AI Threat Alert
Attack Type
Data Extraction
Data extraction attacks target AI/ML systems to exfiltrate training data, model weights, user conversations, or other sensitive information. These vulnerabilities are critical in multi-tenant AI deployments.
412
Total CVEs
21
Pages
Page 16 of 21
Current
| Severity | CVE | Headline | Package | CVSS |
|---|---|---|---|---|
| HIGH | CVE-2025-46417 | picklescan: scanner bypass enables DNS data exfiltration | picklescan | - |
| CRITICAL | CVE-2024-12909 | llama-index finchat: SQL injection enables RCE | llama-index-packs-finchat | 10.0 |
| HIGH | CVE-2024-7990 | open-webui: Stored XSS enables admin session hijack | open-webui | 8.4 |
| HIGH | CVE-2024-8060 | OpenWebUI: path traversal RCE via audio upload API | open-webui | 8.1 |
| HIGH | CVE-2024-7053 | open-webui: XSS enables admin session hijack via chat | open-webui | 7.6 |
| MEDIUM | CVE-2024-7046 | Open WebUI: missing authz leaks admin credentials | open-webui | 4.3 |
| HIGH | CVE-2024-7039 | open-webui: Privilege bypass enables admin account deletion | open-webui | 8.3 |
| MEDIUM | CVE-2024-7044 | Open WebUI: Stored XSS via file upload, session hijack | open-webui | 6.8 |
| HIGH | CVE-2024-7043 | Open WebUI: auth bypass exposes all user files | open-webui | 8.1 |
| HIGH | CVE-2024-9606 | LiteLLM: API key leakage in logs exposes credentials | litellm | 7.5 |
| HIGH | CVE-2025-0628 | litellm: privilege escalation viewer→proxy admin via bad API key | litellm | 8.1 |
| HIGH | CVE-2025-0330 | LiteLLM: Langfuse API key leak via error handling | litellm | 7.5 |
| MEDIUM | CVE-2025-1979 | Ray: Redis password exposed via plaintext logging | ray | 6.4 |
| CRITICAL | CVE-2025-25362 | spacy-llm: SSTI allows unauthenticated RCE (CVSS 9.8) | spacy-llm | 9.8 |
| HIGH | CVE-2025-25297 | Label Studio: SSRF via S3 endpoint exposes internal services | label-studio | 8.6 |
| MEDIUM | CVE-2025-25296 | Label Studio: reflected XSS via label_config param | label-studio | 6.1 |
| HIGH | CVE-2025-25295 | Label Studio SDK: path traversal leaks server filesystem | label-studio-sdk | - |
| HIGH | CVE-2025-23205 | nbgrader: Clickjacking exposes formgrader via IFrame | - | |
| CRITICAL | CVE-2023-6021 | Ray: LFI allows unauthenticated file read | ray | 9.3 |
| CRITICAL | CVE-2023-6020 | Ray: unauthenticated LFI exposes entire filesystem | ray | 9.3 |