AI Threat Alert
AI Component
Model
Model-level vulnerabilities affect the trained weights, architectures, or inference behavior of AI/ML models — including adversarial robustness, backdoor attacks, and model extraction.
220
Total CVEs
11
Pages
Page 9 of 11
Current
| Severity | CVE | Headline | Package | CVSS |
|---|---|---|---|---|
| HIGH | CVE-2025-67748 | fickling: Code Injection enables RCE | fickling | - |
| HIGH | CVE-2025-67747 | fickling: Allowlist Bypass evades input filtering | fickling | - |
| CRITICAL | GHSA-m9mp-6x32-5rhg | scio/PyTorch: torch.load weights_only bypass RCE | - | |
| HIGH | CVE-2025-30402 | ExecuTorch: heap overflow in method load, RCE risk | executorch | 8.1 |
| HIGH | CVE-2025-10156 | Picklescan: CRC bypass hides malicious pickle in ZIP | picklescan | 7.5 |
| HIGH | CVE-2025-10157 | PickleScan: subclass bypass enables malicious model RCE | picklescan | 8.3 |
| MEDIUM | GHSA-q77w-mwjj-7mqx | picklescan: scanner bypass enables model RCE | picklescan | - |
| MEDIUM | GHSA-49gj-c84q-6qm9 | picklescan: scanner bypass enables RCE via ML model files | picklescan | - |
| MEDIUM | GHSA-9w88-8rmg-7g2p | picklescan: scan bypass allows silent RCE via ML models | picklescan | - |
| MEDIUM | GHSA-fqq6-7vqf-w3fg | picklescan: detection bypass allows undetected RCE in ML models | picklescan | - |
| MEDIUM | GHSA-3gf5-cxq9-w223 | picklescan: scanner bypass enables pickle RCE in ML models | picklescan | - |
| MEDIUM | GHSA-j343-8v2j-ff7w | picklescan: scanner bypass allows pickle-based RCE | picklescan | - |
| MEDIUM | GHSA-m869-42cg-3xwr | picklescan: scanner bypass enables RCE via ML models | picklescan | - |
| MEDIUM | GHSA-p9w7-82w4-7q8m | picklescan: detection bypass allows pickle RCE in ML pipelines | picklescan | - |
| MEDIUM | GHSA-xp4f-hrf8-rxw7 | picklescan: scanner bypass leads to undetected RCE | picklescan | - |
| MEDIUM | GHSA-4whj-rm5r-c2v8 | picklescan: scanner bypass enables PyTorch gadget RCE | picklescan | - |
| MEDIUM | GHSA-9xph-j2h6-g47v | picklescan: scanner bypass enables RCE via model files | picklescan | - |
| MEDIUM | GHSA-8r4j-24qv-fmq9 | picklescan: RCE bypass enables ML supply chain attack | picklescan | - |
| MEDIUM | GHSA-cj3c-v495-4xqh | picklescan: security bypass enables RCE in ML pipelines | picklescan | - |
| MEDIUM | GHSA-7cq8-mj8x-j263 | picklescan: detection bypass allows malicious pickle RCE | picklescan | - |