llamafactory

PyPI3 known CVEs affecting this package

Aggregated from OSV, GitHub Security Advisories, NVD, and vendor advisories. Each CVE links to its full detail page with vendor advisories, patches, fixed versions, and remediation guidance.

CVEs affecting llamafactorypage 1 of 1

CVE-2024-52803HIGHCVSS 7.5EG 7.5✓ Fixed in 0.9.1
2024-11-21
vulnerable: 0.7.1 ... 0.9.0 (6 versions)
LLama Factory enables fine-tuning of large language models. A critical remote OS command injection vulnerability has been identified in the LLama Factory training process. This vulnerability arises from improper handling of user input, all…
CVE-2025-46567MEDIUMCVSS 6.1EG 6.1✓ Fixed in 0.9.3
2025-05-01
vulnerable: 0.7.1 ... 0.9.2 (8 versions)
LLama Factory enables fine-tuning of large language models. Prior to version 1.0.0, a critical vulnerability exists in the `llamafy_baichuan2.py` script of the LLaMA-Factory project. The script performs insecure deserialization using `torc…
CVE-2025-61784HIGHCVSS 7.6EG 7.6✓ Fixed in 0.9.4
2025-10-07
vulnerable: 0.7.1 ... 0.9.3 (9 versions)
LLaMA-Factory is a tuning library for large language models. Prior to version 0.9.4, a Server-Side Request Forgery (SSRF) vulnerability in the chat API allows any authenticated user to force the server to make arbitrary HTTP requests to in…

Check whether llamafactory is used in your infrastructure

EchelonGraph scans your cloud and SBOMs to map every package to your actual deployments. See blast radius for llamafactory CVEs against the assets you own.

Start Free Scan →