AML.T0049

Exploit Public-Facing Application

Adversaries may attempt to take advantage of a weakness in an Internet-facing computer or program using software, data, or commands in order to cause unintended or unanticipated behavior. The weakness in the system can be a bug, a glitch, or a design vulnerability. These applications are often websites, but can include databases (like SQL), standard services (like SMB or SSH), network device administration and management protocols (like SNMP and Smart Install), and any other applications with Internet accessible open sockets, such as web servers and related services.

1183 CVEs mapped View on MITRE ATLAS →

Severity	CVE	Headline	Package	CVSS
CRITICAL	CVE-2026-21858	n8n: Input Validation flaw enables exploitation	n8n	10.0
CRITICAL	CVE-2025-2828	LangChain RequestsToolkit: SSRF exposes cloud metadata	langchain	10.0
CRITICAL	CVE-2025-53767	Azure OpenAI: SSRF EoP, no auth required (CVSS 10)	azure_openai	10.0
CRITICAL	CVE-2024-12909	llama-index finchat: SQL injection enables RCE	llama-index-packs-finchat	10.0
CRITICAL	CVE-2025-59528	Flowise: Unauthenticated RCE via MCP config injection	flowise	10.0
CRITICAL	CVE-2026-33660	TensorFlow: type confusion NPD in tensor conversion	n8n	10.0
CRITICAL	CVE-2026-34938	praisonaiagents: sandbox bypass enables full host RCE	praisonaiagents	10.0
CRITICAL	CVE-2025-5120	smolagents: sandbox escape enables unauthenticated RCE	smolagents	10.0
CRITICAL	CVE-2026-39888	praisonaiagents: sandbox escape enables host RCE	praisonaiagents	10.0
CRITICAL	CVE-2023-3765	MLflow: path traversal allows arbitrary file read	mlflow	10.0
CRITICAL	GHSA-wpqr-6v78-jr5g	Gemini CLI: RCE via malicious workspace in CI/CD		10.0
CRITICAL	GHSA-vvpj-8cmc-gx39	picklescan: security flaw enables exploitation	picklescan	10.0
CRITICAL	CVE-2024-2912	BentoML: RCE via insecure deserialization (CVSS 10)		10.0
CRITICAL	CVE-2023-25574	JupyterHub LTI13: JWT forgery enables full auth bypass		10.0
CRITICAL	CVE-2026-26030	semantic-kernel: Code Injection enables RCE	semantic-kernel	10.0
CRITICAL	CVE-2026-1470	n8n: Code Injection enables RCE	n8n	9.9
CRITICAL	CVE-2026-25049	n8n: security flaw enables exploitation	n8n	9.9
CRITICAL	CVE-2026-25053	n8n: Command Injection enables RCE	n8n	9.9
CRITICAL	CVE-2026-25052	n8n: security flaw enables exploitation	n8n	9.9
CRITICAL	CVE-2026-25115	n8n: Protection Bypass circumvents security controls	n8n	9.9
CRITICAL	CVE-2025-54381	BentoML: unauthenticated SSRF via file upload URLs	bentoml	9.9
CRITICAL	CVE-2026-25592	semantic-kernel: Path Traversal enables file access	semantic-kernel	9.9
CRITICAL	CVE-2026-27495	n8n: Code Injection enables RCE	n8n	9.9
CRITICAL	CVE-2026-27494	n8n: security flaw enables exploitation	n8n	9.9
CRITICAL	CVE-2020-15196	TensorFlow: heap OOB read in sparse/ragged count ops	tensorflow	9.9
CRITICAL	CVE-2025-68668	n8n: Protection Bypass circumvents security controls	n8n	9.9
CRITICAL	CVE-2024-52384	Sage AI Plugin: unrestricted upload → web shell RCE		9.9
CRITICAL	CVE-2026-21877	n8n: Code Injection enables RCE	n8n	9.9
CRITICAL	CVE-2026-33309	langflow: Path Traversal enables file access	langflow	9.9
CRITICAL	CVE-2026-27577	n8n: Code Injection enables RCE	n8n	9.9
CRITICAL	CVE-2025-61913	Flowise: path traversal in file tools leads to RCE	flowise	9.9
CRITICAL	CVE-2026-0863	n8n: Code Injection enables RCE	n8n	9.9
CRITICAL	CVE-2026-40933	Flowise: RCE via MCP stdio command injection	flowise-components	9.9
CRITICAL	CVE-2026-30741	OpenClaw: RCE via request-side prompt injection	openclaw	9.8
CRITICAL	CVE-2024-42835	Langflow: Unauthenticated RCE via PythonCodeTool	langflow	9.8
CRITICAL	CVE-2026-33017	langflow: Code Injection enables RCE	langflow	9.8
CRITICAL	CVE-2026-41276	Flowise: auth bypass enables full account takeover via reset	flowise	9.8
