AI Threat Alert
AI Component
Inference
Inference-layer vulnerabilities target the serving infrastructure that runs ML models in production — including vLLM, TensorRT, Triton, and custom serving endpoints.
537
Total CVEs
27
Pages
Page 26 of 27
Current
| Severity | CVE | Headline | Package | CVSS |
|---|---|---|---|---|
| CRITICAL | GHSA-ggpf-24jw-3fcw | vLLM: RCE via malicious model, PyTorch < 2.6 bypass | vllm | 9.8 |
| MEDIUM | GHSA-hf3c-wxg2-49q9 | vLLM: DoS via unbounded XGrammar schema cache | vllm | 6.5 |
| MEDIUM | CVE-2025-32381 | xgrammar: unbounded grammar cache causes LLM server DoS | xgrammar | 6.5 |
| HIGH | CVE-2024-8984 | litellm: unauthenticated DoS via multipart boundary parsing | litellm | 7.5 |
| HIGH | CVE-2024-8053 | Open-WebUI: unauthenticated PDF endpoint enables DoS | open-webui | 7.5 |
| HIGH | GHSA-hh3j-9m59-p8vc | BentoML: DoS via multipart boundary in Gradio login | bentoml | 7.5 |
| MEDIUM | GHSA-564p-rx2q-4c8v | BentoML: open redirect exposes ML teams to phishing | bentoml | 6.1 |
| MEDIUM | CVE-2024-7033 | open-webui: path traversal allows file write and RCE | open-webui | 6.5 |
| MEDIUM | CVE-2024-7034 | open-webui: path traversal allows arbitrary file write/RCE | open-webui | 6.5 |
| HIGH | GHSA-5ccf-884p-4jjq | open-webui: DoS via unauthenticated multipart parsing | open-webui | 7.5 |
| CRITICAL | CVE-2024-9052 | vLLM: RCE via pickle deserialization in distributed API | vllm | 9.8 |
| HIGH | CVE-2025-0330 | LiteLLM: Langfuse API key leak via error handling | litellm | 7.5 |
| HIGH | CVE-2024-6825 | LiteLLM: RCE via post_call_rules callback injection | litellm | 8.8 |
| CRITICAL | CVE-2023-6021 | Ray: LFI allows unauthenticated file read | ray | 9.3 |
| CRITICAL | CVE-2023-6019 | Ray: unauthenticated RCE via dashboard command injection | ray | 9.8 |
| MEDIUM | GHSA-26jh-r8g2-6fpr | Gradio: Dropdown validation bypass enables arbitrary input | gradio | 5.3 |
| LOW | CVE-2024-7038 | open-webui: filesystem enumeration via admin error messages | open-webui | 2.7 |
| HIGH | CVE-2026-27893 | vLLM: trust_remote_code bypass enables RCE | vllm | 8.8 |
| CRITICAL | CVE-2026-33660 | TensorFlow: type confusion NPD in tensor conversion | n8n | 10.0 |
| LOW | CVE-2026-4993 | OpenUI: hard-coded LiteLLM master key credential leak | 3.3 |