AI Component

Framework

AI/ML frameworks (LangChain, PyTorch, TensorFlow, etc.) are the foundational libraries for building AI applications. Vulnerabilities here have wide blast radius due to high adoption.

1220

Total CVEs

Pages

Page 57 of 61

Current

Severity	CVE	Headline	Package	CVSS
MEDIUM	GHSA-h8r8-wccr-v5f2	DOMPurify: mXSS bypass achieves XSS via parse-context switch		-
MEDIUM	GHSA-364x-8g5j-x2pr	n8n: stored XSS via malicious OAuth2 Authorization URL	n8n	5.4
MEDIUM	GHSA-3c7f-5hgj-h279	n8n: Stored XSS in Chat Trigger via CSS injection	n8n	5.4
MEDIUM	GHSA-w673-8fjw-457c	n8n: stored XSS enables phishing via Form Node	n8n	4.1
MEDIUM	GHSA-q4fm-pjq6-m63g	n8n: Stored XSS in Form Trigger enables phishing	n8n	5.4
LOW	CVE-2026-4993	OpenUI: hard-coded LiteLLM master key credential leak		3.3
CRITICAL	CVE-2025-15036	MLflow: path traversal enables sandbox escape, file overwrite	mlflow	9.6
CRITICAL	CVE-2025-15379	MLflow: RCE via unsanitized model dependency specs	mlflow	10.0
UNKNOWN	CVE-2026-2275	CrewAI: RCE via Docker fallback in CodeInterpreter		-
UNKNOWN	CVE-2026-2285	CrewAI: arbitrary file read via JSON loader tool		-
UNKNOWN	CVE-2026-2286	CrewAI: SSRF via unvalidated RAG tool URLs exposes internal services		-
UNKNOWN	CVE-2026-2287	CrewAI: Docker sandbox fallback enables RCE		-
CRITICAL	GHSA-955r-262c-33jc	telnyx: PyPI supply chain attack steals cloud creds		-
HIGH	GHSA-m3mh-3mpg-37hw	OpenClaw: .npmrc hijack enables RCE on plugin install	openclaw	8.6
HIGH	GHSA-hr5v-j9h9-xjhg	OpenClaw: sandbox escape via mediaUrl path traversal	openclaw	7.7
CRITICAL	CVE-2026-0596	MLflow: command injection via model_uri in mlserver mode		9.6
UNKNOWN	CVE-2026-22561	Claude Setup: DLL search-order hijacking LPE		-
UNKNOWN	CVE-2026-27489	ONNX: symlink path traversal allows arbitrary file read	onnx	-
MEDIUM	CVE-2026-34451	anthropic-ai/sdk: memory tool path traversal escape	@anthropic-ai/sdk	-
MEDIUM	CVE-2026-34450	anthropic-sdk: insecure file perms expose agent memory	anthropic	-

Page 57 of 61

Previous Next

Related AI Components

API Agent Model Inference Training Data RAG

Framework

Related AI Components

Weekly CISO Take + top threats