AI Threat Alert
AI Component
Framework
AI/ML frameworks (LangChain, PyTorch, TensorFlow, etc.) are the foundational libraries for building AI applications. Vulnerabilities here have wide blast radius due to high adoption.
1220
Total CVEs
61
Pages
Page 26 of 61
Current
| Severity | CVE | Headline | Package | CVSS |
|---|---|---|---|---|
| HIGH | CVE-2025-55552 | PyTorch: integer overflow in rot90+randn_like causes DoS | pytorch | 7.5 |
| HIGH | CVE-2025-55553 | PyTorch 2.7.0: DoS via proxy_tensor.py syntax error | pytorch | 7.5 |
| MEDIUM | CVE-2025-55554 | PyTorch: integer overflow in nan_to_num causes DoS | pytorch | 5.3 |
| HIGH | CVE-2025-55557 | PyTorch: DoS via cummin+Inductor NameError in 2.7.0 | pytorch | 7.5 |
| HIGH | CVE-2025-55558 | PyTorch: Inductor compiler buffer overflow causes DoS | pytorch | 7.5 |
| HIGH | CVE-2025-55560 | PyTorch: DoS via sparse/dense tensor Inductor compile | pytorch | 7.5 |
| LOW | CVE-2025-63396 | pytorch: security flaw enables exploitation | pytorch | 3.3 |
| HIGH | CVE-2025-62164 | vllm: Input Validation flaw enables exploitation | vllm | 8.8 |
| HIGH | CVE-2026-24747 | pytorch: Code Injection enables RCE | pytorch | 8.8 |
| CRITICAL | CVE-2023-29374 | LangChain: RCE via prompt injection in LLMMathChain | langchain | 9.8 |
| CRITICAL | CVE-2023-34540 | LangChain: RCE via JiraAPIWrapper crafted input | langchain | 9.8 |
| CRITICAL | CVE-2023-34541 | LangChain: RCE via unsafe load_prompt deserialization | langchain | 9.8 |
| CRITICAL | CVE-2023-36258 | LangChain: unauthenticated RCE via code injection | langchain | 9.8 |
| CRITICAL | CVE-2023-36188 | LangChain: RCE via PALChain unsanitized Python exec | langchain | 9.8 |
| HIGH | CVE-2023-36189 | LangChain SQLDatabaseChain: SQL injection, DB exfil | langchain | 7.5 |
| CRITICAL | CVE-2023-36095 | LangChain PALChain: RCE via unsanitized exec() calls | langchain | 9.8 |
| CRITICAL | CVE-2023-38860 | LangChain: RCE via unsanitized prompt parameter | langchain | 9.8 |
| CRITICAL | CVE-2023-38896 | LangChain: RCE via unsandboxed LLM code execution | langchain | 9.8 |
| CRITICAL | CVE-2023-39659 | LangChain: RCE via unsanitized PythonAstREPL input | langchain | 9.8 |
| CRITICAL | CVE-2023-36281 | LangChain: RCE via malicious JSON prompt template | langchain | 9.8 |