CRITICAL	CVE-2022-23587	TensorFlow: integer overflow in Grappler enables RCE	tensorflow	9.8
CRITICAL	CVE-2022-0845	pytorch-lightning: code injection enables full RCE	pytorch_lightning	9.8
CRITICAL	CVE-2022-35939	TensorFlow: ScatterNd OOB write enables RCE/crash	tensorflow	9.8
CRITICAL	CVE-2022-41900	TensorFlow: heap OOB RCE in FractionalMaxPool op	tensorflow	9.8
CRITICAL	CVE-2022-45907	PyTorch: RCE via unsafe eval in JIT annotations	pytorch	9.8
CRITICAL	CVE-2023-25823	Gradio: hardcoded SSH key leaks via share=True demos	gradio	9.8
CRITICAL	CVE-2023-1177	MLflow: path traversal allows arbitrary file read/write	mlflow	9.8
CRITICAL	CVE-2023-25664	TensorFlow: heap overflow in AvgPoolGrad, RCE risk	tensorflow	9.8
CRITICAL	CVE-2023-25668	TensorFlow: unauthenticated RCE via heap buffer overflow	tensorflow	9.8
CRITICAL	CVE-2023-29374	LangChain: RCE via prompt injection in LLMMathChain	langchain	9.8
CRITICAL	CVE-2023-2780	MLflow: path traversal allows arbitrary file read/write	mlflow	9.8
CRITICAL	CVE-2023-34540	LangChain: RCE via JiraAPIWrapper crafted input	langchain	9.8
CRITICAL	CVE-2023-34541	LangChain: RCE via unsafe load_prompt deserialization	langchain	9.8
CRITICAL	CVE-2023-36258	LangChain: unauthenticated RCE via code injection	langchain	9.8
CRITICAL	CVE-2023-36188	LangChain: RCE via PALChain unsanitized Python exec	langchain	9.8
CRITICAL	CVE-2023-3686	QuickAI: unauthenticated SQLi exposes OpenAI API keys	quickai_openai	9.8
CRITICAL	CVE-2023-36095	LangChain PALChain: RCE via unsanitized exec() calls	langchain	9.8
CRITICAL	CVE-2023-38860	LangChain: RCE via unsanitized prompt parameter	langchain	9.8
CRITICAL	CVE-2023-38896	LangChain: RCE via unsandboxed LLM code execution	langchain	9.8
CRITICAL	CVE-2023-39659	LangChain: RCE via unsanitized PythonAstREPL input	langchain	9.8
CRITICAL	CVE-2023-36281	LangChain: RCE via malicious JSON prompt template	langchain	9.8
CRITICAL	CVE-2023-39631	LangChain: RCE via numexpr evaluate injection	langchain	9.8
CRITICAL	CVE-2023-43654	TorchServe: SSRF + RCE via unrestricted model URL loading	torchserve	9.8
CRITICAL	CVE-2023-44467	LangChain: RCE bypass via __import__ in PAL chain	langchain_experimental	9.8
CRITICAL	CVE-2023-32785	LangChain: prompt injection → SQL RCE (CVSS 9.8)	langchain	9.8
CRITICAL	CVE-2023-6018	MLflow: unauth file overwrite enables model poisoning	mlflow	9.8
CRITICAL	CVE-2023-6019	Ray: unauthenticated RCE via dashboard command injection	ray	9.8
CRITICAL	CVE-2023-6014	MLflow: auth bypass allows arbitrary account creation	mlflow	9.8
CRITICAL	CVE-2023-48022	Ray: unauthenticated RCE via job submission API	ray	9.8
CRITICAL	CVE-2024-23751	LlamaIndex: SQL injection in Text-to-SQL feature	llamaindex	9.8
CRITICAL	CVE-2026-2654	smolagents: SSRF allows internal network access	smolagents	9.8
CRITICAL	CVE-2026-42208	LiteLLM: SQL injection exposes LLM API credentials	litellm	9.8
CRITICAL	CVE-2026-22778	vllm: security flaw enables exploitation	vllm	9.8
CRITICAL	CVE-2024-27444	LangChain Experimental: RCE via Python sandbox escape	langchain-experimental	9.8
CRITICAL	CVE-2024-2057	LangChain TFIDFRetriever: SSRF/RCE via load_local	langchain	9.8
CRITICAL	CVE-2024-3660	Keras: RCE via malicious model deserialization	keras	9.8
CRITICAL	CVE-2025-13374	Kalrav: Arbitrary File Upload enables RCE		9.8
CRITICAL	CVE-2024-5452	pytorch-lightning: RCE via deepdiff Delta deserialization	pytorch_lightning	9.8
CRITICAL	CVE-2026-22807	vllm: Code Injection enables RCE	vllm	9.8
CRITICAL	CVE-2024-3234	ChuanhuChatGPT: path traversal exposes LLM API keys	chuanhuchatgpt	9.8
CRITICAL	CVE-2024-37014	Langflow: unauthenticated RCE via custom component API	langflow	9.8
CRITICAL	CVE-2024-39236	Gradio: code injection via component metadata (CVSS 9.8)	gradio	9.8
CRITICAL	CVE-2024-35198	TorchServe: URL bypass enables arbitrary model loading	torchserve	9.8
