VYPR

PyPI package

text-generation

pkg:pypi/text-generation

Vulnerabilities (2)

  • CVE-2026-0599HigFeb 2, 2026
    affected < 3.3.7fixed 3.3.7

    A vulnerability in huggingface/text-generation-inference version 3.3.6 allows unauthenticated remote attackers to exploit unbounded external image fetching during input validation in VLM mode. The issue arises when the router scans inputs for Markdown image links and performs a b

  • CVE-2024-3924MedMay 30, 2024
    affected < 2.0.0fixed 2.0.0

    A code injection vulnerability exists in the huggingface/text-generation-inference repository, specifically within the `autodocs.yml` workflow file. The vulnerability arises from the insecure handling of the `github.head_ref` user input, which is used to dynamically construct a c