AI Threat Alert

LoLLMs Vulnerabilities

pip ML UI

36

Risk Score

9

Total CVEs

1

Critical

pip

Ecosystem

Apr 10, 2026

Last CVE

33%

Patch Rate

1d

Avg Time to Patch

77 stars 26 forks 7 issues Last push May 15, 2026

Known Vulnerabilities (9 total, page 1 of 1)

Severity CVE ID Summary CVSS Published

CRITICAL CVE-2026-1115 lollms: Stored XSS enables wormable account takeover 9.6 Apr 10, 2026 MEDIUM CVE-2026-1163 lollms: sessions persist after password reset 4.1 Apr 8, 2026 LOW CVE-2024-6971 lollms: path traversal in RAG database functions 3.4 Oct 11, 2024 MEDIUM CVE-2024-6985 lollms: path traversal allows arbitrary directory read 4.4 Oct 11, 2024 MEDIUM CVE-2024-6581 Lollms: SVG upload XSS enables session hijack and RCE 6.5 Oct 29, 2024 HIGH CVE-2024-6982 lollms: RCE via eval() sandbox bypass in Calculate 8.4 Mar 20, 2025 HIGH CVE-2025-6386 lollms: timing attack enables credential enumeration 7.5 Jul 7, 2025 HIGH CVE-2026-1117 lollms: Access Control bypass enables privilege escalation 8.2 Feb 2, 2026 LOW CVE-2024-4839 lollms-webui: CSRF allows unauthorized AI service install 3.3 Jun 24, 2024

Monitor LoLLMs in your stack

Get instant alerts when new vulnerabilities affect LoLLMs. CISO analysis, ATLAS technique mappings, and compliance reports included.

Start Monitoring