CRITICAL	CVE-2024-41112	streamlit-geospatial: RCE via eval() on palette input	streamlit-geospatial	9.8
CRITICAL	CVE-2024-41113	streamlit-geospatial: RCE via eval() in Timelapse page	streamlit-geospatial	9.8
CRITICAL	CVE-2024-41114	streamlit-geospatial: RCE via eval() on palette input	streamlit-geospatial	9.8
CRITICAL	CVE-2024-41115	streamlit-geospatial: eval() injection enables RCE	streamlit-geospatial	9.8
CRITICAL	CVE-2024-41116	streamlit-geospatial: RCE via eval() injection	streamlit-geospatial	9.8
CRITICAL	CVE-2024-41117	streamlit-geospatial: eval() injection allows RCE	streamlit-geospatial	9.8
CRITICAL	CVE-2024-41118	streamlit-geospatial: blind SSRF via WMS URL input	streamlit-geospatial	9.8
CRITICAL	CVE-2024-41119	streamlit-geospatial: RCE via eval() on vis_params input	streamlit-geospatial	9.8
CRITICAL	CVE-2024-41120	streamlit-geospatial: blind SSRF via unvalidated URL input	streamlit-geospatial	9.8
CRITICAL	CVE-2024-46946	LangChain-Experimental: RCE via eval in math chain	langchain-experimental	9.8
CRITICAL	CVE-2026-25960	vllm: SSRF allows internal network access	vllm	9.8
CRITICAL	CVE-2024-47167	Gradio: unauthenticated SSRF in /queue/join, internal pivot	gradio	9.8
CRITICAL	CVE-2024-48061	Langflow: RCE via unsandboxed code component execution	langflow	9.8
CRITICAL	CVE-2024-52803	LlamaFactory: RCE via OS command injection in training	llamafactory	9.8
CRITICAL	CVE-2020-15208	TFLite: OOB read/write via tensor dimension mismatch	tensorflow	9.8
CRITICAL	CVE-2025-12060	keras: Path Traversal enables file access	keras	9.8
CRITICAL	CVE-2026-2635	mlflow: security flaw enables exploitation	mlflow	9.8
CRITICAL	CVE-2025-11201	mlflow: Path Traversal enables file access	mlflow	9.8
CRITICAL	CVE-2025-11200	mlflow: security flaw enables exploitation	mlflow	9.8
CRITICAL	CVE-2024-12366	PandasAI: prompt injection enables unauthenticated RCE		9.8
CRITICAL	CVE-2025-25362	spacy-llm: SSTI allows unauthenticated RCE (CVSS 9.8)	spacy-llm	9.8
CRITICAL	CVE-2026-30821	flowise: Arbitrary File Upload enables RCE	flowise	9.8
CRITICAL	CVE-2025-63389	ollama: Missing Auth allows unauthenticated access	ollama	9.8
CRITICAL	CVE-2025-1550	Keras: safe_mode bypass enables RCE via model loading	keras	9.8
CRITICAL	CVE-2026-41264	Flowise: prompt injection → unsandboxed RCE via CSV Agent	flowise-components	9.8
CRITICAL	CVE-2020-15205	TensorFlow: heap overflow in StringNGrams, ASLR bypass	tensorflow	9.8
CRITICAL	CVE-2024-11041	vllm: RCE via unsafe pickle deserialization in MessageQueue	vllm	9.8
CRITICAL	CVE-2020-13092	scikit-learn: RCE via malicious joblib model deserialization	scikit-learn	9.8
CRITICAL	CVE-2019-16778	TensorFlow: heap overflow in UnsortedSegmentSum op	tensorflow	9.8
CRITICAL	CVE-2026-39890	PraisonAI: YAML deserialization enables unauthenticated RCE	praisonai	9.8
CRITICAL	CVE-2024-9053	vllm: RCE via unsafe pickle deserialization in RPC server	vllm	9.8
CRITICAL	CVE-2024-9070	BentoML: unauthenticated RCE via runner deserialization	bentoml	9.8
CRITICAL	CVE-2024-11958	llama-index DuckDB retriever: SQLi enables RCE	llama-index-retrievers-duckdb-retriever	9.8
CRITICAL	CVE-2024-9052	vLLM: RCE via pickle deserialization in distributed API	vllm	9.8
CRITICAL	CVE-2025-9556	langchaingo: Jinja2 SSTI allows host filesystem read		9.8
CRITICAL	CVE-2025-27520	BentoML: unauthenticated RCE via insecure deserialization	bentoml	9.8
CRITICAL	CVE-2025-3248	Langflow: Unauth RCE via code injection endpoint	langflow	9.8
CRITICAL	CVE-2025-32375	BentoML: RCE via insecure deserialization in runner	bentoml	9.8
CRITICAL	CVE-2024-31224	gpt_academic: deserialization RCE, no auth required	gpt_academic	9.8
CRITICAL	CVE-2024-12029	InvokeAI: RCE via unsafe torch.load deserialization		9.8
CRITICAL	CVE-2025-54949	ExecuTorch: heap buffer overflow RCE via model loading	executorch	9.8
