SecAlerts
CVE ListPricingSign Up
lollms logo

lollms

Security Risk Profile

65
/100
high

Security Risk Score

Comprehensive risk assessment based on 67 vulnerabilities, EPSS scores, exploitation status, and remediation availability.

📅 Data spans from March 11, 2024 to present

67
Total CVEs
54
Critical+High
0
Exploited
21
Unpatched

Threat Assessment

Avg CVSS
8
Base severity
Avg EPSS
0%
Exploit probability
Unpatched
21
Critical/High
Risk Level
65/100
high

Severity Distribution

Critical
25
High
29
Medium
13
Low
0

Exploit Likelihood

>50% chance
0
20-50%
0
5-20%
0
<5%
15

Age Distribution

Common Weaknesses (CWE)

1
Path Traversal
26
2
CSRF
10
3
XSS
9
4
OS Command Injection
5
5
Command Injection
5

Most Affected Products

1. lollms Lollms Web Ui46
2. parisneo lollms-webui38
3. lollms lollms11
4. lollms lollms-webui10
5. pip/lollms7

Recent Vulnerabilities

See more →
CVE-2026-1116
CVSS 6.1medium

Cross-site Scripting (XSS) in parisneo/lollms

4/12/2026
CVE-2026-1115
CVSS 9.6critical

Stored XSS in parisneo/lollms

4/10/2026
CVE-2026-1114
CVSS 9.8critical

Improper Access Control via Weak JWT Token in parisneo/lollms

4/7/2026
CVE-2026-0558
CVSS 9.8critical

Unauthenticated File Upload in parisneo/lollms

3/29/2026
CVE-2026-0560
CVSS 7.5high

Server-Side Request Forgery (SSRF) in parisneo/lollms

3/29/2026
CVE-2026-0562
CVSS 8.3high

Insecure Direct Object Reference (IDOR) in parisneo/lollms

3/29/2026
CVE-2026-33340
CVSS 9.1EPSS 0%critical

LoLLMs WEBUI has unauthenticated Server-Side Request Forgery (SSRF) in /api/proxy endpoint

3/24/2026🔧 No Patch
CVE-2024-12766
CVSS 7.5high

SSRF in parisneo/lollms-webui

3/20/2025🔧 No Patch
CVE-2024-8736
CVSS 7.1high

Denial of Service (DoS) via Multipart Boundary in parisneo/lollms-webui

3/20/2025🔧 No Patch
CVE-2024-8898
CVSS 9.8critical

Path Traversal in parisneo/lollms-webui

3/20/2025

Monitor lollms in Real-Time

Get instant alerts when new vulnerabilities are discovered. Stay ahead of security threats with SecAlerts.

Start Free TrialBook a Demo
Powered bySecAlerts

Monitor Your Software Stack in Real-Time

Get instant alerts when vulnerabilities are discovered in your software stack. Stay ahead of security threats with SecAlerts.

Start Free TrialBook a Demo
AboutNewsDocumentationTermsContact

© 2026 SecAlerts Pty Ltd. All rights reserved.

lollms Security Vulnerabilities & Risk Score | 67 CVEs | SecAlerts - SecAlerts