AI Component

API

AI API vulnerabilities affect the interfaces used to interact with language models and ML services — including authentication, rate limiting, input validation, and response handling.

224

Total CVEs

Pages

Page 4 of 12

Current

Severity	CVE	Headline	Package	CVSS
MEDIUM	CVE-2025-13359	taxopress: SQL Injection exposes database		6.5
MEDIUM	CVE-2025-13922	AI component: SQL Injection exposes database		6.5
MEDIUM	CVE-2025-14371	AI component: Missing Auth allows unauthorized operations		4.3
HIGH	CVE-2025-65805	OAI CN5G AMF: Unauthenticated buffer overflow, RCE/DoS	oai-cn5g-amf	7.5
HIGH	CVE-2025-66786	OAI CN5G AMF: unauthenticated JSON DoS on 5G SBI interface	oai-cn5g-amf	7.5
MEDIUM	CVE-2025-14980	BetterDocs: Info Disclosure leaks sensitive data		6.5
HIGH	CVE-2025-65098	typebot: XSS enables session hijacking		7.4
UNKNOWN	CVE-2024-48919	Cursor IDE: prompt injection triggers terminal RCE		-
CRITICAL	CVE-2023-34239	Gradio: path traversal + SSRF exposes model files & infra	gradio	9.1
HIGH	CVE-2025-23042	Gradio: ACL bypass via path case manipulation	gradio	7.5
HIGH	CVE-2023-43472	MLflow: unauth REST API leaks sensitive ML data	mlflow	7.5
MEDIUM	CVE-2025-52967	MLflow: unauthenticated SSRF in gateway proxy	mlflow	5.8
HIGH	CVE-2025-14279	mlflow: security flaw enables exploitation	mlflow	8.1
HIGH	CVE-2026-0599	text-generation: DoS causes service disruption		7.5
HIGH	CVE-2024-8768	vLLM: unauthenticated DoS via empty completion prompt		7.5
MEDIUM	CVE-2024-8939	ilab/vllm: best_of param causes inference API DoS		6.2
MEDIUM	CVE-2025-48887	vLLM: ReDoS in tool parser causes service outage	vllm	6.5
MEDIUM	CVE-2025-48942	vLLM: DoS via malformed JSON schema guided param	vllm	6.5
MEDIUM	CVE-2025-48944	vLLM: input validation DoS crashes inference worker	vllm	6.5
HIGH	CVE-2025-48956	vLLM: unauthenticated DoS via oversized HTTP header	vllm	7.5

Page 4 of 12

Previous Next

Related AI Components

Framework Agent Model Inference Training Data RAG

API

Related AI Components

Weekly CISO Take + top threats