AI Threat Alert
AI Component
Model
Model-level vulnerabilities affect the trained weights, architectures, or inference behavior of AI/ML models — including adversarial robustness, backdoor attacks, and model extraction.
220
Total CVEs
11
Pages
Page 5 of 11
Current
| Severity | CVE | Headline | Package | CVSS |
|---|---|---|---|---|
| MEDIUM | CVE-2025-1474 | MLflow: passwordless accounts enable persistent backdoor | mlflow | 5.5 |
| CRITICAL | CVE-2025-11200 | mlflow: security flaw enables exploitation | mlflow | 9.8 |
| HIGH | CVE-2023-6730 | HuggingFace Transformers: RCE via unsafe deserialization | transformers | 8.8 |
| HIGH | CVE-2023-7018 | Transformers: unsafe deserialization enables RCE on load | transformers | 7.8 |
| CRITICAL | CVE-2024-3568 | HuggingFace Transformers: RCE via pickle deserialization | transformers | 9.6 |
| HIGH | CVE-2025-24357 | vLLM: unsafe deserialization RCE via model loading | vllm | 8.8 |
| HIGH | CVE-2024-11392 | HuggingFace Transformers: RCE via config deserialization | transformers | 8.8 |
| HIGH | CVE-2024-11393 | Transformers: RCE via MaskFormer model deserialization | transformers | 8.8 |
| HIGH | CVE-2024-11394 | Transformers: RCE via Trax model deserialization | transformers | 8.8 |
| MEDIUM | CVE-2025-3264 | Transformers: ReDoS in dynamic module loader causes DoS | transformers | 5.3 |
| HIGH | CVE-2025-33213 | NVIDIA: Deserialization enables RCE | 8.8 | |
| UNKNOWN | CVE-2025-14920 | transformers: Deserialization enables RCE | transformers | - |
| UNKNOWN | CVE-2025-14921 | transformers: Deserialization enables RCE | transformers | - |
| UNKNOWN | CVE-2025-14924 | transformers: Deserialization enables RCE | transformers | - |
| UNKNOWN | CVE-2025-14926 | transformers: Code Injection enables RCE | transformers | - |
| UNKNOWN | CVE-2025-14927 | transformers: Code Injection enables RCE | transformers | - |
| UNKNOWN | CVE-2025-14928 | transformers: Code Injection enables RCE | transformers | - |
| UNKNOWN | CVE-2025-14929 | transformers: Deserialization enables RCE | transformers | - |
| UNKNOWN | CVE-2025-14930 | transformers: Deserialization enables RCE | transformers | - |
| HIGH | CVE-2025-33233 | NVIDIA: Code Injection enables RCE | 7.8 |