AI Threat Alert
AI Component
Framework
AI/ML frameworks (LangChain, PyTorch, TensorFlow, etc.) are the foundational libraries for building AI applications. Vulnerabilities here have wide blast radius due to high adoption.
1220
Total CVEs
61
Pages
Page 36 of 61
Current
| Severity | CVE | Headline | Package | CVSS |
|---|---|---|---|---|
| MEDIUM | CVE-2025-44779 | Ollama: arbitrary file deletion via /api/pull | ollama | 6.6 |
| HIGH | CVE-2025-15514 | ollama: security flaw enables exploitation | ollama | 7.5 |
| HIGH | CVE-2025-66959 | ollama: Input Validation flaw enables exploitation | ollama | 7.5 |
| HIGH | CVE-2025-66960 | ollama: Input Validation flaw enables exploitation | ollama | 7.5 |
| CRITICAL | CVE-2024-37014 | Langflow: unauthenticated RCE via custom component API | langflow | 9.8 |
| HIGH | CVE-2024-7297 | Langflow: mass assignment grants super admin access | langflow | 8.8 |
| MEDIUM | CVE-2024-9277 | Langflow: ReDoS crashes LLM workflow backend via HTTP POST | langflow | 6.5 |
| CRITICAL | CVE-2024-42835 | Langflow: Unauthenticated RCE via PythonCodeTool | langflow | 9.8 |
| CRITICAL | CVE-2024-48061 | Langflow: RCE via unsandboxed code component execution | langflow | 9.8 |
| CRITICAL | CVE-2025-3248 | Langflow: Unauth RCE via code injection endpoint | langflow | 9.8 |
| HIGH | CVE-2025-57760 | Langflow: privilege escalation to full superuser via CLI | langflow | 8.8 |
| HIGH | CVE-2025-34291 | langflow: security flaw enables exploitation | langflow | 8.8 |
| MEDIUM | CVE-2025-68477 | langflow: SSRF allows internal network access | langflow | 6.5 |
| HIGH | CVE-2025-68478 | langflow: File Control enables path manipulation | langflow | 7.1 |
| CRITICAL | CVE-2026-21445 | langflow: Missing Auth allows unauthenticated access | langflow | 9.1 |
| UNKNOWN | CVE-2026-0768 | langflow: Code Injection enables RCE | langflow | - |
| UNKNOWN | CVE-2026-0769 | langflow: Code Injection enables RCE | langflow | - |
| HIGH | CVE-2026-0770 | langflow: security flaw enables exploitation | langflow | - |
| UNKNOWN | CVE-2026-0771 | langflow: Code Injection enables RCE | langflow | - |
| UNKNOWN | CVE-2026-0772 | langflow: Deserialization enables RCE | langflow | - |