AI Threat Alert
Attack Type
Code Execution
Remote code execution (RCE) vulnerabilities in AI frameworks allow attackers to execute arbitrary code on servers running ML inference, training pipelines, or AI agent frameworks.
631
Total CVEs
32
Pages
Page 15 of 32
Current
| Severity | CVE | Headline | Package | CVSS |
|---|---|---|---|---|
| CRITICAL | CVE-2026-2654 | smolagents: SSRF allows internal network access | smolagents | 9.8 |
| MEDIUM | CVE-2021-28796 | Qiita::Markdown: XSS in transformer components | 6.1 | |
| HIGH | CVE-2024-21799 | Intel Extension for Transformers: path traversal privesc | 7.1 | |
| HIGH | CVE-2024-11392 | HuggingFace Transformers: RCE via config deserialization | transformers | 8.8 |
| HIGH | CVE-2024-11393 | Transformers: RCE via MaskFormer model deserialization | transformers | 8.8 |
| HIGH | CVE-2024-11394 | Transformers: RCE via Trax model deserialization | transformers | 8.8 |
| HIGH | CVE-2025-23298 | Merlin Transformers4Rec: code injection via Python dep | 7.8 | |
| HIGH | CVE-2025-33213 | NVIDIA: Deserialization enables RCE | 8.8 | |
| UNKNOWN | CVE-2025-14920 | transformers: Deserialization enables RCE | transformers | - |
| UNKNOWN | CVE-2025-14921 | transformers: Deserialization enables RCE | transformers | - |
| UNKNOWN | CVE-2025-14924 | transformers: Deserialization enables RCE | transformers | - |
| UNKNOWN | CVE-2025-14926 | transformers: Code Injection enables RCE | transformers | - |
| UNKNOWN | CVE-2025-14927 | transformers: Code Injection enables RCE | transformers | - |
| UNKNOWN | CVE-2025-14928 | transformers: Code Injection enables RCE | transformers | - |
| UNKNOWN | CVE-2025-14929 | transformers: Deserialization enables RCE | transformers | - |
| UNKNOWN | CVE-2025-14930 | transformers: Deserialization enables RCE | transformers | - |
| HIGH | CVE-2025-33233 | NVIDIA: Code Injection enables RCE | 7.8 | |
| CRITICAL | CVE-2025-29783 | vLLM: RCE via unsafe deserialization in Mooncake KV | vllm | 9.0 |
| CRITICAL | CVE-2024-11041 | vllm: RCE via unsafe pickle deserialization in MessageQueue | vllm | 9.8 |
| CRITICAL | CVE-2024-9053 | vllm: RCE via unsafe pickle deserialization in RPC server | vllm | 9.8 |