AI Threat Alert
AI Component
Framework
AI/ML frameworks (LangChain, PyTorch, TensorFlow, etc.) are the foundational libraries for building AI applications. Vulnerabilities here have wide blast radius due to high adoption.
1220
Total CVEs
61
Pages
Page 38 of 61
Current
| Severity | CVE | Headline | Package | CVSS |
|---|---|---|---|---|
| CRITICAL | CVE-2024-3234 | ChuanhuChatGPT: path traversal exposes LLM API keys | chuanhuchatgpt | 9.8 |
| MEDIUM | CVE-2024-4940 | Gradio: open redirect enables phishing against ML users | gradio | 6.1 |
| CRITICAL | CVE-2024-39236 | Gradio: code injection via component metadata (CVSS 9.8) | gradio | 9.8 |
| HIGH | CVE-2024-47084 | Gradio: CORS bypass exposes local instances to credential theft | gradio | 8.3 |
| MEDIUM | CVE-2024-47164 | Gradio: path traversal bypasses directory access controls | gradio | 6.5 |
| MEDIUM | CVE-2024-47165 | Gradio: CORS null origin bypass leaks auth tokens | gradio | 5.4 |
| MEDIUM | CVE-2024-47166 | Gradio: path traversal leaks custom component source | gradio | 5.3 |
| CRITICAL | CVE-2024-47167 | Gradio: unauthenticated SSRF in /queue/join, internal pivot | gradio | 9.8 |
| MEDIUM | CVE-2024-47168 | Gradio: monitoring endpoint bypass leaks app analytics | gradio | 4.3 |
| HIGH | CVE-2024-47867 | Gradio: no integrity check on FRP binary, supply chain RCE | gradio | 7.5 |
| HIGH | CVE-2024-47868 | Gradio: path traversal leaks arbitrary server files | gradio | 7.5 |
| LOW | CVE-2024-47869 | Gradio: timing attack exposes analytics dashboard auth | gradio | 3.7 |
| HIGH | CVE-2024-47870 | Gradio: race condition enables backend URL hijacking | gradio | 8.1 |
| CRITICAL | CVE-2024-47871 | Gradio: cleartext MITM exposes ML demo data via share=True | gradio | 9.1 |
| MEDIUM | CVE-2024-47872 | Gradio: stored XSS via malicious file upload | gradio | 5.4 |
| MEDIUM | CVE-2024-48052 | Gradio: SSRF in DownloadButton exposes internal resources | gradio | 6.5 |
| MEDIUM | CVE-2024-51751 | Gradio: path traversal exposes arbitrary server files | gradio | 6.5 |
| HIGH | CVE-2024-10569 | Gradio: zip bomb DoS via dataframe CSV upload | gradio | 7.5 |
| HIGH | CVE-2024-10624 | Gradio: ReDoS in DateTime causes CPU exhaustion DoS | gradio | 7.5 |
| HIGH | CVE-2024-10648 | Gradio: path traversal enables arbitrary file deletion DoS | gradio | 8.2 |