GHSA-R5HP-3CGJ-J6XV Spring AI's ONNX model cache defaults to world-writable predictable /tmp directory

In Spring AI, having access to a shared environment can expose the ONNX model used by the application. Affected versions: Spring AI: 1.0.0 - 1.0.5 fixed in 1.0.6, 1.1.0 - 1.1.4 fixed in 1.1.5...

Spring AI's ONNX model cache defaults to world-writable predictable /tmp directory

In Spring AI, having access to a shared environment can expose the ONNX model used by the application. Affected versions: Spring AI: 1.0.0 - 1.0.5 fixed in 1.0.6, 1.1.0 - 1.1.4 fixed in 1.1.5...

EUVD-2025-24154

Malicious code in bioql PyPI...

CVE-2025-45146

ModelCache for LLM through v0.2.0 was discovered to contain an deserialization vulnerability via the component /manager/datamanager.py. This vulnerability allows attackers to execute arbitrary code via supplying crafted data...

CVE-2025-45146

ModelCache for LLM through v0.2.0 was discovered to contain an deserialization vulnerability via the component /manager/datamanager.py. This vulnerability allows attackers to execute arbitrary code via supplying crafted data...

CVE-2025-45146

CVE-2025-45146 applies to ModelCache for LLM through v0.2.0, where a deserialization vulnerability in /manager/data_manager.py allows arbitrary code execution via crafted data. The CVE’s CVSSv3.1 vector yields a base score of 9.8 (CRITICAL) with network attack vector, no privileges required, and ...

CVE-2025-45146

ModelCache for LLM through v0.2.0 was discovered to contain an deserialization vulnerability via the component /manager/datamanager.py. This vulnerability allows attackers to execute arbitrary code via supplying crafted data...

PT-2025-32556 · Unknown · Modelcache For Llm

Name of the Vulnerable Software and Affected Versions: ModelCache for LLM versions through 0.2.0 Description: ModelCache for LLM through version 0.2.0 contains a deserialization vulnerability in the /manager/data manager.py component. This allows attackers to execute arbitrary code by supplying...