AI Threat Alert
ATLAS Landscape
AML.T0010.002
Data
Data is a key vector of supply chain compromise for adversaries. Every AI project will require some form of data. Many rely on large open source datasets that are publicly available. An adversary could rely on compromising these sources of data. The malicious data could be a result of [Poison Training Data](/techniques/AML.T0020) or include traditional malware. An adversary can also target private datasets in the labeling phase. The creation of private datasets will often require the hiring of outside labeling services. An adversary can poison a dataset by modifying the labels being generated by the labeling service.
12 CVEs mapped
View on MITRE ATLAS →
| Severity | CVE | Headline | Package | CVSS |
|---|---|---|---|---|
| CRITICAL | CVE-2025-12060 | keras: Path Traversal enables file access | keras | 9.8 |
| CRITICAL | CVE-2024-27133 | MLflow: XSS in recipe runner enables Jupyter RCE | mlflow | 9.6 |
| CRITICAL | CVE-2025-62608 | mlx: security flaw enables exploitation | mlx | 9.1 |
| CRITICAL | CVE-2021-35958 | TensorFlow: path traversal in get_file allows file overwrite | tensorflow | 9.1 |
| HIGH | CVE-2025-58757 | MONAI: unsafe pickle deserialization RCE in data pipeline | monai | 8.8 |
| HIGH | CVE-2026-33310 | 8.8 | ||
| HIGH | CVE-2024-49048 | TorchGeo: RCE via code injection in geospatial ML lib | 8.1 | |
| MEDIUM | CVE-2025-53621 | DSpace: XXE injection enables server file disclosure | 6.9 | |
| MEDIUM | CVE-2025-3044 | llama-index ArxivReader: MD5 collision corrupts training data | llama-index-readers-papers | 5.3 |
| UNKNOWN | CVE-2025-21604 | AIDeepin: MD5 collision enables RAG knowledge base poisoning | — | |
| HIGH | CVE-2026-27622 | — | ||
| HIGH | CVE-2026-41486 | Ray: Parquet RCE via Arrow extension deserialization | ray | — |