Framework
AI/ML frameworks sit at the bottom of every AI stack — virtually every production AI system depends transitively on PyTorch or TensorFlow at the training layer, and on LangChain, LlamaIndex, or a similar orchestrator at the application layer. That concentration means a single vulnerability often affects tens of thousands of downstream services. The CVE patterns are recognisable: unsafe deserialization in model loading (the long tail of pickle), template injection in LangChain's prompt-construction utilities, SSRF in LlamaIndex's data-loader connectors, and path traversal in MLflow's experiment storage. PyTorch itself has shipped several high-severity CVEs around its distributed RPC layer. Because these libraries upgrade frequently and downstream applications pin loosely, patching is a real operational problem. AI Threat Alert tracks framework-level CVEs prominently because a single advisory often means urgent work for hundreds of teams.
| Severity | CVE | Headline | Package | CVSS |
|---|---|---|---|---|
| LOW | CVE-2025-46570 | vLLM: timing side-channel leaks prompt cache data | vllm | 2.6 |
| HIGH | CVE-2025-46722 | vLLM: image hash collision enables multimodal cache leakage | vllm | 7.3 |
| MEDIUM | CVE-2025-48887 | vLLM: ReDoS in tool parser causes service outage | vllm | 6.5 |
| MEDIUM | CVE-2025-48943 | vLLM: ReDoS crashes inference server via malformed regex | vllm | 6.5 |
| MEDIUM | CVE-2025-48944 | vLLM: input validation DoS crashes inference worker | vllm | 6.5 |
| HIGH | CVE-2025-48956 | vLLM: unauthenticated DoS via oversized HTTP header | vllm | 7.5 |
| HIGH | CVE-2025-6242 | vLLM: SSRF in media loader exposes internal network | vllm | 7.1 |
| MEDIUM | CVE-2025-62372 | vllm: security flaw enables exploitation | vllm | 6.5 |
| MEDIUM | CVE-2025-62426 | vllm: Resource Exhaustion enables DoS | vllm | 6.5 |
| HIGH | CVE-2025-66448 | vllm: Code Injection enables RCE | vllm | 8.8 |
| HIGH | CVE-2026-22773 | vllm: Resource Exhaustion enables DoS | vllm | 7.5 |
| CRITICAL | CVE-2026-22807 | vllm: Code Injection enables RCE | vllm | 9.8 |
| HIGH | CVE-2026-24779 | vllm: SSRF allows internal network access | vllm | 7.1 |
| CRITICAL | CVE-2026-22778 | vllm: security flaw enables exploitation | vllm | 9.8 |
| HIGH | CVE-2024-37032 | Ollama: path traversal enables RCE via model blob API | ollama | 8.8 |
| HIGH | CVE-2024-45436 | Ollama: ZIP path traversal exposes host filesystem | ollama | 7.5 |
| HIGH | CVE-2024-39720 | Ollama: OOB read in GGUF parser enables remote DoS | ollama | 8.2 |
| HIGH | CVE-2024-39721 | Ollama: DoS via /dev/random causes goroutine exhaustion | ollama | 7.5 |
| HIGH | CVE-2024-12055 | Ollama: DoS via malicious gguf model file upload | ollama | 7.5 |
| HIGH | CVE-2024-8063 | ollama: divide-by-zero DoS via crafted GGUF model import | ollama | 7.5 |