Mudler Localai

11 CVEs affecting Mudler Localai. Latest disclosed: 2025-03-20. Critical: 4, High: 1.

Top CVEs affecting Mudler Localai
CVESeverityScorePublishedSummary
CVE-2024-6868Critical9.82024-10-29mudler/LocalAI version 2.17.1 allows for arbitrary file write due to improper handling of automatic archive extraction. When model configurations specify addit…
CVE-2024-5181Critical9.82024-06-26A command injection vulnerability exists in the mudler/localai version 2.14.0. The vulnerability arises from the application's handling of the backend paramete…
CVE-2024-2029Critical9.82024-04-10A command injection vulnerability exists in the `TranscriptEndpoint` of mudler/localai, specifically within the `audioToWav` function used for converting audio…
CVE-2024-5182Critical9.12024-06-20A path traversal vulnerability exists in mudler/localai version 2.14.0, where an attacker can exploit the `model` parameter during the model deletion process t…
CVE-2024-6983High8.82024-09-27mudler/localai version 2.17.1 is vulnerable to remote code execution. The vulnerability arises because the localai backend receives inputs not only from the co…
CVE-2024-3135Medium6.52024-04-01A Cross-Site Request Forgery (CSRF) vulnerability exists in the mudler/localai application, allowing attackers to craft malicious webpages that, when visited b…
CVE-2024-9900Medium6.12025-03-20mudler/localai version v2.21.1 contains a Cross-Site Scripting (XSS) vulnerability in its search functionality. The vulnerability arises due to improper saniti…
CVE-2024-48057Medium6.12024-11-04localai <=2.20.1 is vulnerable to Cross Site Scripting (XSS). When calling the delete model API and passing inappropriate parameters, it can cause a one-time s…
CVE-2024-7010Medium5.92024-10-29mudler/localai version 2.17.1 is vulnerable to a Timing Attack. This type of side-channel attack allows an attacker to compromise the cryptosystem by analyzing…
CVE-2024-6095Medium5.82024-07-06A vulnerability in the /models/apply endpoint of mudler/localai versions 2.15.0 allows for Server-Side Request Forgery (SSRF) and partial Local File Inclusion…
CVE-2024-5616Medium4.32024-07-06A Cross-Site Request Forgery (CSRF) vulnerability exists in mudler/LocalAI versions up to and including 2.15.0, which allows attackers to trick victims into de…