AI Threat Alert
Attack Type
Privacy Violation
Privacy violations in AI systems involve unauthorized collection, processing, or exposure of personal data through model memorization, training data leaks, or inadequate access controls.
57
Total CVEs
3
Pages
Page 1 of 3
Current
| Severity | CVE | Headline | Package | CVSS |
|---|---|---|---|---|
| MEDIUM | CVE-2018-21233 | TensorFlow: integer overflow leaks process memory via BMP | tensorflow | 6.5 |
| MEDIUM | CVE-2021-37672 | TensorFlow: heap OOB read in SdcaOptimizerV2 | tensorflow | 5.5 |
| MEDIUM | CVE-2021-37685 | TensorFlow Lite: OOB read leaks heap memory in expand_dims | tensorflow | 5.5 |
| MEDIUM | CVE-2025-46153 | PyTorch: Dropout inconsistency enables membership inference | pytorch | 5.3 |
| HIGH | CVE-2023-36189 | LangChain SQLDatabaseChain: SQL injection, DB exfil | langchain | 7.5 |
| MEDIUM | CVE-2024-10940 | langchain-core: file read via prompt template inputs | langchain-core | 5.3 |
| LOW | CVE-2024-40594 | ChatGPT macOS: cleartext conversation storage exposed | 2.3 | |
| MEDIUM | CVE-2025-7021 | OpenAI Operator: fullscreen spoofing captures credentials | operator | 6.5 |
| CRITICAL | CVE-2025-53767 | Azure OpenAI: SSRF EoP, no auth required (CVSS 10) | azure_openai | 10.0 |
| CRITICAL | CVE-2025-59434 | Flowise Cloud: cross-tenant env var exposure leaks API keys | 9.6 | |
| MEDIUM | CVE-2025-13359 | taxopress: SQL Injection exposes database | 6.5 | |
| HIGH | CVE-2026-26321 | OpenClaw: path traversal enables local file exfiltration | openclaw | 7.5 |
| HIGH | CVE-2021-43831 | Gradio: path traversal exposes host filesystem to users | gradio | 7.7 |
| CRITICAL | CVE-2023-25823 | Gradio: hardcoded SSH key leaks via share=True demos | gradio | 9.8 |
| CRITICAL | CVE-2023-34239 | Gradio: path traversal + SSRF exposes model files & infra | gradio | 9.1 |
| HIGH | CVE-2023-51449 | Gradio: path traversal grants arbitrary file read | gradio | 7.5 |
| LOW | CVE-2025-1953 | vLLM AIBrix: weak hash in prefix cache leaks inference patterns | 2.6 | |
| LOW | CVE-2025-46570 | vLLM: timing side-channel leaks prompt cache data | vllm | 2.6 |
| HIGH | CVE-2025-46722 | vLLM: image hash collision enables multimodal cache leakage | vllm | 7.3 |
| HIGH | CVE-2024-39719 | Ollama: file existence oracle via api/create errors | ollama | 7.5 |
Page 1 of 3