AI Threat Alert
AI Component
Framework
AI/ML frameworks (LangChain, PyTorch, TensorFlow, etc.) are the foundational libraries for building AI applications. Vulnerabilities here have wide blast radius due to high adoption.
1220
Total CVEs
61
Pages
Page 47 of 61
Current
| Severity | CVE | Headline | Package | CVSS |
|---|---|---|---|---|
| HIGH | CVE-2026-22608 | fickling: Allowlist Bypass evades input filtering | fickling | - |
| HIGH | CVE-2026-22607 | fickling: Allowlist Bypass evades input filtering | fickling | - |
| HIGH | CVE-2026-22606 | fickling: Allowlist Bypass evades input filtering | fickling | - |
| HIGH | GHSA-mcmc-2m55-j8jj | vllm: Input Validation flaw enables exploitation | vllm | 8.8 |
| HIGH | GHSA-9726-w42j-3qjr | picklescan: Path Traversal enables file access | picklescan | - |
| HIGH | GHSA-46h3-79wf-xr6c | picklescan: Code Injection enables RCE | picklescan | - |
| HIGH | GHSA-955r-x9j8-7rhh | picklescan: Code Injection enables RCE | picklescan | - |
| MEDIUM | GHSA-6556-fwc2-fg2p | picklescan: Code Injection enables RCE | picklescan | - |
| HIGH | GHSA-rrxm-2pvv-m66x | picklescan: Code Injection enables RCE | picklescan | - |
| MEDIUM | GHSA-cffc-mxrf-mhh4 | picklescan: Code Injection enables RCE | picklescan | - |
| HIGH | GHSA-3329-ghmp-jmv5 | picklescan: Code Injection enables RCE | picklescan | - |
| HIGH | GHSA-x843-g5mx-g377 | picklescan: Code Injection enables RCE | picklescan | - |
| HIGH | GHSA-r8g5-cgf2-4m4m | picklescan: Deserialization enables RCE | picklescan | - |
| HIGH | GHSA-hgrh-qx5j-jfwx | picklescan: Protection Bypass circumvents security controls | picklescan | 8.8 |
| HIGH | GHSA-vqmv-47xg-9wpr | picklescan: Deserialization enables RCE | picklescan | - |
| HIGH | GHSA-84r2-jw7c-4r5q | picklescan: Allowlist Bypass evades input filtering | picklescan | - |
| HIGH | GHSA-4675-36f9-wf6r | picklescan: Allowlist Bypass evades input filtering | picklescan | - |
| HIGH | GHSA-m273-6v24-x4m4 | picklescan: Deserialization enables RCE | picklescan | - |
| HIGH | CVE-2025-67729 | lmdeploy: Deserialization enables RCE | 8.8 | |
| MEDIUM | CVE-2025-67743 | local-deep-research: SSRF allows internal network access | 6.3 |