apk package
chainguard/lmcache-cuda-12.8
pkg:apk/chainguard/lmcache-cuda-12.8
Vulnerabilities (2)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2026-42561 | Hig | 7.5 | < 0.4.4-r1 | 0.4.4-r1 | May 13, 2026 | Python-Multipart is a streaming multipart parser for Python. Prior to 0.0.27, python-multipart has a denial of service vulnerability in multipart part header parsing. When parsing multipart/form-data, MultipartParser previously had no limit on the number of part headers or the si | |
| CVE-2026-1839 | Hig | 7.8 | < 0.4.4-r0 | 0.4.4-r0 | Apr 7, 2026 | A vulnerability in the HuggingFace Transformers library, specifically in the `Trainer` class, allows for arbitrary code execution. The `_load_rng_state()` method in `src/transformers/trainer.py` at line 3059 calls `torch.load()` without the `weights_only=True` parameter. This iss |
- affected < 0.4.4-r1fixed 0.4.4-r1
Python-Multipart is a streaming multipart parser for Python. Prior to 0.0.27, python-multipart has a denial of service vulnerability in multipart part header parsing. When parsing multipart/form-data, MultipartParser previously had no limit on the number of part headers or the si
- affected < 0.4.4-r0fixed 0.4.4-r0
A vulnerability in the HuggingFace Transformers library, specifically in the `Trainer` class, allows for arbitrary code execution. The `_load_rng_state()` method in `src/transformers/trainer.py` at line 3059 calls `torch.load()` without the `weights_only=True` parameter. This iss