AI Threat Alert
AI Component
Framework
AI/ML frameworks (LangChain, PyTorch, TensorFlow, etc.) are the foundational libraries for building AI applications. Vulnerabilities here have wide blast radius due to high adoption.
1220
Total CVEs
61
Pages
Page 35 of 61
Current
| Severity | CVE | Headline | Package | CVSS |
|---|---|---|---|---|
| HIGH | CVE-2025-46722 | vLLM: image hash collision enables multimodal cache leakage | vllm | 7.3 |
| MEDIUM | CVE-2025-48887 | vLLM: ReDoS in tool parser causes service outage | vllm | 6.5 |
| MEDIUM | CVE-2025-48943 | vLLM: ReDoS crashes inference server via malformed regex | vllm | 6.5 |
| MEDIUM | CVE-2025-48944 | vLLM: input validation DoS crashes inference worker | vllm | 6.5 |
| HIGH | CVE-2025-48956 | vLLM: unauthenticated DoS via oversized HTTP header | vllm | 7.5 |
| HIGH | CVE-2025-6242 | vLLM: SSRF in media loader exposes internal network | vllm | 7.1 |
| MEDIUM | CVE-2025-62372 | vllm: security flaw enables exploitation | vllm | 6.5 |
| MEDIUM | CVE-2025-62426 | vllm: Resource Exhaustion enables DoS | vllm | 6.5 |
| HIGH | CVE-2025-66448 | vllm: Code Injection enables RCE | vllm | 8.8 |
| HIGH | CVE-2026-22773 | vllm: Resource Exhaustion enables DoS | vllm | 7.5 |
| CRITICAL | CVE-2026-22807 | vllm: Code Injection enables RCE | vllm | 9.8 |
| HIGH | CVE-2026-24779 | vllm: SSRF allows internal network access | vllm | 7.1 |
| CRITICAL | CVE-2026-22778 | vllm: security flaw enables exploitation | vllm | 9.8 |
| HIGH | CVE-2024-37032 | Ollama: path traversal enables RCE via model blob API | ollama | 8.8 |
| HIGH | CVE-2024-45436 | Ollama: ZIP path traversal exposes host filesystem | ollama | 7.5 |
| HIGH | CVE-2024-39720 | Ollama: OOB read in GGUF parser enables remote DoS | ollama | 8.2 |
| HIGH | CVE-2024-39721 | Ollama: DoS via /dev/random causes goroutine exhaustion | ollama | 7.5 |
| HIGH | CVE-2024-12055 | Ollama: DoS via malicious gguf model file upload | ollama | 7.5 |
| HIGH | CVE-2024-8063 | ollama: divide-by-zero DoS via crafted GGUF model import | ollama | 7.5 |
| HIGH | CVE-2025-0312 | Ollama: null pointer DoS via malicious GGUF model upload | ollama | 7.5 |