Framework
AI/ML frameworks sit at the bottom of every AI stack — virtually every production AI system depends transitively on PyTorch or TensorFlow at the training layer, and on LangChain, LlamaIndex, or a similar orchestrator at the application layer. That concentration means a single vulnerability often affects tens of thousands of downstream services. The CVE patterns are recognisable: unsafe deserialization in model loading (the long tail of pickle), template injection in LangChain's prompt-construction utilities, SSRF in LlamaIndex's data-loader connectors, and path traversal in MLflow's experiment storage. PyTorch itself has shipped several high-severity CVEs around its distributed RPC layer. Because these libraries upgrade frequently and downstream applications pin loosely, patching is a real operational problem. AI Threat Alert tracks framework-level CVEs prominently because a single advisory often means urgent work for hundreds of teams.
| Severity | CVE | Headline | Package | CVSS |
|---|---|---|---|---|
| CRITICAL | CVE-2026-21877 | n8n: Code Injection enables RCE | n8n | 9.9 |
| MEDIUM | CVE-2026-21894 | n8n: security flaw enables exploitation | n8n | 6.5 |
| MEDIUM | CVE-2025-68949 | n8n: security flaw enables exploitation | n8n | 5.3 |
| CRITICAL | CVE-2026-0863 | n8n: Code Injection enables RCE | n8n | 9.9 |
| CRITICAL | CVE-2026-1470 | n8n: Code Injection enables RCE | n8n | 9.9 |
| HIGH | CVE-2025-61917 | n8n: Info Disclosure leaks sensitive data | n8n | 7.7 |
| CRITICAL | CVE-2026-25049 | n8n: security flaw enables exploitation | n8n | 9.9 |
| MEDIUM | CVE-2026-25051 | n8n: XSS enables session hijacking | n8n | 5.4 |
| CRITICAL | CVE-2026-25052 | n8n: security flaw enables exploitation | n8n | 9.9 |
| CRITICAL | CVE-2026-25053 | n8n: Command Injection enables RCE | n8n | 9.9 |
| MEDIUM | CVE-2026-25054 | n8n: XSS enables session hijacking | n8n | 5.4 |
| HIGH | CVE-2026-25055 | n8n: Path Traversal enables file access | n8n | 8.1 |
| HIGH | CVE-2026-25056 | n8n: Arbitrary File Upload enables RCE | n8n | 8.8 |
| CRITICAL | CVE-2026-25115 | n8n: Protection Bypass circumvents security controls | n8n | 9.9 |
| HIGH | CVE-2024-4888 | litellm: arbitrary file deletion via audio endpoint | litellm | 8.1 |
| HIGH | CVE-2024-10188 | litellm: unauthenticated DoS crashes LLM proxy server | litellm | 7.5 |
| MEDIUM | CVE-2025-45809 | LiteLLM: SQL injection in key management API | litellm | 5.4 |
| UNKNOWN | CVE-2025-11203 | LiteLLM: Info Disclosure leaks sensitive data | - | |
| CRITICAL | CVE-2026-33309 | langflow: Path Traversal enables file access | langflow | 9.9 |
| CRITICAL | CVE-2026-33475 | langflow: security flaw enables exploitation | langflow | 9.1 |