CRITICAL	CVE-2025-30405	ExecuTorch: integer overflow in model load → RCE	executorch	9.8
CRITICAL	CVE-2025-30404	ExecuTorch: integer overflow RCE on model load	executorch	9.8
CRITICAL	CVE-2025-54950	ExecuTorch: OOB read in model loader enables RCE	executorch	9.8
CRITICAL	CVE-2025-54951	ExecuTorch: heap buffer overflow RCE in model loading	executorch	9.8
CRITICAL	CVE-2025-45150	ChatGLM-Webui: arbitrary file read, no auth required	langchain-chatglm-webui	9.8
CRITICAL	CVE-2024-49326	Affiliator WP Plugin: Unauthenticated Web Shell Upload	affiliator	9.8
CRITICAL	CVE-2024-7042	LangChainJS: prompt injection enables full graph DB takeover	langchain	9.8
CRITICAL	CVE-2025-58434	Flowise: auth bypass in reset flow allows full ATO	flowise	9.8
CRITICAL	CVE-2026-27966	langflow: Code Injection enables RCE	langflow	9.8
CRITICAL	CVE-2024-8309	LangChain GraphCypher: prompt injection enables DB wipe	langchain	9.8
CRITICAL	CVE-2024-48063	PyTorch: RCE via RemoteModule deserialization	pytorch	9.8
CRITICAL	CVE-2026-41268	Flowise: unauthenticated RCE via NODE_OPTIONS env injection	flowise	9.8
CRITICAL	CVE-2026-41265	Flowise: RCE via prompt injection in Airtable Agent	flowise	9.8
CRITICAL	CVE-2026-41267	Flowise: mass assignment auth bypass in registration	flowise	9.8
CRITICAL	CVE-2025-1793	llama_index: SQL injection in vector store integrations	llama-index	9.8
CRITICAL	CVE-2025-53002	LLaMA-Factory: RCE via unsafe checkpoint deserialization	llamafactory	9.8
CRITICAL	CVE-2026-30824	Flowise: auth bypass exposes NVIDIA NIM container endpoints	flowise	9.8
CRITICAL	CVE-2025-47277	vLLM: RCE via exposed TCPStore in distributed inference	vllm	9.8
CRITICAL	CVE-2025-6853	Langchain-Chatchat: path traversal in KB upload	langchain-chatchat	9.8
CRITICAL	CVE-2025-32444	vLLM: RCE via pickle deserialization on ZeroMQ	vllm	9.8
CRITICAL	CVE-2024-27132	MLflow: XSS in recipes enables client-side RCE	mlflow	9.6
CRITICAL	CVE-2026-42048	Langflow: path traversal allows arbitrary directory deletion	langflow	9.6
CRITICAL	CVE-2024-27133	MLflow: XSS in recipe runner enables Jupyter RCE	mlflow	9.6
CRITICAL	CVE-2026-1115	lollms: Stored XSS enables wormable account takeover	lollms	9.6
CRITICAL	CVE-2025-67511	cai-framework: Command Injection enables RCE		9.6
CRITICAL	CVE-2026-0596	MLflow: command injection via model_uri in mlserver mode		9.6
CRITICAL	CVE-2025-15036	MLflow: path traversal enables sandbox escape, file overwrite	mlflow	9.6
CRITICAL	CVE-2025-59434	Flowise Cloud: cross-tenant env var exposure leaks API keys		9.6
CRITICAL	CVE-2024-0964	Gradio: unauthenticated LFI exposes full server filesystem	gradio	9.4
CRITICAL	CVE-2024-3573	MLflow: LFI via URI parsing allows arbitrary file read	mlflow	9.3
CRITICAL	CVE-2026-28451	OpenClaw: SSRF via Feishu extension exposes internal services	openclaw	9.3
CRITICAL	CVE-2023-6020	Ray: unauthenticated LFI exposes entire filesystem	ray	9.3
CRITICAL	CVE-2023-6021	Ray: LFI allows unauthenticated file read	ray	9.3
CRITICAL	CVE-2025-47241	browser-use: URL allowlist bypass enables SSRF in agents	browser-use	9.3
CRITICAL	CVE-2022-35937	TensorFlow: GatherNd OOB read crashes inference servers	tensorflow	9.1
CRITICAL	CVE-2026-0545	MLflow: auth bypass in job API enables unauthenticated RCE	mlflow	9.1
CRITICAL	CVE-2025-15031	mlflow: Path Traversal enables file access	mlflow	9.1
CRITICAL	CVE-2024-47871	Gradio: cleartext MITM exposes ML demo data via share=True	gradio	9.1
CRITICAL	CVE-2025-68665	langchain.js: Deserialization enables RCE	langchain.js	9.1
CRITICAL	CVE-2026-35216	Budibase: Unauthenticated RCE as root via webhook		9.1
CRITICAL	CVE-2026-44551	open-webui: LDAP auth bypass — full account takeover	open-webui	9.1
CRITICAL	CVE-2021-35958	TensorFlow: path traversal in get_file allows file overwrite	tensorflow	9.1
CRITICAL	CVE-2026-21445	langflow: Missing Auth allows unauthenticated access	langflow	9.1
