Security: InternLM/lmdeploy
Security
No security policy detected
This project has not set up a SECURITY.md file yet.
Report a vulnerability-
Arbitrary code execution via hardcoded trust_remote_code=True in lmdeploy model initializationGHSA-m549-qq94-fvhg published
May 15, 2026 by lvhan028High -
Hardcoded trust_remote_code=True is an implicit unsafe remote-code load path with no user opt-out (CWE-1188 default-insecure)GHSA-9xq9-36w5-q796 published
May 15, 2026 by lvhan028High -
Server-Side Request Forgery (SSRF) in Vision-Language Image LoadingGHSA-6w67-hwm5-92mq published
Apr 18, 2026 by lvhan028High -
Arbitrary Code Execution via Insecure Deserialization in torch.load()GHSA-9pf3-7rrr-x5jh published
Dec 26, 2025 by lvhan028High
Learn more about advisories related to InternLM/lmdeploy in the GitHub Advisory Database