Attack Type

Auth Bypass

AI/ML platforms accumulate auth-bypass vulnerabilities at the same rate as other web software, but the blast radius is unusual: a bypass on an inference endpoint exposes expensive compute, paid model access, and potentially other tenants' conversations. Common patterns we see in NVD and GHSA include misconfigured JWT verification in self-hosted inference servers, missing authorization checks on admin routes in ML platforms, IDOR on prediction-history endpoints, and SSRF that escapes a sandboxed agent into the platform's internal network. Open-source AI platforms (MLflow, Gradio, LangServe, Ollama) have shipped multiple high-severity auth-bypass CVEs since 2023; CISA KEV has flagged at least one (the MLflow path-traversal/auth chain). Defenses: keep self-hosted AI platforms patched aggressively, require auth on all model endpoints, network-segment inference servers, and treat any exposed AI service as if compute-cost abuse will happen.

557

Total CVEs

Pages

Page 2 of 28

Current

Severity	CVE	Headline	Package	CVSS
CRITICAL	CVE-2023-3686	QuickAI: unauthenticated SQLi exposes OpenAI API keys	quickai_openai	9.8
MEDIUM	CVE-2024-0451	wpbot: missing auth exposes OpenAI account files	wpbot	5.0
HIGH	CVE-2024-0452	WordPress AI ChatBot: auth bypass enables OpenAI file upload	wpbot	7.7
HIGH	CVE-2024-0453	WordPress ChatBot: missing authz deletes OpenAI files	wpbot	7.7
MEDIUM	CVE-2024-4858	WP Testimonial Carousel: OpenAI API key hijack, no auth		5.3
HIGH	CVE-2024-6587	LiteLLM: SSRF leaks OpenAI API key to attacker	litellm	7.5
MEDIUM	CVE-2024-6845	ChatGPT WP Plugin: OpenAI API key leak via unauth REST		5.3
HIGH	CVE-2024-7714	AYS ChatGPT WP Plugin: auth bypass disables AI service		7.5
CRITICAL	CVE-2024-52384	Sage AI Plugin: unrestricted upload → web shell RCE		9.9
HIGH	CVE-2024-32965	Lobe Chat: pre-auth SSRF leaks OpenAI API keys		8.6
UNKNOWN	CVE-2024-56516	free-one-api: MD5 hashing allows credential cracking		-
MEDIUM	CVE-2024-13698	Jobify WP: missing authz allows OpenAI key abuse, SSRF		6.5
UNKNOWN	CVE-2024-11037	gpt_academic: path traversal exposes LLM API keys	gpt_academic	-
UNKNOWN	CVE-2024-12775	Dify: SSRF via custom tool URL enables credential theft		-
HIGH	CVE-2024-7959	Open-WebUI: SSRF via unchecked OpenAI URL leaks internal secrets	open-webui	7.7
MEDIUM	CVE-2025-31843	OpenAI WP Plugin: broken access control on AI settings		4.3
HIGH	CVE-2025-5018	Hive Support WP: OpenAI key theft + prompt hijack		7.1
MEDIUM	CVE-2025-7780	WordPress AI Engine: SSRF leaks files via OpenAI API		6.5
MEDIUM	CVE-2025-54558	OpenAI Codex CLI: sandbox bypass via ripgrep flag abuse		4.1
CRITICAL	CVE-2025-53767	Azure OpenAI: SSRF EoP, no auth required (CVSS 10)	azure_openai	10.0

Page 2 of 28

Previous Next

Related Attack Types

Prompt Injection Data Extraction Jailbreak Supply Chain Model Poisoning Adversarial Examples

Auth Bypass

Related Attack Types

Weekly CISO Take + top threats