11 matches found
PYSEC-2026-393 Unsafe yaml deserialization in llama-hub
The OpenAPI and ChatGPT plugin loaders in LlamaHub aka llama-hub before 0.0.67 allow attackers to execute arbitrary code because safeload is not used for YAML...