AI Threat Alert
AI Component
Framework
AI/ML frameworks (LangChain, PyTorch, TensorFlow, etc.) are the foundational libraries for building AI applications. Vulnerabilities here have wide blast radius due to high adoption.
1220
Total CVEs
61
Pages
Page 49 of 61
Current
| Severity | CVE | Headline | Package | CVSS |
|---|---|---|---|---|
| HIGH | CVE-2025-58755 | MONAI: path traversal allows arbitrary file write | monai | 8.8 |
| LOW | CVE-2025-59842 | JupyterLab: missing noopener enables reverse tabnabbing | - | |
| HIGH | CVE-2025-10156 | Picklescan: CRC bypass hides malicious pickle in ZIP | picklescan | 7.5 |
| HIGH | CVE-2025-10157 | PickleScan: subclass bypass enables malicious model RCE | picklescan | 8.3 |
| MEDIUM | CVE-2025-58446 | xgrammar: DoS via oversized JSON schema grammar parsing | xgrammar | - |
| MEDIUM | GHSA-q77w-mwjj-7mqx | picklescan: scanner bypass enables model RCE | picklescan | - |
| MEDIUM | GHSA-49gj-c84q-6qm9 | picklescan: scanner bypass enables RCE via ML model files | picklescan | - |
| MEDIUM | GHSA-9w88-8rmg-7g2p | picklescan: scan bypass allows silent RCE via ML models | picklescan | - |
| MEDIUM | GHSA-fqq6-7vqf-w3fg | picklescan: detection bypass allows undetected RCE in ML models | picklescan | - |
| MEDIUM | GHSA-3gf5-cxq9-w223 | picklescan: scanner bypass enables pickle RCE in ML models | picklescan | - |
| MEDIUM | GHSA-j343-8v2j-ff7w | picklescan: scanner bypass allows pickle-based RCE | picklescan | - |
| MEDIUM | GHSA-m869-42cg-3xwr | picklescan: scanner bypass enables RCE via ML models | picklescan | - |
| MEDIUM | GHSA-p9w7-82w4-7q8m | picklescan: detection bypass allows pickle RCE in ML pipelines | picklescan | - |
| MEDIUM | GHSA-xp4f-hrf8-rxw7 | picklescan: scanner bypass leads to undetected RCE | picklescan | - |
| MEDIUM | GHSA-4whj-rm5r-c2v8 | picklescan: scanner bypass enables PyTorch gadget RCE | picklescan | - |
| MEDIUM | GHSA-9xph-j2h6-g47v | picklescan: scanner bypass enables RCE via model files | picklescan | - |
| MEDIUM | GHSA-8r4j-24qv-fmq9 | picklescan: RCE bypass enables ML supply chain attack | picklescan | - |
| MEDIUM | GHSA-cj3c-v495-4xqh | picklescan: security bypass enables RCE in ML pipelines | picklescan | - |
| MEDIUM | GHSA-7cq8-mj8x-j263 | picklescan: detection bypass allows malicious pickle RCE | picklescan | - |
| MEDIUM | GHSA-6w4w-5w54-rjvr | picklescan: detection bypass allows RCE via ML model files | picklescan | - |