Llama-factory Security Vulnerabilities and Issues — Llama-factory CVE List

Lucene search

HiyougaLlama-factory

3 matches found

CVE•added 2024/11/21 5:15 p.m.•51 views

CVE-2024-52803

LLama Factory enables fine-tuning of large language models. A critical remote OS command injection vulnerability has been identified in the LLama Factory training process. This vulnerability arises from improper handling of user input, allowing malicious actors to execute arbitrary OS commands on t...

7.5CVSS7.9AI score0.00518EPSS

CVE•added 2025/05/01 6:15 p.m.•42 views

CVE-2025-46567

LLama Factory enables fine-tuning of large language models. Prior to version 1.0.0, a critical vulnerability exists in the llamafy_baichuan2.py script of the LLaMA-Factory project. The script performs insecure deserialization using torch.load() on user-supplied .bin files from an input directory. A...

7.8CVSS6.4AI score0.00029EPSS

CVE•added 2025/06/26 3:15 p.m.•11 views

CVE-2025-53002

LLaMA-Factory is a tuning library for large language models. A remote code execution vulnerability was discovered in LLaMA-Factory versions up to and including 0.9.3 during the LLaMA-Factory training process. This vulnerability arises because the vhead_file is loaded without proper safeguards, allo...

8.3CVSS8.6AI score0.0031EPSS