86 matches found
GHSA-59P9-H35M-WG4G vulnerabilities
Vulnerabilities for packages: text-generation-inference...
GHSA-4W7R-H757-3R74 vulnerabilities
Vulnerabilities for packages: text-generation-inference...
CVE-2025-6051 vulnerabilities
Vulnerabilities for packages: text-generation-inference...
GHSA-37MW-44QP-F5JM vulnerabilities
Vulnerabilities for packages: text-generation-inference...
CVE-2025-6638 vulnerabilities
Vulnerabilities for packages: text-generation-inference...
CVE-2025-62364
text-generation-webui is an open-source web interface for running Large Language Models. In versions through 3.13, a Local File Inclusion vulnerability exists in the character picture upload feature. An attacker can upload a text file containing a symbolic link to an arbitrary file path. When the...
CVE-2025-62364
text-generation-webui is an open-source web interface for running Large Language Models. In versions through 3.13, a Local File Inclusion vulnerability exists in the character picture upload feature. An attacker can upload a text file containing a symbolic link to an arbitrary file path. When the...
CVE-2025-62364
The CVE-2025-62364 issue affects text-generation-webui (up to version 3.13). A Local File Inclusion exists in the character picture upload feature: an attacker can upload a text file containing a symbolic link to an arbitrary file path, and when processed the app follows the link and serves the t...
CVE-2025-62364 text-generation-webui allows arbitrary file read via symbolic link upload
text-generation-webui is an open-source web interface for running Large Language Models. In versions through 3.13, a Local File Inclusion vulnerability exists in the character picture upload feature. An attacker can upload a text file containing a symbolic link to an arbitrary file path. When the...
EUVD-2025-34082
text-generation-webui is an open-source web interface for running Large Language Models. In versions through 3.13, a Local File Inclusion vulnerability exists in the character picture upload feature. An attacker can upload a text file containing a symbolic link to an arbitrary file path. When the...
CVE-2025-62364 text-generation-webui allows arbitrary file read via symbolic link upload
text-generation-webui is an open-source web interface for running Large Language Models. In versions through 3.13, a Local File Inclusion vulnerability exists in the character picture upload feature. An attacker can upload a text file containing a symbolic link to an arbitrary file path. When the...
CVE-2025-62364 text-generation-webui allows arbitrary file read via symbolic link upload
text-generation-webui is an open-source web interface for running Large Language Models. In versions through 3.13, a Local File Inclusion vulnerability exists in the character picture upload feature. An attacker can upload a text file containing a symbolic link to an arbitrary file path. When the...
PT-2025-41812
Name of the Vulnerable Software and Affected Versions text-generation-webui versions through 3.13 Description text-generation-webui is a web interface for running Large Language Models. A Local File Inclusion issue exists in the character picture upload feature. An attacker can upload a text file...
Text Generation Web UI 后置链接漏洞
Text Generation Web UI is a UI interface for native AI by oobabooga individual developers. A backlink vulnerability exists in Text Generation Web UI version 3.13 and earlier, which stems from a local file inclusion vulnerability in the character image upload feature that could result in reading...
text-generation-inference: Unbounded external image fetch in validation leads to resource-exhaustion DoS
Description Text Generation Inference Router DoS via pre-validation image fetch in VLM mode. Affected: Router workspace version 3.3.6 the latest repo, when deployed with a vision/VLM model e.g., Idefics/Mllama/Idefics2/Idefics3/Gemma3/Llama4/Paligemma/LlavaNext/Qwen2VL/Qwen25VL. Pure text LLMs do...
Hashed Watermark As a Filter: Defeating Forging and Overwriting Attacks in Weight-Based Neural Network Watermarking
As valuable digital assets, deep neural networks necessitate robust ownership protection, positioning neural network watermarking NNW as a promising solution. Among various NNW approaches, weight-based methods are favored for their simplicity and practicality; however, they remain vulnerable to...
False Alarms, Real Damage: Adversarial Attacks Using LLM-Based Models on Text-Based Cyber Threat Intelligence Systems
Cyber Threat Intelligence CTI has emerged as a vital complementary approach that operates in the early phases of the cyber threat lifecycle. CTI involves collecting, processing, and analyzing threat data to provide a more accurate and rapid understanding of cyber threats. Due to the large volume ...
ai4data (=0.0.1), aihero (=0.3.1) +37 more potentially affected by CVE-2024-3924 via text-generation (>=0.6.1 <=0.7.0)
text-generation PYPI version =0.6.1, =3.0.0, =0.114.0, =0.0.1a7, =0.3.6.dev0, =0.0.1a8, =0.14.3, =2.0.0, =0.0.2, =0.1.4, =0.1.0, =0.1.10, =0.1.14 and more Source cves: CVE-2024-3924 Source advisory: OSV:GHSA-QQ99-P57R-G3V7...
GHSA-QQ99-P57R-G3V7 code injection vulnerability exists in the huggingface/text-generation-inference repository
A code injection vulnerability exists in the huggingface/text-generation-inference repository, specifically within the autodocs.yml workflow file. The vulnerability arises from the insecure handling of the github.headref user input, which is used to dynamically construct a command for installing ...
CVE-2024-3924
A code injection vulnerability exists in the huggingface/text-generation-inference repository, specifically within the autodocs.yml workflow file. The vulnerability arises from the insecure handling of the github.headref user input, which is used to dynamically construct a command for installing ...