AI Component

Inference

Inference servers are the most actively-exploited component of the AI stack because they sit between the model and the public internet and they hold the GPU. The shape of the bugs is mostly web-app classes magnified by the cost of compute: missing auth on /v1 endpoints, SSRF that escapes the sandbox onto the platform's control plane, unsafe deserialization on model-loading paths, and path traversal in artifact-management endpoints. vLLM, Triton, TGI, BentoML, Ray Serve, and Ollama have each shipped multiple high-severity CVEs since 2023; CVE-2024-11041 in vLLM was a notable example combining prompt injection with code execution. Multi-tenant deployments are particularly exposed because a single bug typically crosses tenant boundaries. Defenses: aggressive patching, mandatory auth, network segmentation between inference and control plane, and per-tenant resource quotas to bound abuse.

698
Total CVEs
35
Pages
Page 26 of 35
Current
Severity CVE CVSS
CRITICAL GHSA-ggpf-24jw-3fcw 9.8
MEDIUM GHSA-hf3c-wxg2-49q9 6.5
MEDIUM CVE-2025-32381 6.5
HIGH CVE-2024-8984 7.5
HIGH CVE-2024-8053 7.5
HIGH GHSA-hh3j-9m59-p8vc 7.5
MEDIUM GHSA-564p-rx2q-4c8v 6.1
MEDIUM CVE-2024-7033 6.5
MEDIUM CVE-2024-7034 6.5
HIGH GHSA-5ccf-884p-4jjq 7.5
CRITICAL CVE-2024-9052 9.8
HIGH CVE-2025-0330 7.5
HIGH CVE-2024-6825 8.8
CRITICAL CVE-2023-6021 9.3
CRITICAL CVE-2023-6019 9.8
MEDIUM GHSA-26jh-r8g2-6fpr 5.3
LOW CVE-2024-7038 2.7
HIGH CVE-2026-27893 8.8
CRITICAL CVE-2026-33660 10.0
LOW CVE-2026-4993 3.3

Page 26 of 35