Package impact
PyPI / invokeai
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2024-12029 | unknown | — | 1.0 | 1y ago | A remote code execution vulnerability exists in invoke-ai/invokeai versions 5.3.1 through 5.4.2 via the /api/v2/models/install API. The vulnerability arises from unsafe deserialization of model files… | |||
| CVE-2025-6237 | unknown | — | — | 9mo ago | InvokeAI has External Control of File Name or Path | |||
| CVE-2024-11042 | unknown | — | — | 1y ago | InvokeAI Arbitrary File Deletion vulnerability | |||
| CVE-2024-11043 | unknown | — | — | 1y ago | InvokeAI Uncontrolled Resource Consumption vulnerability | |||
| CVE-2024-10821 | unknown | — | — | 1y ago | InvokeAI has Denial of Service (DoS) vulnerability in `/api/v1/images/upload` |