CRITICAL	CVE-2024-4253	Gradio: CI/CD command injection enables secrets exfiltration	gradio	9.1
CRITICAL	CVE-2022-41910	TensorFlow Grappler: OOB read crashes or leaks memory	tensorflow	9.1
CRITICAL	CVE-2022-41902	TensorFlow Grappler: OOB read/crash via crafted model	tensorflow	9.1
CRITICAL	CVE-2022-41880	TensorFlow: heap OOB read in candidate sampler op	tensorflow	9.1
CRITICAL	CVE-2022-35938	TensorFlow: OOB read in GatherNd causes crash/data leak	tensorflow	9.1
CRITICAL	CVE-2024-7774	LangChain.js: path traversal, arbitrary file read/write	langchain.js	9.1
CRITICAL	GHSA-8x8f-54wf-vv92	PraisonAI: auth bypass enables browser session hijack	PraisonAI	9.1
CRITICAL	CVE-2025-55526	n8n-workflows: path traversal in download_workflow endpoint	fastapi	9.1
CRITICAL	CVE-2026-7482	Ollama: heap OOB read leaks API keys and chat data	ollama	9.1
CRITICAL	CVE-2026-44007	vm2: sandbox escape via nesting:true enables RCE	vm2	9.1
CRITICAL	CVE-2024-8019	pytorch-lightning: file upload RCE (Windows)	pytorch-lightning	9.1
CRITICAL	CVE-2026-27825	mcp-atlassian: Path Traversal enables file access	mcp-atlassian	9.1
CRITICAL	CVE-2023-34239	Gradio: path traversal + SSRF exposes model files & infra	gradio	9.1
CRITICAL	CVE-2025-62608	mlx: security flaw enables exploitation	mlx	9.1
CRITICAL	CVE-2026-35030	LiteLLM: auth bypass via JWT cache key collision	litellm	9.1
CRITICAL	CVE-2025-29783	vLLM: RCE via unsafe deserialization in Mooncake KV	vllm	9.0
CRITICAL	CVE-2026-27493	n8n: Code Injection enables RCE	n8n	9.0
CRITICAL	CVE-2025-33244	NVIDIA: Deserialization enables RCE		9.0
CRITICAL	CVE-2020-15202	TensorFlow: Shard API int truncation enables memory corruption	tensorflow	9.0
CRITICAL	CVE-2020-15207	TFLite: OOB write via unchecked negative axis index	tensorflow	9.0
CRITICAL	CVE-2026-33749	n8n: stored XSS enables credential theft via workflow	n8n	9.0
HIGH	CVE-2024-37061	MLflow: RCE via malicious MLproject file execution	mlflow	8.8
HIGH	CVE-2024-6825	LiteLLM: RCE via post_call_rules callback injection	litellm	8.8
HIGH	CVE-2024-0520	MLflow: path traversal enables RCE via dataset loading	mlflow	8.8
HIGH	CVE-2026-41137	Flowise: RCE via CSVAgent unsanitized code injection	flowise	8.8
HIGH	CVE-2022-21726	TensorFlow: heap OOB read in Dequantize op allows RCE	tensorflow	8.8
HIGH	CVE-2022-21727	TensorFlow: Dequantize integer overflow, RCE risk	tensorflow	8.8
HIGH	CVE-2022-24770	Gradio: CSV formula injection via flagging enables RCE	gradio	8.8
HIGH	CVE-2022-23558	TFLite: integer overflow in model loading, RCE risk	tensorflow	8.8
HIGH	CVE-2026-24747	pytorch: Code Injection enables RCE	pytorch	8.8
HIGH	CVE-2025-62726	n8n: security flaw enables exploitation	n8n	8.8
HIGH	CVE-2026-6543	Langflow: RCE exposes API keys and DB credentials	langflow	8.8
HIGH	CVE-2026-41138	Flowise: RCE via unsanitized input in AirtableAgent	flowise	8.8
HIGH	CVE-2026-30820	Flowise: header spoof auth bypass exposes admin API & creds	flowise	8.8
HIGH	CVE-2025-58755	MONAI: path traversal allows arbitrary file write	monai	8.8
HIGH	CVE-2025-56265	n8n: unrestricted file upload RCE via Chat Trigger	n8n	8.8
HIGH	CVE-2024-7297	Langflow: mass assignment grants super admin access	langflow	8.8
HIGH	CVE-2024-45848	MindsDB: RCE via eval() injection in ChromaDB INSERT		8.8
HIGH	CVE-2026-3357	Langflow: deserialization RCE via FAISS component default	langflow	8.8
HIGH	CVE-2026-41277	Flowise: mass assignment enables cross-workspace IDOR	flowise	8.8
HIGH	CVE-2026-33053	langflow: IDOR enables unauthorized data access	langflow	8.8
HIGH	GHSA-mcmc-2m55-j8jj	vllm: Input Validation flaw enables exploitation	vllm	8.8
HIGH	CVE-2026-27498	n8n: Code Injection enables RCE	n8n	8.8
HIGH	CVE-2022-21740	TensorFlow: heap overflow in sparse ops, RCE risk	tensorflow	8.8
HIGH	CVE-2022-23574	TensorFlow: heap OOB read/write enables network RCE	tensorflow	8.8
