AI Threat Alert
AI Component
API
AI API vulnerabilities affect the interfaces used to interact with language models and ML services — including authentication, rate limiting, input validation, and response handling.
225
Total CVEs
12
Pages
Page 9 of 12
Current
| Severity | CVE | Headline | Package | CVSS |
|---|---|---|---|---|
| MEDIUM | CVE-2025-61620 | vllm: DoS via Jinja template injection in chat API | vllm | 6.5 |
| UNKNOWN | CVE-2026-33401 | Wallos: SSRF allows internal network access | - | |
| HIGH | CVE-2024-7036 | open-webui: unauthenticated DoS disables Admin panel | open-webui | 7.5 |
| MEDIUM | GHSA-hf3c-wxg2-49q9 | vLLM: DoS via unbounded XGrammar schema cache | vllm | 6.5 |
| HIGH | CVE-2024-8984 | litellm: unauthenticated DoS via multipart boundary parsing | litellm | 7.5 |
| HIGH | CVE-2024-6982 | lollms: RCE via eval() sandbox bypass in Calculate | lollms | 8.4 |
| MEDIUM | CVE-2024-7035 | Open WebUI: CSRF wipes RAG DB and AI memories via GET | open-webui | 6.9 |
| HIGH | CVE-2024-8020 | pytorch-lightning: unauthenticated DoS crashes LightningApp | pytorch-lightning | 7.5 |
| HIGH | CVE-2024-7990 | open-webui: Stored XSS enables admin session hijack | open-webui | 8.4 |
| HIGH | CVE-2024-8060 | OpenWebUI: path traversal RCE via audio upload API | open-webui | 8.1 |
| HIGH | CVE-2024-8053 | Open-WebUI: unauthenticated PDF endpoint enables DoS | open-webui | 7.5 |
| HIGH | CVE-2024-7983 | open-webui: unauthenticated DoS via markdown parser | open-webui | 7.5 |
| HIGH | CVE-2024-7806 | Open-WebUI: CSRF enables RCE via pipeline code injection | open-webui | 8.0 |
| HIGH | GHSA-6wj5-5pgr-jwq8 | open-webui: DoS via malformed multipart boundary | open-webui | 7.5 |
| HIGH | GHSA-w466-2wfc-8g58 | open-webui: DoS via starlette memory exhaustion | open-webui | 7.5 |
| HIGH | CVE-2024-7053 | open-webui: XSS enables admin session hijack via chat | open-webui | 7.6 |
| MEDIUM | CVE-2024-7046 | Open WebUI: missing authz leaks admin credentials | open-webui | 4.3 |
| HIGH | CVE-2024-12534 | open-webui: unauthenticated DoS via login payload flood | open-webui | 7.5 |
| MEDIUM | CVE-2024-7034 | open-webui: path traversal allows arbitrary file write/RCE | open-webui | 6.5 |
| HIGH | CVE-2024-7039 | open-webui: Privilege bypass enables admin account deletion | open-webui | 8.3 |