AI Threat Alert
AI Component
Training Data
Training data vulnerabilities involve poisoned datasets, data theft, privacy violations in training corpora, and unauthorized use of copyrighted or sensitive data in model training.
162
Total CVEs
9
Pages
Page 7 of 9
Current
| Severity | CVE | Headline | Package | CVSS |
|---|---|---|---|---|
| HIGH | CVE-2025-46567 | LLaMA-Factory: RCE via torch.load() unsafe deserialization | llamafactory | 7.8 |
| HIGH | CVE-2025-61784 | LLaMA-Factory: SSRF+LFI in multimodal chat API | llamafactory | 8.1 |
| MEDIUM | CVE-2024-5206 | scikit-learn: TfidfVectorizer leaks training data tokens | scikit-learn | 4.7 |
| MEDIUM | CVE-2024-55459 | Keras: path traversal enables arbitrary file write | keras | 6.5 |
| CRITICAL | CVE-2025-12060 | keras: Path Traversal enables file access | keras | 9.8 |
| UNKNOWN | CVE-2025-12638 | Keras: Path Traversal enables file access | - | |
| HIGH | CVE-2024-43598 | LightGBM: heap buffer overflow enables network RCE | lightgbm | 8.1 |
| MEDIUM | GHSA-5cxw-w2xg-2m8h | fickling: Allowlist Bypass evades input filtering | fickling | - |
| LOW | GHSA-83pf-v6qq-pwmr | fickling: Allowlist Bypass evades input filtering | fickling | - |
| HIGH | CVE-2026-1777 | sagemaker: security flaw enables exploitation | sagemaker | 7.2 |
| MEDIUM | GHSA-m7j5-r2p5-c39r | picklescan: Deserialization enables RCE | picklescan | - |
| HIGH | CVE-2026-22033 | label-studio: XSS enables session hijacking | label-studio | - |
| HIGH | CVE-2026-22612 | fickling: Deserialization enables RCE | fickling | - |
| HIGH | GHSA-9726-w42j-3qjr | picklescan: Path Traversal enables file access | picklescan | - |
| CRITICAL | CVE-2025-33244 | NVIDIA: Deserialization enables RCE | 9.0 | |
| CRITICAL | CVE-2025-34351 | ray: security flaw enables exploitation | ray | - |
| MEDIUM | CVE-2025-8917 | clearml: path traversal in safe_extract → RCE risk | clearml | 5.8 |
| CRITICAL | CVE-2023-48022 | Ray: unauthenticated RCE via job submission API | ray | 9.8 |
| HIGH | CVE-2025-58757 | MONAI: unsafe pickle deserialization RCE in data pipeline | monai | 8.8 |
| HIGH | CVE-2025-58756 | MONAI: unsafe deserialization in CheckpointLoader allows RCE | monai | 8.8 |