AI Threat Alert
AI Component
RAG
RAG (Retrieval-Augmented Generation) vulnerabilities target the vector database, embedding pipeline, or retrieval logic that grounds LLM responses in external knowledge.
71
Total CVEs
4
Pages
Page 3 of 4
Current
| Severity | CVE | Headline | Package | CVSS |
|---|---|---|---|---|
| HIGH | CVE-2026-1669 | keras: File Control enables path manipulation | keras | 7.5 |
| HIGH | CVE-2026-21893 | n8n: Input Validation flaw enables exploitation | n8n | 7.2 |
| MEDIUM | CVE-2026-25631 | n8n: Input Validation flaw enables exploitation | n8n | 6.5 |
| CRITICAL | CVE-2026-26030 | semantic-kernel: Code Injection enables RCE | semantic-kernel | 10.0 |
| MEDIUM | CVE-2025-6208 | llama-index-core: DoS causes service disruption | llama-index-core | 5.3 |
| LOW | CVE-2026-25211 | llama-stack: security flaw enables exploitation | 3.2 | |
| HIGH | CVE-2025-65958 | open-webui: SSRF allows internal network access | open-webui | 8.5 |
| HIGH | CVE-2025-7707 | llama-index: world-writable NLTK dir allows local tampering | llama-index | 7.1 |
| HIGH | CVE-2025-7647 | llama-index-core: insecure /tmp dir, model theft risk | llama-index-core | 7.3 |
| HIGH | CVE-2025-5302 | llama-index: JSON parsing DoS via deep recursion | llama-index-core | 8.6 |
| MEDIUM | CVE-2025-6211 | llama-index: DocugamiReader MD5 hash collision drops chunks | llama-index-readers-docugami | 6.5 |
| HIGH | CVE-2025-6209 | llama_index: path traversal allows arbitrary file read | llama-index-core | 7.5 |
| MEDIUM | CVE-2025-6210 | llama-index Obsidian reader: hardlink path traversal leaks files | llama-index-readers-obsidian | 6.2 |
| MEDIUM | CVE-2025-3044 | llama-index ArxivReader: MD5 collision corrupts training data | llama-index-readers-papers | 5.3 |
| HIGH | CVE-2025-3225 | llama-index Papers Loader: XML expansion DoS | llama-index-readers-papers | 7.5 |
| HIGH | CVE-2025-3046 | LlamaIndex Obsidian: symlink traversal exposes host files | llama-index-readers-obsidian | 7.5 |
| MEDIUM | CVE-2025-3108 | llama-index: RCE via unsafe pickle deserialization | llama-index-core | 5.0 |
| CRITICAL | CVE-2025-1793 | llama_index: SQL injection in vector store integrations | llama-index | 9.8 |
| CRITICAL | CVE-2024-11958 | llama-index DuckDB retriever: SQLi enables RCE | llama-index-retrievers-duckdb-retriever | 9.8 |
| HIGH | CVE-2025-1752 | llama_index: DoS via uncapped recursion in web reader | llama-index | 7.5 |