AI Threat Alert
AI Component
Framework
AI/ML frameworks (LangChain, PyTorch, TensorFlow, etc.) are the foundational libraries for building AI applications. Vulnerabilities here have wide blast radius due to high adoption.
1220
Total CVEs
61
Pages
Page 55 of 61
Current
| Severity | CVE | Headline | Package | CVSS |
|---|---|---|---|---|
| CRITICAL | CVE-2023-6019 | Ray: unauthenticated RCE via dashboard command injection | ray | 9.8 |
| MEDIUM | CVE-2024-52524 | Giskard: ReDoS in text perturbation causes DoS | - | |
| CRITICAL | CVE-2023-32785 | LangChain: prompt injection → SQL RCE (CVSS 9.8) | langchain | 9.8 |
| MEDIUM | CVE-2024-2965 | langchain-community: DoS via recursive sitemap loop | langchain | 4.2 |
| MEDIUM | CVE-2024-6581 | Lollms: SVG upload XSS enables session hijack and RCE | lollms | 6.5 |
| MEDIUM | CVE-2024-6985 | lollms: path traversal allows arbitrary directory read | lollms | 4.4 |
| LOW | CVE-2024-6971 | lollms: path traversal in RAG database functions | lollms | 3.4 |
| MEDIUM | GHSA-26jh-r8g2-6fpr | Gradio: Dropdown validation bypass enables arbitrary input | gradio | 5.3 |
| MEDIUM | CVE-2024-7041 | open-webui: IDOR enables cross-user memory tampering | open-webui | 6.5 |
| MEDIUM | CVE-2024-7037 | open-webui: path traversal → arbitrary file write/RCE | open-webui | 6.5 |
| LOW | CVE-2024-7038 | open-webui: filesystem enumeration via admin error messages | open-webui | 2.7 |
| MEDIUM | CVE-2018-21030 | Jupyter Notebook: XSS via missing CSP on served files | notebook | 5.3 |
| HIGH | CVE-2021-39160 | nbgitpuller: RCE via OS command injection in git URLs | 8.8 | |
| HIGH | CVE-2021-41134 | nbdime: stored XSS in Jupyter notebook diff viewer | 8.7 | |
| MEDIUM | CVE-2022-36551 | Label Studio: SSRF + file read, self-reg bypass | label-studio | 6.5 |
| HIGH | CVE-2018-8768 | Jupyter Notebook: XSS via malicious .ipynb file | notebook | 7.8 |
| HIGH | CVE-2025-15381 | MLflow: broken access control exposes experiment traces | mlflow | 8.1 |
| MEDIUM | CVE-2026-4963 | smolagents: code injection via incomplete sandbox fix | 6.3 | |
| HIGH | CVE-2026-27893 | vLLM: trust_remote_code bypass enables RCE | vllm | 8.8 |
| UNKNOWN | CVE-2026-33873 | Langflow: server-side RCE via LLM-generated code exec | langflow | - |