Bounties
Partners
Community
Info
huggingface / text-generation-inference
Project repository
Large Language Model Text Generation Inference
Submit a report
FIRST INTERACTION
WITHIN
11 DAYS
REVIEW
WITHIN
25 DAYS
FIX
WITHIN
N/A DAYS
Unauthenticated SSRF via callback_url in Hugging Face TGI /generate API CT
Jul 23rd 2025
donnyoregon
•
informative
Critical
Command Argument Injection in Model/Shard/Webserver Launch
Jul 9th 2025
joelindra
•
informative
Critical
Remote Code Execution Vulnerability in text-generation-inference via trust_remot...
Jul 9th 2025
aybanda
•
informative
Critical
Command Injection Vulnerability in bounds-from-nix.py
Jun 10th 2025
jnraris
•
informative
Critical
Remote Code Execution in CI via Malicious Model Import in HuggingFace text-gener...
Apr 17th 2025
michaelpierre
•
informative
High
The prefix cache collision problem in text-generation-inference.
Mar 25th 2025
kexinoh
•
not applicable
Code injection
Jun 10th 2024
h2oa
•
informative
Medium
•
CVE-2024-3924
CVE-2024-3924
Github action is vulnerable to arbitrary code execution
Feb 13th 2024
zmackie
•
informative
High
ReDOS in IMAGES
Jan 26th 2024
lujiefsi
•
spam
CRITICAL
$1500
HIGH
$750
MEDIUM
$125
LOW
$20
