lightspeed-stack (>=0.1.1 <=0.4.0), lightspeed-stack-providers (>=0.1.10 <=0.1.18) +5 more potentially affected by CVE-2026-25211 via llama-stack (>=0.2.10.1 <=0.3.5)

llama-stack PYPI version =0.2.10.1, =0.1.1, =0.1.10, =1.0.1, =0.3.4, =0.1.0, =0.2.0, =0.3.0a0 Source cves: CVE-2026-25211 Source advisory: SNYK:PYTHON-LLAMASTACK-15166608...

Jailbreaking in the Haystack

Recent advances in long-context language models LMs have enabled million-token inputs, expanding their capabilities across complex tasks like computer-use agents. Yet, the safety implications of these extended contexts remain unclear. To bridge this gap, we introduce NINJA short for...

EUVD-2024-2367

Malicious code in bioql PyPI...

CVE-2023-1712

Use of Hard-coded, Security-relevant Constants in GitHub repository deepset-ai/haystack prior to 0.1.30...

CVE-2024-41950

Haystack is an end-to-end LLM framework that allows you to build applications powered by LLMs, Transformer models, vector search and more. Haystack clients that let their users create and run Pipelines from scratch are vulnerable to remote code executions. Certain Components in Haystack use Jinja...

Remote Code Execution

Haystack is vulnerable to Remote Code Execution. The vulnerability is due to the use of Jinja2 templates, which can be exploited to run arbitrary code if a user creates and renders a malicious template on the client machine...

Haystack Remote Code Execution Vulnerability

Haystack is an open source NLP framework for interacting with your data using Transformer models and LLMs GPT-4, ChatGPT, etc.. A remote code execution vulnerability exists in Haystack versions prior to 2.3.1, which can be exploited by an attacker to create and present a Jinja2 template on a clie...

Insecure Jinja2 templates rendered in Haystack Components can lead to RCE

Impact Haystack clients that let their users create and run Pipelines from scratch are vulnerable to remote code executions. Certain Components in Haystack use Jinja2 templates, if anyone can create and render that template on the client machine they run any code. Patches The problem has been fix...

GHSA-HX9V-6R9F-W677 Insecure Jinja2 templates rendered in Haystack Components can lead to RCE

Impact Haystack clients that let their users create and run Pipelines from scratch are vulnerable to remote code executions. Certain Components in Haystack use Jinja2 templates, if anyone can create and render that template on the client machine they run any code. Patches The problem has been fix...

CVE-2024-41950

Haystack is an end-to-end LLM framework that allows you to build applications powered by LLMs, Transformer models, vector search and more. Haystack clients that let their users create and run Pipelines from scratch are vulnerable to remote code executions. Certain Components in Haystack use Jinja...

CVE-2024-41950 Insecure Jinja2 templates rendered in Haystack Components can lead to RCE

Haystack is an end-to-end LLM framework that allows you to build applications powered by LLMs, Transformer models, vector search and more. Haystack clients that let their users create and run Pipelines from scratch are vulnerable to remote code executions. Certain Components in Haystack use Jinja...

CVE-2024-41950 Insecure Jinja2 templates rendered in Haystack Components can lead to RCE

Haystack is an end-to-end LLM framework that allows you to build applications powered by LLMs, Transformer models, vector search and more. Haystack clients that let their users create and run Pipelines from scratch are vulnerable to remote code executions. Certain Components in Haystack use Jinja...

CVE-2024-41950

CVE-2024-41950 affects Haystack, an open‑source end‑to‑end LLM framework. The vulnerability arises from components that render Jinja2 templates on the client side, enabling remote code execution if a user creates and renders a malicious template within a Pipeline. Multiple connected sources (incl...

CVE-2024-41950 Insecure Jinja2 templates rendered in Haystack Components can lead to RCE

Haystack is an end-to-end LLM framework that allows you to build applications powered by LLMs, Transformer models, vector search and more. Haystack clients that let their users create and run Pipelines from scratch are vulnerable to remote code executions. Certain Components in Haystack use Jinja...

PT-2024-29658 · Jinja2 +1 · Jinja2 +1

Name of the Vulnerable Software and Affected Versions: Haystack versions prior to 2.3.1 Description: The issue concerns Haystack clients that allow users to create and run Pipelines from scratch, making them vulnerable to remote code executions. Certain components in Haystack utilize Jinja2...

Haystack 安全漏洞

Haystack is an open source NLP framework for interacting with your data using Transformer models and LLMs GPT-4, ChatGPT, etc.. A remote code execution vulnerability exists in Haystack versions prior to 2.3.1, which can be exploited by an attacker to create and present a Jinja2 template on a clie...

GHSA-W7QG-J435-78QW Use of hard-coded, security-relevant constants in deepset-ai/haystack

Use of Hard-coded, Security-relevant Constants in GitHub repository deepset-ai/haystack in version 1.15.0 and prior. A patch is available at commit 5fc84904f198de661d5b933fde756aa922bf09f1...

llama2-terminal (>=0.1.1 <=0.1.6), mapintel (=1.0.0) potentially affected by CVE-2023-1712 via farm-haystack (>=0.8.0 <=1.12.2)

farm-haystack PYPI version =0.8.0, =0.1.1, =0.1.6 - mapintel =1.0.0 Source cves: CVE-2023-1712 Source advisory: OSV:GHSA-W7QG-J435-78QW...

Use of hard-coded, security-relevant constants in deepset-ai/haystack

Use of Hard-coded, Security-relevant Constants in GitHub repository deepset-ai/haystack in version 1.15.0 and prior. A patch is available at commit 5fc84904f198de661d5b933fde756aa922bf09f1...

CVE-2023-1712

Use of Hard-coded, Security-relevant Constants in GitHub repository deepset-ai/haystack prior to 0.1.30...