49 matches found
CVE-2026-25211
Llama Stack (llama-stack)
CVE-2026-25211
Llama Stack aka llama-stack before 0.4.0rc3 does not censor the pgvector password in the initialization log...
PT-2026-5384
Name of the Vulnerable Software and Affected Versions Llama Stack versions prior to 0.4.0rc3 Description The software does not properly conceal the pgvector password within the initialization logs, potentially exposing sensitive credentials. Recommendations Update to version 0.4.0rc3 or later...
Llama Stack log information leakage vulnerability
Llama Stack is a core building block for simplified artificial intelligence application development, open-sourced by Meta Llama. Versions of Llama Stack prior to 0.4.0rc3 contained a vulnerability related to log information leakage. This vulnerability stemmed from the fact that the log...
Exploit for CVE-2024-50050
--- 💀 LlamaStack-RCE: CVE-2024-50050 Supply Chain Exploitatio...
CVE-2026-1234
A security issue was identified in the Llama Stack server when PGVector is used as a vector store provider. During initialization, the server logs print the PGVector database password in clear text. This occurs due to insufficient redaction of sensitive configuration fields. As a result, anyone...
Remote Code Execution (RCE)
Llama Stack is vulnerable to Remote Code Execution RCE. The vulnerability is due to improper validation of parameters in the resolveastbytype function, which allows an attacker to supply malicious input leading to arbitrary code execution...
EUVD-2025-31066
Malicious code in bioql PyPI...
GHSA-X75H-M6JJ-6CJ2 Llama Stack could potentially allow for remote code execution
Llama Stack prior to version v0.2.20 accepted unverified parameters in the resolveastbytype function which could potentially allow for remote code execution...
lightspeed-stack (>=0.1.1 <=0.2.0), lightspeed-stack-providers (>=0.1.10 <=0.1.15) +3 more potentially affected by CVE-2025-55178 via llama-stack (>=0.2.10.1 <=0.2.18)
llama-stack PYPI version =0.2.10.1, =0.1.1, =0.1.10, =1.0.1, =0.2.2, =0.3.0a0 Source cves: CVE-2025-55178 Source advisory: SNYK:PYTHON-LLAMASTACK-13109624...
lightspeed-stack (>=0.1.1 <=0.2.0), lightspeed-stack-providers (>=0.1.10 <=0.1.15) +3 more potentially affected by CVE-2025-55178 via llama-stack (>=0.2.10.1 <=0.2.18)
llama-stack PYPI version =0.2.10.1, =0.1.1, =0.1.10, =1.0.1, =0.2.2, =0.3.0a0 Source cves: CVE-2025-55178 Source advisory: OSV:GHSA-X75H-M6JJ-6CJ2...
Cross-site Scripting (XSS)
Overview llama-stack is a Llama Stack Affected versions of this package are vulnerable to Cross-site Scripting XSS via the resolveastbytype function. An attacker can modify application behavior or execute unauthorized actions by supplying unverified parameters. Details Cross-site scripting or XSS...
Llama Stack could potentially allow for remote code execution
Llama Stack prior to version v0.2.20 accepted unverified parameters in the resolveastbytype function which could potentially allow for remote code execution...
CVE-2025-55178
Llama Stack prior to version v0.2.20 accepted unverified parameters in the resolveastbytype function which could potentially allow for remote code execution...
CVE-2025-55178
Llama Stack prior to version v0.2.20 accepted unverified parameters in the resolveastbytype function which could potentially allow for remote code execution...
CVE-2025-55178
Summary: Llama Stack versions prior to 0.2.20 are reported to be vulnerable to remote code execution due to unverified parameters accepted by the resolve_ast_by_type function. This root cause is consistently described across multiple sources (CVE-2025-55178 entries and related advisories). Affect...
CVE-2025-55178
Llama Stack prior to version v0.2.20 accepted unverified parameters in the resolveastbytype function which could potentially allow for remote code execution...
CVE-2025-55178
Llama Stack prior to version v0.2.20 accepted unverified parameters in the resolveastbytype function which could potentially allow for remote code execution...
PT-2025-39321
Name of the Vulnerable Software and Affected Versions Llama Stack versions prior to 0.2.20 Description The software accepts unverified parameters in the resolve ast by type function, which may allow for remote code execution. Recommendations Update to version 0.2.20 or later...
Llama Stack 安全漏洞
Llama Stack is a model component of the Llama Stack API open-sourced by Meta Llama. A security vulnerability exists in Llama Stack versions prior to v0.2.20, which stems from the resolveastbytype function accepting unvalidated parameters, which could lead to remote code execution...