AI Threat Alert
Supply Chain
AI/ML systems sit on a long dependency chain: package managers (PyPI, npm, Cargo), model registries (HuggingFace Hub, Ollama Library), and dataset repositories. Each is a viable attack surface. Common patterns include typosquatting of popular AI packages, malicious post-install scripts in npm/PyPI uploads, and unsafe deserialization in shared model files — PyTorch and pickle-based formats can execute arbitrary code on load, which is why HuggingFace introduced the safer safetensors format. Model-registry attacks have included planting backdoored fine-tunes of popular base models that pass benchmark eval but misbehave on attacker-chosen triggers. Dataset poisoning is the slowest variant: an attacker who can influence a public training corpus inserts content that later teaches downstream models a backdoor. Defenses: pinned versions, signature verification, safetensors over pickle, provenance attestation (SLSA), and scanning model files before load.
| Severity | CVE | Headline | Package | CVSS |
|---|---|---|---|---|
| MEDIUM | CVE-2026-2589 | Greenshift: Info Disclosure leaks sensitive data | 5.3 | |
| HIGH | CVE-2026-0847 | NLTK: path traversal exposes sensitive server files | 8.6 | |
| CRITICAL | CVE-2026-28500 | onnx: Integrity Verification bypass enables tampering | onnx | 9.1 |
| HIGH | CVE-2025-14287 | mlflow: Code Injection enables RCE | mlflow | 7.5 |
| CRITICAL | CVE-2025-15031 | mlflow: Path Traversal enables file access | mlflow | 9.1 |
| HIGH | CVE-2026-33053 | langflow: IDOR enables unauthorized data access | langflow | 8.8 |
| MEDIUM | CVE-2026-27167 | gradio: Weak Credentials allow account compromise | gradio | 5.9 |
| HIGH | CVE-2018-8825 | TensorFlow 1.7: Buffer overflow enables arbitrary code exec | tensorflow | 8.8 |
| UNKNOWN | CVE-2018-7577 | TensorFlow: Snappy memcpy overlap crash/mem disclosure | tensorflow | - |
| UNKNOWN | CVE-2018-7575 | TensorFlow: buffer overflow, potential RCE in 1.7.x | tensorflow | - |
| CRITICAL | CVE-2019-16778 | TensorFlow: heap overflow in UnsortedSegmentSum op | tensorflow | 9.8 |
| HIGH | CVE-2020-5215 | TensorFlow: type confusion DoS crashes eager mode inference | tensorflow | 7.5 |
| MEDIUM | CVE-2018-21233 | TensorFlow: integer overflow leaks process memory via BMP | tensorflow | 6.5 |
| HIGH | CVE-2020-15195 | TensorFlow: heap overflow in sparse gradient op | tensorflow | 8.8 |
| HIGH | CVE-2020-15206 | TensorFlow: SavedModel protobuf DoS in inference serving | tensorflow | 7.5 |
| CRITICAL | CVE-2020-15208 | TFLite: OOB read/write via tensor dimension mismatch | tensorflow | 9.8 |
| MEDIUM | CVE-2020-15209 | TensorFlow Lite: null ptr deref crashes model inference | tensorflow | 5.9 |
| MEDIUM | CVE-2020-15210 | TensorFlow Lite: memory corruption via aliased tensors | tensorflow | 6.5 |
| MEDIUM | CVE-2020-15211 | TensorFlow Lite: heap OOB RW via flatbuffer tensor index | tensorflow | 4.8 |
| HIGH | CVE-2020-15212 | TensorFlow Lite: heap OOB write via segment sum op | tensorflow | 8.6 |
Page 1 of 29