Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

ggml-org — Vulnerabilities & Security Advisories 9

Browse all 9 CVE security advisories affecting ggml-org. AI-powered Chinese analysis, POCs, and references for each vulnerability.

GGML-org develops open-source machine learning frameworks focused on efficient neural network inference and large language model deployment. Historically, their projects have been susceptible to remote code execution vulnerabilities, particularly in memory-handling components, and cross-site scripting issues in web interfaces. Privilege escalation risks have also been documented in certain deployment configurations. While no major public security incidents have been widely reported, the organization's 9 recorded CVEs highlight ongoing challenges in secure memory management and input validation within their ML tooling, necessitating careful implementation and regular updates for production environments.

Top products by ggml-org: llama.cpp whisper.cpp
CVE IDTitleCVSSSeverityPublished
CVE-2026-34159 llama.cpp: Unauthenticated RCE via GRAPH_COMPUTE buffer=0 bypass in llama.cpp RPC backend — llama.cppCWE-119 9.8 Critical2026-04-01
CVE-2026-33298 llama.cpp has a Heap Buffer Overflow via Integer Overflow in GGUF Tensor Parsing — llama.cppCWE-122 7.8 High2026-03-24
CVE-2026-27940 llama.cpp has a Heap Buffer Overflow via Integer Overflow in `mem_size` Calculation — Bypass of CVE-2025-53630 Fix — llama.cppCWE-122 7.8 High2026-03-12
CVE-2026-2069 ggml-org llama.cpp GBNF Grammar llama-grammar.cpp llama_grammar_advance_stack stack-based overflow — llama.cppCWE-121 3.3 Low2026-02-06
CVE-2026-21869 llama.cpp has Out-of-bounds Write in llama-server — llama.cppCWE-787 8.8 High2026-01-07
CVE-2025-14569 ggml-org whisper.cpp common-whisper.cpp read_audio_data use after free — whisper.cppCWE-416 5.3 Medium2025-12-12
CVE-2025-53630 Integer Overflow in GGUF Parser can lead to Heap Out-of-Bounds Read/Write in gguf — llama.cppCWE-122 9.8AICriticalAI2025-07-10
CVE-2025-52566 llama.cpp tokenizer signed vs. unsigned heap overflow — llama.cppCWE-119 8.6 High2025-06-24
CVE-2025-49847 llama.cpp Vulnerable to Buffer Overflow via Malicious GGUF Model — llama.cppCWE-119 8.8 High2025-06-17

This page lists every published CVE security advisory associated with ggml-org. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.