AI Component

Model

The model itself is an attack surface separate from the code that runs it. The model file is the first concern: pickle-based formats (PyTorch .bin, joblib, older HuggingFace) execute arbitrary code on load, so loading an untrusted model is loading untrusted code; safetensors solves this but adoption is incomplete. The model's behaviour is the second concern: adversarial examples bypass classifiers used as security controls, backdoor patterns planted during training survive deployment unless explicitly tested for, and model-extraction queries can clone proprietary fine-tunes. Production model registries (HuggingFace Hub, Ollama Library) have hosted backdoored variants of popular base models; HuggingFace now scans uploads for known-bad patterns, but defenses lag attacks. We track CVEs against model formats, model-loader libraries, and published research demonstrating new model-level attack classes against shipped commercial models.

339
Total CVEs
17
Pages
Page 10 of 17
Current
Severity CVE CVSS
MEDIUM GHSA-6w4w-5w54-rjvr -
MEDIUM GHSA-3vg9-h568-4w9m -
MEDIUM GHSA-f54q-57x4-jg88 -
MEDIUM GHSA-6vqj-c2q5-j97w -
MEDIUM GHSA-x696-vm39-cp64 -
MEDIUM GHSA-g344-hcph-8vgg -
MEDIUM GHSA-5qwp-399c-mjwf -
MEDIUM GHSA-vv6j-3g6g-2pvj -
MEDIUM GHSA-vr7h-p6mm-wpmh -
MEDIUM GHSA-h3qp-7fh3-f8h4 -
MEDIUM GHSA-f745-w6jp-hpxx -
MEDIUM GHSA-f4x7-rfwp-v3xw -
MEDIUM GHSA-86cj-95qr-2p4f -
MEDIUM GHSA-4r9r-ch6f-vxmx -
CRITICAL CVE-2025-54950 9.8
CRITICAL CVE-2025-54951 9.8
CRITICAL CVE-2025-54949 9.8
CRITICAL CVE-2025-30405 9.8
CRITICAL CVE-2025-30404 9.8
HIGH GHSA-9gvj-pp9x-gcfr -

Page 10 of 17