AI Threat Alert
AI Component
API
AI API vulnerabilities affect the interfaces used to interact with language models and ML services — including authentication, rate limiting, input validation, and response handling.
225
Total CVEs
12
Pages
Page 6 of 12
Current
| Severity | CVE | Headline | Package | CVSS |
|---|---|---|---|---|
| UNKNOWN | CVE-2024-1561 | Gradio: path traversal enables arbitrary file read | gradio | - |
| HIGH | CVE-2024-34510 | Gradio: credential leakage via Windows path encoding bug | gradio | 7.5 |
| CRITICAL | CVE-2024-4253 | Gradio: CI/CD command injection enables secrets exfiltration | gradio | 9.1 |
| CRITICAL | CVE-2024-3234 | ChuanhuChatGPT: path traversal exposes LLM API keys | chuanhuchatgpt | 9.8 |
| MEDIUM | CVE-2024-47165 | Gradio: CORS null origin bypass leaks auth tokens | gradio | 5.4 |
| LOW | CVE-2024-47869 | Gradio: timing attack exposes analytics dashboard auth | gradio | 3.7 |
| CRITICAL | CVE-2024-47871 | Gradio: cleartext MITM exposes ML demo data via share=True | gradio | 9.1 |
| UNKNOWN | CVE-2024-10650 | ChuanhuChatGPT: DoS via multipart payload exhaustion | chuanhuchatgpt | - |
| UNKNOWN | CVE-2024-10707 | ChuanhuChatGPT: path traversal exposes server files unauthed | chuanhuchatgpt | - |
| MEDIUM | CVE-2024-12217 | Gradio: NTFS ADS bypass exposes blocked file paths | gradio | 5.3 |
| MEDIUM | CVE-2024-8021 | Gradio: open redirect exposes AI demo users to phishing | gradio | 6.1 |
| UNKNOWN | CVE-2025-0187 | Gradio: DoS via oversized upload filename | gradio | - |
| CRITICAL | CVE-2024-41118 | streamlit-geospatial: blind SSRF via WMS URL input | streamlit-geospatial | 9.8 |
| CRITICAL | CVE-2024-41120 | streamlit-geospatial: blind SSRF via unvalidated URL input | streamlit-geospatial | 9.8 |
| MEDIUM | CVE-2024-42474 | Streamlit: path traversal leaks Windows NTLM hash | streamlit | 6.5 |
| UNKNOWN | CVE-2025-34072 | Slack MCP: zero-click exfiltration via link unfurling | - | |
| UNKNOWN | CVE-2025-66479 | Anthropic: Protection Bypass circumvents security controls | - | |
| HIGH | CVE-2026-0621 | mcp_typescript_sdk: security flaw enables exploitation | 7.5 | |
| HIGH | CVE-2026-21852 | claude_code: Weak Credentials allow account compromise | claude_code | 7.5 |
| MEDIUM | CVE-2025-63390 | anythingllm: Missing Auth allows unauthenticated access | 5.3 |