CVE-2024-23730: The OpenAPI and ChatGPT plugin loaders in LlamaHub (aka llama-hub) before 0.0.67 allow attackers to execute arbitrary co
criticalvulnerabilityLLM-Specific
security
Summary
LlamaHub (a library for loading plugins) versions before 0.0.67 have a vulnerability in how they handle OpenAPI and ChatGPT plugin loaders that allows attackers to execute arbitrary code (run any code they choose on a system). The problem is that the code uses unsafe YAML parsing instead of safe_load (a secure function that prevents malicious code in configuration files).
Solution / Mitigation
Upgrade LlamaHub to version 0.0.67 or later, as indicated by the release notes and patch references in the source.
Vulnerability Details
CVSS Score
9.8(critical)
EPSS (30-day exploit probability)
EPSS: 0.2%
Classification
Attack Type
Supply Chain
Attack SophisticationTrivial
Impact (CIA+S)
integrityconfidentiality
Affected Vendors
LlamaIndex
Related Issues
Original source: https://nvd.nist.gov/vuln/detail/CVE-2024-23730
First tracked: February 15, 2026 at 08:50 PM
Classified by LLM (prompt v3) · confidence: 95%