pkg:PyPI/lollms

23 total CVEsCRITICAL6HIGH9MEDIUM7LOW1

✅ Check your installed version

All known vulnerabilities

  • CRITICAL9.8CVE-2026-1114In parisneo/lollms version 2.1.0, the application's session management is vulnerable to improper access control due to the use of a weak se…
    from 0, <= 2.1.0
  • CRITICAL9.8CVE-2024-5443Remote Code Execution via path traversal bypass in lollms
    >= 5.9.0, < 9.5.1
  • CRITICAL9.8CVE-2024-3429LoLLMS Path Traversal vulnerability
    from 0, < 9.5.0
  • CRITICAL9.8CVE-2024-4078LoLLMS Command Injection vulnerability
    from 0, < 9.5.0
  • CRITICAL9.6CVE-2026-1115parisneo/lollms vulnerable to stored XSS in the social feature
    from 0, < 2.2.0
  • CRITICAL9.1CVE-2024-4315parisneo/lollms Local File Inclusion (LFI) attack
    from 0, < 9.5.0
  • HIGH8.6CVE-2024-6085lollms vulnerable to path traversal due to unauthenticated root folder settings change
    from 0, <= 9.5.1
  • HIGH8.4CVE-2024-6982LoLLMS Code Injection vulnerability
    from 0, < 11.0.0
  • HIGH8.2CVE-2026-1117Lollms has an Improper Access Control vulnerability
    from 0, < 2.1.0
  • HIGH7.5CVE-2025-6386Lord of Large Language Models vulnerable to Observable Discrepancy attack via authenticate_user function
    from 0, <= 11.0.0
  • HIGH7.5CVE-2024-4881LoLLMS Path Traversal vulnerability
    from 0, < 9.5.0
  • HIGH7.5CVE-2024-4881LoLLMS Path Traversal vulnerability
    from 0, < 95ad36eeffc6a6be3e3f35ed35a384d768f0ecf6 | from 0, < 5.9.0
  • HIGH7.4CVE-2024-5824lollms path traversal vulnerability allows overriding of config.yaml file, leading to RCE
    from 0, < 9.5.0
  • HIGH7.3CVE-2024-6281LoLLMS vulnerable to Expected Behavior Violation
    from 0, < 9.5.1
  • HIGH7.3CVE-2024-6139lollms vulnerable to dot-dot-slash path traversal in XTTS server
    from 0, <= 9.5.1
  • MEDIUM6.8CVE-2024-3121Remote Code Execution in create_conda_env function in lollms
    from 0, <= 9.5.1
  • MEDIUM6.5CVE-2024-6581Lollms vulnerable to Cross-site Scripting
    from 0, <= 9.5.1
  • MEDIUM6.5CVE-2024-6581Lollms vulnerable to Cross-site Scripting
    from 0, < 328b960a0de2097e13654ac752253e9541521ddd | from 0
  • MEDIUM4.4CVE-2024-6985Lord of Large Language Models (LoLLMs) path traversal vulnerability in the api open_personality_folder endpoint
    from 0, <= 9.5.1
  • MEDIUM4.4CVE-2024-6985Lord of Large Language Models (LoLLMs) path traversal vulnerability in the api open_personality_folder endpoint
    from 0, < 28ee567a9a120967215ff19b96ab7515ce469620 | from 0, < 5.9.0
  • MEDIUM4.1CVE-2026-1163parisneo/lollms has an insufficient session expiration vulnerability
    from 0, <= 11.0.0
  • MEDIUM4.0CVE-2024-4330path traversal vulnerability was identified in the parisneo/lollms-webui
  • LOW3.4CVE-2024-6971Lord of Large Language Models (LoLLMs) Server path traversal vulnerability in lollms_file_system.py
    from 0, <= 9.5.1
PyPI/lollms — 23 CVEs · VulnScope