Picklescan is vulnerable to RCE via missing detection when calling

llama-index-core insecurely handles temporary files

Open WebUI's process_files_batch() endpoint missing ownership check

LangChain vulnerable to unsafe deserialization of attacker-controlled objects through

Open WebUI: Redis Cache Keys tool_servers and terminal_servers

vLLM is an inference and serving engine for large language