Name: Kotaemon
Author: Cinnamon

🔍 What is Kotaemon?

Description coming soon...

🛡️ Security Overview

Click on a severity to filter vulnerabilities

⚠️ Known Vulnerabilities

CVE-2025-56527

HIGH CVSS 7.5 Nov 18, 2025

CVE-2025-56527 allows attackers to steal plaintext passwords stored in the client's localStorage in Kotaemon 0.11.0. This affects all users of the vulnerable version who store credentials in the appli...

CVE-2025-63914

MEDIUM CVSS 6.5 Nov 24, 2025

CVE-2025-63914 is a resource exhaustion vulnerability in Cinnamon kotaemon 0.11.0 where the ZIP file extraction function lacks proper validation. Attackers with file upload permissions can upload ZIP ...

CVE-2025-56526

MEDIUM CVSS 6.1 Nov 18, 2025

A stored cross-site scripting (XSS) vulnerability in Kotaemon 0.11.0 allows attackers to inject malicious scripts via crafted PDF content. When rendered by the application, this can execute arbitrary ...