AI Threat Alert
Attack Type
Supply Chain
Supply chain attacks target the AI/ML software supply chain — compromised packages, poisoned model repositories, malicious dependencies, or tampered training data distributed through trusted channels.
471
Total CVEs
24
Pages
Page 19 of 24
Current
| Severity | CVE | Headline | Package | CVSS |
|---|---|---|---|---|
| HIGH | CVE-2025-9141 | vLLM: RCE via eval() in Qwen3 Coder tool parser | vllm | 8.8 |
| CRITICAL | CVE-2025-54950 | ExecuTorch: OOB read in model loader enables RCE | executorch | 9.8 |
| CRITICAL | CVE-2025-54951 | ExecuTorch: heap buffer overflow RCE in model loading | executorch | 9.8 |
| CRITICAL | CVE-2025-54949 | ExecuTorch: heap buffer overflow RCE via model loading | executorch | 9.8 |
| CRITICAL | CVE-2025-30405 | ExecuTorch: integer overflow in model load → RCE | executorch | 9.8 |
| CRITICAL | CVE-2025-30404 | ExecuTorch: integer overflow RCE on model load | executorch | 9.8 |
| HIGH | GHSA-9gvj-pp9x-gcfr | picklescan: detection bypass allows malicious pickle exec | picklescan | - |
| MEDIUM | CVE-2025-54952 | ExecuTorch: integer overflow enables RCE via model loading | executorch | - |
| MEDIUM | GHSA-r54c-2xmf-2cf3 | ms-swift: RCE via pickle deserialization in adapter models | - | |
| MEDIUM | CVE-2025-6211 | llama-index: DocugamiReader MD5 hash collision drops chunks | llama-index-readers-docugami | 6.5 |
| MEDIUM | CVE-2025-6210 | llama-index Obsidian reader: hardlink path traversal leaks files | llama-index-readers-obsidian | 6.2 |
| MEDIUM | CVE-2025-3044 | llama-index ArxivReader: MD5 collision corrupts training data | llama-index-readers-papers | 5.3 |
| HIGH | CVE-2025-3225 | llama-index Papers Loader: XML expansion DoS | llama-index-readers-papers | 7.5 |
| MEDIUM | CVE-2025-3108 | llama-index: RCE via unsafe pickle deserialization | llama-index-core | 5.0 |
| CRITICAL | CVE-2025-1793 | llama_index: SQL injection in vector store integrations | llama-index | 9.8 |
| HIGH | CVE-2025-30167 | jupyter_core: config hijack enables cross-user code exec | 7.3 | |
| CRITICAL | CVE-2024-11958 | llama-index DuckDB retriever: SQLi enables RCE | llama-index-retrievers-duckdb-retriever | 9.8 |
| HIGH | CVE-2025-1753 | llama-index-cli: OS command injection enables RCE | llama-index | 7.8 |
| CRITICAL | CVE-2024-12029 | InvokeAI: RCE via unsafe torch.load deserialization | 9.8 | |
| CRITICAL | GHSA-ggpf-24jw-3fcw | vLLM: RCE via malicious model, PyTorch < 2.6 bypass | vllm | 9.8 |