repository icon
huggingface / text-generation-inference Project repository

Large Language Model Text Generation Inference

Submit a report

FIRST INTERACTION

WITHIN24 DAYS

REVIEW

WITHIN25 DAYS

FIX

WITHIN90 DAYS

SSRF via Unauthenticated /chat_tokenize Endpoint with Unrestricted Image URL Fet...
ryanhugh-security-fanpierlabs
duplicate
High
SSRF via image URL fetch with no IP/domain validation — works unauthenticated vi...
chrisabra-co
duplicate
High
Authentication bypass on /chat_tokenize — placed in info_routes instead of auth-...
kodareef5
informative
Medium
Blind SSRF via unvalidated image URL in multimodal model input processing
kodareef5
informative
None
Authentication Bypass on `/chat_tokenize` Enables Unauthenticated SSRF
seory0
informative
High
SSRF via Unvalidated Image URL in Chat Completion Endpoint — Cloud Metadata Exfi...
nhomyk
informative
High
Arbitrary Code Execution via exec() of AST-Unparsed Code in Documentation Genera...
nhomyk
informative
Critical
SSRF via Image URL Fetch in Chat Completion API — Zero SSRF Protections
snailsploit
informative
High
Path Traversal via model_id in _get_config_json in quantization.py
hhhashexe
informative
Medium
SSRF via unvalidated image URL in idefics_image_processing.py
hhhashexe
informative
High
Unauthenticated SSRF in Text Generation Inference Idefics Image Processor
wheresfrank
informative
High
Unbounded Memory Allocation via Base64 Image Decompression Bomb in Multimodal Ch...
pelegs202-design
informative
High
Tool Call Name Constraint Bypass via Schema Property Override
w0termelon
informative
High
Silent Prompt Manipulation via Malicious Chat Template (Supply Chain)
w0termelon
informative
None
Server-Side Request Forgery via Unvalidated Image URL in Multimodal Chat Complet...
pelegs202-design
informative
High
API Key Authentication Bypass on info_routes Exposes /chat_tokenize /info /metri...
pelegs202-design
informative
Medium
SSRF via unvalidated image URL fetching in VLM chat completions endpoint
eistee82
self closed
Watermark Forgery via Hardcoded Public Hash Key
w0termelon
informative
High
Cross-User Prompt Inference via Prefix Cache Timing Side Channel
w0termelon
informative
Medium
Cross-LoRA Adapter Cache Poisoning in Prefix Caching
w0termelon
informative
High
Cross-User KV Cache Access via Unauthenticated gRPC Batch Operations
w0termelon
informative
Medium
Information Disclosure via Hardcoded Telemetry and Insecure OTLP Configuration
w0termelon
informative
Medium
Safetensors Conversion Security Control Fails to Enforce Stated Policy
w0termelon
informative
High
SSRF via image URL fetching in VLM mode allows access to internal services and c...
narrator3333-hash
informative
High
download_weights follows base_model_name_or_path without validation, enabling su...
w0termelon
informative
Critical
DoS via Unbounded Messages Array in Chat Completions Endpoint
w0termelon
informative
High
SSRF via HTTP Redirect Chain Bypasses URL Validation in Image Fetching
w0termelon
informative
High
KServe and Google Vertex Inference Routes Bypass API Key Authentication
w0termelon
informative
None
API Key Authentication Uses Case-Insensitive Comparison
w0termelon
informative
None
SSRF via Model-Generated URLs in Re-queue Validation Loop
w0termelon
informative
None
Server-Side Request Forgery (SSRF) via multimodal image URL fetching in text-gen...
elucidator-hky
self closed
Memory exhaustion via image decompression bomb in multimodal requests
w0termelon
informative
None
CPU exhaustion from inefficient token text reconstruction
w0termelon
informative
None
Memory exhaustion DoS via unbounded tokenization queue
w0termelon
informative
High
SSRF via unvalidated image URL fetching in fetch_image() allows internal netwo...
hbcaspa
informative
Medium
Remote Code Execution via trust_remote_code Parameter
butlerzou-bot
informative
Critical
Remote Code Execution via trust_remote_code Parameter
butlerzou-bot
self closed
Remote Code Execution via trust_remote_code Parameter
butlerzou-bot
self closed
Incomplete Fix for CVE-2026-0599: Missing Timeout in Image Fetch Enables Unauthe...
mossharris
duplicate
High
API Key Authentication Bypass on Vertex AI Predict Route via AIP_PREDICT_ROUTE
s3zer0
informative
Medium
Unsafe GGUF Model Loading Leads to Out-of-Bounds Memory Access in llama.cpp Back...
directbuilds
informative
High
Missing Authentication on /chat_tokenize Endpoint (info_routes) Bypasses --api-k...
s3zer0
self closed
Case-Sensitive URL Prefix Check in validation.rs Allows Allowlist/Blocklist Bypa...
kai-agent
informative
Medium
Unbounded VecDeque Queue Allows Memory Exhaustion via Request Flooding
kai-agent
informative
High
Integer Overflow in ‎`decode_tokens` Budget Check Allows DoS
kai-agent
informative
High
TGI SSRF via Idefics Image Processor - Unrestricted URL Fetching Allows Internal...
avienma007
informative
Critical
Server-Side Request Forgery via Unauthenticated Image URL Fetching in Chat Compl...
avienma007
duplicate
Critical
Workflow_run artifact poisoning in upload_pr_documentation.yaml deploys attacker...
vera-platform
informative
Critical
