AI Threat Alert
Attack Type
Code Execution
Remote code execution (RCE) vulnerabilities in AI frameworks allow attackers to execute arbitrary code on servers running ML inference, training pipelines, or AI agent frameworks.
643
Total CVEs
33
Pages
Page 26 of 33
Current
| Severity | CVE | Headline | Package | CVSS |
|---|---|---|---|---|
| MEDIUM | GHSA-5qwp-399c-mjwf | picklescan: bypass enables undetected RCE in ML models | picklescan | - |
| MEDIUM | GHSA-vv6j-3g6g-2pvj | picklescan: PyTorch gadget bypasses scanner, enables RCE | picklescan | - |
| MEDIUM | GHSA-vr7h-p6mm-wpmh | picklescan: PyTorch gadget bypasses pickle RCE detection | picklescan | - |
| MEDIUM | GHSA-h3qp-7fh3-f8h4 | picklescan: detection bypass via PyTorch proxy RCE | picklescan | - |
| MEDIUM | GHSA-f745-w6jp-hpxx | picklescan: RCE bypass via torch.utils.collect_env | picklescan | - |
| MEDIUM | GHSA-f4x7-rfwp-v3xw | picklescan: scanner bypass enables RCE via PyTorch function | picklescan | - |
| MEDIUM | GHSA-86cj-95qr-2p4f | picklescan: detection bypass enables PyTorch model RCE | picklescan | - |
| MEDIUM | GHSA-4r9r-ch6f-vxmx | picklescan: PyTorch bypass allows undetected RCE | picklescan | - |
| HIGH | CVE-2025-9141 | vLLM: RCE via eval() in Qwen3 Coder tool parser | vllm | 8.8 |
| CRITICAL | CVE-2025-54950 | ExecuTorch: OOB read in model loader enables RCE | executorch | 9.8 |
| CRITICAL | CVE-2025-54951 | ExecuTorch: heap buffer overflow RCE in model loading | executorch | 9.8 |
| CRITICAL | CVE-2025-54949 | ExecuTorch: heap buffer overflow RCE via model loading | executorch | 9.8 |
| CRITICAL | CVE-2025-30405 | ExecuTorch: integer overflow in model load → RCE | executorch | 9.8 |
| CRITICAL | CVE-2025-30404 | ExecuTorch: integer overflow RCE on model load | executorch | 9.8 |
| HIGH | GHSA-9gvj-pp9x-gcfr | picklescan: detection bypass allows malicious pickle exec | picklescan | - |
| MEDIUM | CVE-2025-54952 | ExecuTorch: integer overflow enables RCE via model loading | executorch | - |
| MEDIUM | GHSA-r54c-2xmf-2cf3 | ms-swift: RCE via pickle deserialization in adapter models | - | |
| MEDIUM | CVE-2025-3108 | llama-index: RCE via unsafe pickle deserialization | llama-index-core | 5.0 |
| HIGH | CVE-2025-30167 | jupyter_core: config hijack enables cross-user code exec | 7.3 | |
| CRITICAL | CVE-2024-11958 | llama-index DuckDB retriever: SQLi enables RCE | llama-index-retrievers-duckdb-retriever | 9.8 |