AI Security Threat Feed

Supply Chain Model Poisoning Framework Training Data

SageMaker SDK: MD5 collision silently replaces ML workflows

sagemaker Patch: 2.237.3 CWE-328 51 3 ATLAS

Data Leakage Data Extraction Auth Bypass Framework API Agent

LiteLLM: API key leakage in logs exposes credentials

litellm Patch: 1.44.12 CWE-117 4 5 ATLAS

DoS API Framework Inference

litellm: unauthenticated DoS via multipart boundary parsing

litellm Patch: 1.56.2 CWE-400 4 3 ATLAS

Code Execution Data Extraction Framework API

OpenWebUI: path traversal RCE via audio upload API

open-webui Patch: 0.5.17 CWE-22 5 ATLAS

Code Execution Auth Bypass Framework API

Open-WebUI: CSRF enables RCE via pipeline code injection

open-webui Patch: 0.3.33 CWE-352 6 ATLAS

Supply Chain Code Execution Framework Model

ONNX: path traversal in download_model enables RCE

onnx Patch: 1.17.0 CWE-22 1.1K 3 ATLAS

CRITICAL EXPLOIT AVAIL

pytorch-lightning: file upload RCE (Windows)

Code Execution Supply Chain Framework Training Data

pytorch-lightning Patch: 2.4.0 CWE-434 1.6K 4 ATLAS

open-webui Patch: 0.4.7 CWE-400 3 ATLAS

open-webui: DoS via malformed multipart boundary

GHSA-6wj5-5pgr-jwq8

7.5

1y ago

DoS Framework API

Code Execution Auth Bypass Framework API

lollms: RCE via eval() sandbox bypass in Calculate

lollms Patch: 11.0.0 CWE-94 4 ATLAS

DoS Supply Chain Framework RAG

llama-index: DoS via infinite recursion in web reader

llama-index Patch: 0.12.9 CWE-400 229 4 ATLAS

CRITICAL EXPLOIT AVAIL

llama-index DuckDB retriever: SQLi enables RCE

Code Execution Supply Chain Data Extraction Framework RAG Plugin

llama-index-retrievers-duckdb-retriever Patch: 0.4.0 CWE-89 229 5 ATLAS

Data Extraction Data Leakage Privacy Violation Framework Agent

langchain-core: file read via prompt template inputs

langchain-core Patch: 0.1.53 CWE-497 4.3K 4 ATLAS

DoS Framework API Inference

litellm: unauthenticated DoS crashes LLM proxy server

litellm Patch: 1.53.1.dev1 CWE-400 4 3 ATLAS

Supply Chain Code Execution Framework Model

picklescan: ZIP spoof lets malicious PyTorch models bypass scan

picklescan Patch: 0.0.23 CWE-345 3 5 ATLAS

MEDIUM

Ray: Redis password exposed via plaintext logging

Data Leakage Data Extraction Framework Training Data

ray Patch: 2.43.0 CWE-532 845 4 ATLAS

CRITICAL EXPLOIT AVAIL

spacy-llm: SSTI allows unauthenticated RCE (CVSS 9.8)

Code Execution Data Extraction Framework

spacy-llm Patch: 0.7.3 CWE-94 154 4 ATLAS

Supply Chain Code Execution Model Framework

picklescan: scanner bypass enables supply chain RCE

CVE-2025-1716

EPSS 16.2%

1y ago

picklescan Patch: 0.0.22 CWE-184 3 5 ATLAS

Supply Chain Code Execution Model Framework

picklescan: extension bypass enables RCE on model load

CVE-2025-1889

EPSS 0.1%

1y ago

picklescan Patch: 0.0.22 CWE-646 3 5 ATLAS

Data Extraction Auth Bypass Framework Training Data

Label Studio: SSRF via S3 endpoint exposes internal services

label-studio Patch: 1.16.0 CWE-918 1 4 ATLAS