AI Threat Alert
AI Component
Training Data
Training data vulnerabilities involve poisoned datasets, data theft, privacy violations in training corpora, and unauthorized use of copyrighted or sensitive data in model training.
162
Total CVEs
9
Pages
Page 5 of 9
Current
| Severity | CVE | Headline | Package | CVSS |
|---|---|---|---|---|
| LOW | CVE-2025-4287 | PyTorch NCCL: local DoS in distributed training reduce op | 3.3 | |
| MEDIUM | CVE-2025-46152 | PyTorch: OOB write causes incorrect bitwise shift results | pytorch | 5.3 |
| MEDIUM | CVE-2025-46153 | PyTorch: Dropout inconsistency enables membership inference | pytorch | 5.3 |
| MEDIUM | CVE-2025-53621 | DSpace: XXE injection enables server file disclosure | 6.9 | |
| HIGH | CVE-2024-34072 | SageMaker SDK: pickle deserialization enables RCE | 7.8 | |
| HIGH | CVE-2025-6921 | Transformers: ReDoS in optimizer halts training pipelines | transformers | 7.5 |
| CRITICAL | CVE-2025-62608 | mlx: security flaw enables exploitation | mlx | 9.1 |
| HIGH | CVE-2022-0736 | MLflow: insecure temp file handling causes DoS | mlflow | 7.5 |
| CRITICAL | CVE-2023-1177 | MLflow: path traversal allows arbitrary file read/write | mlflow | 9.8 |
| HIGH | CVE-2023-30172 | MLflow: path traversal exposes arbitrary server files | mlflow | 7.5 |
| CRITICAL | CVE-2023-2780 | MLflow: path traversal allows arbitrary file read/write | mlflow | 9.8 |
| CRITICAL | CVE-2023-3765 | MLflow: path traversal allows arbitrary file read | mlflow | 10.0 |
| HIGH | CVE-2023-4033 | MLflow: OS command injection enables local code execution | mlflow | 7.8 |
| HIGH | CVE-2023-6015 | MLflow: unauthenticated arbitrary file write via PUT | mlflow | 7.5 |
| CRITICAL | CVE-2023-6018 | MLflow: unauth file overwrite enables model poisoning | mlflow | 9.8 |
| CRITICAL | CVE-2023-6014 | MLflow: auth bypass allows arbitrary account creation | mlflow | 9.8 |
| HIGH | CVE-2023-43472 | MLflow: unauth REST API leaks sensitive ML data | mlflow | 7.5 |
| HIGH | CVE-2023-6709 | MLflow: SSTI enables RCE in ML experiment tracking | mlflow | 8.8 |
| HIGH | CVE-2023-6753 | MLflow: path traversal exposes arbitrary file read/write | mlflow | 8.8 |
| HIGH | CVE-2023-6831 | MLflow: path traversal allows arbitrary file write | mlflow | 8.1 |