Framework
AI/ML frameworks sit at the bottom of every AI stack — virtually every production AI system depends transitively on PyTorch or TensorFlow at the training layer, and on LangChain, LlamaIndex, or a similar orchestrator at the application layer. That concentration means a single vulnerability often affects tens of thousands of downstream services. The CVE patterns are recognisable: unsafe deserialization in model loading (the long tail of pickle), template injection in LangChain's prompt-construction utilities, SSRF in LlamaIndex's data-loader connectors, and path traversal in MLflow's experiment storage. PyTorch itself has shipped several high-severity CVEs around its distributed RPC layer. Because these libraries upgrade frequently and downstream applications pin loosely, patching is a real operational problem. AI Threat Alert tracks framework-level CVEs prominently because a single advisory often means urgent work for hundreds of teams.
| Severity | CVE | Headline | Package | CVSS |
|---|---|---|---|---|
| HIGH | CVE-2025-0312 | Ollama: null pointer DoS via malicious GGUF model upload | ollama | 7.5 |
| MEDIUM | CVE-2025-44779 | Ollama: arbitrary file deletion via /api/pull | ollama | 6.6 |
| HIGH | CVE-2025-15514 | ollama: security flaw enables exploitation | ollama | 7.5 |
| HIGH | CVE-2025-66959 | ollama: Input Validation flaw enables exploitation | ollama | 7.5 |
| HIGH | CVE-2025-66960 | ollama: Input Validation flaw enables exploitation | ollama | 7.5 |
| CRITICAL | CVE-2024-37014 | Langflow: unauthenticated RCE via custom component API | langflow | 9.8 |
| HIGH | CVE-2024-7297 | Langflow: mass assignment grants super admin access | langflow | 8.8 |
| MEDIUM | CVE-2024-9277 | Langflow: ReDoS crashes LLM workflow backend via HTTP POST | langflow | 6.5 |
| CRITICAL | CVE-2024-42835 | Langflow: Unauthenticated RCE via PythonCodeTool | langflow | 9.8 |
| CRITICAL | CVE-2024-48061 | Langflow: RCE via unsandboxed code component execution | langflow | 9.8 |
| CRITICAL | CVE-2025-3248 | Langflow: Unauth RCE via code injection endpoint | langflow | 9.8 |
| HIGH | CVE-2025-57760 | Langflow: privilege escalation to full superuser via CLI | langflow | 8.8 |
| HIGH | CVE-2025-34291 | langflow: security flaw enables exploitation | langflow | 8.8 |
| MEDIUM | CVE-2025-68477 | langflow: SSRF allows internal network access | langflow | 6.5 |
| HIGH | CVE-2025-68478 | langflow: File Control enables path manipulation | langflow | 7.1 |
| CRITICAL | CVE-2026-21445 | langflow: Missing Auth allows unauthenticated access | langflow | 9.1 |
| UNKNOWN | CVE-2026-0768 | langflow: Code Injection enables RCE | langflow | - |
| UNKNOWN | CVE-2026-0769 | langflow: Code Injection enables RCE | langflow | - |
| HIGH | CVE-2026-0770 | langflow: security flaw enables exploitation | langflow | - |
| UNKNOWN | CVE-2026-0771 | langflow: Code Injection enables RCE | langflow | - |