Framework
AI/ML frameworks sit at the bottom of every AI stack — virtually every production AI system depends transitively on PyTorch or TensorFlow at the training layer, and on LangChain, LlamaIndex, or a similar orchestrator at the application layer. That concentration means a single vulnerability often affects tens of thousands of downstream services. The CVE patterns are recognisable: unsafe deserialization in model loading (the long tail of pickle), template injection in LangChain's prompt-construction utilities, SSRF in LlamaIndex's data-loader connectors, and path traversal in MLflow's experiment storage. PyTorch itself has shipped several high-severity CVEs around its distributed RPC layer. Because these libraries upgrade frequently and downstream applications pin loosely, patching is a real operational problem. AI Threat Alert tracks framework-level CVEs prominently because a single advisory often means urgent work for hundreds of teams.
| Severity | CVE | Headline | Package | CVSS |
|---|---|---|---|---|
| UNKNOWN | CVE-2024-4181 | llama_index: RCE via eval() in RunGptLLM connector | llamaindex | - |
| HIGH | CVE-2025-23042 | Gradio: ACL bypass via path case manipulation | gradio | 7.5 |
| HIGH | CVE-2025-48889 | Gradio: unauthenticated file copy enables disk DoS | gradio | 7.5 |
| HIGH | CVE-2025-6921 | Transformers: ReDoS in optimizer halts training pipelines | transformers | 7.5 |
| CRITICAL | CVE-2025-62608 | mlx: security flaw enables exploitation | mlx | 9.1 |
| HIGH | CVE-2025-62609 | mlx: security flaw enables exploitation | mlx | 7.5 |
| HIGH | CVE-2022-0736 | MLflow: insecure temp file handling causes DoS | mlflow | 7.5 |
| LOW | CVE-2023-1176 | MLflow: path traversal exposes arbitrary local files | mlflow | 3.3 |
| CRITICAL | CVE-2023-1177 | MLflow: path traversal allows arbitrary file read/write | mlflow | 9.8 |
| HIGH | CVE-2023-2356 | MLflow: path traversal allows unauthenticated file read | mlflow | 7.5 |
| HIGH | CVE-2023-30172 | MLflow: path traversal exposes arbitrary server files | mlflow | 7.5 |
| CRITICAL | CVE-2023-2780 | MLflow: path traversal allows arbitrary file read/write | mlflow | 9.8 |
| CRITICAL | CVE-2023-3765 | MLflow: path traversal allows arbitrary file read | mlflow | 10.0 |
| HIGH | CVE-2023-4033 | MLflow: OS command injection enables local code execution | mlflow | 7.8 |
| HIGH | CVE-2023-6015 | MLflow: unauthenticated arbitrary file write via PUT | mlflow | 7.5 |
| CRITICAL | CVE-2023-6018 | MLflow: unauth file overwrite enables model poisoning | mlflow | 9.8 |
| CRITICAL | CVE-2023-6014 | MLflow: auth bypass allows arbitrary account creation | mlflow | 9.8 |
| HIGH | CVE-2023-43472 | MLflow: unauth REST API leaks sensitive ML data | mlflow | 7.5 |
| MEDIUM | CVE-2023-6568 | MLflow: reflected XSS via Content-Type header injection | mlflow | 6.1 |
| HIGH | CVE-2023-6709 | MLflow: SSTI enables RCE in ML experiment tracking | mlflow | 8.8 |