AI Threat Alert
Attack Type
Supply Chain
Supply chain attacks target the AI/ML software supply chain — compromised packages, poisoned model repositories, malicious dependencies, or tampered training data distributed through trusted channels.
460
Total CVEs
23
Pages
Page 6 of 23
Current
| Severity | CVE | Headline | Package | CVSS |
|---|---|---|---|---|
| HIGH | CVE-2024-37057 | MLflow: RCE via malicious TensorFlow model deserialization | mlflow | 8.8 |
| MEDIUM | CVE-2025-5197 | Transformers: ReDoS in TF-to-PyTorch weight converter | transformers | 5.3 |
| MEDIUM | CVE-2025-55556 | TensorFlow: non-deterministic compilation breaks Embedding | tensorflow | 6.5 |
| HIGH | CVE-2021-43811 | Sockeye: unsafe YAML load RCE via model config file | 7.8 | |
| HIGH | CVE-2021-4118 | pytorch-lightning: deserialization RCE via malicious checkpoint | pytorch_lightning | 7.8 |
| CRITICAL | CVE-2022-0845 | pytorch-lightning: code injection enables full RCE | pytorch_lightning | 9.8 |
| CRITICAL | CVE-2022-45907 | PyTorch: RCE via unsafe eval in JIT annotations | pytorch | 9.8 |
| CRITICAL | CVE-2023-43654 | TorchServe: SSRF + RCE via unrestricted model URL loading | torchserve | 9.8 |
| MEDIUM | CVE-2023-48299 | TorchServe: ZipSlip arbitrary file write via model upload | torchserve | 5.3 |
| HIGH | CVE-2024-31583 | PyTorch: use-after-free in JIT mobile interpreter, RCE | pytorch | 7.8 |
| MEDIUM | CVE-2024-31584 | PyTorch: OOB read in mobile model loader leaks memory | pytorch | 5.5 |
| HIGH | CVE-2024-37059 | MLflow: RCE via malicious PyTorch model deserialization | mlflow | 8.8 |
| CRITICAL | CVE-2024-5452 | pytorch-lightning: RCE via deepdiff Delta deserialization | pytorch_lightning | 9.8 |
| CRITICAL | CVE-2024-35198 | TorchServe: URL bypass enables arbitrary model loading | torchserve | 9.8 |
| CRITICAL | CVE-2024-48063 | PyTorch: RCE via RemoteModule deserialization | pytorch | 9.8 |
| MEDIUM | CVE-2025-1944 | picklescan: ZIP spoof lets malicious PyTorch models bypass scan | picklescan | 6.5 |
| CRITICAL | CVE-2025-1945 | picklescan: ZIP flag bypass enables RCE in PyTorch models | picklescan | 9.8 |
| HIGH | CVE-2025-2148 | PyTorch: memory corruption in JIT profiler callback handler | pytorch | 7.5 |
| LOW | CVE-2025-2149 | PyTorch: improper init in quantized sigmoid skews model output | pytorch | 2.5 |
| MEDIUM | CVE-2024-6577 | TorchServe: unverified S3 bucket exposes benchmark data | 6.3 |