AI Threat Alert
Attack Type
Supply Chain
Supply chain attacks target the AI/ML software supply chain — compromised packages, poisoned model repositories, malicious dependencies, or tampered training data distributed through trusted channels.
460
Total CVEs
23
Pages
Page 1 of 23
Current
| Severity | CVE | Headline | Package | CVSS |
|---|---|---|---|---|
| MEDIUM | CVE-2026-2589 | Greenshift: Info Disclosure leaks sensitive data | 5.3 | |
| CRITICAL | CVE-2026-28500 | onnx: Integrity Verification bypass enables tampering | onnx | 9.1 |
| HIGH | CVE-2025-14287 | mlflow: Code Injection enables RCE | mlflow | 7.5 |
| CRITICAL | CVE-2025-15031 | mlflow: Path Traversal enables file access | mlflow | 9.1 |
| HIGH | CVE-2026-33053 | langflow: IDOR enables unauthorized data access | langflow | 8.8 |
| MEDIUM | CVE-2026-27167 | gradio: Weak Credentials allow account compromise | gradio | 5.9 |
| HIGH | CVE-2018-8825 | TensorFlow 1.7: Buffer overflow enables arbitrary code exec | tensorflow | 8.8 |
| UNKNOWN | CVE-2018-7577 | TensorFlow: Snappy memcpy overlap crash/mem disclosure | tensorflow | - |
| UNKNOWN | CVE-2018-7575 | TensorFlow: buffer overflow, potential RCE in 1.7.x | tensorflow | - |
| CRITICAL | CVE-2019-16778 | TensorFlow: heap overflow in UnsortedSegmentSum op | tensorflow | 9.8 |
| HIGH | CVE-2020-5215 | TensorFlow: type confusion DoS crashes eager mode inference | tensorflow | 7.5 |
| MEDIUM | CVE-2018-21233 | TensorFlow: integer overflow leaks process memory via BMP | tensorflow | 6.5 |
| HIGH | CVE-2020-15195 | TensorFlow: heap overflow in sparse gradient op | tensorflow | 8.8 |
| HIGH | CVE-2020-15206 | TensorFlow: SavedModel protobuf DoS in inference serving | tensorflow | 7.5 |
| CRITICAL | CVE-2020-15208 | TFLite: OOB read/write via tensor dimension mismatch | tensorflow | 9.8 |
| MEDIUM | CVE-2020-15209 | TensorFlow Lite: null ptr deref crashes model inference | tensorflow | 5.9 |
| MEDIUM | CVE-2020-15210 | TensorFlow Lite: memory corruption via aliased tensors | tensorflow | 6.5 |
| MEDIUM | CVE-2020-15211 | TensorFlow Lite: heap OOB RW via flatbuffer tensor index | tensorflow | 4.8 |
| HIGH | CVE-2020-15212 | TensorFlow Lite: heap OOB write via segment sum op | tensorflow | 8.6 |
| HIGH | CVE-2020-15214 | TensorFlow Lite: OOB write in segment sum, memory corruption risk | tensorflow | 8.1 |
Page 1 of 23