Supply Chain
AI/ML systems sit on a long dependency chain: package managers (PyPI, npm, Cargo), model registries (HuggingFace Hub, Ollama Library), and dataset repositories. Each is a viable attack surface. Common patterns include typosquatting of popular AI packages, malicious post-install scripts in npm/PyPI uploads, and unsafe deserialization in shared model files — PyTorch and pickle-based formats can execute arbitrary code on load, which is why HuggingFace introduced the safer safetensors format. Model-registry attacks have included planting backdoored fine-tunes of popular base models that pass benchmark eval but misbehave on attacker-chosen triggers. Dataset poisoning is the slowest variant: an attacker who can influence a public training corpus inserts content that later teaches downstream models a backdoor. Defenses: pinned versions, signature verification, safetensors over pickle, provenance attestation (SLSA), and scanning model files before load.
| Severity | CVE | Headline | Package | CVSS |
|---|---|---|---|---|
| MEDIUM | CVE-2026-59831 | GitHub CLI: command execution via malicious Codespace URI | 4.4 | |
| MEDIUM | CVE-2026-60089 | PraisonAI: config.toml path traversal overwrites files | praisonaiagents | 5.5 |
| MEDIUM | CVE-2026-61431 | PraisonAI: path traversal leaks arbitrary files | praisonai | 5.5 |
| HIGH | CVE-2026-61437 | PraisonAI: unsafe dynamic import enables RCE | praisonaiagents | 7.8 |
| CRITICAL | CVE-2026-54069 | SiYuan Note: chrome-extension origin auth bypass | github.com/siyuan-note/siyuan/kernel | - |
| HIGH | CVE-2026-54070 | SiYuan: XSS in Bazaar README steals admin API token | github.com/siyuan-note/siyuan/kernel | 7.1 |
Page 37 of 37