AI Threat Alert
Attack Type
Supply Chain
Supply chain attacks target the AI/ML software supply chain — compromised packages, poisoned model repositories, malicious dependencies, or tampered training data distributed through trusted channels.
471
Total CVEs
24
Pages
Page 20 of 24
Current
| Severity | CVE | Headline | Package | CVSS |
|---|---|---|---|---|
| MEDIUM | GHSA-hf3c-wxg2-49q9 | vLLM: DoS via unbounded XGrammar schema cache | vllm | 6.5 |
| MEDIUM | GHSA-v7x6-rv5q-mhwc | picklescan: bypass allows silent RCE in ML pipelines | picklescan | - |
| MEDIUM | GHSA-fj43-3qmq-673f | picklescan: numpy bypass enables RCE in ML model pipelines | picklescan | - |
| HIGH | CVE-2025-46417 | picklescan: scanner bypass enables DNS data exfiltration | picklescan | - |
| HIGH | CVE-2025-30370 | jupyterlab-git: command injection via malicious repo name | 7.4 | |
| CRITICAL | CVE-2024-12909 | llama-index finchat: SQL injection enables RCE | llama-index-packs-finchat | 10.0 |
| MEDIUM | CVE-2025-0508 | SageMaker SDK: MD5 collision silently replaces ML workflows | sagemaker | 5.9 |
| MEDIUM | CVE-2024-12910 | llama-index: DoS via infinite recursion in web reader | llama-index | 5.9 |
| CRITICAL | CVE-2024-8019 | pytorch-lightning: file upload RCE (Windows) | pytorch-lightning | 9.1 |
| HIGH | CVE-2024-7776 | ONNX: path traversal in download_model enables RCE | onnx | 8.1 |
| HIGH | GHSA-w466-2wfc-8g58 | open-webui: DoS via starlette memory exhaustion | open-webui | 7.5 |
| MEDIUM | CVE-2024-7034 | open-webui: path traversal allows arbitrary file write/RCE | open-webui | 6.5 |
| CRITICAL | CVE-2024-9052 | vLLM: RCE via pickle deserialization in distributed API | vllm | 9.8 |
| HIGH | CVE-2024-6825 | LiteLLM: RCE via post_call_rules callback injection | litellm | 8.8 |
| MEDIUM | CVE-2025-1716 | picklescan: scanner bypass enables supply chain RCE | picklescan | - |
| MEDIUM | CVE-2025-1889 | picklescan: extension bypass enables RCE on model load | picklescan | - |
| MEDIUM | CVE-2024-53526 | Composio: command injection in AI agent tool calls | 6.4 | |
| HIGH | CVE-2024-5187 | ONNX: path traversal in model download enables RCE | onnx | 8.8 |
| HIGH | CVE-2024-49048 | TorchGeo: RCE via code injection in geospatial ML lib | 8.1 | |
| CRITICAL | CVE-2023-6019 | Ray: unauthenticated RCE via dashboard command injection | ray | 9.8 |