HIGH	CVE-2022-23573	TensorFlow: uninitialized memory in AssignOp	tensorflow	8.8
HIGH	CVE-2026-33175	oauthenticator: auth bypass enables JupyterHub account takeover		8.8
HIGH	CVE-2026-27497	n8n: SQL Injection exposes database	n8n	8.8
HIGH	CVE-2025-57760	Langflow: privilege escalation to full superuser via CLI	langflow	8.8
HIGH	GHSA-qwgj-rrpj-75xm	PraisonAI: hardcoded approval bypass enables RCE	PraisonAI	8.8
HIGH	CVE-2026-31829	Flowise: SSRF via HTTP Node exposes internal network	flowise-components	8.8
HIGH	CVE-2025-9141	vLLM: RCE via eval() in Qwen3 Coder tool parser	vllm	8.8
HIGH	CVE-2022-23566	TensorFlow: heap OOB write in Grappler, RCE risk	tensorflow	8.8
HIGH	CVE-2022-23562	TensorFlow: Range integer overflow, RCE/DoS risk	tensorflow	8.8
HIGH	CVE-2022-23561	TensorFlow Lite: OOB write, arbitrary write primitive	tensorflow	8.8
HIGH	CVE-2025-68613	n8n: security flaw enables exploitation	n8n	8.8
HIGH	CVE-2023-27563	n8n: privilege escalation exposes full workflow admin	n8n	8.8
HIGH	CVE-2025-6855	Langchain-Chatchat: path traversal exposes system files	langchain-chatchat	8.8
HIGH	CVE-2025-33213	NVIDIA: Deserialization enables RCE		8.8
HIGH	CVE-2025-65964	n8n: security flaw enables exploitation	n8n	8.8
HIGH	CVE-2025-34291	langflow: security flaw enables exploitation	langflow	8.8
HIGH	CVE-2026-41269	Flowise: unrestricted file upload enables persistent RCE	flowise	8.8
HIGH	CVE-2023-46229	LangChain: SSRF in URL loader exposes internal network	langchain	8.8
HIGH	CVE-2026-40217	LiteLLM: RCE via bytecode rewriting in guardrails API	litellm	8.8
HIGH	CVE-2025-66404	mcp-server-kubernetes: Command Injection enables RCE		8.8
HIGH	CVE-2026-42266	JupyterLab: Extension allow-list bypass enables privesc	jupyterlab	8.8
HIGH	CVE-2026-25056	n8n: Arbitrary File Upload enables RCE	n8n	8.8
HIGH	CVE-2023-6709	MLflow: SSTI enables RCE in ML experiment tracking	mlflow	8.8
HIGH	CVE-2025-62164	vllm: Input Validation flaw enables exploitation	vllm	8.8
HIGH	CVE-2023-6753	MLflow: path traversal exposes arbitrary file read/write	mlflow	8.8
HIGH	CVE-2022-23560	TFLite: OOB read/write in sparse tensor → RCE	tensorflow	8.8
HIGH	CVE-2025-61687	Flowise: unrestricted file upload enables persistent RCE	flowise	8.8
HIGH	CVE-2020-15195	TensorFlow: heap overflow in sparse gradient op	tensorflow	8.8
HIGH	CVE-2021-39160	nbgitpuller: RCE via OS command injection in git URLs		8.8
HIGH	CVE-2026-42271	LiteLLM: RCE via MCP test endpoint command injection	litellm	8.8
HIGH	CVE-2018-8825	TensorFlow 1.7: Buffer overflow enables arbitrary code exec	tensorflow	8.8
HIGH	CVE-2026-33696	n8n: Prototype pollution enables RCE via workflow nodes	n8n	8.8
HIGH	CVE-2024-3571	LangChain: path traversal allows arbitrary file R/W	langchain	8.8
HIGH	CVE-2026-24780	agpt: Code Injection enables RCE		8.8
HIGH	CVE-2026-33713	n8n: SQLi in Data Table node, full DB compromise	n8n	8.8
HIGH	CVE-2022-23559	TFLite: integer overflow in embedding lookup → heap OOB RW	tensorflow	8.8
HIGH	CVE-2024-37032	Ollama: path traversal enables RCE via model blob API	ollama	8.8
HIGH	CVE-2024-37054	MLflow: deserialization RCE via malicious PyFunc model	mlflow	8.8
HIGH	CVE-2024-37055	MLflow: RCE via pmdarima model deserialization	mlflow	8.8
HIGH	CVE-2024-37056	MLflow: RCE via LightGBM model deserialization	mlflow	8.8
HIGH	CVE-2024-37057	MLflow: RCE via malicious TensorFlow model deserialization	mlflow	8.8
HIGH	CVE-2024-37058	MLflow: RCE via malicious LangChain model deserialization	mlflow	8.8
HIGH	CVE-2024-37060	MLflow: RCE via deserialization in crafted Recipes	mlflow	8.8
HIGH	CVE-2025-64495	Open WebUI: XSS-to-RCE via malicious prompt injection	open-webui	8.7
HIGH	CVE-2021-41134	nbdime: stored XSS in Jupyter notebook diff viewer		8.7
HIGH	CVE-2024-32965	Lobe Chat: pre-auth SSRF leaks OpenAI API keys		8.6
