CVE-2026-47117

OpenMed prior to version 1.5.2 is affected by a remote code execution vulnerability in the PII privacy-filter model loading path. The privacy-filter dispatcher uses broad substring matching on the user-supplied model_name, enabling a value like attacker/foo-privacy-filter-bar to route to a path t...

CVE-2026-3071

Deserialization of untrusted data in the LanguageModel class of Flair from versions 0.4.1 to latest are vulnerable to arbitrary code execution when loading a malicious model...

CVE-2026-3071

Deserialization of untrusted data in the LanguageModel class of Flair from versions 0.4.1 to latest are vulnerable to arbitrary code execution when loading a malicious model...

Insufficient Verification Of Data Authenticity

PickleScan is vulnerable to Insufficient Verification of Data Authenticity. The vulnerability is due to a discrepancy in filename handling due to differences between ZIP header filenames and directory listing filenames, which allows an attacker to bypass detection by causing PickleScan to crash...

CVE-2025-24357 vLLM allows a malicious model RCE by torch.load in hf_model_weights_iterator

vLLM is a library for LLM inference and serving. vllm/modelexecutor/weightutils.py implements hfmodelweightsiterator to load the model checkpoint, which is downloaded from huggingface. It uses the torch.load function and the weightsonly parameter defaults to False. When torch.load loads malicious...

GHSA-CPV4-GGRR-7J9V Rasa Allows Remote Code Execution via Remote Model Loading

Vulnerability A vulnerability has been identified in Rasa Pro and Rasa Open Source that enables an attacker who has the ability to load a maliciously crafted model remotely into a Rasa instance to achieve Remote Code Execution. The prerequisites for this are: - The HTTP API must be enabled on the...