AI Component

API

AI API vulnerabilities affect the interfaces used to interact with language models and ML services — including authentication, rate limiting, input validation, and response handling.

225

Total CVEs

Pages

Page 7 of 12

Current

Severity	CVE	Headline	Package	CVSS
CRITICAL	CVE-2025-13374	Kalrav: Arbitrary File Upload enables RCE		9.8
HIGH	CVE-2026-25580	pydantic-ai: SSRF allows internal network access	pydantic-ai-slim	8.6
HIGH	CVE-2026-24780	agpt: Code Injection enables RCE		8.8
MEDIUM	CVE-2023-34094	ChuanhuChatGPT: config exposure leaks API keys	chuanhuchatgpt	5.3
CRITICAL	CVE-2024-31224	gpt_academic: deserialization RCE, no auth required	gpt_academic	9.8
HIGH	CVE-2024-36420	Flowise: unauthenticated arbitrary file read via API	flowise	7.5
HIGH	CVE-2025-61784	LLaMA-Factory: SSRF+LFI in multimodal chat API	llamafactory	8.1
CRITICAL	CVE-2024-49326	Affiliator WP Plugin: Unauthenticated Web Shell Upload	affiliator	9.8
HIGH	CVE-2026-1669	keras: File Control enables path manipulation	keras	7.5
CRITICAL	CVE-2025-54381	BentoML: unauthenticated SSRF via file upload URLs	bentoml	9.9
HIGH	CVE-2023-27563	n8n: privilege escalation exposes full workflow admin	n8n	8.8
HIGH	CVE-2023-27564	n8n: unauthenticated info disclosure exposes credentials	n8n	7.5
MEDIUM	CVE-2025-52478	n8n: Stored XSS enables full account takeover	n8n	5.4
CRITICAL	CVE-2025-55526	n8n-workflows: path traversal in download_workflow endpoint	fastapi	9.1
CRITICAL	CVE-2026-21858	n8n: Input Validation flaw enables exploitation	n8n	10.0
HIGH	CVE-2025-61917	n8n: Info Disclosure leaks sensitive data	n8n	7.7
CRITICAL	CVE-2026-25049	n8n: security flaw enables exploitation	n8n	9.9
MEDIUM	CVE-2026-25051	n8n: XSS enables session hijacking	n8n	5.4
CRITICAL	CVE-2026-25052	n8n: security flaw enables exploitation	n8n	9.9
MEDIUM	CVE-2026-25054	n8n: XSS enables session hijacking	n8n	5.4

Page 7 of 12

Previous Next

Related AI Components

Framework Agent Model Inference Training Data RAG

API

Related AI Components

Weekly CISO Take + top threats