Product
mudler localai
11 known vulnerabilities across versions
Vulnerabilities are listed by affected version. Select any CVE for the full briefing and its intelligence graph.
CVE-2024-9900
CVE-2024-48057
CVE-2024-7010
CVE-2024-6868
CVE-2024-6983
CVE-2024-6095
CVE-2024-5616
CVE-2024-5181
CVE-2024-5182
CVE-2024-2029
CVE-2024-3135
all versions
mudler/localai version v2.21.1 contains a Cross-Site Scripting (XSS) vulnerability in its search functionality. The vulnerability
<= 2.20.1
localai <=2.20.1 is vulnerable to Cross Site Scripting (XSS). When calling the delete model API and passing inappropriate paramete
all versions
mudler/localai version 2.17.1 is vulnerable to a Timing Attack. This type of side-channel attack allows an attacker to compromise
all versions
mudler/LocalAI version 2.17.1 allows for arbitrary file write due to improper handling of automatic archive extraction. When model
all versions
mudler/localai version 2.17.1 is vulnerable to remote code execution. The vulnerability arises because the localai backend receive
< 2.17.0
A vulnerability in the /models/apply endpoint of mudler/localai versions 2.15.0 allows for Server-Side Request Forgery (SSRF) and
<= 2.15.0
A Cross-Site Request Forgery (CSRF) vulnerability exists in mudler/LocalAI versions up to and including 2.15.0, which allows attac
all versions
A command injection vulnerability exists in the mudler/localai version 2.14.0. The vulnerability arises from the application's han
< 2.16.0
A path traversal vulnerability exists in mudler/localai version 2.14.0, where an attacker can exploit the
model parameter during< 2.10.0
A command injection vulnerability exists in the
TranscriptEndpoint of mudler/localai, specifically within the audioToWav funct< 2.17.0
A Cross-Site Request Forgery (CSRF) vulnerability exists in the mudler/localai application, allowing attackers to craft malicious