AI Threat Alert
Attack Type
Code Execution
Remote code execution (RCE) vulnerabilities in AI frameworks allow attackers to execute arbitrary code on servers running ML inference, training pipelines, or AI agent frameworks.
643
Total CVEs
33
Pages
Page 24 of 33
Current
| Severity | CVE | Headline | Package | CVSS |
|---|---|---|---|---|
| HIGH | GHSA-m273-6v24-x4m4 | picklescan: Deserialization enables RCE | picklescan | - |
| HIGH | CVE-2025-67729 | lmdeploy: Deserialization enables RCE | 8.8 | |
| HIGH | CVE-2025-67748 | fickling: Code Injection enables RCE | fickling | - |
| HIGH | CVE-2025-67747 | fickling: Allowlist Bypass evades input filtering | fickling | - |
| HIGH | CVE-2025-65958 | open-webui: SSRF allows internal network access | open-webui | 8.5 |
| CRITICAL | CVE-2025-33244 | NVIDIA: Deserialization enables RCE | 9.0 | |
| CRITICAL | CVE-2025-34351 | ray: security flaw enables exploitation | ray | - |
| CRITICAL | CVE-2025-62593 | ray: Code Injection enables RCE | ray | - |
| HIGH | CVE-2025-64496 | open-webui: Code Injection enables RCE | open-webui | 7.3 |
| HIGH | CVE-2025-64495 | Open WebUI: XSS-to-RCE via malicious prompt injection | open-webui | 8.7 |
| HIGH | CVE-2025-64439 | langgraph-checkpoint: Deserialization enables RCE | langgraph-checkpoint | - |
| CRITICAL | GHSA-m9mp-6x32-5rhg | scio/PyTorch: torch.load weights_only bypass RCE | - | |
| MEDIUM | CVE-2025-8917 | clearml: path traversal in safe_extract → RCE risk | clearml | 5.8 |
| HIGH | CVE-2025-30402 | ExecuTorch: heap overflow in method load, RCE risk | executorch | 8.1 |
| CRITICAL | CVE-2023-48022 | Ray: unauthenticated RCE via job submission API | ray | 9.8 |
| HIGH | CVE-2025-58757 | MONAI: unsafe pickle deserialization RCE in data pipeline | monai | 8.8 |
| HIGH | CVE-2025-58756 | MONAI: unsafe deserialization in CheckpointLoader allows RCE | monai | 8.8 |
| HIGH | CVE-2025-58755 | MONAI: path traversal allows arbitrary file write | monai | 8.8 |
| HIGH | CVE-2025-10156 | Picklescan: CRC bypass hides malicious pickle in ZIP | picklescan | 7.5 |
| HIGH | CVE-2025-10157 | PickleScan: subclass bypass enables malicious model RCE | picklescan | 8.3 |