AI Component

Model

The model itself is an attack surface separate from the code that runs it. The model file is the first concern: pickle-based formats (PyTorch .bin, joblib, older HuggingFace) execute arbitrary code on load, so loading an untrusted model is loading untrusted code; safetensors solves this but adoption is incomplete. The model's behaviour is the second concern: adversarial examples bypass classifiers used as security controls, backdoor patterns planted during training survive deployment unless explicitly tested for, and model-extraction queries can clone proprietary fine-tunes. Production model registries (HuggingFace Hub, Ollama Library) have hosted backdoored variants of popular base models; HuggingFace now scans uploads for known-bad patterns, but defenses lag attacks. We track CVEs against model formats, model-loader libraries, and published research demonstrating new model-level attack classes against shipped commercial models.

339
Total CVEs
17
Pages
Page 7 of 17
Current
Severity CVE CVSS
CRITICAL CVE-2025-1550 9.8
HIGH CVE-2025-8747 7.8
HIGH CVE-2025-9905 7.3
HIGH CVE-2025-9906 7.3
CRITICAL CVE-2025-49655 9.8
MEDIUM CVE-2025-12058 -
HIGH CVE-2025-5173 7.8
MEDIUM CVE-2026-30886 6.5
MEDIUM GHSA-5cxw-w2xg-2m8h -
HIGH GHSA-5hwf-rc88-82xm -
HIGH GHSA-wccx-j62j-r448 -
CRITICAL GHSA-g38g-8gr9-h9xp 9.8
CRITICAL GHSA-vvpj-8cmc-gx39 10.0
MEDIUM GHSA-mhc9-48gj-9gp3 -
HIGH GHSA-mxhj-88fx-4pcv -
LOW GHSA-83pf-v6qq-pwmr -
HIGH GHSA-97f8-7cmv-76j2 -
HIGH CVE-2026-0897 7.6
MEDIUM GHSA-m7j5-r2p5-c39r -
HIGH GHSA-9m3x-qqw2-h32h -

Page 7 of 17