VYPR

Text Generation Inference

by Huggingface

Source repositories

CVEs (2)

  • CVE-2026-0599HigFeb 2, 2026
    risk 0.44cvss 7.5epss 0.24

    A vulnerability in huggingface/text-generation-inference version 3.3.6 allows unauthenticated remote attackers to exploit unbounded external image fetching during input validation in VLM mode. The issue arises when the router scans inputs for Markdown image links and performs a…

  • CVE-2024-3924MedMay 30, 2024
    risk 0.22cvss 4.4epss 0.00

    A code injection vulnerability exists in the huggingface/text-generation-inference repository, specifically within the `autodocs.yml` workflow file. The vulnerability arises from the insecure handling of the `github.head_ref` user input, which is used to dynamically construct a…