Bounties
Partners
Community
Info
bentoml / openllm
Project repository
Run any open-source LLMs, such as Llama, Mistral, as OpenAI compatible API endpoint in the cloud.
Submit a report
FIRST INTERACTION
WITHIN
N/A DAYS
REVIEW
WITHIN
21 DAYS
FIX
WITHIN
N/A DAYS
Arbitrary file write via path traversal in model alias handling during `openllm...
Jun 6th 2026
hiyokosauna37
•
duplicate
Medium
Unsafe deserialization via torch.load and pickle in OpenLLM model loading
Jun 5th 2026
etwithin
•
pending
OS Command Injection via create_subprocess_shell in async_run_command()
Jun 4th 2026
apeiria-zero
•
pending
Arbitrary File Write via Path Traversal in _complete_alias() (repo.py)
Jun 4th 2026
apeiria-zero
•
duplicate
Medium
Arbitrary File Read (Error-Based LFI) via Path Traversal in Model Tag Parsing
May 31st 2026
unicuervo16
•
pending
Arbitrary File Write via Path Traversal in Alias Label Processing
May 25th 2026
pavanchow
•
pending
Openllm has a deserialization vulnerability that can lead to RCE.
Jun 2nd 2025
coder-sjn
•
pending
Local File Inclusion
Nov 21st 2024
srivallikusumba
•
Medium
•
$125
Medium
•
$125
•
CVE-2024-8982
CVE-2024-8982
eval() function code injection in bentoml/openllm
Jun 10th 2024
vanirxxx
•
informative
Critical
CRITICAL
$0
HIGH
$0
MEDIUM
$0
LOW
$0
