AI Component

Model

Model-level vulnerabilities affect the trained weights, architectures, or inference behavior of AI/ML models — including adversarial robustness, backdoor attacks, and model extraction.

220

Total CVEs

Pages

Page 7 of 11

Current

Severity	CVE	Headline	Package	CVSS
CRITICAL	CVE-2025-1550	Keras: safe_mode bypass enables RCE via model loading	keras	9.8
HIGH	CVE-2025-8747	Keras: safe mode bypass enables RCE via model load	keras	7.8
HIGH	CVE-2025-9905	Keras: safe_mode bypass enables RCE via .h5 model files	keras	7.3
HIGH	CVE-2025-9906	Keras: safe_mode bypass enables RCE via model load	keras	7.3
CRITICAL	CVE-2025-49655	keras: Deserialization enables RCE	keras	9.8
MEDIUM	CVE-2025-12058	Keras: safe_mode bypass enables file read and SSRF	keras	-
HIGH	CVE-2025-5173	label-studio-ml: PyTorch .pt deserialization RCE in YOLO loader	label-studio-ml	7.8
MEDIUM	CVE-2026-30886	AI component: IDOR enables unauthorized data access		6.5
MEDIUM	GHSA-5cxw-w2xg-2m8h	fickling: Allowlist Bypass evades input filtering	fickling	-
HIGH	GHSA-5hwf-rc88-82xm	fickling: Allowlist Bypass evades input filtering	fickling	-
HIGH	GHSA-wccx-j62j-r448	fickling: Protection Bypass circumvents security controls	fickling	-
CRITICAL	GHSA-g38g-8gr9-h9xp	picklescan: Allowlist Bypass evades input filtering	picklescan	9.8
CRITICAL	GHSA-vvpj-8cmc-gx39	picklescan: security flaw enables exploitation	picklescan	10.0
MEDIUM	GHSA-mhc9-48gj-9gp3	fickling: Allowlist Bypass evades input filtering	fickling	-
HIGH	GHSA-mxhj-88fx-4pcv	fickling: security flaw enables exploitation	fickling	-
LOW	GHSA-83pf-v6qq-pwmr	fickling: Allowlist Bypass evades input filtering	fickling	-
HIGH	GHSA-97f8-7cmv-76j2	picklescan: Allowlist Bypass evades input filtering	picklescan	-
HIGH	CVE-2026-0897	keras: Resource Exhaustion enables DoS	keras	-
MEDIUM	GHSA-m7j5-r2p5-c39r	picklescan: Deserialization enables RCE	picklescan	-
HIGH	GHSA-9m3x-qqw2-h32h	picklescan: Deserialization enables RCE	picklescan	-

Page 7 of 11

Previous Next

Related AI Components

Framework API Agent Inference Training Data RAG

Model

Related AI Components

Weekly CISO Take + top threats