AI Component

Framework

AI/ML frameworks (LangChain, PyTorch, TensorFlow, etc.) are the foundational libraries for building AI applications. Vulnerabilities here have wide blast radius due to high adoption.

1220

Total CVEs

Pages

Page 46 of 61

Current

Severity	CVE	Headline	Package	CVSS
CRITICAL	CVE-2026-26030	semantic-kernel: Code Injection enables RCE	semantic-kernel	10.0
HIGH	GHSA-97f8-7cmv-76j2	picklescan: Allowlist Bypass evades input filtering	picklescan	-
HIGH	CVE-2026-0897	keras: Resource Exhaustion enables DoS	keras	-
HIGH	CVE-2025-53000	nbconvert: security flaw enables exploitation		-
HIGH	CVE-2026-1777	sagemaker: security flaw enables exploitation	sagemaker	7.2
MEDIUM	CVE-2026-1778	sagemaker: security flaw enables exploitation	sagemaker	5.9
MEDIUM	CVE-2025-6208	llama-index-core: DoS causes service disruption	llama-index-core	5.3
HIGH	CVE-2026-1117	lollms: Access Control bypass enables privilege escalation	lollms	8.2
MEDIUM	GHSA-m7j5-r2p5-c39r	picklescan: Deserialization enables RCE	picklescan	-
HIGH	GHSA-9m3x-qqw2-h32h	picklescan: Deserialization enables RCE	picklescan	-
CRITICAL	CVE-2026-25481	langroid: Code Injection enables RCE		-
LOW	CVE-2026-25211	llama-stack: security flaw enables exploitation		3.2
CRITICAL	CVE-2026-25130	cai-framework: Command Injection enables RCE		9.7
MEDIUM	CVE-2026-21851	monai: Path Traversal enables file access	monai	5.3
MEDIUM	GHSA-gpx9-96j6-pp87	agentos-taskweaver: Protection Bypass circumvents security controls		6.5
HIGH	CVE-2026-22219	chainlit: SSRF allows internal network access	chainlit	7.7
MEDIUM	CVE-2025-68492	chainlit: IDOR enables unauthorized data access	chainlit	4.2
HIGH	CVE-2026-22033	label-studio: XSS enables session hijacking	label-studio	-
HIGH	CVE-2026-22612	fickling: Deserialization enables RCE	fickling	-
HIGH	CVE-2026-22609	fickling: Allowlist Bypass evades input filtering	fickling	-

Page 46 of 61

Previous Next

Related AI Components

API Agent Model Inference Training Data RAG

Framework

Related AI Components

Weekly CISO Take + top threats