AI Security Threat Feed

Langflow is a tool for building and deploying AI-powered agents and workflows. Prior to version 1.7.1, in the download_profile_picture function of the /profile_pictures/{folder_name}/{file_name}...

Langflow is a tool for building and deploying AI-powered agents and workflows. Versions 1.2.0 through 1.8.1 have a bypass of the patch for CVE-2025-68478 (External Control of File Name), leading to...

A vulnerability in MLflow's pyfunc extraction process allows for arbitrary file writes due to improper handling of tar archive entries. Specifically, the use of `tarfile.extractall` without path...

A command injection vulnerability exists in mlflow/mlflow versions before v3.7.0, specifically in the `mlflow/sagemaker/__init__.py` file at lines 161-167. The vulnerability arises from the direct...

fickling's `platform` module subprocess invocation evades `check_safety()` with `LIKELY_SAFE`

fickling modules linecache, difflib and gc are missing from the unsafe modules blocklist

MCP Atlassian has an arbitrary file write leading to arbitrary code execution via unconstrained download_path in confluence_download_attachment

MCP Atlassian has SSRF via unvalidated X-Atlassian-Jira-Url / X-Atlassian-Confluence-Url headers

SageMaker Python SDK replaced eval() with safe parser in JumpStart search functionality

LangGraph checkpoint loading has unsafe msgpack deserialization

xgrammar vulnerable to DoS via multi-layer nesting

Fickling missing RCE-capable modules in UNSAFE_IMPORTS

Fickling has `always_check_safety()` bypass: pickle.loads and _pickle.loads remain unhooked

PickleScan has multiple stdlib modules with direct RCE not in blocklist

PickleScan's pkgutil.resolve_name has a universal blocklist bypass

PickleScan's profile.run blocklist mismatch allows exec() bypass

Fickling has safety check bypass via REDUCE+BUILD opcode sequence

Fickling: OBJ opcode call invisibility bypasses all safety checks

MLflow Use of Default Password Authentication Bypass Vulnerability. This vulnerability allows remote attackers to bypass authentication on affected installations of MLflow. Authentication is not...

MLflow Tracking Server Artifact Handler Directory Traversal Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of...

Ray dashboard DELETE endpoints allow unauthenticated browser-triggered DoS (Serve shutdown / job deletion)

Fickling has a detection bypass via stdlib network-protocol constructors

Microsoft Semantic Kernel InMemoryVectorStore filter functionality vulnerable to remote code execution

Picklescan (scan_pytorch) Bypass via dynamic eval MAGIC_NUMBER

Semantic Kernel is an SDK used to build, orchestrate, and deploy AI agents and multi-agent systems. Prior to 1.71.0, an Arbitrary File Write vulnerability has been identified in Microsoft's Semantic...

Pydantic AI is a Python agent framework for building applications and workflows with Generative AI. From 0.0.26 to before 1.56.0, aServer-Side Request Forgery (SSRF) vulnerability exists in Pydantic...

Pydantic AI is a Python agent framework for building applications and workflows with Generative AI. From 1.34.0 to before 1.51.0, a path traversal vulnerability in the Pydantic AI web UI allows an...

SageMaker Python SDK has Exposed HMAC

SageMaker Python SDK has Insecure TLS Configuration

picklescan vulnerable to arbitrary file create using logging.FileHandler

picklescan missing detection by simple obfuscation of a `builtins.eval` call

Lollms has an Improper Access Control vulnerability

llama-index-core vulnerable to Uncontrolled Resource Consumption

In mlflow version 2.20.3, the temporary directory used for creating Python virtual environments is assigned insecure world-writable permissions (0o777). This vulnerability allows an attacker with...

Chainlit contain a server-side request forgery (SSRF) vulnerability

Google Keras Allocates Resources Without Limits or Throttling in the HDF5 weight loading component

Chainlit contains an authorization bypass vulnerability

MLFlow versions up to and including 3.4.0 are vulnerable to DNS rebinding attacks due to a lack of Origin header validation in the MLFlow REST server. This vulnerability allows malicious websites to...

Fickling vulnerable to detection bypass due to "builtins" blindness

Fickling has Static Analysis Bypass via Incomplete Dangerous Module Blocklist

Fickling vulnerable to use of ctypes and pydoc gadget chain to bypass detection

Fickling Blocklist Bypass: cProfile.run()

Fickling has a bypass via runpy.run_path() and runpy.run_module()

vLLM introduced enhanced protection for CVE-2025-62164

picklescan has Arbitrary file read using `io.FileIO`

MONAI has Path Traversal (Zip Slip) in NGC Private Bundle Download

Picklescan is vulnerable to RCE via missing detection when calling built-in python _operator.attrgetter

Picklescan is vulnerable to RCE via missing detection when calling built-in python _operator.methodcaller

Picklescan is vulnerable to RCE through missing detection when calling numpy.f2py.crackfortran._eval_length

Picklescan is vulnerable to RCE via missing detection when calling numpy.f2py.crackfortran.getlincoef