Attack Type

Data Extraction

Data extraction attacks target the information processed or memorised by AI/ML systems. They take three main forms. First, training-data extraction: large language models can memorise verbatim spans of their training corpus, and an attacker who crafts the right prompts can pull back PII, API keys, or copyrighted text — a result demonstrated against GPT-2 by Carlini et al. and reproduced against several production models. Second, model extraction: by repeatedly querying a hosted model and observing outputs, an attacker can reconstruct enough behaviour to clone proprietary fine-tunes. Third, system-prompt and conversation leakage: indirect prompt injection or insecure logging can leak the application's instructions and other users' conversations. Multi-tenant inference platforms (vLLM, Triton, hosted APIs) and RAG systems are particularly exposed. Defenses: output filtering, differential privacy in training, rate limits, and strict tenant isolation.

906
Total CVEs
46
Pages
Page 39 of 46
Current
Severity CVE CVSS
CRITICAL GHSA-892r-p3jq-jp24 9.8
HIGH GHSA-rjvw-7vvw-549v 7.2
CRITICAL GHSA-fq2m-6wqh-x44g 9.8
HIGH GHSA-2rcg-mm5h-xchx 7.5
HIGH GHSA-vxgj-xg5c-p4h7 8.5
HIGH GHSA-p4pj-vh7h-6cqh 7.5
MEDIUM GHSA-pv2j-rghr-v5r9 6.5
MEDIUM GHSA-6h9p-93hq-q7h6 6.5
HIGH GHSA-w6h2-fr4q-xvxv 8.8
HIGH GHSA-j7qx-p75m-wp7g 7.5
HIGH GHSA-qvpf-j64c-jmhr 8.3
HIGH GHSA-vmf9-xx9w-86wx 8.3
HIGH GHSA-22cj-m4wf-fv2c 7.5
HIGH GHSA-5jv7-2mjm-h6qj 8.8
CRITICAL GHSA-j4f3-55x4-r6q2 9.8
CRITICAL GHSA-9752-mhqh-h34f 9.4
CRITICAL GHSA-p69m-4f92-2v84 9.8
HIGH GHSA-gqmf-56h7-rrpf 7.6
HIGH CVE-2026-54002 -
MEDIUM CVE-2026-22551 -

Page 39 of 46