AI Threat Alert
AI Component
Framework
AI/ML frameworks (LangChain, PyTorch, TensorFlow, etc.) are the foundational libraries for building AI applications. Vulnerabilities here have wide blast radius due to high adoption.
1244
Total CVEs
63
Pages
Page 60 of 63
Current
| Severity | CVE | Headline | Package | CVSS |
|---|---|---|---|---|
| MEDIUM | GHSA-2f7j-rp58-mr42 | OpenClaw: info disclosure exposes host filesystem paths | openclaw | - |
| MEDIUM | GHSA-m34q-h93w-vg5x | openclaw: path traversal enables remote dir overwrite | openclaw | - |
| MEDIUM | GHSA-h43v-27wg-5mf9 | OpenClaw: pre-auth signature bypass enables pairing DoS | openclaw | - |
| MEDIUM | GHSA-42mx-vp8m-j7qh | openclaw: sandbox escape via mirror mode hook execution | openclaw | - |
| MEDIUM | GHSA-fwjq-xwfj-gv75 | openclaw: auth bypass exposes agent session visibility | openclaw | - |
| MEDIUM | GHSA-3q42-xmxv-9vfr | openclaw: privilege escalation to admin voice config persistence | openclaw | - |
| HIGH | GHSA-vfw7-6rhc-6xxg | openclaw: env var injection via workspace config | openclaw | - |
| HIGH | GHSA-89gg-p5r5-q6r4 | MONAI: pickle deserialization RCE in Auto3DSeg | monai | 7.7 |
| HIGH | CVE-2026-3357 | Langflow: deserialization RCE via FAISS component default | langflow | 8.8 |
| HIGH | GHSA-69x8-hrgq-fjj8 | LiteLLM: auth bypass chain enables full privilege escalation | litellm | - |
| MEDIUM | GHSA-766v-q9x3-g744 | praisonaiagents: agent context leak + path traversal | praisonaiagents | 6.5 |
| HIGH | CVE-2026-39891 | praisonai: SSTI enables RCE via agent instructions | praisonai | 8.8 |
| HIGH | CVE-2026-39889 | PraisonAI: unauth A2U stream leaks all agent activity | praisonai | 7.5 |
| CRITICAL | CVE-2026-39888 | praisonaiagents: sandbox escape enables host RCE | praisonaiagents | 10.0 |
| CRITICAL | CVE-2026-39890 | PraisonAI: YAML deserialization enables unauthenticated RCE | praisonai | 9.8 |
| HIGH | GHSA-4ggg-h7ph-26qr | n8n-mcp: authenticated SSRF leaks cloud metadata | n8n-mcp | 8.5 |
| CRITICAL | GHSA-2763-cj5r-c79m | PraisonAI: RCE via shell injection in agent workflows | PraisonAI | 9.7 |
| MEDIUM | GHSA-926x-3r5x-gfhw | LangChain: f-string template injection exposes object internals | langchain-core | 5.3 |
| CRITICAL | GHSA-2679-6mx9-h9xc | Marimo: pre-auth RCE via terminal WebSocket | marimo | - |
| MEDIUM | GHSA-q2gc-xjqw-qp89 | OpenClaw: eval approval bypass enables unintended code exec | openclaw | - |