HIGH	CVE-2024-4325	Gradio: SSRF exposes internal network and cloud metadata	gradio	8.6
HIGH	CVE-2026-30617	LangChain-ChatChat: RCE via unauthenticated MCP interface		8.6
HIGH	CVE-2025-5302	llama-index: JSON parsing DoS via deep recursion	llama-index-core	8.6
HIGH	CVE-2026-25580	pydantic-ai: SSRF allows internal network access	pydantic-ai-slim	8.6
HIGH	CVE-2025-25297	Label Studio: SSRF via S3 endpoint exposes internal services	label-studio	8.6
HIGH	CVE-2026-34445	ONNX: property overwrite via crafted model file	onnx	8.6
HIGH	CVE-2026-28416	gradio: SSRF allows internal network access	gradio	8.6
HIGH	CVE-2020-15212	TensorFlow Lite: heap OOB write via segment sum op	tensorflow	8.6
HIGH	CVE-2026-26286	sillytavern: SSRF allows internal network access		8.5
HIGH	CVE-2025-65958	open-webui: SSRF allows internal network access	open-webui	8.5
HIGH	CVE-2024-21513	langchain-experimental: RCE via eval() in VectorSQL chain	langchain-experimental	8.5
HIGH	GHSA-4ggg-h7ph-26qr	n8n-mcp: authenticated SSRF leaks cloud metadata	n8n-mcp	8.5
HIGH	CVE-2026-39974	n8n-MCP: SSRF exposes cloud metadata via MCP headers		8.5
HIGH	CVE-2026-42449	n8n-mcp: SSRF bypass via IPv6 leaks API keys	n8n-mcp	8.5
HIGH	CVE-2024-6982	lollms: RCE via eval() sandbox bypass in Calculate	lollms	8.4
HIGH	CVE-2026-44334	praisonai: RCE via unpatched tool_override exec_module	praisonai	8.4
HIGH	CVE-2024-7990	open-webui: Stored XSS enables admin session hijack	open-webui	8.4
HIGH	GHSA-8g7g-hmwm-6rv2	n8n-mcp: path traversal + SSRF exposes n8n API keys	n8n-mcp	8.3
HIGH	CVE-2024-7039	open-webui: Privilege bypass enables admin account deletion	open-webui	8.3
HIGH	CVE-2026-41270	Flowise: SSRF bypass exposes cloud metadata services	flowise	8.3
HIGH	GHSA-f228-chmx-v6j6	Flowise: prompt injection RCE via AirtableAgent	flowise-components	8.3
HIGH	CVE-2024-47084	Gradio: CORS bypass exposes local instances to credential theft	gradio	8.3
HIGH	CVE-2026-41271	Flowise: SSRF via prompt template injection in API Chain	flowise	8.3
HIGH	CVE-2024-35199	TorchServe: default gRPC exposure allows unauth inference	torchserve	8.2
HIGH	CVE-2025-68664	langchain-core: Deserialization enables RCE	langchain_core	8.2
HIGH	CVE-2026-1117	lollms: Access Control bypass enables privilege escalation	lollms	8.2
HIGH	GHSA-75hx-xj24-mqrw	n8n-mcp: unauthenticated HTTP endpoints enable DoS + recon	n8n-mcp	8.2
HIGH	CVE-2026-27826	mcp-atlassian: SSRF allows internal network access	mcp-atlassian	8.2
HIGH	CVE-2026-32763			8.2
HIGH	CVE-2024-39720	Ollama: OOB read in GGUF parser enables remote DoS	ollama	8.2
HIGH	CVE-2026-29872	awesome-llm-apps MCP Agent: cross-session credential theft		8.2
HIGH	CVE-2024-10648	Gradio: path traversal enables arbitrary file deletion DoS	gradio	8.2
HIGH	CVE-2026-44843	LangChain: deserialization poisons LLM chat history	langchain-core	8.2
HIGH	CVE-2026-33665	n8n: LDAP email match enables permanent account takeover	n8n	8.2
HIGH	CVE-2026-41273	Flowise: auth bypass exposes OAuth 2.0 tokens	flowise	8.2
HIGH	CVE-2026-25750	langsmith: security flaw enables exploitation	langsmith	8.1
HIGH	CVE-2022-23592	TensorFlow: heap OOB read in type inference engine	tensorflow	8.1
HIGH	CVE-2023-6831	MLflow: path traversal allows arbitrary file write	mlflow	8.1
HIGH	CVE-2023-6572	Gradio: command injection enables RCE on ML servers	gradio	8.1
HIGH	CVE-2026-44554	open-webui: RAG poisoning via unauthorized KB overwrite	open-webui	8.1
HIGH	CVE-2024-4888	litellm: arbitrary file deletion via audio endpoint	litellm	8.1
HIGH	CVE-2025-30358	Mesop: class pollution enables DoS and LLM jailbreak		8.1
HIGH	CVE-2025-14279	mlflow: security flaw enables exploitation	mlflow	8.1
HIGH	CVE-2026-2033	mlflow: Path Traversal enables file access	mlflow	8.1
HIGH	CVE-2025-0628	litellm: privilege escalation viewer→proxy admin via bad API key	litellm	8.1
