Lucene search
K

5 matches found

Github Security Blog
Github Security Blog
added 2026/06/10 5:11 p.m.12 views

vLLM's Artifact Pin Decay allows pinned deployments to load unpinned code, weights, and processors

Summary vLLM's revision pinning controls do not consistently apply to all artifacts loaded for a model. A deployment that supplies --revision or --code-revision can still load dynamic code, GGUF files, image processors, retrieval side weights, or same-repository subfolder weights/config from an...

6.5CVSS5.6AI score0.00146EPSS
Exploits0References2Affected Software1
NVD
NVD
added 2025/11/21 7:16 p.m.6 views

CVE-2025-62609

MLX is an array framework for machine learning on Apple silicon. Prior to version 0.29.4, there is a segmentation fault in mlx::core::loadgguf when loading malicious GGUF files. Untrusted pointer from external gguflib library is dereferenced without validation, causing application crash. This iss...

7.5CVSS0.00328EPSS
Exploits1References1
EUVD
EUVD
added 2025/11/21 6:3 p.m.5 views

EUVD-2025-198500

MLX has Wild Pointer Dereference in loadgguf...

6.9CVSS6.4AI score0.00328EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 2025/11/21 12:0 a.m.8 views

PT-2025-47798

Name of the Vulnerable Software and Affected Versions MLX versions prior to 0.29.4 Description MLX, an array framework for machine learning on Apple silicon, contains a flaw in the mlx::core::load gguf function. This function experiences a segmentation fault when processing maliciously crafted GG...

6.9CVSS6.4AI score0.00328EPSS
Exploits1References7
NVD
NVD
added 2025/03/20 10:15 a.m.21 views

CVE-2025-0315

A vulnerability in ollama/ollama =0.3.14 allows a malicious user to create a customized GGUF model file, upload it to the Ollama server, and create it. This can cause the server to allocate unlimited memory, leading to a Denial of Service DoS attack...

7.5CVSS0.00672EPSS
Exploits1References1
Rows per page
Query Builder