Framework
AI/ML frameworks sit at the bottom of every AI stack — virtually every production AI system depends transitively on PyTorch or TensorFlow at the training layer, and on LangChain, LlamaIndex, or a similar orchestrator at the application layer. That concentration means a single vulnerability often affects tens of thousands of downstream services. The CVE patterns are recognisable: unsafe deserialization in model loading (the long tail of pickle), template injection in LangChain's prompt-construction utilities, SSRF in LlamaIndex's data-loader connectors, and path traversal in MLflow's experiment storage. PyTorch itself has shipped several high-severity CVEs around its distributed RPC layer. Because these libraries upgrade frequently and downstream applications pin loosely, patching is a real operational problem. AI Threat Alert tracks framework-level CVEs prominently because a single advisory often means urgent work for hundreds of teams.
| Severity | CVE | Headline | Package | CVSS |
|---|---|---|---|---|
| HIGH | CVE-2026-33484 | langflow: Access Control bypass enables privilege escalation | langflow | 7.5 |
| HIGH | CVE-2026-33497 | langflow: Path Traversal enables file access | langflow | 7.5 |
| HIGH | CVE-2026-33236 | nltk: Path Traversal enables file access | 8.1 | |
| HIGH | CVE-2026-33155 | deepdiff: DoS causes service disruption | - | |
| MEDIUM | GHSA-5cxw-w2xg-2m8h | fickling: Allowlist Bypass evades input filtering | fickling | - |
| MEDIUM | GHSA-r48f-3986-4f9c | fickling: Allowlist Bypass evades input filtering | fickling | - |
| CRITICAL | CVE-2026-27825 | mcp-atlassian: Path Traversal enables file access | mcp-atlassian | 9.1 |
| MEDIUM | CVE-2026-28277 | langgraph: Deserialization enables RCE | langgraph | 6.8 |
| HIGH | GHSA-5r2p-pjr8-7fh7 | sagemaker: Allowlist Bypass evades input filtering | sagemaker | - |
| HIGH | CVE-2026-25048 | xgrammar: security flaw enables exploitation | xgrammar | 7.5 |
| HIGH | GHSA-5hwf-rc88-82xm | fickling: Allowlist Bypass evades input filtering | fickling | - |
| HIGH | GHSA-wccx-j62j-r448 | fickling: Protection Bypass circumvents security controls | fickling | - |
| CRITICAL | GHSA-g38g-8gr9-h9xp | picklescan: Allowlist Bypass evades input filtering | picklescan | 9.8 |
| CRITICAL | GHSA-vvpj-8cmc-gx39 | picklescan: security flaw enables exploitation | picklescan | 10.0 |
| CRITICAL | GHSA-7wx9-6375-f5wh | picklescan: Allowlist Bypass evades input filtering | picklescan | 9.8 |
| MEDIUM | CVE-2026-27794 | langgraph-checkpoint: Deserialization enables RCE | langgraph-checkpoint | 6.6 |
| MEDIUM | GHSA-mhc9-48gj-9gp3 | fickling: Allowlist Bypass evades input filtering | fickling | - |
| HIGH | GHSA-mxhj-88fx-4pcv | fickling: security flaw enables exploitation | fickling | - |
| LOW | GHSA-83pf-v6qq-pwmr | fickling: Allowlist Bypass evades input filtering | fickling | - |
| HIGH | CVE-2026-2472 | google-cloud-aiplatform: XSS enables session hijacking | google-cloud-aiplatform | 8.1 |