Attack Type

Code Execution

Remote code execution (RCE) vulnerabilities in AI frameworks allow attackers to execute arbitrary code on servers running ML inference, training pipelines, or AI agent frameworks.

643

Total CVEs

Pages

Page 19 of 33

Current

Severity	CVE	Headline	Package	CVSS
HIGH	CVE-2025-61687	Flowise: unrestricted file upload enables persistent RCE	flowise	8.8
HIGH	CVE-2025-61784	LLaMA-Factory: SSRF+LFI in multimodal chat API	llamafactory	8.1
CRITICAL	CVE-2025-61913	Flowise: path traversal in file tools leads to RCE	flowise	9.9
HIGH	CVE-2026-26286	sillytavern: SSRF allows internal network access		8.5
UNKNOWN	CVE-2024-4897	lollms-webui: RCE via malicious GGUF model loading		-
CRITICAL	CVE-2020-13092	scikit-learn: RCE via malicious joblib model deserialization	scikit-learn	9.8
HIGH	CVE-2025-54412	skops: OperatorFuncNode type confusion → RCE	skops	-
HIGH	CVE-2025-54413	skops: RCE via MethodNode unsafe deserialization	skops	-
HIGH	CVE-2025-54886	skops: joblib fallback enables RCE via model load	skops	8.4
CRITICAL	CVE-2024-49326	Affiliator WP Plugin: Unauthenticated Web Shell Upload	affiliator	9.8
MEDIUM	CVE-2024-55459	Keras: path traversal enables arbitrary file write	keras	6.5
CRITICAL	CVE-2025-1550	Keras: safe_mode bypass enables RCE via model loading	keras	9.8
HIGH	CVE-2025-8747	Keras: safe mode bypass enables RCE via model load	keras	7.8
HIGH	CVE-2025-9905	Keras: safe_mode bypass enables RCE via .h5 model files	keras	7.3
HIGH	CVE-2025-9906	Keras: safe_mode bypass enables RCE via model load	keras	7.3
CRITICAL	CVE-2025-49655	keras: Deserialization enables RCE	keras	9.8
MEDIUM	CVE-2025-12058	Keras: safe_mode bypass enables file read and SSRF	keras	-
CRITICAL	CVE-2025-12060	keras: Path Traversal enables file access	keras	9.8
UNKNOWN	CVE-2025-12638	Keras: Path Traversal enables file access		-
HIGH	CVE-2026-1669	keras: File Control enables path manipulation	keras	7.5

Page 19 of 33

Previous Next

Related Attack Types

Prompt Injection Data Extraction Jailbreak Supply Chain Model Poisoning Adversarial Examples

Code Execution

Related Attack Types

Weekly CISO Take + top threats