Danswer version prior to 0.10.0-beta.1 suffers from an Insecure Direct Object Reference allowing an unauthenticated attacker to access messages and attached files via a specially forged request. This detection is included in the AI and LLM category.

Gradio before version 4.37.1 suffer from an open redirect vulnerability, allowing an attacker to craft a link and try redirecting target applications users to a malicious server. This detection is included in the AI and LLM category.

Flowise versions prior to 2.0.6 are vulnerable to an authentication bypass allowing a remote and unauthenticated attacker to perform administrative actions through the REST API.

Gradio version 4.3 prior to 4.13 are vulnerable to an unauthenticated Local file read by calling arbitrary methods of Components class. This detection is included in the AI and LLM category.

By default, Gradio does not require authentication to access the application. This allows an attacker to access sensitive data. This detection is included in the AI and LLM category.

This is an informational plugin to inform the user that the scanner has detected a publicly accessible Gradio instance on the target application. Gradio is a software to build machine learning apps in Python. This detection is included in the AI and LLM category.

By default, Danswer does not require authentication to access the application. This allows an attacker to perform arbitrary modifications on experiments or models in the web interface. This detection is included in the AI and LLM category.

This is an informational plugin to inform the user that the scanner has detected a publicly accessible Danswer instance on the target application. Danswer is the AI Assistant connected to your company's docs, apps, and people. This detection is included in the AI and LLM category.

This is an informational plugin to inform the user that the scanner has detected a publicly accessible Dify instance on the target application. Dify is an open-source LLM app development platform. This detection is included in the AI and LLM category.

AnythingLLM suffers from an information disclosure vulnerability through the `/api/setup-complete` API endpoint. By accessing this endpoint, a remote and unauthenticated attacker can access sensitive configuration of the target AnythingLLM instance. This detection is included in the AI and LLM category.

This is an informational plugin to inform the user that the scanner has detected a publicly accessible ChatGPT-web instance. ChatGPT-web is a simple one-page web interface to the OpenAI ChatGPT API. This detection is included in the AI and LLM category.

This is an informational plugin to inform the user that the scanner has detected a publicly accessible H2O Flow instance on the target application. H2O Flow is an open-source user interface for H2O, an open-source, distributed and scalable machine learning and predictive analytics platform. This detection is included in the AI and LLM category.

This is an informational plugin to inform the user that the scanner has detected the presence of a manifest used by ChatGPT plugins on the target application. This detection is included in the AI and LLM category.

This is an informational plugin to inform the user that the scanner has detected a publicly accessible Ray instance on the target application. Ray is an open-source framework to build and scale Machine Learning (ML) and Python applications. This detection is included in the AI and LLM category.

This is an informational plugin to inform the user that the scanner has detected a publicly accessible ZenML instance on the target application. ZenML is an open-source framework dedicated to MLOps abstracting the underlying infrastructure. This detection is included in the AI and LLM category.

By default, Ollama does not require authentication to access the application. This allows an attacker to perform arbitrary modifications on experiments or models in the web interface. This detection is included in the AI and LLM category.

This is an informational plugin to inform the user that the scanner has detected a publicly accessible Ollama instance on the target application. Ollama is an open-source application to quickly set up various LLMs. This detection is included in the AI and LLM category.

By default, MLflow does not require authentication to access the application. This allows an attacker to perform arbitrary modifications on experiments or models in the web interface. This detection is included in the AI and LLM category.

By default, MLflow does not require authentication to access the application. When enabling authentication, MLflow will enforce a basic authentication with default credentials. If not updated, a remote and unauthenticated attacker could access the MLflow UI and peform arbitrary actions on it. This detection is included in the AI and LLM category.

This is an informational plugin to inform the user that the scanner has detected the usage of the ChatGPT.JS client-side library on the target application. This detection is included in the AI and LLM category.

By default, Langflow does not require authentication to access the application. This allows an attacker to access sensitive data such as global variables, projects already created and the secrets they expose. This detection is included in the AI and LLM category.

This is an informational plugin to inform the user that the scanner has detected a publicly accessible Langflow instance on the target application. Langflow is an open-source visual framework for building multi-agent and RAG. This detection is included in the AI and LLM category.

NextChat (formerly ChatGPT-Next-Web) versions prior to 2.12.4 are vulnerable to Server-Side Request Forgery (SSRF) and Cross-Site Scripting attacks, allowing remote and unauthenticated attacker to make the vulnerable instance issue arbitrary requests on both external or internal assets through the '/api/webdav' endpoint or to execute JavaScript in the application users browsers context. This detection is included in the AI and LLM category.

