Framework
AI/ML frameworks sit at the bottom of every AI stack — virtually every production AI system depends transitively on PyTorch or TensorFlow at the training layer, and on LangChain, LlamaIndex, or a similar orchestrator at the application layer. That concentration means a single vulnerability often affects tens of thousands of downstream services. The CVE patterns are recognisable: unsafe deserialization in model loading (the long tail of pickle), template injection in LangChain's prompt-construction utilities, SSRF in LlamaIndex's data-loader connectors, and path traversal in MLflow's experiment storage. PyTorch itself has shipped several high-severity CVEs around its distributed RPC layer. Because these libraries upgrade frequently and downstream applications pin loosely, patching is a real operational problem. AI Threat Alert tracks framework-level CVEs prominently because a single advisory often means urgent work for hundreds of teams.
| Severity | CVE | Headline | Package | CVSS |
|---|---|---|---|---|
| UNKNOWN | CVE-2025-14920 | transformers: Deserialization enables RCE | transformers | - |
| UNKNOWN | CVE-2025-14921 | transformers: Deserialization enables RCE | transformers | - |
| UNKNOWN | CVE-2025-14924 | transformers: Deserialization enables RCE | transformers | - |
| UNKNOWN | CVE-2025-14926 | transformers: Code Injection enables RCE | transformers | - |
| UNKNOWN | CVE-2025-14927 | transformers: Code Injection enables RCE | transformers | - |
| UNKNOWN | CVE-2025-14928 | transformers: Code Injection enables RCE | transformers | - |
| UNKNOWN | CVE-2025-14929 | transformers: Deserialization enables RCE | transformers | - |
| UNKNOWN | CVE-2025-14930 | transformers: Deserialization enables RCE | transformers | - |
| HIGH | CVE-2025-33233 | NVIDIA: Code Injection enables RCE | 7.8 | |
| LOW | CVE-2024-4839 | lollms-webui: CSRF allows unauthorized AI service install | lollms-webui | 3.3 |
| HIGH | CVE-2024-8768 | vLLM: unauthenticated DoS via empty completion prompt | 7.5 | |
| LOW | CVE-2025-25183 | vLLM: hash collision enables prefix cache poisoning | vllm | 2.6 |
| LOW | CVE-2025-1953 | vLLM AIBrix: weak hash in prefix cache leaks inference patterns | 2.6 | |
| CRITICAL | CVE-2025-29783 | vLLM: RCE via unsafe deserialization in Mooncake KV | vllm | 9.0 |
| CRITICAL | CVE-2024-11041 | vllm: RCE via unsafe pickle deserialization in MessageQueue | vllm | 9.8 |
| CRITICAL | CVE-2024-9053 | vllm: RCE via unsafe pickle deserialization in RPC server | vllm | 9.8 |
| HIGH | CVE-2025-30202 | vLLM: ZeroMQ socket exposure enables DoS in multi-node | vllm | 7.5 |
| CRITICAL | CVE-2025-32444 | vLLM: RCE via pickle deserialization on ZeroMQ | vllm | 9.8 |
| HIGH | CVE-2025-46560 | vLLM: DoS via quadratic multimodal tokenizer input | vllm | 7.5 |
| HIGH | CVE-2025-30165 | vLLM: pickle RCE in multi-node inference deployments | vllm | 8.0 |