AI Security Threat Feed

vLLM is a high-throughput and memory-efficient inference and serving engine for LLMs. Versions starting from 0.5.2 and prior to 0.8.5 are vulnerable to denial of service and data exposure via ZeroMQ...

Picklescan Vulnerable to Exfiltration via DNS via linecache and ssl.get_server_certificate

jupyterlab-git has a command injection vulnerability in "Open Git Repository in Terminal"

Mesop is a Python-based UI framework that allows users to build web applications. A class pollution vulnerability in Mesop prior to version 0.14.1 allows attackers to overwrite global variables and...

LiteLLM Has a Leakage of Langfuse API Keys

LiteLLM Has an Improper Authorization Vulnerability

LiteLLM Reveals Portion of API Key via a Logging File

Open WebUI Unauthenticated Multipart Boundary Denial of Service (DoS) Vulnerability

LiteLLM Vulnerable to Denial of Service (DoS) via Crafted HTTP Request

Open WebUI stored cross-site scripting (XSS) vulnerability

Open WebUI allows Remote Code Execution via Arbitrary File Upload to /audio/api/v1/transcriptions

Open WebUI lacks authentication for the `api/v1/utils/pdf` endpoint

PyTorch Lightning denial of service vulnerability

Open WebUI denial of service through endpoint for converting markdown

Open WebUI Cross-Site Request Forgery (CSRF) Vulnerability

Open WebUI Unauthenticated Multipart Boundary Denial of Service (DoS) Vulnerability in api/chat/file

Open WebUI Vulnerable to a Session Fixation Attack

Open Neural Network Exchange (ONNX) Path Traversal Vulnerability

Open WebUI Allows Admin Deletion via API Endpoint

LiteLLM Vulnerable to Remote Code Execution (RCE)

LoLLMS Code Injection vulnerability

Open WebUI Uncontrolled Resource Consumption vulnerability

Open WebUI Allows Arbitrary File Reading and Deletion

Open WebUI has vulnerable dependency on starlette via fastapi

BentoML vulnerable to Uncontrolled Resource Consumption

Open WebUI Uncontrolled Resource Consumption vulnerability

Open WebUI Uncontrolled Resource Consumption vulnerability

H2O Vulnerable to Denial of Service (DoS) and File Write

A Cross-Site Request Forgery (CSRF) vulnerability exists in the Signup feature of mlflow/mlflow versions 2.17.0 to 2.20.1. This vulnerability allows an attacker to create a new account, which may be...

In mlflow/mlflow version 2.17.2, the `/graphql` endpoint is vulnerable to a denial of service attack. An attacker can create large batches of queries that repeatedly request all runs from a given...

A vulnerability in ollama/ollama versions <=0.3.14 allows a malicious user to upload and create a customized GGUF model file on the Ollama server. This can lead to a division by zero error in the...

A vulnerability in ollama/ollama <=0.3.14 allows a malicious user to create a customized GGUF model file, upload it to the Ollama server, and create it. This can cause the server to allocate...

A vulnerability in ollama/ollama versions <=0.3.14 allows a malicious user to create a customized GGUF model file that, when uploaded and created on the Ollama server, can cause a crash due to an...

BentoML version v1.3.4post1 is vulnerable to a Denial of Service (DoS) attack. The vulnerability can be exploited by appending characters, such as dashes (-), to the end of a multipart boundary in an...

A vulnerability in the file upload process of gradio-app/gradio version @gradio/video@0.10.2 allows for a Denial of Service (DoS) attack. An attacker can append a large number of characters to the...

A path traversal vulnerability exists in mlflow/mlflow version 2.15.1. When users configure and use the dbfs service, concatenating the URL directly into the file protocol results in an arbitrary...

A divide by zero vulnerability exists in ollama/ollama version v0.3.3. The vulnerability occurs when importing GGUF models with a crafted type for `block_count` in the Modelfile. This can lead to a...

The `/openai/models` endpoint in open-webui/open-webui version 0.3.8 is vulnerable to Server-Side Request Forgery (SSRF). An attacker can change the OpenAI URL to any URL without checks, causing the...

A vulnerability in the `default_jsonalyzer` function of the `JSONalyzeQueryEngine` in the run-llama/llama_index repository allows for SQL injection via prompt injection. This can lead to arbitrary...

A Regular Expression Denial of Service (ReDoS) vulnerability was identified in the huggingface/transformers library, specifically in the file tokenization_nougat_fast.py. The vulnerability occurs in...

A vulnerability in the LangChainLLM class of the run-llama/llama_index repository, version v0.12.5, allows for a Denial of Service (DoS) attack. The stream_complete method executes the llm using a...

A vulnerability in Ollama versions <=0.3.14 allows a malicious user to create a customized gguf model file that can be uploaded to the public Ollama server. When the server processes this malicious...

In version 3.83 of binary-husky/gpt_academic, a Server-Side Request Forgery (SSRF) vulnerability exists in the Markdown_Translate.get_files_from_everything() API. This vulnerability is exploited...

GPT Academic version 3.83 is vulnerable to a Server-Side Request Forgery (SSRF) vulnerability through its HotReload plugin function, which calls the crazy_utils.get_files_from_everything() API...

A path traversal vulnerability exists in the Gradio Audio component of gradio-app/gradio, as of version git 98cbcae. This vulnerability allows an attacker to control the format of the audio file,...

A Regular Expression Denial of Service (ReDoS) vulnerability exists in the gradio-app/gradio repository, affecting the gr.Datetime component. The affected version is git commit 98cbcae. The...

A vulnerability in the dataframe component of gradio-app/gradio (version git 98cbcae) allows for a zip bomb attack. The component uses pd.read_csv to process input values, which can accept compressed...

A vulnerability in BerriAI/litellm, as of commit 26c03c9, allows unauthenticated users to cause a Denial of Service (DoS) by exploiting the use of ast.literal_eval to parse user input. This function...

A vulnerability was found in PyTorch 2.6.0+cu124. It has been declared as critical. Affected by this vulnerability is the function torch.ops.profiler._call_end_callbacks_on_jit_fut of the component...

Label Studio allows Server-Side Request Forgery in the S3 Storage Endpoint