By default, Flowise does not require authentication to access the application. This allows an attacker to access sensitive data such as private documents, API keys, variables, but also allows you to modify existing Chatflows and Agentflows. This detection is included in the AI and LLM category.

This is an informational plugin to inform the user that the scanner has detected a publicly accessible MLflow instance on the target application. MLflow is a platform to streamline machine learning development and simplify model operations. This detection is included in the AI and LLM category.

This is an informational plugin to inform the user that the scanner has detected the use of a Flowise Chatflow. This detection is included in the AI and LLM category.

Flowise versions prior to 1.6.6 are vulnerable to an authentication bypass allowing a remote and unauthenticated attacker to perform administrative actions through the REST API.

This is an informational plugin to inform the user that the scanner has detected a publicly accessible Flowise instance on the target application. Flowise is a builder for LLM applications. This detection is included in the AI and LLM category.

This is an informational plugin to inform the user that the scanner has detected a publicly accessible LibreChat instance on the target application. LibreChat is an enhanced open-source ChatGPT clone. This detection is included in the AI and LLM category.

This is an informational plugin to inform the user that the scanner has detected a publicly accessible NextChat (formerly ChatGPT-Next-Web) instance on the target application. NextChat is a collection of tools to help developers build their own AI service around most popular LLMs. This detection is included in the AI and LLM category.

NextChat (formerly ChatGPT-Next-Web) versions prior to 2.11.3 are vulnerable to Server-Side Request Forgery (SSRF) and Cross-Site Scripting attacks, allowing remote and unauthenticated attacker to make the vulnerable instance issue arbitrary requests on both external or internal assets through the '/api/cors' endpoint or to execute JavaScript in the application users browsers context.

This is an informational plugin to inform the user that the scanner has detected a publicly accessible Quivr instance on the target application. Quivr is RAG Framework specialized for building GenAI Second Brains and allows discussion with a variety of documents using different LLM models. This detection is included in the AI and LLM category.

This is an informational plugin to inform the user that the scanner has detected a publicly accessible Open WebUI instance on the target application. Open WebUI offer an extensible web application designed for various LLM while offering a feature-rich environment. This detection is included in the AI and LLM category.

This is an informational plugin to inform the user that the scanner has detected a publicly accessible AnythingLLM instance on the target application. AnythingLLM let you choose between different LLM or vector database to use and allow to convert any document or content into references that the selected language model can use while chatting. This detection is included in the AI and LLM category.

ID	Name	Severity
114467	Danswer < 0.10.0-beta.1 Insecure Direct Object Reference	medium
114459	Gradio < 4.37.1 Open Redirect	medium
114413	Flowise < 2.0.6 Authentication Bypass	high
114409	Gradio 4.3 < 4.13 Local File Read	high
114408	Gradio Unauthenticated Access	critical
114407	Gradio Detected	info
114393	Danswer Unauthenticated Access	critical
114392	Danswer Detected	info
114391	Dify Detected	info
114390	AnythingLLM API Sensitive Information Disclosure	high
114389	ChatGPT-web Detected	info
114367	H2O Flow Detected	info
114362	ChatGPT Plugin Manifest Detected	info
114361	Ray Detected	info
114359	ZenML Detected	info
114328	Ollama Unauthenticated Access	critical
114327	Ollama Detected	info
114324	MLflow Unauthenticated Access	critical
114323	MLflow Default Credentials	critical
114321	Chatgpt.js Detected	info
114320	Langflow Unauthenticated Access	critical
114319	Langflow Detected	info
114326	NextChat < 2.12.4 Server-Side Request Forgery	high
114318	Flowise Unauthenticated Access	critical
114317	MLflow Detected	info
114313	Flowise Chatflow Detected	info
114312	Flowise < 1.6.6 Authentication Bypass	high
114309	Flowise Detected	info
114308	LibreChat Detected	info
114307	NextChat Detected	info
114306	NextChat < 2.11.3 Server-Side Request Forgery	critical
114305	Quivr Detected	info
114304	Open WebUI Detected	info
114303	AnythingLLM Detected	info

Detections

Analytics

Artificial Intelligence Family for Web App Scanning

medium

medium

high

high

critical

info

critical

info

info

high

info

info

info

info

info

critical

info

critical

critical

info

critical

info

high

critical

info

info

high

info

info

info

critical

info

info

info