Browse all 9 CVE security advisories affecting ggml-org. AI-powered Chinese analysis, POCs, and references for each vulnerability.
GGML-org develops open-source machine learning frameworks focused on efficient neural network inference and large language model deployment. Historically, their projects have been susceptible to remote code execution vulnerabilities, particularly in memory-handling components, and cross-site scripting issues in web interfaces. Privilege escalation risks have also been documented in certain deployment configurations. While no major public security incidents have been widely reported, the organization's 9 recorded CVEs highlight ongoing challenges in secure memory management and input validation within their ML tooling, necessitating careful implementation and regular updates for production environments.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2025-14569 | ggml-org whisper.cpp common-whisper.cpp read_audio_data use after free — whisper.cppCWE-416 | 5.3 | Medium | 2025-12-12 |
This page lists every published CVE security advisory associated with ggml-org. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.