text-generation

PyPI2 known CVEs affecting this package

Aggregated from OSV, GitHub Security Advisories, NVD, and vendor advisories. Each CVE links to its full detail page with vendor advisories, patches, fixed versions, and remediation guidance.

CVEs affecting text-generationpage 1 of 1

CVE-2024-3924MEDIUMCVSS 4.4EG 4.4✓ Fixed in 2.0.0
2024-05-30
vulnerable: 0.1.0 ... 0.7.0 (13 versions)
A code injection vulnerability exists in the huggingface/text-generation-inference repository, specifically within the `autodocs.yml` workflow file. The vulnerability arises from the insecure handling of the `github.head_ref` user input, w…
CVE-2026-0599HIGHCVSS 7.5EG 7.5✓ Fixed in 3.3.7
2026-02-02
vulnerable: 0.1.0 ... 0.7.0 (13 versions)
A vulnerability in huggingface/text-generation-inference version 3.3.6 allows unauthenticated remote attackers to exploit unbounded external image fetching during input validation in VLM mode. The issue arises when the router scans inputs …

Check whether text-generation is used in your infrastructure

EchelonGraph scans your cloud and SBOMs to map every package to your actual deployments. See blast radius for text-generation CVEs against the assets you own.

Start Free Scan →