AI Threat Alert

ONNX Vulnerabilities

pip ML Libraries

55

Risk Score

9

Total CVEs

1

Critical

pip

Ecosystem

Apr 10, 2026

Last CVE

90%

Patch Rate

29d

Avg Time to Patch

20,841 stars 3,928 forks 276 issues 1,158 dependents Last push May 16, 2026

OpenSSF Scorecard 8.2/10

Known Vulnerabilities (9 total, page 1 of 1)

Severity CVE ID Summary CVSS Published

MEDIUM CVE-2026-40086 rembg: path traversal exposes arbitrary files via HTTP API 5.3 Apr 10, 2026 HIGH GHSA-q56x-g2fj-4rj6 onnx: TOCTOU symlink following enables arbitrary file write 7.1 Apr 1, 2026 MEDIUM CVE-2026-34447 ONNX: symlink traversal reads host files via model loading 5.5 Apr 1, 2026 MEDIUM CVE-2026-34446 ONNX: hardlink path traversal leaks sensitive files 4.7 Apr 1, 2026 HIGH CVE-2026-34445 ONNX: property overwrite via crafted model file 8.6 Apr 1, 2026 UNKNOWN CVE-2026-27489 ONNX: symlink path traversal allows arbitrary file read -- Mar 31, 2026 HIGH CVE-2024-5187 ONNX: path traversal in model download enables RCE 8.8 Jun 6, 2024 HIGH CVE-2024-7776 ONNX: path traversal in download_model enables RCE 8.1 Mar 20, 2025 CRITICAL CVE-2026-28500 onnx: Integrity Verification bypass enables tampering 9.1 Mar 18, 2026

Monitor ONNX in your stack

Get instant alerts when new vulnerabilities affect ONNX. CISO analysis, ATLAS technique mappings, and compliance reports included.

Start Monitoring