Threat Intelligence

Live CVE feed

299 threats tracked across 7 launch stacks — sourced from NVD, GHSA, CISA KEV, OSV, npm Audit, and EPSS.

138threats · High· page 5/7
Get guardrails →

vLLM denial of service vulnerability

A flaw was found in the vLLM library. A completions API request with an empty prompt will crash the vLLM API server, resulting in a denial of service.

LangChain pickle deserialization of untrusted data

A vulnerability in the FAISS.deserialize_from_bytes function of langchain-ai/langchain allows for pickle deserialization of untrusted data. This can lead to the execution of arbitrary commands via the os.system function. The issue affects versions prior to 0.2.4.

OWASP A08LLM05 · Supply ChainOWASP LLM
Get guardrail →

body-parser vulnerable to denial of service when url encoding is enabled

Impact body-parser <1.20.3 is vulnerable to denial of service when url encoding is enabled. A malicious actor using a specially crafted payload could flood the server with a large number of requests, resulting in denial of service. Patches this issue is patched in 1.20.3 References

Server-Side Request Forgery in axios

axios 1.7.2 allows SSRF via unexpected behavior where requests for path relative URLs get processed as protocol relative URLs.

OWASP A10OWASP Web
Get guardrail →

Next.js Denial of Service (DoS) condition

Impact A Denial of Service (DoS) condition was identified in Next.js. Exploitation of the bug can trigger a crash, affecting the availability of the server. This vulnerability can affect all Next.js deployments on the affected versions. Patches This vulnerability was resolved in Next.js 13.5 and later. We recommend that users upgrade to a safe version. Workarounds There are no official workarounds for this vulnerability. Credit Thai Vu of flyseccorp.com Aonan Guan (@0dd), Senior Cloud Security Engineer

OWASP A06LLM10OWASP Web
Get guardrail →

Local file inclusion in gradio

A local file inclusion vulnerability exists in the JSON component of gradio-app/gradio and was discovered in version 4.25. The vulnerability arises from improper input validation in the postprocess() function within gradio/components/json_component.py, where a user-controlled string is parsed as JSON. If the parsed JSON object contains a path key, the specified file is moved to a temporary directory, making it possible to retrieve it later via the /file=.. endpoint. This issue is due to the processing_utils.move_files_to_cache() function traversing any object passed to it, looking for a dictionary with a path key, and then copying the specified file to a temporary directory. The vulnerability can be exploited by an attacker to read files on the remote system, posing a significant security risk.

OWASP A01OWASP A03LLM01 · Prompt InjectionOWASP LLM
Get guardrail →

Server-Side Request Forgery in gradio

A Server-Side Request Forgery (SSRF) vulnerability exists in the gradio-app/gradio and was discovered in version 4.21.0, specifically within the /queue/join endpoint and the save_url_to_cache function. The vulnerability arises when the path value, obtained from the user and expected to be a URL, is used to make an HTTP request without sufficient validation checks. This flaw allows an attacker to send crafted requests that could lead to unauthorized access to the local network or the AWS metadata endpoint, thereby compromising the security of internal servers.

OWASP A10LLM02 · Insecure OutputOWASP LLM
Get guardrail →

RunGptLLM class in LlamaIndex has a command injection

A command injection vulnerability exists in the RunGptLLM class of the llama_index library, version 0.9.47, used by the RunGpt framework from JinaAI to connect to Language Learning Models (LLMs). The vulnerability arises from the improper use of the eval function, allowing a malicious or compromised LLM hosting provider to execute arbitrary commands on the client's machine. This issue was fixed in version 0.10.13. The exploitation of this vulnerability could lead to a hosting provider gaining full control over client machines.

OWASP A03LLM01 · Prompt InjectionOWASP LLM
Get guardrail →

Next.js Vulnerable to HTTP Request Smuggling

Impact Inconsistent interpretation of a crafted HTTP request meant that requests are treated as both a single request, and two separate requests by Next.js, leading to desynchronized responses. This led to a response queue poisoning vulnerability in the affected Next.js versions. For a request to be exploitable, the affected route also had to be making use of the rewrites feature in Next.js. Patches The vulnerability is resolved in Next.js 13.5.1 and newer. This includes Next.js 14.x. Workarounds There are no official workarounds for this vulnerability. We recommend that you upgrade to a safe version. References https://portswigger.net/web-security/request-smuggling/advanced/response-queue-poisoning

gradio vulnerable to Path Traversal

An issue was discovered in gradio-app/gradio, where the /component_server endpoint improperly allows the invocation of any method on a Component class with attacker-controlled arguments. Specifically, by exploiting the move_resource_to_block_cache() method of the Block class, an attacker can copy any file on the filesystem to a temporary directory and subsequently retrieve it. This vulnerability enables unauthorized local file read access, posing a significant risk especially when the application is exposed to the internet via launch(share=True), thereby allowing remote attackers to read files on the host machine. Furthermore, gradio apps hosted on huggingface.co are also affected, potentially leading to the exposure of sensitive information such as API keys and credentials stored in environment variables.

