pkg:PyPI/lollms

All known vulnerabilities

• CRITICAL9.8CVE-2026-1114In parisneo/lollms version 2.1.0, the application's session management is vulnerable to improper access control due to the use of a weak se…
  from 0, <= 2.1.0
• CRITICAL9.8CVE-2024-5443Remote Code Execution via path traversal bypass in lollms
  >= 5.9.0, < 9.5.1
• CRITICAL9.8LoLLMS Path Traversal vulnerability
  from 0, < 9.5.0
• CRITICAL9.8LoLLMS Command Injection vulnerability
  from 0, < 9.5.0
• CRITICAL9.6parisneo/lollms vulnerable to stored XSS in the social feature
  from 0, < 2.2.0
• CRITICAL9.1parisneo/lollms Local File Inclusion (LFI) attack
  from 0, < 9.5.0
• HIGH8.6lollms vulnerable to path traversal due to unauthenticated root folder settings change
  from 0, <= 9.5.1
• HIGH8.4LoLLMS Code Injection vulnerability
  from 0, < 11.0.0
• HIGH8.3A critical security vulnerability in parisneo/lollms versions up to 2.2.0 allows any authenticated user to accept or reject friend requests…
  from 0, < 2.1.1
• HIGH8.2Lollms has an Improper Access Control vulnerability
  from 0, < 2.1.0
• HIGH7.5Lord of Large Language Models vulnerable to Observable Discrepancy attack via authenticate_user function
  from 0, <= 11.0.0
• HIGH7.5LoLLMS Path Traversal vulnerability
  from 0, < 95ad36eeffc6a6be3e3f35ed35a384d768f0ecf6 | from 0, < 5.9.0
• HIGH7.5LoLLMS Path Traversal vulnerability
  from 0, < 9.5.0
• HIGH7.4lollms path traversal vulnerability allows overriding of config.yaml file, leading to RCE
  from 0, < 9.5.0
• HIGH7.3LoLLMS vulnerable to Expected Behavior Violation
  from 0, < 9.5.1
• HIGH7.3lollms vulnerable to dot-dot-slash path traversal in XTTS server
  from 0, <= 9.5.1
• MEDIUM6.8Remote Code Execution in create_conda_env function in lollms
  from 0, <= 9.5.1
• MEDIUM6.5Lollms vulnerable to Cross-site Scripting
  from 0, < 328b960a0de2097e13654ac752253e9541521ddd | from 0
• MEDIUM6.5Lollms vulnerable to Cross-site Scripting
  from 0, <= 9.5.1
• MEDIUM4.4Lord of Large Language Models (LoLLMs) path traversal vulnerability in the api open_personality_folder endpoint
  from 0, < 28ee567a9a120967215ff19b96ab7515ce469620 | from 0, < 5.9.0
• MEDIUM4.4Lord of Large Language Models (LoLLMs) path traversal vulnerability in the api open_personality_folder endpoint
  from 0, <= 9.5.1
• MEDIUM4.1parisneo/lollms has an insufficient session expiration vulnerability
  from 0, <= 11.0.0
• MEDIUM4.0path traversal vulnerability was identified in the parisneo/lollms-webui
• LOW3.4Lord of Large Language Models (LoLLMs) Server path traversal vulnerability in lollms_file_system.py
  from 0, <= 9.5.1