AI Security Threat Feed

llama-index: world-writable NLTK dir allows local tampering

vLLM: SSRF in media loader exposes internal network

LLaMA-Factory: SSRF+LFI in multimodal chat API

langchain-text-splitters: XXE enables arbitrary file read

llama-index-core: insecure /tmp dir, model theft risk

Picklescan: CRC bypass hides malicious pickle in ZIP

PickleScan: subclass bypass enables malicious model RCE

MONAI: unsafe pickle deserialization RCE in data pipeline

MONAI: unsafe deserialization in CheckpointLoader allows RCE

MONAI: path traversal allows arbitrary file write

EverNoteLoader: XXE exposes host files in LangChain

llama-index: JSON parsing DoS via deep recursion

xgrammar: uncontrolled recursion in grammar parsing causes DoS

vLLM: RCE via eval() in Qwen3 Coder tool parser

picklescan: detection bypass allows malicious pickle exec

skops: joblib fallback enables RCE via model load

skops: RCE via MethodNode unsafe deserialization

skops: OperatorFuncNode type confusion → RCE

ExecuTorch: heap overflow in method load, RCE risk

llama_index: path traversal allows arbitrary file read