AI Threat Alert
AI Component
Framework
AI/ML frameworks (LangChain, PyTorch, TensorFlow, etc.) are the foundational libraries for building AI applications. Vulnerabilities here have wide blast radius due to high adoption.
1220
Total CVEs
61
Pages
Page 50 of 61
Current
| Severity | CVE | Headline | Package | CVSS |
|---|---|---|---|---|
| MEDIUM | GHSA-3vg9-h568-4w9m | picklescan: RCE bypass via idlelib SetText evasion | picklescan | - |
| MEDIUM | GHSA-f54q-57x4-jg88 | picklescan: scanner bypass enables RCE in ML models | picklescan | - |
| MEDIUM | GHSA-6vqj-c2q5-j97w | picklescan: scanner bypass enables RCE via ML models | picklescan | - |
| MEDIUM | GHSA-x696-vm39-cp64 | picklescan: scan bypass allows RCE in ML pipelines | picklescan | - |
| MEDIUM | GHSA-g344-hcph-8vgg | picklescan: scanner bypass enables RCE in ML pipelines | picklescan | - |
| MEDIUM | GHSA-5qwp-399c-mjwf | picklescan: bypass enables undetected RCE in ML models | picklescan | - |
| HIGH | CVE-2025-5302 | llama-index: JSON parsing DoS via deep recursion | llama-index-core | 8.6 |
| HIGH | CVE-2025-57809 | xgrammar: uncontrolled recursion in grammar parsing causes DoS | xgrammar | 7.5 |
| MEDIUM | GHSA-vv6j-3g6g-2pvj | picklescan: PyTorch gadget bypasses scanner, enables RCE | picklescan | - |
| MEDIUM | GHSA-vr7h-p6mm-wpmh | picklescan: PyTorch gadget bypasses pickle RCE detection | picklescan | - |
| MEDIUM | GHSA-h3qp-7fh3-f8h4 | picklescan: detection bypass via PyTorch proxy RCE | picklescan | - |
| MEDIUM | GHSA-f745-w6jp-hpxx | picklescan: RCE bypass via torch.utils.collect_env | picklescan | - |
| MEDIUM | GHSA-f4x7-rfwp-v3xw | picklescan: scanner bypass enables RCE via PyTorch function | picklescan | - |
| MEDIUM | GHSA-86cj-95qr-2p4f | picklescan: detection bypass enables PyTorch model RCE | picklescan | - |
| MEDIUM | GHSA-4r9r-ch6f-vxmx | picklescan: PyTorch bypass allows undetected RCE | picklescan | - |
| HIGH | CVE-2025-9141 | vLLM: RCE via eval() in Qwen3 Coder tool parser | vllm | 8.8 |
| CRITICAL | CVE-2025-54950 | ExecuTorch: OOB read in model loader enables RCE | executorch | 9.8 |
| CRITICAL | CVE-2025-54951 | ExecuTorch: heap buffer overflow RCE in model loading | executorch | 9.8 |
| CRITICAL | CVE-2025-54949 | ExecuTorch: heap buffer overflow RCE via model loading | executorch | 9.8 |
| CRITICAL | CVE-2025-30405 | ExecuTorch: integer overflow in model load → RCE | executorch | 9.8 |