AI Threat Alert
Framework
AI/ML frameworks sit at the bottom of every AI stack — virtually every production AI system depends transitively on PyTorch or TensorFlow at the training layer, and on LangChain, LlamaIndex, or a similar orchestrator at the application layer. That concentration means a single vulnerability often affects tens of thousands of downstream services. The CVE patterns are recognisable: unsafe deserialization in model loading (the long tail of pickle), template injection in LangChain's prompt-construction utilities, SSRF in LlamaIndex's data-loader connectors, and path traversal in MLflow's experiment storage. PyTorch itself has shipped several high-severity CVEs around its distributed RPC layer. Because these libraries upgrade frequently and downstream applications pin loosely, patching is a real operational problem. AI Threat Alert tracks framework-level CVEs prominently because a single advisory often means urgent work for hundreds of teams.
| Severity | CVE | Headline | Package | CVSS |
|---|---|---|---|---|
| UNKNOWN | CVE-2026-30822 | Flowise: mass assignment allows unauthenticated DB injection | flowise | - |
| UNKNOWN | CVE-2026-30823 | Flowise: IDOR enables account takeover and SSO bypass | flowise | - |
| CRITICAL | CVE-2026-30824 | Flowise: auth bypass exposes NVIDIA NIM container endpoints | flowise | 9.8 |
| HIGH | CVE-2026-31829 | Flowise: SSRF via HTTP Node exposes internal network | flowise-components | 8.8 |
| HIGH | CVE-2026-27905 | bentoml: security flaw enables exploitation | bentoml | 7.8 |
| UNKNOWN | CVE-2018-7576 | TensorFlow: NPD in 1.6.x crashes ML runtime | tensorflow | - |
| HIGH | CVE-2018-8825 | TensorFlow 1.7: Buffer overflow enables arbitrary code exec | tensorflow | 8.8 |
| UNKNOWN | CVE-2018-10055 | TensorFlow XLA: heap overflow via crafted config file | tensorflow | - |
| UNKNOWN | CVE-2018-7577 | TensorFlow: Snappy memcpy overlap crash/mem disclosure | tensorflow | - |
| UNKNOWN | CVE-2019-9635 | TensorFlow: NULL ptr deref DoS via malformed GIF input | tensorflow | - |
| UNKNOWN | CVE-2018-7575 | TensorFlow: buffer overflow, potential RCE in 1.7.x | tensorflow | - |
| CRITICAL | CVE-2019-16778 | TensorFlow: heap overflow in UnsortedSegmentSum op | tensorflow | 9.8 |
| HIGH | CVE-2020-5215 | TensorFlow: type confusion DoS crashes eager mode inference | tensorflow | 7.5 |
| MEDIUM | CVE-2018-21233 | TensorFlow: integer overflow leaks process memory via BMP | tensorflow | 6.5 |
| MEDIUM | CVE-2020-15190 | TensorFlow: null ptr deref DoS via Switch op eager runtime | tensorflow | 5.3 |
| MEDIUM | CVE-2020-15191 | TensorFlow: null ptr deref in dlpack causes remote DoS | tensorflow | 5.3 |
| MEDIUM | CVE-2020-15192 | TensorFlow: memory leak in dlpack DoS via low-priv input | tensorflow | 4.3 |
| HIGH | CVE-2020-15193 | TensorFlow: uninitialized memory corruption via dlpack | tensorflow | 7.1 |
| MEDIUM | CVE-2020-15194 | TensorFlow: DoS via SparseFillEmptyRowsGrad assertion | tensorflow | 5.3 |
| HIGH | CVE-2020-15195 | TensorFlow: heap overflow in sparse gradient op | tensorflow | 8.8 |