AI Component

Framework

AI/ML frameworks sit at the bottom of every AI stack — virtually every production AI system depends transitively on PyTorch or TensorFlow at the training layer, and on LangChain, LlamaIndex, or a similar orchestrator at the application layer. That concentration means a single vulnerability often affects tens of thousands of downstream services. The CVE patterns are recognisable: unsafe deserialization in model loading (the long tail of pickle), template injection in LangChain's prompt-construction utilities, SSRF in LlamaIndex's data-loader connectors, and path traversal in MLflow's experiment storage. PyTorch itself has shipped several high-severity CVEs around its distributed RPC layer. Because these libraries upgrade frequently and downstream applications pin loosely, patching is a real operational problem. AI Threat Alert tracks framework-level CVEs prominently because a single advisory often means urgent work for hundreds of teams.

1934
Total CVEs
97
Pages
Page 50 of 97
Current
Severity CVE CVSS
MEDIUM GHSA-6w4w-5w54-rjvr -
MEDIUM GHSA-3vg9-h568-4w9m -
MEDIUM GHSA-f54q-57x4-jg88 -
MEDIUM GHSA-6vqj-c2q5-j97w -
MEDIUM GHSA-x696-vm39-cp64 -
MEDIUM GHSA-g344-hcph-8vgg -
MEDIUM GHSA-5qwp-399c-mjwf -
HIGH CVE-2025-5302 8.6
HIGH CVE-2025-57809 7.5
MEDIUM GHSA-vv6j-3g6g-2pvj -
MEDIUM GHSA-vr7h-p6mm-wpmh -
MEDIUM GHSA-h3qp-7fh3-f8h4 -
MEDIUM GHSA-f745-w6jp-hpxx -
MEDIUM GHSA-f4x7-rfwp-v3xw -
MEDIUM GHSA-86cj-95qr-2p4f -
MEDIUM GHSA-4r9r-ch6f-vxmx -
HIGH CVE-2025-9141 8.8
CRITICAL CVE-2025-54950 9.8
CRITICAL CVE-2025-54951 9.8
CRITICAL CVE-2025-54949 9.8

Page 50 of 97