An Empirical Study of Vulnerable Package Dependencies in LLM Repositories

Large language models LLMs have developed rapidly in recent years, revolutionizing various fields. Despite their widespread success, LLMs heavily rely on external code dependencies from package management systems, creating a complex and interconnected LLM dependency supply chain. Vulnerabilities ...

CVE-2025-6386

The CVE relates to parisneo/lollms, where the authenticate_user function in lollms_authentication.py is vulnerable to a timing attack that enables username enumeration and incremental password guessing. The root cause is the use of Python’s default string equality operator, which compares charact...