gradio Server-Side Request Forgery vulnerability

An SSRF vulnerability exists in the gradio-app/gradio due to insufficient validation of user-supplied URLs in the /proxy route. Attackers can exploit this vulnerability by manipulating the self.replica_urls set through the X-Direct-Url header in requests to the / and /config routes, allowing the addition of arbitrary URLs for proxying. This flaw enables unauthorized proxying of requests and potential access to internal endpoints within the Hugging Face space. The issue arises from the application's inadequate checking of safe URLs in the build_proxy_request function.

OWASP A10LLM02 · Insecure OutputOWASP LLM
Get guardrail →

Gradio Path Traversal vulnerability

A local file include could be remotely triggered in Gradio due to a vulnerable user-supplied JSON value in an API request.

OWASP A01OWASP LLM
Get guardrail →

Gradio makes the `/file` secure against file traversal and server-side request forgery attacks

Older versions of gradio contained a vulnerability in the /file route which made them susceptible to file traversal attacks in which an attacker could access arbitrary files on a machine running a Gradio app with a public URL (e.g. if the demo was created with share=True, or on Hugging Face Spaces) if they knew the path of files to look for. This was not possible through regular URLs passed into a browser, but it was possible through the use of programmatic tools such as curl with the --pass-as-is flag. Furthermore, the /file route in Gradio apps also contained a vulnerability that made it possible to use it for SSRF attacks. Both of these vulnerabilities have been fixed in gradio==4.11.0

OWASP A01OWASP LLM
Get guardrail →

transformers has a Deserialization of Untrusted Data vulnerability

Deserialization of Untrusted Data in GitHub repository huggingface/transformers prior to 4.36.

OWASP A08LLM05 · Supply ChainOWASP LLM
Get guardrail →

Langchain Server-Side Request Forgery vulnerability

In Langchain before 0.0.329, prompt injection allows an attacker to force the service to retrieve data from an arbitrary URL, essentially providing SSRF and potentially injecting content into downstream tasks.

OWASP A03OWASP A10LLM02 · Insecure OutputOWASP LLM
Get guardrail →

LangChain Server Side Request Forgery vulnerability

LangChain before 0.0.317 allows SSRF via document_loaders/recursive_url_loader.py because crawling can proceed from an external server to an internal server.

OWASP A10LLM02 · Insecure OutputOWASP LLM
Get guardrail →

langchain SQL Injection vulnerability

SQL injection vulnerability in langchain allows a remote attacker to obtain sensitive information via the SQLDatabaseChain component.

OWASP A03OWASP LLM
Get guardrail →

MultipartParser denial of service with too many fields or files

Impact The MultipartParser using the package python-multipart accepts an unlimited number of multipart parts (form fields or files). Processing too many parts results in high CPU usage and high memory usage, eventually leading to an <abbr title="out of memory">OOM</abbr> process kill. This can be triggered by sending too many small form fields with no content, or too many empty files. For this to take effect application code has to: Have python-multipart installed and call request.form() or via another framework like FastAPI, using form field parameters or UploadFile parameters, which in turn calls request.form(). Patches The vulnerability is solved in Starlette 0.25.0 by making the maximum fields and files customizable and with a sensible default (1000). Applications will be secure by just upgrading their Starlette version to 0.25.0 (or FastAPI to 0.92.0). If application code needs to customize the new max field and file number, there are new request.form() parameters (with the default values): max_files=1000 max_fields=1000 Workarounds Applications that don't install python-multipart or that don't use form fields are safe. In older versions, it's also possible to instead of calling request.form() call request.stream() and parse the form data in internal code. In most cases, the best solution is to upgrade the Starlette version. References This was reported in private by @das7pad via internal email. He also coordinated the fix across multiple frameworks and parsers. The details about how multipart/form-data is structured and parsed are in the RFC 7578.

OWASP A06LLM10OWASP Web
Get guardrail →

Next.js HTTP request deserialization can lead to DoS when using insecure React Server Components

A vulnerability affects certain React Server Components packages for versions 19.0.x, 19.1.x, and 19.2.x and frameworks that use the affected packages, including Next.js 13.x, 14.x, 15.x, and 16.x using the App Router. The issue is tracked upstream as CVE-2026-23864. A specially crafted HTTP request can be sent to any App Router Server Function endpoint that, when deserialized, may trigger excessive CPU usage, out-of-memory exceptions, or server crashes. This can result in denial of service in unpatched environments.

OWASP A06OWASP A08LLM10OWASP Web
Get guardrail →

Showing 81100 of 138 threats