AI Threat Alert
AI Component
Framework
AI/ML frameworks (LangChain, PyTorch, TensorFlow, etc.) are the foundational libraries for building AI applications. Vulnerabilities here have wide blast radius due to high adoption.
1220
Total CVEs
61
Pages
Page 30 of 61
Current
| Severity | CVE | Headline | Package | CVSS |
|---|---|---|---|---|
| HIGH | CVE-2025-23042 | Gradio: ACL bypass via path case manipulation | gradio | 7.5 |
| HIGH | CVE-2025-48889 | Gradio: unauthenticated file copy enables disk DoS | gradio | 7.5 |
| HIGH | CVE-2025-6921 | Transformers: ReDoS in optimizer halts training pipelines | transformers | 7.5 |
| CRITICAL | CVE-2025-62608 | mlx: security flaw enables exploitation | mlx | 9.1 |
| HIGH | CVE-2025-62609 | mlx: security flaw enables exploitation | mlx | 7.5 |
| HIGH | CVE-2022-0736 | MLflow: insecure temp file handling causes DoS | mlflow | 7.5 |
| LOW | CVE-2023-1176 | MLflow: path traversal exposes arbitrary local files | mlflow | 3.3 |
| CRITICAL | CVE-2023-1177 | MLflow: path traversal allows arbitrary file read/write | mlflow | 9.8 |
| HIGH | CVE-2023-2356 | MLflow: path traversal allows unauthenticated file read | mlflow | 7.5 |
| HIGH | CVE-2023-30172 | MLflow: path traversal exposes arbitrary server files | mlflow | 7.5 |
| CRITICAL | CVE-2023-2780 | MLflow: path traversal allows arbitrary file read/write | mlflow | 9.8 |
| CRITICAL | CVE-2023-3765 | MLflow: path traversal allows arbitrary file read | mlflow | 10.0 |
| HIGH | CVE-2023-4033 | MLflow: OS command injection enables local code execution | mlflow | 7.8 |
| HIGH | CVE-2023-6015 | MLflow: unauthenticated arbitrary file write via PUT | mlflow | 7.5 |
| CRITICAL | CVE-2023-6018 | MLflow: unauth file overwrite enables model poisoning | mlflow | 9.8 |
| CRITICAL | CVE-2023-6014 | MLflow: auth bypass allows arbitrary account creation | mlflow | 9.8 |
| HIGH | CVE-2023-43472 | MLflow: unauth REST API leaks sensitive ML data | mlflow | 7.5 |
| MEDIUM | CVE-2023-6568 | MLflow: reflected XSS via Content-Type header injection | mlflow | 6.1 |
| HIGH | CVE-2023-6709 | MLflow: SSTI enables RCE in ML experiment tracking | mlflow | 8.8 |
| HIGH | CVE-2023-6753 | MLflow: path traversal exposes arbitrary file read/write | mlflow | 8.8 |