AI Component

Framework

AI/ML frameworks (LangChain, PyTorch, TensorFlow, etc.) are the foundational libraries for building AI applications. Vulnerabilities here have wide blast radius due to high adoption.

1199

Total CVEs

Pages

Page 1 of 60

Current

Severity	CVE	Headline	Package	CVSS
UNKNOWN	CVE-2026-2492	TensorFlow: security flaw enables exploitation		-
MEDIUM	CVE-2026-4538	AI component: Input Validation flaw enables exploitation		5.3
MEDIUM	CVE-2026-27795	LangChain: SSRF allows internal network access		4.1
CRITICAL	CVE-2026-27966	langflow: Code Injection enables RCE	langflow	9.8
HIGH	CVE-2026-25750	langsmith: security flaw enables exploitation	langsmith	8.1
CRITICAL	CVE-2026-30741	OpenClaw: RCE via request-side prompt injection	openclaw	9.8
CRITICAL	CVE-2026-28500	onnx: Integrity Verification bypass enables tampering	onnx	9.1
HIGH	CVE-2026-2033	mlflow: Path Traversal enables file access	mlflow	8.1
CRITICAL	CVE-2026-2635	mlflow: security flaw enables exploitation	mlflow	9.8
HIGH	CVE-2025-14287	mlflow: Code Injection enables RCE	mlflow	7.5
CRITICAL	CVE-2025-15031	mlflow: Path Traversal enables file access	mlflow	9.1
CRITICAL	CVE-2026-33017	langflow: Code Injection enables RCE	langflow	9.8
HIGH	CVE-2026-33053	langflow: IDOR enables unauthorized data access	langflow	8.8
MEDIUM	CVE-2026-27167	gradio: Weak Credentials allow account compromise	gradio	5.9
HIGH	CVE-2026-28414	gradio: security flaw enables exploitation	gradio	7.5
MEDIUM	CVE-2026-28415	gradio: Info Disclosure leaks sensitive data	gradio	4.7
HIGH	CVE-2026-28416	gradio: SSRF allows internal network access	gradio	8.6
HIGH	CVE-2026-30820	Flowise: header spoof auth bypass exposes admin API & creds	flowise	8.8
CRITICAL	CVE-2026-30821	flowise: Arbitrary File Upload enables RCE	flowise	9.8
UNKNOWN	CVE-2026-30822	Flowise: mass assignment allows unauthenticated DB injection	flowise	-

Page 1 of 60

Related AI Components

API Agent Model Inference Training Data RAG

Framework

Related AI Components

Weekly CISO Take + top threats