AI Threat Alert
Attack Type
DoS
Denial of service attacks against AI systems exploit resource-intensive operations — large model inference, excessive tokenization, or recursive agent loops — to exhaust compute resources.
525
Total CVEs
27
Pages
Page 25 of 27
Current
| Severity | CVE | Headline | Package | CVSS |
|---|---|---|---|---|
| HIGH | CVE-2024-7036 | open-webui: unauthenticated DoS disables Admin panel | open-webui | 7.5 |
| MEDIUM | CVE-2025-5472 | llama-index: JSONReader DoS via recursive JSON parsing | llama-index-core | 6.5 |
| HIGH | CVE-2025-3225 | llama-index Papers Loader: XML expansion DoS | llama-index-readers-papers | 7.5 |
| MEDIUM | GHSA-j828-28rj-hfhp | vllm: ReDoS in inference endpoints enables DoS | vllm | 4.3 |
| HIGH | CVE-2025-1752 | llama_index: DoS via uncapped recursion in web reader | llama-index | 7.5 |
| MEDIUM | GHSA-hf3c-wxg2-49q9 | vLLM: DoS via unbounded XGrammar schema cache | vllm | 6.5 |
| MEDIUM | CVE-2025-32381 | xgrammar: unbounded grammar cache causes LLM server DoS | xgrammar | 6.5 |
| HIGH | CVE-2024-8984 | litellm: unauthenticated DoS via multipart boundary parsing | litellm | 7.5 |
| MEDIUM | CVE-2024-7035 | Open WebUI: CSRF wipes RAG DB and AI memories via GET | open-webui | 6.9 |
| MEDIUM | CVE-2024-12910 | llama-index: DoS via infinite recursion in web reader | llama-index | 5.9 |
| HIGH | CVE-2024-8020 | pytorch-lightning: unauthenticated DoS crashes LightningApp | pytorch-lightning | 7.5 |
| HIGH | CVE-2024-8053 | Open-WebUI: unauthenticated PDF endpoint enables DoS | open-webui | 7.5 |
| HIGH | CVE-2024-7983 | open-webui: unauthenticated DoS via markdown parser | open-webui | 7.5 |
| HIGH | GHSA-6wj5-5pgr-jwq8 | open-webui: DoS via malformed multipart boundary | open-webui | 7.5 |
| HIGH | GHSA-w466-2wfc-8g58 | open-webui: DoS via starlette memory exhaustion | open-webui | 7.5 |
| HIGH | GHSA-hh3j-9m59-p8vc | BentoML: DoS via multipart boundary in Gradio login | bentoml | 7.5 |
| MEDIUM | CVE-2024-7033 | open-webui: path traversal allows file write and RCE | open-webui | 6.5 |
| HIGH | CVE-2024-12534 | open-webui: unauthenticated DoS via login payload flood | open-webui | 7.5 |
| HIGH | CVE-2024-12537 | Open-WebUI: unauthenticated DoS via code formatter | open-webui | 7.5 |
| HIGH | GHSA-5ccf-884p-4jjq | open-webui: DoS via unauthenticated multipart parsing | open-webui | 7.5 |