Framework
AI/ML frameworks sit at the bottom of every AI stack — virtually every production AI system depends transitively on PyTorch or TensorFlow at the training layer, and on LangChain, LlamaIndex, or a similar orchestrator at the application layer. That concentration means a single vulnerability often affects tens of thousands of downstream services. The CVE patterns are recognisable: unsafe deserialization in model loading (the long tail of pickle), template injection in LangChain's prompt-construction utilities, SSRF in LlamaIndex's data-loader connectors, and path traversal in MLflow's experiment storage. PyTorch itself has shipped several high-severity CVEs around its distributed RPC layer. Because these libraries upgrade frequently and downstream applications pin loosely, patching is a real operational problem. AI Threat Alert tracks framework-level CVEs prominently because a single advisory often means urgent work for hundreds of teams.
| Severity | CVE | Headline | Package | CVSS |
|---|---|---|---|---|
| UNKNOWN | CVE-2026-0772 | langflow: Deserialization enables RCE | langflow | - |
| CRITICAL | CVE-2024-23751 | LlamaIndex: SQL injection in Text-to-SQL feature | llamaindex | 9.8 |
| HIGH | CVE-2024-14021 | llamaindex: Deserialization enables RCE | llamaindex | 7.8 |
| HIGH | CVE-2024-58339 | llamaindex: Resource Exhaustion enables DoS | llamaindex | 7.5 |
| MEDIUM | CVE-2023-41626 | Gradio: arbitrary file upload via /upload endpoint | gradio | 4.8 |
| HIGH | CVE-2023-46315 | Infinite Image Browsing: path traversal leaks credentials | 7.5 | |
| HIGH | CVE-2023-6572 | Gradio: command injection enables RCE on ML servers | gradio | 8.1 |
| CRITICAL | CVE-2024-0964 | Gradio: unauthenticated LFI exposes full server filesystem | gradio | 9.4 |
| UNKNOWN | CVE-2024-1727 | Gradio: CSRF enables disk exhaustion via file upload DoS | gradio | - |
| MEDIUM | CVE-2024-2206 | Gradio: SSRF exposes internal HuggingFace endpoints | gradio | 6.5 |
| HIGH | CVE-2024-1540 | Gradio: CI/CD command injection enables secrets exfil | gradio | 8.2 |
| UNKNOWN | CVE-2024-1729 | Gradio: timing attack enables auth bypass on ML UIs | gradio | - |
| HIGH | CVE-2024-1728 | Gradio: path traversal leaks arbitrary files, potential RCE | gradio | 7.5 |
| MEDIUM | CVE-2024-31462 | stable-diffusion-webui: path traversal file write | 6.3 | |
| UNKNOWN | CVE-2024-1183 | Gradio: SSRF enables internal network port scanning | gradio | - |
| UNKNOWN | CVE-2024-1561 | Gradio: path traversal enables arbitrary file read | gradio | - |
| HIGH | CVE-2024-34510 | Gradio: credential leakage via Windows path encoding bug | gradio | 7.5 |
| CRITICAL | CVE-2024-4253 | Gradio: CI/CD command injection enables secrets exfiltration | gradio | 9.1 |
| UNKNOWN | CVE-2024-4254 | Gradio: secrets exfiltration via unsafe fork PR workflow | gradio | - |
| HIGH | CVE-2024-4325 | Gradio: SSRF exposes internal network and cloud metadata | gradio | 8.6 |