SecAlerts
CVE ListPricingSign Up
Onyx logo

Onyx

Security Risk Profile

32
/100
low

Security Risk Score

Comprehensive risk assessment based on 6 vulnerabilities, EPSS scores, exploitation status, and remediation availability.

📅 Data spans from March 20, 2025 to present

6
Total CVEs
2
Critical+High
0
Exploited
2
Unpatched

Threat Assessment

Avg CVSS
6.8
Base severity
Avg EPSS
0%
Exploit probability
Unpatched
2
Critical/High
Risk Level
32/100
low

Severity Distribution

Critical
1
High
1
Medium
4
Low
0

Exploit Likelihood

>50% chance
0
20-50%
0
5-20%
0
<5%
1

Age Distribution

Common Weaknesses (CWE)

1
SQL Injection
1

Most Affected Products

1. Onyx onyx12
2. danswer-ai danswer2
3. Onyx Onyx Enterprise Edition1
4. Onyx Chat Interface1

Recent Vulnerabilities

See more →
CVE-2026-42277
CVSS 6.5medium

Onyx: IDOR in /chat/file/{file_id} allows any authenticated user to download other users files

5/8/2026🔧 No Patch
CVE-2026-42276
CVSS 4.3medium

Onyx: IDOR in /chat/stop-chat-session allows any authenticated user to interrupt other users chat sessions

5/8/2026🔧 No Patch
CVE-2025-51479
CVSS 5.4medium
7/22/2025🔧 No Patch
CVE-2025-7894
CVSS 9.8EPSS 0%critical

Onyx Chat Interface a3_generate_simple_sql.py generate_simple_sql sql injection

7/20/2025🔧 No Patch
CVE-2024-7767
CVSS 8.1high

Improper Access Control in danswer-ai/danswer

3/20/2025🔧 No Patch
CVE-2024-9612
CVSS 6.5medium

Unauthorized Access in danswer-ai/danswer

3/20/2025🔧 No Patch

Monitor Onyx in Real-Time

Get instant alerts when new vulnerabilities are discovered. Stay ahead of security threats with SecAlerts.

Start Free TrialBook a Demo
Powered bySecAlerts

Monitor Your Software Stack in Real-Time

Get instant alerts when vulnerabilities are discovered in your software stack. Stay ahead of security threats with SecAlerts.

Start Free TrialBook a Demo
AboutNewsDocumentationTermsContact

© 2026 SecAlerts Pty Ltd. All rights reserved.