AI Threat Alert
AI Component
Inference
Inference-layer vulnerabilities target the serving infrastructure that runs ML models in production — including vLLM, TensorRT, Triton, and custom serving endpoints.
537
Total CVEs
27
Pages
Page 18 of 27
Current
| Severity | CVE | Headline | Package | CVSS |
|---|---|---|---|---|
| MEDIUM | CVE-2023-48299 | TorchServe: ZipSlip arbitrary file write via model upload | torchserve | 5.3 |
| HIGH | CVE-2024-31583 | PyTorch: use-after-free in JIT mobile interpreter, RCE | pytorch | 7.8 |
| CRITICAL | CVE-2024-35198 | TorchServe: URL bypass enables arbitrary model loading | torchserve | 9.8 |
| HIGH | CVE-2024-35199 | TorchServe: default gRPC exposure allows unauth inference | torchserve | 8.2 |
| HIGH | CVE-2025-2148 | PyTorch: memory corruption in JIT profiler callback handler | pytorch | 7.5 |
| LOW | CVE-2025-2149 | PyTorch: improper init in quantized sigmoid skews model output | pytorch | 2.5 |
| MEDIUM | CVE-2024-6577 | TorchServe: unverified S3 bucket exposes benchmark data | 6.3 | |
| MEDIUM | CVE-2025-2953 | PyTorch: DoS via mkldnn_max_pool2d resource leak | pytorch | 5.5 |
| MEDIUM | CVE-2025-2999 | PyTorch: memory corruption in RNN sequence unpacking | pytorch | 5.3 |
| MEDIUM | CVE-2025-3000 | PyTorch: memory corruption in torch.jit.script compiler | pytorch | 5.3 |
| MEDIUM | CVE-2025-3121 | PyTorch: memory corruption in JIT flatbuffer loader | pytorch | 5.5 |
| LOW | CVE-2025-3136 | PyTorch: memory corruption in CUDA caching allocator | pytorch | 3.3 |
| CRITICAL | CVE-2025-32434 | PyTorch: RCE bypasses weights_only=True safe-load guard | pytorch | 9.8 |
| CRITICAL | CVE-2025-47277 | vLLM: RCE via exposed TCPStore in distributed inference | vllm | 9.8 |
| MEDIUM | CVE-2025-46148 | PyTorch: PairwiseDistance silent miscalculation, integrity risk | pytorch | 5.3 |
| MEDIUM | CVE-2025-46149 | PyTorch: reachable assertion in nn.Fold with inductor | pytorch | 5.3 |
| MEDIUM | CVE-2025-46150 | PyTorch: torch.compile silent output inconsistency | pytorch | 5.3 |
| MEDIUM | CVE-2025-46152 | PyTorch: OOB write causes incorrect bitwise shift results | pytorch | 5.3 |
| MEDIUM | CVE-2025-46153 | PyTorch: Dropout inconsistency enables membership inference | pytorch | 5.3 |
| HIGH | CVE-2025-55551 | PyTorch: DoS in linalg.lu via malformed slice op | pytorch | 7.5 |