Malicious code in xinference (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 1d006f6a08c959393160456d4ace221fd165b6d609fc8356ebfb041979aef93d Versions 2.6.0, 2.6.1, 2.6.2 were compromised. Following a malicious pull request that exfiltrated sensitive data from the CI runner, three malicious PyPI...

MAL-2026-3000 Malicious code in xinference (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 1d006f6a08c959393160456d4ace221fd165b6d609fc8356ebfb041979aef93d Versions 2.6.0, 2.6.1, 2.6.2 were compromised. Following a malicious pull request that exfiltrated sensitive data from the CI runner, three malicious PyPI...

Embedded Malicious Code

Overview xinference is a powerful and versatile library designed to serve language, speech recognition, and multimodal models. With Xorbits Inference, you can effortlessly deploy and serve your or state-of-the-art built-in models using just a single command. Whether you are a researcher, develope...

EUVD-2025-19750

Malicious code in bioql PyPI...

CVE-2025-45424

Incorrect access control in Xinference before v1.4.0 allows attackers to access the Web GUI without authentication...

CVE-2025-45424

Incorrect access control in Xinference before v1.4.0 allows attackers to access the Web GUI without authentication...

CVE-2025-45424

Incorrect access control in Xinference before v1.4.0 allows attackers to access the Web GUI without authentication...

Missing Authentication for Critical Function

Overview xinference is a Xorbits InferenceXinference is a powerful and versatile library designed to serve language, speech recognition, and multimodal models. With Xorbits Inference, you can effortlessly deploy and serve your or state-of-the-art built-in models using just a single command. Wheth...

Xinference 安全漏洞

Xinference is an application by Endeavor's Xiao Yang Personal Developer. A security vulnerability exists in Xinference versions prior to 1.4.0, which stems from improper access control and could lead to unauthorized access to the Web GUI...

CVE-2025-45424

Incorrect access control in Xinference before v1.4.0 allows attackers to access the Web GUI without authentication...

CVE-2025-45424

Incorrect access control in Xinference before v1.4.0 allows attackers to access the Web GUI without authentication...

CVE-2025-45424

Xinference prior to v1.4.0 has an authentication bypass in the Web GUI due to incorrect access control. This affects Xinference’s Web GUI exposure and could allow an unauthenticated user to access the interface. The issue is documented across multiple sources (e.g., Red Hat, NVD, OSV, and PT Secu...

PT-2025-27660 · Unknown · Xinference

Name of the Vulnerable Software and Affected Versions: Xinference versions prior to 1.4.0 Description: The issue is related to incorrect access control, allowing attackers to access the Web GUI without authentication. Recommendations: For versions prior to 1.4.0, update to version 1.4.0 or later ...

Deserialization of Untrusted Data

Overview xinference is a Xorbits InferenceXinference is a powerful and versatile library designed to serve language, speech recognition, and multimodal models. With Xorbits Inference, you can effortlessly deploy and serve your or state-of-the-art built-in models using just a single command. Wheth...

CVE-2025-3622 Xorbits Inference model.py load deserialization

A vulnerability, which was classified as critical, has been found in Xorbits Inference up to 1.4.1. This issue affects the function load of the file xinference/thirdparty/cosyvoice/cli/model.py. The manipulation leads to deserialization...