AI Threat Alert
Attack Type
Supply Chain
Supply chain attacks target the AI/ML software supply chain — compromised packages, poisoned model repositories, malicious dependencies, or tampered training data distributed through trusted channels.
461
Total CVEs
24
Pages
Page 11 of 24
Current
| Severity | CVE | Headline | Package | CVSS |
|---|---|---|---|---|
| UNKNOWN | CVE-2025-14920 | transformers: Deserialization enables RCE | transformers | - |
| UNKNOWN | CVE-2025-14921 | transformers: Deserialization enables RCE | transformers | - |
| UNKNOWN | CVE-2025-14924 | transformers: Deserialization enables RCE | transformers | - |
| UNKNOWN | CVE-2025-14926 | transformers: Code Injection enables RCE | transformers | - |
| UNKNOWN | CVE-2025-14927 | transformers: Code Injection enables RCE | transformers | - |
| UNKNOWN | CVE-2025-14928 | transformers: Code Injection enables RCE | transformers | - |
| UNKNOWN | CVE-2025-14929 | transformers: Deserialization enables RCE | transformers | - |
| UNKNOWN | CVE-2025-14930 | transformers: Deserialization enables RCE | transformers | - |
| HIGH | CVE-2025-33233 | NVIDIA: Code Injection enables RCE | 7.8 | |
| LOW | CVE-2024-4839 | lollms-webui: CSRF allows unauthorized AI service install | lollms-webui | 3.3 |
| CRITICAL | CVE-2025-29783 | vLLM: RCE via unsafe deserialization in Mooncake KV | vllm | 9.0 |
| CRITICAL | CVE-2024-9053 | vllm: RCE via unsafe pickle deserialization in RPC server | vllm | 9.8 |
| CRITICAL | CVE-2025-32444 | vLLM: RCE via pickle deserialization on ZeroMQ | vllm | 9.8 |
| HIGH | CVE-2025-66448 | vllm: Code Injection enables RCE | vllm | 8.8 |
| CRITICAL | CVE-2026-22807 | vllm: Code Injection enables RCE | vllm | 9.8 |
| HIGH | CVE-2024-45436 | Ollama: ZIP path traversal exposes host filesystem | ollama | 7.5 |
| HIGH | CVE-2024-12055 | Ollama: DoS via malicious gguf model file upload | ollama | 7.5 |
| HIGH | CVE-2024-8063 | ollama: divide-by-zero DoS via crafted GGUF model import | ollama | 7.5 |
| MEDIUM | CVE-2025-51471 | Ollama: auth token hijack via crafted WWW-Authenticate | ollama | 6.9 |
| CRITICAL | CVE-2025-63389 | ollama: Missing Auth allows unauthenticated access | ollama | 9.8 |