HIGH 7.5 PyPI
GHSA-6w67-hwm5-92mq · CVE-2026-33626 LMDeploy has Server-Side Request Forgery (SSRF) via Vision-Language Image Loading
Modified: 4/21/2026
package
PyPI / lmdeploy
pkg:pypi/lmdeploy
MEDIUM 5.3 PyPI
GHSA-7vc5-mjwp-c8fq · CVE-2025-3162 LMDeploy Improper Input Validation Vulnerability
Modified: 4/24/2025
HIGH 8.8 PyPI
GHSA-9pf3-7rrr-x5jh · CVE-2025-67729 lmdeploy vulnerable to Arbitrary Code Execution via Insecure Deserialization in torch.load()
Modified: 12/27/2025
HIGH 7.8 PyPI
GHSA-9xq9-36w5-q796 · CVE-2026-46517 lmdeploy: Hardcoded trust_remote_code=True is an implicit unsafe remote-code load path with no user opt-out
Modified: 6/10/2026
MEDIUM 5.3 PyPI
GHSA-jfvg-qm4p-473x · CVE-2025-3163 InternLM LMDeploy code injection vulnerability
Modified: 4/23/2025
HIGH 7.8 PyPI
GHSA-m549-qq94-fvhg · CVE-2026-46432 LMDeploy: Arbitrary code execution via hardcoded trust_remote_code=True in lmdeploy model initialization
Modified: 6/10/2026