AI Threat Alert
Attack Type
Supply Chain
Supply chain attacks target the AI/ML software supply chain — compromised packages, poisoned model repositories, malicious dependencies, or tampered training data distributed through trusted channels.
461
Total CVEs
24
Pages
Page 14 of 24
Current
| Severity | CVE | Headline | Package | CVSS |
|---|---|---|---|---|
| CRITICAL | CVE-2025-27520 | BentoML: unauthenticated RCE via insecure deserialization | bentoml | 9.8 |
| CRITICAL | CVE-2025-32375 | BentoML: RCE via insecure deserialization in runner | bentoml | 9.8 |
| CRITICAL | CVE-2025-54381 | BentoML: unauthenticated SSRF via file upload URLs | bentoml | 9.9 |
| MEDIUM | CVE-2026-24123 | bentoml: Path Traversal enables file access | bentoml | 6.5 |
| HIGH | CVE-2025-5173 | label-studio-ml: PyTorch .pt deserialization RCE in YOLO loader | label-studio-ml | 7.8 |
| HIGH | CVE-2025-62726 | n8n: security flaw enables exploitation | n8n | 8.8 |
| HIGH | CVE-2025-65964 | n8n: security flaw enables exploitation | n8n | 8.8 |
| CRITICAL | CVE-2026-21877 | n8n: Code Injection enables RCE | n8n | 9.9 |
| CRITICAL | CVE-2026-33309 | langflow: Path Traversal enables file access | langflow | 9.9 |
| CRITICAL | CVE-2026-33475 | langflow: security flaw enables exploitation | langflow | 9.1 |
| HIGH | CVE-2026-33236 | nltk: Path Traversal enables file access | 8.1 | |
| HIGH | CVE-2026-33155 | deepdiff: DoS causes service disruption | - | |
| MEDIUM | GHSA-5cxw-w2xg-2m8h | fickling: Allowlist Bypass evades input filtering | fickling | - |
| CRITICAL | CVE-2026-27825 | mcp-atlassian: Path Traversal enables file access | mcp-atlassian | 9.1 |
| MEDIUM | CVE-2026-28277 | langgraph: Deserialization enables RCE | langgraph | 6.8 |
| HIGH | GHSA-5r2p-pjr8-7fh7 | sagemaker: Allowlist Bypass evades input filtering | sagemaker | - |
| HIGH | GHSA-5hwf-rc88-82xm | fickling: Allowlist Bypass evades input filtering | fickling | - |
| HIGH | GHSA-wccx-j62j-r448 | fickling: Protection Bypass circumvents security controls | fickling | - |
| CRITICAL | GHSA-g38g-8gr9-h9xp | picklescan: Allowlist Bypass evades input filtering | picklescan | 9.8 |
| CRITICAL | GHSA-vvpj-8cmc-gx39 | picklescan: security flaw enables exploitation | picklescan | 10.0 |