OSV - Open Source Vulnerabilities

GHSA-9xq9-36w5-q796

lmdeploy: Hardcoded trust_remote_code=True is an implicit unsafe remote-code load path with no user opt-out

yesterday

GHSA-m549-qq94-fvhg

LMDeploy: Arbitrary code execution via hardcoded trust_remote_code=True in lmdeploy model initialization

yesterday

GHSA-6w67-hwm5-92mq

LMDeploy has Server-Side Request Forgery (SSRF) via Vision-Language Image Loading

21 Apr

GHSA-9pf3-7rrr-x5jh

lmdeploy vulnerable to Arbitrary Code Execution via Insecure Deserialization in torch.load()

26 Dec 2025

GHSA-jfvg-qm4p-473x

InternLM LMDeploy code injection vulnerability

03 Apr 2025

GHSA-7vc5-mjwp-c8fq

LMDeploy Improper Input Validation Vulnerability

03 Apr 2025