AI Component

Agent

AI agent frameworks (AutoGPT, CrewAI, LangGraph, etc.) orchestrate LLM-powered autonomous actions. Their tool-use capabilities create unique attack surfaces not present in simple chat interfaces.

295

Total CVEs

Pages

Page 5 of 15

Current

Severity	CVE	Headline	Package	CVSS
HIGH	CVE-2025-57760	Langflow: privilege escalation to full superuser via CLI	langflow	8.8
HIGH	CVE-2025-34291	langflow: security flaw enables exploitation	langflow	8.8
MEDIUM	CVE-2025-68477	langflow: SSRF allows internal network access	langflow	6.5
HIGH	CVE-2025-68478	langflow: File Control enables path manipulation	langflow	7.1
CRITICAL	CVE-2026-21445	langflow: Missing Auth allows unauthenticated access	langflow	9.1
UNKNOWN	CVE-2026-0768	langflow: Code Injection enables RCE	langflow	-
UNKNOWN	CVE-2026-0769	langflow: Code Injection enables RCE	langflow	-
HIGH	CVE-2026-0770	langflow: security flaw enables exploitation	langflow	-
UNKNOWN	CVE-2026-0771	langflow: Code Injection enables RCE	langflow	-
UNKNOWN	CVE-2026-0772	langflow: Deserialization enables RCE	langflow	-
CRITICAL	CVE-2024-23751	LlamaIndex: SQL injection in Text-to-SQL feature	llamaindex	9.8
HIGH	CVE-2024-58339	llamaindex: Resource Exhaustion enables DoS	llamaindex	7.5
UNKNOWN	CVE-2025-34072	Slack MCP: zero-click exfiltration via link unfurling		-
UNKNOWN	CVE-2025-66479	Anthropic: Protection Bypass circumvents security controls		-
HIGH	CVE-2026-0621	mcp_typescript_sdk: security flaw enables exploitation		7.5
HIGH	CVE-2026-21852	claude_code: Weak Credentials allow account compromise	claude_code	7.5
UNKNOWN	CVE-2025-55012	Zed Agent Panel: AI agent RCE via permissions bypass		-
MEDIUM	CVE-2025-11844	smolagents: security flaw enables exploitation	smolagents	5.4
MEDIUM	CVE-2025-12695	dspy: security flaw enables exploitation		5.9
CRITICAL	CVE-2025-67511	cai-framework: Command Injection enables RCE		9.6

Page 5 of 15

Previous Next

Related AI Components

Framework API Model Inference Training Data RAG

Agent

Related AI Components

Weekly CISO Take + top threats