Critical DoS and Blind SSRF via Unrestricted Image Fetching
zitoxxx
informative
High
Unbounded tokenization work queue enables memory-exhaustion DoS via /chat_tokeni...
cheonwoong-park
duplicate
High
Unauthenticated SSRF via Multimodal Image URL Fetching — Missing Private IP Filt...
hyperps
duplicate
Critical
Authentication Bypass on /chat_tokenize Enables Unauthenticated Server-Side Proc...
wernerina
informative
High
CUDA Graph Output Tensor Aliasing via lru_cache
chawdamrunal
informative
High
text-generation-inference: Unbounded memory allocation via max_tokens parameter...
prodigysec
informative
High
Multiple Critical DoS Vectors: Unbounded String Expansion (OOM), Uncaught Panics...
alielgendy-software
informative
High
Image Decompression Bomb Causes DoS via Unbounded Memory Allocation in Router (I...
phenggeler
informative
High
Unauthenticated Access to Sensitive Endpoints Bypasses Optional API Key Authenti...
zeroxjacks
informative
Medium
Server-Side Request Forgery (SSRF) via Unvalidated Image URLs in Vision Language...
zeroxjacks
duplicate
High
Blocking HTTP Calls in Async Context Cause Thread Starvation DoS in TGI Router
zeroxjacks
informative
High
Missing HTTP Timeout Configuration Enables Indefinite Thread Blocking DoS
zeroxjacks
informative
High
Unbounded Base64 Decompression in Data URIs Causes Memory Exhaustion DoS
zeroxjacks
informative
High
Vision Token Inflation via Malicious Image Dimensions Causes Heap Exhaustion in...
zeroxjacks
informative
High
Float Parameter Validation Bypass via IEEE 754 Special Values (NaN/Infinity)
drrose2029
informative
High
DFA State Explosion Denial of Service via Unbounded Grammar Regex Compilation
drrose2029
informative
High
router process crash via recursive $ref in JSON schema
vilkasdev
informative
High
arbitrary code execution when loading custom CUDA kernels or operators.
qian-feng
informative
High
SSRF via Image URL in Vision Language Model Prompts
theagentknownasren-gif
duplicate
None
HuggingFace Text-Generation-Inference fetch_image() Server-Side Request Forgery...
mia-718ai
duplicate
High
Unauthenticated SSRF in Multimodal Image Processing Enables AWS Credential Theft...
makeeverythingwithai-sketch
duplicate
Critical
Server-Side Request Forgery (SSRF) in Image Fetching
winters0x64
duplicate
Critical
Denial of Service via improper validation of max_new_tokens in Text Generation I...
winters0x64
informative
Critical
Unauthenticated Remote Denial of Service (DoS) and Resource Exhaustion via /grad...
deepscott
informative
High
Remote Code Execution via Implicit Trust in LoRA Adapter Loading
frede39-art
informative
Critical
Global Monkey-Patching of torch.nn.LayerNorm Enables Unsafe Deserialization Duri...
hyperps
informative
Critical
Unbounded SSE Streaming in Python Client Causes Client-Side Denial of Service
hyperps
informative
High
Unclaimed S3 Bucket in CI/CD Pipeline https://github.com/huggingface/text-genera...
gauravbhatia1211
informative
Critical
SSRF via Image URL Fetching Allows Access to Internal Services and Cloud Metadat...
jonnylitten
duplicate
Critical
Denial of Service via Unbounded Truncate Parameter in Neuron Backend
anwarayoob
informative
High
SSRF in image markdown validation of Hugging Face Text Generation Inference
f00dat
duplicate
Critical
RCE risk in `update_doc.py` due to exec of AST-unparsed class
7908837174
informative
Critical
Blind Server-Side Request Forgery (SSRF) in VLM Image URL Fetching
yousefabdelmohymen
informative
Medium
Multiple insecure deserialization vulnerabilities via chat tool parsing
sonw-vh
not applicable
Inconsistent Whitespace Formatting In Codebase
moonlight984
informative
None
Path Traversal
joelindra
informative
High
Vertex `instances` oversubscription DoS via per‑request fan‑out
sinon2003
informative
High
Regex-constrained generation DoS via heavy FSM build + per‑token filtering
sinon2003
informative
High
text-generation-inference: Unbounded external image fetch in validation leads to...
sinon2003
High
$750CVE-2026-0599
Arbitrary code execution leads to potential RCE via arbitrary module import (uni...
joshuaprovoste
self closed
Arbitrary File Read / Sandbox Escape in Hugging Face Text Generation Inference
ko7-dev
duplicate
Critical
Arbitrary File Read/Sandbox Escape via model_id Path in Huggingface text-generat...
darkeeeandme
informative
High
Unauthenticated SSRF via callback_url in Hugging Face TGI /generate API CT
donnyoregon
informative
Critical
Command Argument Injection in Model/Shard/Webserver Launch
joelindra
informative
Critical
Remote Code Execution Vulnerability in text-generation-inference via trust_remot...
aybanda
informative
Critical
Command Injection Vulnerability in bounds-from-nix.py
jnraris
informative
Critical
Remote Code Execution in CI via Malicious Model Import in HuggingFace text-gener...
michaelpierre
informative
High
The prefix cache collision problem in text-generation-inference.
kexinoh
not applicable
Code injection
h2oa
informative
Medium
CVE-2024-3924
Github action is vulnerable to arbitrary code execution
zmackie
informative
High
ReDOS in IMAGES
lujiefsi
spam