AI Component

Framework

AI/ML frameworks sit at the bottom of every AI stack — virtually every production AI system depends transitively on PyTorch or TensorFlow at the training layer, and on LangChain, LlamaIndex, or a similar orchestrator at the application layer. That concentration means a single vulnerability often affects tens of thousands of downstream services. The CVE patterns are recognisable: unsafe deserialization in model loading (the long tail of pickle), template injection in LangChain's prompt-construction utilities, SSRF in LlamaIndex's data-loader connectors, and path traversal in MLflow's experiment storage. PyTorch itself has shipped several high-severity CVEs around its distributed RPC layer. Because these libraries upgrade frequently and downstream applications pin loosely, patching is a real operational problem. AI Threat Alert tracks framework-level CVEs prominently because a single advisory often means urgent work for hundreds of teams.

1934
Total CVEs
97
Pages
Page 63 of 97
Current
Severity CVE CVSS
MEDIUM GHSA-qqvm-66q4-vf5c -
MEDIUM GHSA-w6v6-49gh-mc9w -
MEDIUM GHSA-2qqc-p94c-hxwh 5.6
MEDIUM GHSA-cc4f-hjpj-g9p8 5.6
CRITICAL CVE-2026-40933 9.9
HIGH GHSA-rg3h-x3jw-7jm5 8.1
CRITICAL GHSA-9qhq-v63v-fv3j 9.8
MEDIUM GHSA-f7fh-qg34-x2xh -
HIGH GHSA-7jp6-r74r-995q -
HIGH GHSA-736r-jwj6-4w23 -
HIGH GHSA-82qx-6vj7-p8m2 -
MEDIUM GHSA-53vx-pmqw-863c -
MEDIUM GHSA-xq94-r468-qwgj -
MEDIUM GHSA-7wv4-cc7p-jhxc -
MEDIUM GHSA-c9h3-5p7r-mrjh -
MEDIUM GHSA-49cg-279w-m73x -
MEDIUM GHSA-7g8c-cfr3-vqqr -
MEDIUM GHSA-j6c7-3h5x-99g9 -
MEDIUM GHSA-5gjc-grvm-m88j -
MEDIUM GHSA-jwrq-8g5x-5fhm -

Page 63 of 97