AI Threat Alert
AI Component
Model
Model-level vulnerabilities affect the trained weights, architectures, or inference behavior of AI/ML models — including adversarial robustness, backdoor attacks, and model extraction.
220
Total CVEs
11
Pages
Page 3 of 11
Current
| Severity | CVE | Headline | Package | CVSS |
|---|---|---|---|---|
| MEDIUM | CVE-2022-23589 | TensorFlow Grappler: DoS via malicious SavedModel | tensorflow | 6.5 |
| HIGH | CVE-2022-23590 | TensorFlow: DoS via malicious SavedModel GraphDef | tensorflow | 7.5 |
| HIGH | CVE-2022-23591 | TensorFlow: SavedModel stack overflow via recursive GraphDef | tensorflow | 7.5 |
| MEDIUM | CVE-2022-23594 | TensorFlow MLIR: heap OOB via malicious SavedModel file | tensorflow | 5.5 |
| MEDIUM | CVE-2022-29212 | TensorFlow Lite: quantization assert crash (DoS) | tensorflow | 5.5 |
| CRITICAL | CVE-2023-5245 | MLeap: zip slip in model loading enables RCE | 9.8 | |
| CRITICAL | CVE-2024-3660 | Keras: RCE via malicious model deserialization | keras | 9.8 |
| HIGH | CVE-2024-37057 | MLflow: RCE via malicious TensorFlow model deserialization | mlflow | 8.8 |
| MEDIUM | CVE-2025-12343 | ffmpeg: security flaw enables exploitation | 5.5 | |
| HIGH | CVE-2021-43811 | Sockeye: unsafe YAML load RCE via model config file | 7.8 | |
| CRITICAL | CVE-2023-43654 | TorchServe: SSRF + RCE via unrestricted model URL loading | torchserve | 9.8 |
| MEDIUM | CVE-2024-31584 | PyTorch: OOB read in mobile model loader leaks memory | pytorch | 5.5 |
| HIGH | CVE-2024-37059 | MLflow: RCE via malicious PyTorch model deserialization | mlflow | 8.8 |
| MEDIUM | CVE-2025-1944 | picklescan: ZIP spoof lets malicious PyTorch models bypass scan | picklescan | 6.5 |
| CRITICAL | CVE-2025-1945 | picklescan: ZIP flag bypass enables RCE in PyTorch models | picklescan | 9.8 |
| LOW | CVE-2025-2149 | PyTorch: improper init in quantized sigmoid skews model output | pytorch | 2.5 |
| MEDIUM | CVE-2025-2953 | PyTorch: DoS via mkldnn_max_pool2d resource leak | pytorch | 5.5 |
| CRITICAL | CVE-2025-32434 | PyTorch: RCE bypasses weights_only=True safe-load guard | pytorch | 9.8 |
| HIGH | CVE-2025-10155 | picklescan: file extension bypass allows model RCE | picklescan | 7.8 |
| MEDIUM | CVE-2025-46150 | PyTorch: torch.compile silent output inconsistency | pytorch | 5.3 |