📦 Onyx

An improper access control vulnerability in danswer-ai/danswer v0.3.94 allows the first user created in the system to view, modify, and delete chats created by an Admin. This affects all deployments u...

This critical SQL injection vulnerability in Onyx's chat interface allows attackers to execute arbitrary SQL commands through the generate_simple_sql function. It affects Onyx versions up to 0.29.1 an...

This vulnerability allows attackers to bypass front-end visibility restrictions by directly calling the search API, even when administrators have hidden the search page. Regular users who should be bl...