Attack Type

Data Leakage

Data leakage vulnerabilities allow unauthorized access to sensitive data processed by AI systems — including PII in training data, API keys in prompts, or confidential information in model responses.

128

Total CVEs

Pages

Page 3 of 7

Current

Severity	CVE	Headline	Package	CVSS
HIGH	CVE-2024-0520	MLflow: path traversal enables RCE via dataset loading	mlflow	8.8
HIGH	CVE-2024-8859	MLflow: path traversal allows arbitrary file read via DBFS	mlflow	7.5
HIGH	CVE-2025-14279	mlflow: security flaw enables exploitation	mlflow	8.1
CRITICAL	CVE-2025-5120	smolagents: sandbox escape enables unauthenticated RCE	smolagents	10.0
MEDIUM	CVE-2021-28796	Qiita::Markdown: XSS in transformer components		6.1
LOW	CVE-2025-3777	Transformers: URL validation bypass exposes image pipeline	transformers	3.5
LOW	CVE-2025-25183	vLLM: hash collision enables prefix cache poisoning	vllm	2.6
LOW	CVE-2025-1953	vLLM AIBrix: weak hash in prefix cache leaks inference patterns		2.6
HIGH	CVE-2025-30202	vLLM: ZeroMQ socket exposure enables DoS in multi-node	vllm	7.5
HIGH	CVE-2025-46722	vLLM: image hash collision enables multimodal cache leakage	vllm	7.3
CRITICAL	CVE-2026-22778	vllm: security flaw enables exploitation	vllm	9.8
HIGH	CVE-2024-39722	Ollama: path traversal exposes server filesystem	ollama	7.5
MEDIUM	CVE-2025-44779	Ollama: arbitrary file deletion via /api/pull	ollama	6.6
CRITICAL	CVE-2024-0964	Gradio: unauthenticated LFI exposes full server filesystem	gradio	9.4
UNKNOWN	CVE-2024-1561	Gradio: path traversal enables arbitrary file read	gradio	-
HIGH	CVE-2024-34510	Gradio: credential leakage via Windows path encoding bug	gradio	7.5
HIGH	CVE-2024-4941	Gradio: LFI via JSON path key exposes server files	gradio	7.5
CRITICAL	CVE-2024-3234	ChuanhuChatGPT: path traversal exposes LLM API keys	chuanhuchatgpt	9.8
HIGH	CVE-2024-47084	Gradio: CORS bypass exposes local instances to credential theft	gradio	8.3
MEDIUM	CVE-2024-47166	Gradio: path traversal leaks custom component source	gradio	5.3

Page 3 of 7

Previous Next

Related Attack Types

Prompt Injection Data Extraction Jailbreak Supply Chain Model Poisoning Adversarial Examples

Data Leakage

Related Attack Types

Weekly CISO Take + top threats