CRITICAL 9.8 PyPI
GHSA-3x47-w4rx-6pm7 · CVE-2024-3429 LoLLMS Path Traversal vulnerability
Modified: 9/25/2024
package
PyPI / lollms
pkg:pypi/lollms
MEDIUM 4.4 PyPI
GHSA-6h64-g7cj-hj56 · CVE-2024-6985, PYSEC-2024-122 Lord of Large Language Models (LoLLMs) path traversal vulnerability in the api open_personality_folder endpoint
Modified: 11/15/2024
MEDIUM 6.8 PyPI
GHSA-79h8-gxhq-q3jg · CVE-2024-3121 Remote Code Execution in create_conda_env function in lollms
Modified: 9/13/2024
LOW 3.4 PyPI
GHSA-7pgr-32fx-c6x9 · CVE-2024-6971 Lord of Large Language Models (LoLLMs) Server path traversal vulnerability in lollms_file_system.py
Modified: 10/14/2024
HIGH 8.2 PyPI
GHSA-82fw-ch24-j34w · CVE-2026-1117 Lollms has an Improper Access Control vulnerability
Modified: 2/3/2026
MEDIUM 4.1 PyPI
GHSA-8jg2-726g-xh43 · CVE-2026-1163 parisneo/lollms has an insufficient session expiration vulnerability
Modified: 4/8/2026
HIGH 7.3 PyPI
GHSA-8mrm-r7h3-c3hj · CVE-2024-6281 LoLLMS vulnerable to Expected Behavior Violation
Modified: 10/15/2025
CRITICAL 9.6 PyPI
GHSA-8wrq-fv5f-pfp2 · CVE-2026-1115 parisneo/lollms vulnerable to stored XSS in the social feature
Modified: 4/10/2026
HIGH 8.6 PyPI
GHSA-9chm-m6x2-6fvc · CVE-2024-6085 lollms vulnerable to path traversal due to unauthenticated root folder settings change
Modified: 6/28/2024
MEDIUM 4.0 PyPI
GHSA-9p73-x86v-jw57 · CVE-2024-4330 path traversal vulnerability was identified in the parisneo/lollms-webui
Modified: 7/9/2025
MEDIUM 6.5 PyPI
GHSA-cm59-8rmv-f2cj · CVE-2024-6581, PYSEC-2024-116 Lollms vulnerable to Cross-site Scripting
Modified: 11/4/2024
HIGH 7.5 PyPI
GHSA-j5pr-vrjj-9v4h · CVE-2025-6386 Lord of Large Language Models vulnerable to Observable Discrepancy attack via authenticate_user function
Modified: 7/8/2025
HIGH 8.4 PyPI
GHSA-jccx-m9v4-9hwh · CVE-2024-6982 LoLLMS Code Injection vulnerability
Modified: 3/21/2025
HIGH 7.4 PyPI
GHSA-m45c-v46h-c788 · CVE-2024-5824 lollms path traversal vulnerability allows overriding of config.yaml file, leading to RCE
Modified: 6/28/2024
CRITICAL 9.8 PyPI
GHSA-mvrm-fh8q-6wr2 · CVE-2024-5443 Remote Code Execution via path traversal bypass in lollms
Modified: 6/25/2024
HIGH 7.5 PyPI
GHSA-p8h7-c8gw-6x8c · CVE-2024-4881, PYSEC-2024-108 LoLLMS Path Traversal vulnerability
Modified: 10/17/2024
CRITICAL 9.8 PyPI
GHSA-pwc9-q4hj-pg8g · CVE-2024-4078 LoLLMS Command Injection vulnerability
Modified: 9/13/2024
CRITICAL 9.1 PyPI
GHSA-vqwr-q6cc-c242 · CVE-2024-4315 parisneo/lollms Local File Inclusion (LFI) attack
Modified: 6/12/2024
HIGH 7.3 PyPI
GHSA-w9qf-83jg-2x6c · CVE-2024-6139 lollms vulnerable to dot-dot-slash path traversal in XTTS server
Modified: 6/28/2024
HIGH 7.5 PyPI
PYSEC-2024-108 · CVE-2024-4881, GHSA-p8h7-c8gw-6x8c Modified: 10/17/2024
CRITICAL 9.0 PyPI
PYSEC-2024-116 · CVE-2024-6581, GHSA-cm59-8rmv-f2cj Modified: 10/9/2025
MEDIUM 4.4 PyPI
PYSEC-2024-122 · CVE-2024-6985, GHSA-6h64-g7cj-hj56 Modified: 11/15/2024
CRITICAL 9.8 PyPI
PYSEC-2026-170 · CVE-2026-1114 Modified: 5/31/2026
HIGH 8.3 PyPI
PYSEC-2026-204 · CVE-2026-0562 Modified: 6/6/2026