vulnerability in LocalAI project

While working on the LocalAI project, we discovered a critical vulnerability in the Go package Pion Interceptor(this dependency used by LocalAI), tracked as [CVE-2025-49140](https://vulert.com/vuln-db/CVE-2025-49140). This vulnerability affects versions v0.1.36 through v0.1.38 and allows an attacker to remotely crash applications using Pion-based SFU (Selective Forwarding Unit) implementations. 
 
[CVE Link](https://vulert.com/vuln-db/CVE-2025-49140)
[CVE Report](https://vulert.com/vuln-scan/list/00726eaa-7dcb-4f72-9ad3-273878cc014e?sort_order=desc&sort_by=created_at)



Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Uh oh!

vulnerability in LocalAI project #5623

Metadata

Assignees

Labels

Projects

Milestone

Relationships

Development

Uh oh!

vulnerability in LocalAI project #5623

Description

Metadata

Metadata

Assignees

Labels

Projects

Milestone

Relationships

Development

Issue actions