Search for packages
| purl | pkg:pypi/lollms@2.0.22 |
| Next non-vulnerable version | None. |
| Latest non-vulnerable version | None. |
| Risk | 4.0 |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-1zws-mcaz-kbh3
Aliases: CVE-2025-6386 GHSA-j5pr-vrjj-9v4h |
Lord of Large Language Models vulnerable to Observable Discrepancy attack via authenticate_user function The parisneo/lollms repository is affected by a timing attack vulnerability in the `authenticate_user` function within the `lollms_authentication.py` file. This vulnerability allows attackers to enumerate valid usernames and guess passwords incrementally by analyzing response time differences. The affected version is the latest, and the issue is resolved in commit f78437f. The vulnerability arises from the use of Python's default string equality operator for password comparison, which compares characters sequentially and exits on the first mismatch, leading to variable response times based on the number of matching initial characters. | There are no reported fixed by versions. |
|
VCID-3474-txh2-pfgm
Aliases: CVE-2024-6982 GHSA-jccx-m9v4-9hwh |
LoLLMS Code Injection vulnerability A remote code execution vulnerability exists in the Calculate function of parisneo/lollms version 9.8. The vulnerability arises from the use of Python's `eval()` function to evaluate mathematical expressions within a Python sandbox that disables `__builtins__` and only allows functions from the `math` module. This sandbox can be bypassed by loading the `os` module using the `_frozen_importlib.BuiltinImporter` class, allowing an attacker to execute arbitrary commands on the server. The issue is fixed in version 9.10. |
Affected by 2 other vulnerabilities. |
|
VCID-3t51-dxtd-z7d6
Aliases: CVE-2026-1115 GHSA-8wrq-fv5f-pfp2 |
parisneo/lollms vulnerable to stored XSS in the social feature A Stored Cross-Site Scripting (XSS) vulnerability was identified in the social feature of parisneo/lollms, affecting the latest version prior to 2.2.0. The vulnerability exists in the `create_post` function within `backend/routers/social/__init__.py`, where user-provided content is directly assigned to the `DBPost` model without sanitization. This allows attackers to inject and store malicious JavaScript, which is executed in the browsers of users viewing the Home Feed, including administrators. This can lead to account takeover, session hijacking, and wormable attacks. The issue is resolved in version 2.2.0. |
Affected by 15 other vulnerabilities. |
|
VCID-43qe-anzk-7ubf
Aliases: CVE-2024-5824 GHSA-m45c-v46h-c788 |
lollms path traversal vulnerability allows overriding of config.yaml file, leading to RCE A path traversal vulnerability in the `/set_personality_config` endpoint of parisneo/lollms version 9.4.0 allows an attacker to overwrite the `configs/config.yaml` file. This can lead to remote code execution by changing server configuration properties such as `force_accept_remote_access` and `turn_on_code_validation`. |
Affected by 11 other vulnerabilities. |
|
VCID-49dk-veec-pbcp
Aliases: CVE-2024-4078 GHSA-pwc9-q4hj-pg8g |
LoLLMS Command Injection vulnerability A vulnerability in the parisneo/lollms, specifically in the `/unInstall_binding` endpoint, allows for arbitrary code execution due to insufficient sanitization of user input. The issue arises from the lack of path sanitization when handling the `name` parameter in the `unInstall_binding` function, allowing an attacker to traverse directories and execute arbitrary code by loading a malicious `__init__.py` file. This vulnerability affects the latest version of the software. The exploitation of this vulnerability could lead to remote code execution on the system where parisneo/lollms is deployed. |
Affected by 11 other vulnerabilities. |
|
VCID-5ay6-y3ap-yya6
Aliases: CVE-2026-1163 GHSA-8jg2-726g-xh43 |
parisneo/lollms has an insufficient session expiration vulnerability An insufficient session expiration vulnerability exists in the latest version of parisneo/lollms. The application fails to invalidate active sessions after a password reset, allowing an attacker to continue using an old session token. This issue arises due to the absence of logic to reject requests after a period of inactivity and the excessively long default session duration of 31 days. The vulnerability enables an attacker to maintain persistent access to a compromised account, even after the victim resets their password. | There are no reported fixed by versions. |
