (DoS) vulnerability exists in the file upload feature of imartinez/privategpt version v0.6.2. The vulnerability is due…
CVE-2024-5186 — CVSS 7.2 (high): A Server-Side Request Forgery (SSRF) vulnerability exists in the file upload section of imartinez/privategpt version 0.5.0. This…
CVE-2024-8029 — CVSS 6.1 (medium): An XSS vulnerability was discovered in the upload file(s) process of imartinez/privategpt v0.5.0. Attackers can upload malicious SVG files…
CVE-2024-5936 — CVSS 6.1 (medium): An open redirect vulnerability exists in imartinez/privategpt version 0.5.0 due to improper handling of the 'file' parameter. This…
CVE-2024-5935 — CVSS 5.4 (medium): A Cross-Site Request Forgery (CSRF) vulnerability in version 0.5.0 of imartinez/privategpt allows an attacker to delete all uploaded files…
CVE-2024-3851 — CVSS 5.4 (medium): A stored Cross-Site Scripting (XSS) vulnerability exists in the 'imartinez/privategpt' repository due to improper validation of file…
CVE-2025-4515 — CVSS 4.3 (medium): A vulnerability, which was classified as problematic, was found in Zylon PrivateGPT up to 0.6.2. This affects an unknown part of the file…