AI Component

Framework

AI/ML frameworks (LangChain, PyTorch, TensorFlow, etc.) are the foundational libraries for building AI applications. Vulnerabilities here have wide blast radius due to high adoption.

1220

Total CVEs

Pages

Page 29 of 61

Current

Severity	CVE	Headline	Package	CVSS
HIGH	CVE-2024-32965	Lobe Chat: pre-auth SSRF leaks OpenAI API keys		8.6
UNKNOWN	CVE-2024-56516	free-one-api: MD5 hashing allows credential cracking		-
MEDIUM	CVE-2025-29770	vLLM: DoS via unbounded grammar cache exhausts disk	vllm	6.5
UNKNOWN	CVE-2024-11037	gpt_academic: path traversal exposes LLM API keys	gpt_academic	-
UNKNOWN	CVE-2024-12775	Dify: SSRF via custom tool URL enables credential theft		-
HIGH	CVE-2024-7959	Open-WebUI: SSRF via unchecked OpenAI URL leaks internal secrets	open-webui	7.7
CRITICAL	CVE-2025-59434	Flowise Cloud: cross-tenant env var exposure leaks API keys		9.6
HIGH	CVE-2025-65098	typebot: XSS enables session hijacking		7.4
CRITICAL	CVE-2024-12366	PandasAI: prompt injection enables unauthenticated RCE		9.8
UNKNOWN	CVE-2024-10950	gpt_academic: RCE via unsandboxed prompt injection	gpt_academic	-
HIGH	CVE-2024-12911	llama-index: SQLi+DoS via prompt injection in query engine	llamaindex	7.1
HIGH	CVE-2025-66404	mcp-server-kubernetes: Command Injection enables RCE		8.8
HIGH	CVE-2021-43831	Gradio: path traversal exposes host filesystem to users	gradio	7.7
HIGH	CVE-2022-24770	Gradio: CSV formula injection via flagging enables RCE	gradio	8.8
CRITICAL	CVE-2023-25823	Gradio: hardcoded SSH key leaks via share=True demos	gradio	9.8
CRITICAL	CVE-2023-34239	Gradio: path traversal + SSRF exposes model files & infra	gradio	9.1
HIGH	CVE-2023-51449	Gradio: path traversal grants arbitrary file read	gradio	7.5
HIGH	CVE-2024-34072	SageMaker SDK: pickle deserialization enables RCE		7.8
CRITICAL	CVE-2024-34359	llama-cpp-python: SSTI in .gguf loader enables RCE		9.6
UNKNOWN	CVE-2024-4181	llama_index: RCE via eval() in RunGptLLM connector	llamaindex	-

Page 29 of 61

Previous Next

Related AI Components

API Agent Model Inference Training Data RAG

Framework

Related AI Components

Weekly CISO Take + top threats