Unsafe Dependency Resolution

Overview vllm is an A high-throughput and memory-efficient inference and serving engine for LLMs Affected versions of this package are vulnerable to Unsafe Dependency Resolution in the process of loading sub-components with the trustremotecode parameter set to True, regardless of user...

Denial of Service (DoS)

Overview Affected versions of this package are vulnerable to Denial of Service DoS via the QuoRem function in the eisenstein.go file. Details Denial of Service DoS describes a family of attacks, all aimed at making a system inaccessible to its intended and legitimate users. Unlike other...

PT-2024-29587 · Kubean · Kubean

Name of the Vulnerable Software and Affected Versions: Kubean versions prior to 0.18.0 Description: The issue concerns a cluster lifecycle management toolchain where the ClusterRole has excessive permissions, allowing a malicious user to abuse these permissions and perform any action on the whole...

PT-2024-23862 · Sunshine · Sunshine

Name of the Vulnerable Software and Affected Versions: Sunshine versions 0.16.0 through 0.17.x Description: Sunshine is a self-hosted game stream host for Moonlight. An attacker may be able to remotely read arbitrary files without authentication due to a path traversal vulnerability. Users who...