|
VCID-7hsf-qwdg-77ch
Aliases: CVE-2024-4881 GHSA-p8h7-c8gw-6x8c PYSEC-2024-108 |
A path traversal vulnerability exists in the parisneo/lollms application, affecting version 9.4.0 and potentially earlier versions, but fixed in version 5.9.0. The vulnerability arises due to improper validation of file paths between Windows and Linux environments, allowing attackers to traverse beyond the intended directory and read any file on the Windows system. Specifically, the application fails to adequately sanitize file paths containing backslashes (`\`), which can be exploited to access the root directory and read, or even delete, sensitive files. This issue was discovered in the context of the `/user_infos` endpoint, where a crafted request using backslashes to reference a file (e.g., `\windows\win.ini`) could result in unauthorized file access. The impact of this vulnerability includes the potential for attackers to access sensitive information such as environment variables, database files, and configuration files, which could lead to further compromise of the system. |
Affected by 16 other vulnerabilities. Affected by 11 other vulnerabilities. |
|
VCID-91um-7gaj-7fe2
Aliases: CVE-2024-6581 GHSA-cm59-8rmv-f2cj PYSEC-2024-116 |
A vulnerability in the discussion image upload function of the Lollms application, version v9.9, allows for the uploading of SVG files. Due to incomplete filtering in the sanitize_svg function, this can lead to cross-site scripting (XSS) vulnerabilities, which in turn pose a risk of remote code execution. The sanitize_svg function only removes script elements and 'on*' event attributes, but does not account for other potential vectors for XSS within SVG files. This vulnerability can be exploited when authorized users access a malicious URL containing the crafted SVG file. | There are no reported fixed by versions. |
|
VCID-9had-yhhw-efa8
Aliases: CVE-2024-3429 GHSA-3x47-w4rx-6pm7 |
LoLLMS Path Traversal vulnerability A path traversal vulnerability exists in the parisneo/lollms application, specifically within the `sanitize_path_from_endpoint` and `sanitize_path` functions in `lollms_core\lollms\security.py`. This vulnerability allows for arbitrary file reading when the application is running on Windows. The issue arises due to insufficient sanitization of user-supplied input, enabling attackers to bypass the path traversal protection mechanisms by crafting malicious input. Successful exploitation could lead to unauthorized access to sensitive files, information disclosure, and potentially a denial of service (DoS) condition by including numerous large or resource-intensive files. This vulnerability affects the latest version prior to 9.5.0. |
Affected by 11 other vulnerabilities. |
|
VCID-anhy-wxwc-ubbh
Aliases: CVE-2024-6139 GHSA-w9qf-83jg-2x6c |
lollms vulnerable to dot-dot-slash path traversal in XTTS server A path traversal vulnerability exists in the XTTS server of the parisneo/lollms package version v9.6. This vulnerability allows an attacker to write audio files to arbitrary locations on the system and enumerate file paths. The issue arises from improper validation of user-provided file paths in the `tts_to_file` endpoint. | There are no reported fixed by versions. |
|
VCID-esy3-wpcr-3uev
Aliases: CVE-2024-6971 GHSA-7pgr-32fx-c6x9 |
Lord of Large Language Models (LoLLMs) Server path traversal vulnerability in lollms_file_system.py A path traversal vulnerability exists in the ParisNeo/lollms repository, specifically in the `lollms_file_system.py` file. The functions `add_rag_database`, `toggle_mount_rag_database`, and `vectorize_folder` do not implement security measures such as `sanitize_path_from_endpoint` or `sanitize_path`. This allows an attacker to perform vectorize operations on `.sqlite` files in any directory on the victim's computer, potentially installing multiple packages and causing a crash. | There are no reported fixed by versions. |
|
