AI Threat Alert
AI Component
Framework
AI/ML frameworks (LangChain, PyTorch, TensorFlow, etc.) are the foundational libraries for building AI applications. Vulnerabilities here have wide blast radius due to high adoption.
1220
Total CVEs
61
Pages
Page 37 of 61
Current
| Severity | CVE | Headline | Package | CVSS |
|---|---|---|---|---|
| CRITICAL | CVE-2024-23751 | LlamaIndex: SQL injection in Text-to-SQL feature | llamaindex | 9.8 |
| HIGH | CVE-2024-14021 | llamaindex: Deserialization enables RCE | llamaindex | 7.8 |
| HIGH | CVE-2024-58339 | llamaindex: Resource Exhaustion enables DoS | llamaindex | 7.5 |
| MEDIUM | CVE-2023-41626 | Gradio: arbitrary file upload via /upload endpoint | gradio | 4.8 |
| HIGH | CVE-2023-46315 | Infinite Image Browsing: path traversal leaks credentials | 7.5 | |
| HIGH | CVE-2023-6572 | Gradio: command injection enables RCE on ML servers | gradio | 8.1 |
| CRITICAL | CVE-2024-0964 | Gradio: unauthenticated LFI exposes full server filesystem | gradio | 9.4 |
| UNKNOWN | CVE-2024-1727 | Gradio: CSRF enables disk exhaustion via file upload DoS | gradio | - |
| MEDIUM | CVE-2024-2206 | Gradio: SSRF exposes internal HuggingFace endpoints | gradio | 6.5 |
| HIGH | CVE-2024-1540 | Gradio: CI/CD command injection enables secrets exfil | gradio | 8.2 |
| UNKNOWN | CVE-2024-1729 | Gradio: timing attack enables auth bypass on ML UIs | gradio | - |
| HIGH | CVE-2024-1728 | Gradio: path traversal leaks arbitrary files, potential RCE | gradio | 7.5 |
| MEDIUM | CVE-2024-31462 | stable-diffusion-webui: path traversal file write | 6.3 | |
| UNKNOWN | CVE-2024-1183 | Gradio: SSRF enables internal network port scanning | gradio | - |
| UNKNOWN | CVE-2024-1561 | Gradio: path traversal enables arbitrary file read | gradio | - |
| HIGH | CVE-2024-34510 | Gradio: credential leakage via Windows path encoding bug | gradio | 7.5 |
| CRITICAL | CVE-2024-4253 | Gradio: CI/CD command injection enables secrets exfiltration | gradio | 9.1 |
| UNKNOWN | CVE-2024-4254 | Gradio: secrets exfiltration via unsafe fork PR workflow | gradio | - |
| HIGH | CVE-2024-4325 | Gradio: SSRF exposes internal network and cloud metadata | gradio | 8.6 |
| HIGH | CVE-2024-4941 | Gradio: LFI via JSON path key exposes server files | gradio | 7.5 |