Advisories for Pypi/Llama-Stack package

2026

Llama Stack exposes secret in initialization log

Llama Stack (aka llama-stack) before 0.4.0rc3 does not censor the pgvector password in the initialization log.

2025

Llama Stack could potentially allow for remote code execution

Llama Stack prior to version v0.2.20 accepted unverified parameters in the resolve_ast_by_type function which could potentially allow for remote code execution.