AI Threat Alert
AI Component
Framework
AI/ML frameworks (LangChain, PyTorch, TensorFlow, etc.) are the foundational libraries for building AI applications. Vulnerabilities here have wide blast radius due to high adoption.
1220
Total CVEs
61
Pages
Page 39 of 61
Current
| Severity | CVE | Headline | Package | CVSS |
|---|---|---|---|---|
| UNKNOWN | CVE-2024-10650 | ChuanhuChatGPT: DoS via multipart payload exhaustion | chuanhuchatgpt | - |
| UNKNOWN | CVE-2024-10707 | ChuanhuChatGPT: path traversal exposes server files unauthed | chuanhuchatgpt | - |
| HIGH | CVE-2024-11030 | GPT Academic: SSRF via unsanitized HotReload plugin | gpt_academic | 7.5 |
| HIGH | CVE-2024-11031 | GPT Academic: SSRF in Markdown plugin leaks credentials | gpt_academic | 7.5 |
| UNKNOWN | CVE-2024-12065 | LLaVA: path traversal allows arbitrary file read | - | |
| MEDIUM | CVE-2024-12217 | Gradio: NTFS ADS bypass exposes blocked file paths | gradio | 5.3 |
| MEDIUM | CVE-2024-8021 | Gradio: open redirect exposes AI demo users to phishing | gradio | 6.1 |
| HIGH | CVE-2024-8966 | Gradio: DoS via malformed multipart boundary | video | 7.5 |
| UNKNOWN | CVE-2025-0187 | Gradio: DoS via oversized upload filename | gradio | - |
| LOW | CVE-2025-5320 | Gradio: CORS origin bypass in ML UI handler | gradio | 3.7 |
| MEDIUM | CVE-2022-35918 | Streamlit: path traversal leaks server filesystem | streamlit | 6.5 |
| MEDIUM | CVE-2023-27494 | Streamlit: reflected XSS enables session hijacking | streamlit | 6.1 |
| CRITICAL | CVE-2024-41112 | streamlit-geospatial: RCE via eval() on palette input | streamlit-geospatial | 9.8 |
| CRITICAL | CVE-2024-41113 | streamlit-geospatial: RCE via eval() in Timelapse page | streamlit-geospatial | 9.8 |
| CRITICAL | CVE-2024-41114 | streamlit-geospatial: RCE via eval() on palette input | streamlit-geospatial | 9.8 |
| CRITICAL | CVE-2024-41115 | streamlit-geospatial: eval() injection enables RCE | streamlit-geospatial | 9.8 |
| CRITICAL | CVE-2024-41116 | streamlit-geospatial: RCE via eval() injection | streamlit-geospatial | 9.8 |
| CRITICAL | CVE-2024-41117 | streamlit-geospatial: eval() injection allows RCE | streamlit-geospatial | 9.8 |
| CRITICAL | CVE-2024-41118 | streamlit-geospatial: blind SSRF via WMS URL input | streamlit-geospatial | 9.8 |
| CRITICAL | CVE-2024-41119 | streamlit-geospatial: RCE via eval() on vis_params input | streamlit-geospatial | 9.8 |