AI Threat Alert
AI Component
Framework
AI/ML frameworks (LangChain, PyTorch, TensorFlow, etc.) are the foundational libraries for building AI applications. Vulnerabilities here have wide blast radius due to high adoption.
1220
Total CVEs
61
Pages
Page 51 of 61
Current
| Severity | CVE | Headline | Package | CVSS |
|---|---|---|---|---|
| CRITICAL | CVE-2025-30404 | ExecuTorch: integer overflow RCE on model load | executorch | 9.8 |
| HIGH | GHSA-9gvj-pp9x-gcfr | picklescan: detection bypass allows malicious pickle exec | picklescan | - |
| MEDIUM | CVE-2025-54952 | ExecuTorch: integer overflow enables RCE via model loading | executorch | - |
| MEDIUM | GHSA-r54c-2xmf-2cf3 | ms-swift: RCE via pickle deserialization in adapter models | - | |
| MEDIUM | CVE-2025-51481 | Dagster: path traversal exposes arbitrary file read via gRPC | 6.6 | |
| HIGH | CVE-2024-7036 | open-webui: unauthenticated DoS disables Admin panel | open-webui | 7.5 |
| MEDIUM | CVE-2025-6211 | llama-index: DocugamiReader MD5 hash collision drops chunks | llama-index-readers-docugami | 6.5 |
| HIGH | CVE-2025-6209 | llama_index: path traversal allows arbitrary file read | llama-index-core | 7.5 |
| HIGH | CVE-2025-6386 | lollms: timing attack enables credential enumeration | lollms | 7.5 |
| MEDIUM | CVE-2025-6210 | llama-index Obsidian reader: hardlink path traversal leaks files | llama-index-readers-obsidian | 6.2 |
| MEDIUM | CVE-2025-5472 | llama-index: JSONReader DoS via recursive JSON parsing | llama-index-core | 6.5 |
| MEDIUM | CVE-2025-3044 | llama-index ArxivReader: MD5 collision corrupts training data | llama-index-readers-papers | 5.3 |
| HIGH | CVE-2025-3225 | llama-index Papers Loader: XML expansion DoS | llama-index-readers-papers | 7.5 |
| HIGH | CVE-2025-3046 | LlamaIndex Obsidian: symlink traversal exposes host files | llama-index-readers-obsidian | 7.5 |
| MEDIUM | CVE-2025-3108 | llama-index: RCE via unsafe pickle deserialization | llama-index-core | 5.0 |
| CRITICAL | CVE-2025-1793 | llama_index: SQL injection in vector store integrations | llama-index | 9.8 |
| HIGH | CVE-2025-30167 | jupyter_core: config hijack enables cross-user code exec | 7.3 | |
| MEDIUM | GHSA-j828-28rj-hfhp | vllm: ReDoS in inference endpoints enables DoS | vllm | 4.3 |
| CRITICAL | CVE-2024-11958 | llama-index DuckDB retriever: SQLi enables RCE | llama-index-retrievers-duckdb-retriever | 9.8 |
| HIGH | CVE-2025-1753 | llama-index-cli: OS command injection enables RCE | llama-index | 7.8 |