PyPI package
llama-stack
pkg:pypi/llama-stack
Vulnerabilities (2)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2026-25211 | Low | 3.2 | < 0.4.4 | 0.4.4 | Jan 30, 2026 | Llama Stack (aka llama-stack) before 0.4.0rc3 does not censor the pgvector password in the initialization log. | |
| CVE-2025-55178 | Med | 5.3 | < 0.2.20 | 0.2.20 | Sep 24, 2025 | Llama Stack prior to version v0.2.20 accepted unverified parameters in the resolve_ast_by_type function which could potentially allow for remote code execution. |
- affected < 0.4.4fixed 0.4.4
Llama Stack (aka llama-stack) before 0.4.0rc3 does not censor the pgvector password in the initialization log.
- affected < 0.2.20fixed 0.2.20
Llama Stack prior to version v0.2.20 accepted unverified parameters in the resolve_ast_by_type function which could potentially allow for remote code execution.