AI Threat Alert
AI Component
Inference
Inference-layer vulnerabilities target the serving infrastructure that runs ML models in production — including vLLM, TensorRT, Triton, and custom serving endpoints.
537
Total CVEs
27
Pages
Page 23 of 27
Current
| Severity | CVE | Headline | Package | CVSS |
|---|---|---|---|---|
| MEDIUM | CVE-2024-31462 | stable-diffusion-webui: path traversal file write | 6.3 | |
| UNKNOWN | CVE-2024-1183 | Gradio: SSRF enables internal network port scanning | gradio | - |
| HIGH | CVE-2024-34510 | Gradio: credential leakage via Windows path encoding bug | gradio | 7.5 |
| CRITICAL | CVE-2024-4253 | Gradio: CI/CD command injection enables secrets exfiltration | gradio | 9.1 |
| HIGH | CVE-2024-4325 | Gradio: SSRF exposes internal network and cloud metadata | gradio | 8.6 |
| HIGH | CVE-2024-4941 | Gradio: LFI via JSON path key exposes server files | gradio | 7.5 |
| MEDIUM | CVE-2024-4940 | Gradio: open redirect enables phishing against ML users | gradio | 6.1 |
| CRITICAL | CVE-2024-39236 | Gradio: code injection via component metadata (CVSS 9.8) | gradio | 9.8 |
| HIGH | CVE-2024-47084 | Gradio: CORS bypass exposes local instances to credential theft | gradio | 8.3 |
| MEDIUM | CVE-2024-47164 | Gradio: path traversal bypasses directory access controls | gradio | 6.5 |
| CRITICAL | CVE-2024-47167 | Gradio: unauthenticated SSRF in /queue/join, internal pivot | gradio | 9.8 |
| MEDIUM | CVE-2024-47168 | Gradio: monitoring endpoint bypass leaks app analytics | gradio | 4.3 |
| HIGH | CVE-2024-47868 | Gradio: path traversal leaks arbitrary server files | gradio | 7.5 |
| HIGH | CVE-2024-47870 | Gradio: race condition enables backend URL hijacking | gradio | 8.1 |
| CRITICAL | CVE-2024-47871 | Gradio: cleartext MITM exposes ML demo data via share=True | gradio | 9.1 |
| MEDIUM | CVE-2024-47872 | Gradio: stored XSS via malicious file upload | gradio | 5.4 |
| MEDIUM | CVE-2024-48052 | Gradio: SSRF in DownloadButton exposes internal resources | gradio | 6.5 |
| HIGH | CVE-2024-10624 | Gradio: ReDoS in DateTime causes CPU exhaustion DoS | gradio | 7.5 |
| HIGH | CVE-2024-10648 | Gradio: path traversal enables arbitrary file deletion DoS | gradio | 8.2 |
| UNKNOWN | CVE-2024-12065 | LLaVA: path traversal allows arbitrary file read | - |