github.com/go-skynet/LocalAI

Go3 known CVEs affecting this package

Aggregated from OSV, GitHub Security Advisories, NVD, and vendor advisories. Each CVE links to its full detail page with vendor advisories, patches, fixed versions, and remediation guidance.

CVEs affecting github.com/go-skynet/LocalAIpage 1 of 1

CVE-2024-2029CRITICALCVSS 9.8EG 9.8
2024-04-10
A command injection vulnerability exists in the `TranscriptEndpoint` of mudler/localai, specifically within the `audioToWav` function used for converting audio files to WAV format for transcription. The vulnerability arises due to the lack…
CVE-2024-3135MEDIUMCVSS 6.5EG 6.5
2024-04-01
A Cross-Site Request Forgery (CSRF) vulnerability exists in the mudler/localai application, allowing attackers to craft malicious webpages that, when visited by a victim, perform unauthorized actions on the victim's local LocalAI instance …
CVE-2024-5182CRITICALCVSS 9.1EG 9.1
2024-06-20
A path traversal vulnerability exists in mudler/localai version 2.14.0, where an attacker can exploit the `model` parameter during the model deletion process to delete arbitrary files. Specifically, by crafting a request with a manipulated…

Check whether github.com/go-skynet/LocalAI is used in your infrastructure

EchelonGraph scans your cloud and SBOMs to map every package to your actual deployments. See blast radius for github.com/go-skynet/LocalAI CVEs against the assets you own.

Start Free Scan →