AI Component

Framework

AI/ML frameworks sit at the bottom of every AI stack — virtually every production AI system depends transitively on PyTorch or TensorFlow at the training layer, and on LangChain, LlamaIndex, or a similar orchestrator at the application layer. That concentration means a single vulnerability often affects tens of thousands of downstream services. The CVE patterns are recognisable: unsafe deserialization in model loading (the long tail of pickle), template injection in LangChain's prompt-construction utilities, SSRF in LlamaIndex's data-loader connectors, and path traversal in MLflow's experiment storage. PyTorch itself has shipped several high-severity CVEs around its distributed RPC layer. Because these libraries upgrade frequently and downstream applications pin loosely, patching is a real operational problem. AI Threat Alert tracks framework-level CVEs prominently because a single advisory often means urgent work for hundreds of teams.

1934
Total CVEs
97
Pages
Page 64 of 97
Current
Severity CVE CVSS
HIGH GHSA-w47f-j8rh-wx87 -
HIGH GHSA-3prp-9gf7-4rxx -
MEDIUM GHSA-92jp-89mq-4374 -
CRITICAL GHSA-v38x-c887-992f -
HIGH CVE-2026-6596 7.3
LOW CVE-2026-6597 2.7
MEDIUM CVE-2026-6598 4.3
MEDIUM CVE-2026-6599 6.3
LOW CVE-2026-6600 3.5
MEDIUM CVE-2026-6608 5.3
MEDIUM CVE-2026-39378 6.5
MEDIUM CVE-2026-39377 6.5
CRITICAL CVE-2026-41264 9.8
HIGH CVE-2026-41279 7.5
CRITICAL CVE-2026-41265 9.8
HIGH CVE-2026-41137 8.8
HIGH CVE-2026-41138 8.8
HIGH CVE-2026-41266 7.5
CRITICAL CVE-2026-41267 9.8
CRITICAL CVE-2026-41268 9.8

Page 64 of 97