PyPI/llamafactory — 4 CVEs

HIGH8.3CVE-2025-53002LLaMA-Factory allows Code Injection through improper vhead_file safeguards

from 0, <= 0.9.3

HIGH7.6CVE-2025-61784LLaMA Factory's Chat API Contains Critical SSRF and LFI Vulnerabilities

from 0, < 0.9.4

HIGH7.5CVE-2024-52803LLama Factory Remote OS Command Injection Vulnerability

from 0, < 0.9.1

MEDIUM6.1LLaMA-Factory Allows Arbitrary Code Execution via Unsafe Deserialization in Ilamafy_baichuan2.py

from 0, < 0.9.3

pkg:PyPI/llamafactory