VCID-jbb9-kz1x-1ufz
Aliases: CVE-2024-6085 GHSA-9chm-m6x2-6fvc |
lollms vulnerable to path traversal due to unauthenticated root folder settings change A path traversal vulnerability exists in the XTTS server included in the lollms package, version v9.6. This vulnerability arises from the ability to perform an unauthenticated root folder settings change. Although the read file endpoint is protected against path traversals, this protection can be bypassed by changing the root folder to '/'. This allows attackers to read arbitrary files on the system. Additionally, the output folders can be changed to write arbitrary audio files to any location on the system. | There are no reported fixed by versions. |
|
VCID-kwtf-4cew-x3ay
Aliases: CVE-2024-6281 GHSA-8mrm-r7h3-c3hj |
LoLLMS vulnerable to Expected Behavior Violation A path traversal vulnerability exists in the `apply_settings` function of parisneo/lollms versions prior to 9.5.1. The `sanitize_path` function does not adequately secure the `discussion_db_name` parameter, allowing attackers to manipulate the path and potentially write to important system folders. |
Affected by 9 other vulnerabilities. |
|
VCID-ngf2-q9h7-4qet
Aliases: CVE-2024-3121 GHSA-79h8-gxhq-q3jg |
Remote Code Execution in create_conda_env function in lollms A remote code execution vulnerability exists in the create_conda_env function of the parisneo/lollms repository. The vulnerability arises from the use of shell=True in the subprocess.Popen function, which allows an attacker to inject arbitrary commands by manipulating the env_name and python_version parameters. This issue could lead to a serious security breach as demonstrated by the ability to execute the 'whoami' command among potentially other harmful commands. | There are no reported fixed by versions. |
|
VCID-qsgf-y1xx-pfc4
Aliases: CVE-2026-1117 GHSA-82fw-ch24-j34w |
Lollms has an Improper Access Control vulnerability A vulnerability in the `lollms_generation_events.py` component of parisneo/lollms version 5.9.0 allows unauthenticated access to sensitive Socket.IO events. The `add_events` function registers event handlers such as `generate_text`, `cancel_generation`, `generate_msg`, and `generate_msg_from` without implementing authentication or authorization checks. This allows unauthenticated clients to execute resource-intensive or state-altering operations, leading to potential denial of service, state corruption, and race conditions. Additionally, the use of global flags (`lollmsElfServer.busy`, `lollmsElfServer.cancel_gen`) for state management in a multi-client environment introduces further vulnerabilities, enabling one client's actions to affect the server's state and other clients' operations. The lack of proper access control and reliance on insecure global state management significantly impacts the availability and integrity of the service. |
Affected by 16 other vulnerabilities. |
|
VCID-svsa-uwfb-yqf7
Aliases: CVE-2024-4315 GHSA-vqwr-q6cc-c242 |
parisneo/lollms Local File Inclusion (LFI) attack parisneo/lollms version 9.5 is vulnerable to Local File Inclusion (LFI) attacks due to insufficient path sanitization. The `sanitize_path_from_endpoint` function fails to properly sanitize Windows-style paths (backward slash `\`), allowing attackers to perform directory traversal attacks on Windows systems. This vulnerability can be exploited through various routes, including `personalities` and `/del_preset`, to read or delete any file on the Windows filesystem, compromising the system's availability. |
Affected by 11 other vulnerabilities. |
|
VCID-v123-jq2f-ufcw
Aliases: CVE-2024-6985 GHSA-6h64-g7cj-hj56 PYSEC-2024-122 |
A path traversal vulnerability exists in the api open_personality_folder endpoint of parisneo/lollms-webui. This vulnerability allows an attacker to read any folder in the personality_folder on the victim's computer, even though sanitize_path is set. The issue arises due to improper sanitization of the personality_folder parameter, which can be exploited to traverse directories and access arbitrary files. |
Affected by 16 other vulnerabilities. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| This package is not known to fix vulnerabilities. | ||