Package impact
PIP / lmdeploy
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2026-46517 | high | — | 8.0 | 8d ago | lmdeploy: Hardcoded trust_remote_code=True is an implicit unsafe remote-code load path with no user opt-out | |||
| CVE-2026-46432 | high | — | 8.0 | 8d ago | LMDeploy: Arbitrary code execution via hardcoded trust_remote_code=True in lmdeploy model initialization |