github.com/mudler/LocalAI
Go2 known CVEs affecting this package
Aggregated from OSV, GitHub Security Advisories, NVD, and vendor advisories. Each CVE links to its full detail page with vendor advisories, patches, fixed versions, and remediation guidance.
CVEs affecting github.com/mudler/LocalAIpage 1 of 1
- CVE-2024-48057MEDIUMCVSS 6.1EG 6.12024-11-04
localai <=2.20.1 is vulnerable to Cross Site Scripting (XSS). When calling the delete model API and passing inappropriate parameters, it can cause a one-time storage XSS, which will trigger the payload when a user accesses the homepage.
- CVE-2024-9900MEDIUMCVSS 6.1EG 6.12025-03-20
mudler/localai version v2.21.1 contains a Cross-Site Scripting (XSS) vulnerability in its search functionality. The vulnerability arises due to improper sanitization of user input, allowing the injection and execution of arbitrary JavaScri…
Check whether github.com/mudler/LocalAI is used in your infrastructure
EchelonGraph scans your cloud and SBOMs to map every package to your actual deployments. See blast radius for github.com/mudler/LocalAI CVEs against the assets you own.
Start Free Scan →