VYPR

Lerobot

by Huggingface

Source repositories

CVEs (2)

  • CVE-2026-25874CriApr 23, 2026
    risk 0.57cvss 9.8epss 0.16

    LeRobot through 0.5.1 contains an unsafe deserialization vulnerability in the async inference pipeline where pickle.loads() is used to deserialize data received over unauthenticated gRPC channels without TLS in the policy server and robot client components. An unauthenticated…

  • CVE-2025-10772MedSep 22, 2025
    risk 0.41cvss 6.3epss 0.00

    A vulnerability was identified in huggingface LeRobot up to 0.3.3. Affected by this vulnerability is an unknown functionality of the file lerobot/common/robot_devices/robots/lekiwi_remote.py of the component ZeroMQ Socket Handler. The manipulation leads to missing…