AI Component

Framework

AI/ML frameworks (LangChain, PyTorch, TensorFlow, etc.) are the foundational libraries for building AI applications. Vulnerabilities here have wide blast radius due to high adoption.

1244

Total CVEs

Pages

Page 61 of 63

Current

Severity	CVE	Headline	Package	CVSS
MEDIUM	CVE-2026-40087	LangChain: template injection leaks object attributes	langchain-core	5.3
HIGH	CVE-2026-40113	PraisonAI: arg injection injects env vars into Cloud Run	praisonai	8.4
CRITICAL	CVE-2026-40111	PraisonAI: RCE via shell injection in memory hooks executor	praisonaiagents	-
MEDIUM	CVE-2026-40112	PraisonAI: XSS via no-op HTML sanitizer in agent output	praisonai	5.4
HIGH	CVE-2026-40217	LiteLLM: RCE via bytecode rewriting in guardrails API	litellm	8.8
CRITICAL	GHSA-vc46-vw85-3wvm	PraisonAI: RCE via malicious workflow YAML execution	PraisonAI	9.8
MEDIUM	GHSA-x783-xp3g-mqhp	PraisonAI: SQL injection via table_prefix exposes DB	PraisonAI	-
MEDIUM	GHSA-ffp3-3562-8cv3	PraisonAI: tool approval bypass leaks env credentials	praisonaiagents	5.5
HIGH	GHSA-x462-jjpc-q4q4	praisonaiagents: CORS bypass enables silent agent RCE	praisonaiagents	8.1
MEDIUM	CVE-2026-40159	PraisonAI: MCP env inheritance exposes API keys	PraisonAI	5.5
CRITICAL	CVE-2026-40157	PraisonAI: path traversal allows arbitrary file write via recipe unpack	PraisonAI	-
HIGH	CVE-2026-40156	PraisonAI: auto tools.py load enables local RCE	praisonai	7.8
MEDIUM	CVE-2026-40148	PraisonAI: decompression bomb causes disk exhaustion	PraisonAI	6.5
CRITICAL	CVE-2026-40154	PraisonAI: supply chain RCE via unverified template exec	PraisonAI	9.3
HIGH	GHSA-qwgj-rrpj-75xm	PraisonAI: hardcoded approval bypass enables RCE	PraisonAI	8.8
HIGH	CVE-2026-40158	PraisonAI: AST sandbox bypass enables host RCE	PraisonAI	8.6
HIGH	CVE-2026-40149	PraisonAI: auth bypass disables agent safety controls	PraisonAI	7.9
MEDIUM	CVE-2026-40115	PraisonAI: unbounded body read enables local DoS	PraisonAI	6.2
CRITICAL	CVE-2026-1115	lollms: Stored XSS enables wormable account takeover	lollms	9.6
MEDIUM	CVE-2026-40190	langsmith: prototype pollution enables auth bypass, RCE	langsmith	5.6

Page 61 of 63

Previous Next

Related AI Components

API Agent Model Inference Training Data RAG

Framework

Related AI Components

Weekly CISO Take + top threats