AI Component

Framework

AI/ML frameworks (LangChain, PyTorch, TensorFlow, etc.) are the foundational libraries for building AI applications. Vulnerabilities here have wide blast radius due to high adoption.

1220

Total CVEs

Pages

Page 54 of 61

Current

Severity	CVE	Headline	Package	CVSS
CRITICAL	CVE-2024-9052	vLLM: RCE via pickle deserialization in distributed API	vllm	9.8
HIGH	CVE-2024-9606	LiteLLM: API key leakage in logs exposes credentials	litellm	7.5
HIGH	CVE-2025-0628	litellm: privilege escalation viewer→proxy admin via bad API key	litellm	8.1
HIGH	CVE-2025-0330	LiteLLM: Langfuse API key leak via error handling	litellm	7.5
HIGH	CVE-2024-6825	LiteLLM: RCE via post_call_rules callback injection	litellm	8.8
HIGH	CVE-2024-10572	H2O-3: unauthenticated AST parser enables DoS + file write		7.5
MEDIUM	CVE-2025-1979	Ray: Redis password exposed via plaintext logging	ray	6.4
MEDIUM	CVE-2025-1716	picklescan: scanner bypass enables supply chain RCE	picklescan	-
MEDIUM	CVE-2025-1889	picklescan: extension bypass enables RCE on model load	picklescan	-
CRITICAL	CVE-2025-25362	spacy-llm: SSTI allows unauthenticated RCE (CVSS 9.8)	spacy-llm	9.8
CRITICAL	CVE-2023-25574	JupyterHub LTI13: JWT forgery enables full auth bypass		10.0
HIGH	CVE-2025-25297	Label Studio: SSRF via S3 endpoint exposes internal services	label-studio	8.6
MEDIUM	CVE-2025-25296	Label Studio: reflected XSS via label_config param	label-studio	6.1
HIGH	CVE-2025-25295	Label Studio SDK: path traversal leaks server filesystem	label-studio-sdk	-
MEDIUM	CVE-2024-53526	Composio: command injection in AI agent tool calls		6.4
HIGH	CVE-2024-5187	ONNX: path traversal in model download enables RCE	onnx	8.8
HIGH	CVE-2024-49048	TorchGeo: RCE via code injection in geospatial ML lib		8.1
HIGH	CVE-2025-23205	nbgrader: Clickjacking exposes formgrader via IFrame		-
CRITICAL	CVE-2023-6021	Ray: LFI allows unauthenticated file read	ray	9.3
CRITICAL	CVE-2023-6020	Ray: unauthenticated LFI exposes entire filesystem	ray	9.3

Page 54 of 61

Previous Next

Related AI Components

API Agent Model Inference Training Data RAG

Framework

Related AI Components

Weekly CISO Take + top threats