Vendor
Meta Llama
Products
1
CVEs
3
Across products
3
Status
Private
Products
1- 3 CVEs
Recent CVEs
3| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2024-50050 | Med | 0.41 | 6.3 | 0.01 | Oct 23, 2024 | Llama Stack prior to revision 7a8aa775e5a267cf8660d83140011a0b7f91e005 used pickle as a serialization format for socket communication, potentially allowing for remote code execution. Socket communication has been changed to use JSON instead. | ||
| CVE-2025-55178 | Med | 0.27 | 5.3 | 0.00 | Sep 24, 2025 | Llama Stack prior to version v0.2.20 accepted unverified parameters in the resolve_ast_by_type function which could potentially allow for remote code execution. | ||
| CVE-2026-25211 | Low | 0.14 | 3.2 | 0.00 | Jan 30, 2026 | Llama Stack (aka llama-stack) before 0.4.0rc3 does not censor the pgvector password in the initialization log. |
- risk 0.41cvss 6.3epss 0.01
Llama Stack prior to revision 7a8aa775e5a267cf8660d83140011a0b7f91e005 used pickle as a serialization format for socket communication, potentially allowing for remote code execution. Socket communication has been changed to use JSON instead.
- risk 0.27cvss 5.3epss 0.00
Llama Stack prior to version v0.2.20 accepted unverified parameters in the resolve_ast_by_type function which could potentially allow for remote code execution.
- risk 0.14cvss 3.2epss 0.00
Llama Stack (aka llama-stack) before 0.4.0rc3 does not censor the pgvector password in the initialization log.