Every CVE whose affected-product data names Hliu Llava, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (5)
CVE-2024-9309 — CVSS 9.3 (critical): A Server-Side Request Forgery (SSRF) vulnerability exists in the POST /worker_generate_stream API endpoint of the Controller API Server in…
CVE-2024-10225 — CVSS 7.5 (high): A vulnerability in haotian-liu/llava v1.2.0 allows an attacker to cause a Denial of Service (DoS) by appending a large number of characters…
CVE-2024-12065 — CVSS 7.5 (high): A local file inclusion vulnerability exists in haotian-liu/llava at commit c121f04. This vulnerability allows an attacker to access any…
CVE-2024-12068 — CVSS 7.5 (high): A Server-Side Request Forgery (SSRF) vulnerability was discovered in haotian-liu/llava, affecting version git c121f04. This vulnerability…
CVE-2024-9308 — CVSS 6.1 (medium): An open redirect vulnerability in haotian-liu/llava version v1.2.0 (LLaVA-1.6) allows a remote unauthenticated attacker to redirect users…