VYPR
Vendor

Meta Llama

Products
1
CVEs
3
Across products
3
Status
Private

Products

1

Recent CVEs

3
  • CVE-2024-50050MedOct 23, 2024
    risk 0.41cvss 6.3epss 0.01

    Llama Stack prior to revision 7a8aa775e5a267cf8660d83140011a0b7f91e005 used pickle as a serialization format for socket communication, potentially allowing for remote code execution. Socket communication has been changed to use JSON instead.

  • CVE-2025-55178MedSep 24, 2025
    risk 0.27cvss 5.3epss 0.00

    Llama Stack prior to version v0.2.20 accepted unverified parameters in the resolve_ast_by_type function which could potentially allow for remote code execution.

  • CVE-2026-25211LowJan 30, 2026
    risk 0.14cvss 3.2epss 0.00

    Llama Stack (aka llama-stack) before 0.4.0rc3 does not censor the pgvector password in the initialization log.