AI Threat Alert
Attack Type
Code Execution
Remote code execution (RCE) vulnerabilities in AI frameworks allow attackers to execute arbitrary code on servers running ML inference, training pipelines, or AI agent frameworks.
641
Total CVEs
33
Pages
Page 17 of 33
Current
| Severity | CVE | Headline | Package | CVSS |
|---|---|---|---|---|
| UNKNOWN | CVE-2026-0772 | langflow: Deserialization enables RCE | langflow | - |
| CRITICAL | CVE-2024-23751 | LlamaIndex: SQL injection in Text-to-SQL feature | llamaindex | 9.8 |
| HIGH | CVE-2024-14021 | llamaindex: Deserialization enables RCE | llamaindex | 7.8 |
| HIGH | CVE-2024-58339 | llamaindex: Resource Exhaustion enables DoS | llamaindex | 7.5 |
| MEDIUM | CVE-2023-41626 | Gradio: arbitrary file upload via /upload endpoint | gradio | 4.8 |
| HIGH | CVE-2023-6572 | Gradio: command injection enables RCE on ML servers | gradio | 8.1 |
| HIGH | CVE-2024-1540 | Gradio: CI/CD command injection enables secrets exfil | gradio | 8.2 |
| HIGH | CVE-2024-1728 | Gradio: path traversal leaks arbitrary files, potential RCE | gradio | 7.5 |
| MEDIUM | CVE-2024-31462 | stable-diffusion-webui: path traversal file write | 6.3 | |
| CRITICAL | CVE-2024-4253 | Gradio: CI/CD command injection enables secrets exfiltration | gradio | 9.1 |
| CRITICAL | CVE-2024-39236 | Gradio: code injection via component metadata (CVSS 9.8) | gradio | 9.8 |
| CRITICAL | CVE-2024-47167 | Gradio: unauthenticated SSRF in /queue/join, internal pivot | gradio | 9.8 |
| HIGH | CVE-2024-47867 | Gradio: no integrity check on FRP binary, supply chain RCE | gradio | 7.5 |
| MEDIUM | CVE-2023-27494 | Streamlit: reflected XSS enables session hijacking | streamlit | 6.1 |
| CRITICAL | CVE-2024-41112 | streamlit-geospatial: RCE via eval() on palette input | streamlit-geospatial | 9.8 |
| CRITICAL | CVE-2024-41113 | streamlit-geospatial: RCE via eval() in Timelapse page | streamlit-geospatial | 9.8 |
| CRITICAL | CVE-2024-41114 | streamlit-geospatial: RCE via eval() on palette input | streamlit-geospatial | 9.8 |
| CRITICAL | CVE-2024-41115 | streamlit-geospatial: eval() injection enables RCE | streamlit-geospatial | 9.8 |
| CRITICAL | CVE-2024-41116 | streamlit-geospatial: RCE via eval() injection | streamlit-geospatial | 9.8 |
| CRITICAL | CVE-2024-41117 | streamlit-geospatial: eval() injection allows RCE | streamlit-geospatial | 9.8 |