HIGH	CVE-2022-21730	TensorFlow: OOB read leaks heap memory, enables DoS	tensorflow	8.1
HIGH	GHSA-48m6-ch88-55mj	Flowise: Mass Assignment allows cross-tenant org takeover	flowise	8.1
HIGH	CVE-2026-25055	n8n: Path Traversal enables file access	n8n	8.1
HIGH	CVE-2022-41894	TensorFlow Lite: buffer overflow in CONV_3D_TRANSPOSE op	tensorflow	8.1
HIGH	CVE-2024-1560	MLflow: path traversal allows arbitrary directory deletion	mlflow	8.1
HIGH	CVE-2020-15214	TensorFlow Lite: OOB write in segment sum, memory corruption risk	tensorflow	8.1
HIGH	CVE-2022-21728	TensorFlow: heap OOB read in ReverseSequence op	tensorflow	8.1
HIGH	CVE-2025-15381	MLflow: broken access control exposes experiment traces	mlflow	8.1
HIGH	CVE-2025-61784	LLaMA-Factory: SSRF+LFI in multimodal chat API	llamafactory	8.1
HIGH	GHSA-x462-jjpc-q4q4	praisonaiagents: CORS bypass enables silent agent RCE	praisonaiagents	8.1
HIGH	CVE-2024-28088	LangChain: path traversal enables RCE and API key theft	langchain	8.1
HIGH	CVE-2026-44553	open-webui: stale Socket.IO role allows cross-user note R/W	open-webui	8.1
HIGH	CVE-2024-7043	Open WebUI: auth bypass exposes all user files	open-webui	8.1
HIGH	CVE-2025-30402	ExecuTorch: heap overflow in method load, RCE risk	executorch	8.1
HIGH	CVE-2024-49048	TorchGeo: RCE via code injection in geospatial ML lib		8.1
HIGH	CVE-2024-43598	LightGBM: heap buffer overflow enables network RCE	lightgbm	8.1
HIGH	CVE-2024-8060	OpenWebUI: path traversal RCE via audio upload API	open-webui	8.1
HIGH	CVE-2024-47870	Gradio: race condition enables backend URL hijacking	gradio	8.1
HIGH	CVE-2026-32730			8.1
HIGH	CVE-2024-7806	Open-WebUI: CSRF enables RCE via pipeline code injection	open-webui	8.0
HIGH	CVE-2025-30165	vLLM: pickle RCE in multi-node inference deployments	vllm	8.0
HIGH	CVE-2026-40149	PraisonAI: auth bypass disables agent safety controls	PraisonAI	7.9
HIGH	CVE-2021-29614	TensorFlow: OOB write in decode_raw crashes interpreter	tensorflow	7.8
HIGH	CVE-2021-29571	TensorFlow: heap OOB write via crafted bounding box op	tensorflow	7.8
HIGH	CVE-2021-29566	TensorFlow: heap OOB write in Dilation2D training op	tensorflow	7.8
HIGH	CVE-2021-29574	TensorFlow: null ptr deref in MaxPool3DGradGrad ops	tensorflow	7.8
HIGH	CVE-2021-29525	TensorFlow: div-by-zero DoS in Conv2DBackpropInput	tensorflow	7.8
HIGH	CVE-2021-41219	TensorFlow: heap OOB in sparse matrix multiply	tensorflow	7.8
HIGH	CVE-2021-29529	TensorFlow: heap buffer overflow in quantized image resize	tensorflow	7.8
HIGH	CVE-2021-29530	TensorFlow: null ptr deref in sparse Cholesky ops	tensorflow	7.8
HIGH	CVE-2021-29520	TensorFlow: heap buffer overflow in Conv3DBackprop ops	tensorflow	7.8
HIGH	CVE-2021-29535	TensorFlow: heap overflow in QuantizedMul op	tensorflow	7.8
HIGH	CVE-2021-29591	TFLite: crafted model causes infinite loop / stack overflow	tensorflow	7.8
HIGH	CVE-2021-29536	TensorFlow: heap overflow in QuantizedReshape op	tensorflow	7.8
HIGH	CVE-2021-29518	TensorFlow: null ptr deref in session ops, local RCE	tensorflow	7.8
HIGH	CVE-2021-29515	TensorFlow: NULL ptr deref in MatrixDiag ops (crash/RCE)	tensorflow	7.8
HIGH	CVE-2021-29594	TFLite: divide-by-zero in conv allows code execution	tensorflow	7.8
HIGH	CVE-2021-29595	TensorFlow TFLite: crash/RCE via malicious model file	tensorflow	7.8
HIGH	CVE-2021-29537	TensorFlow: heap overflow in QuantizedResizeBilinear op	tensorflow	7.8
HIGH	CVE-2021-29540	TensorFlow: heap buffer overflow in Conv2D gradient op	tensorflow	7.8
HIGH	CVE-2021-29546	TensorFlow: div-by-zero in QuantizedBiasAdd, C/I/A high	tensorflow	7.8
HIGH	CVE-2021-41225	TensorFlow Grappler: uninitialized var, local priv-esc	tensorflow	7.8
HIGH	CVE-2021-29558	TensorFlow: heap buffer overflow in SparseSplit op	tensorflow	7.8
HIGH	CVE-2021-29596	TensorFlow TFLite: div-by-zero in EmbeddingLookup op	tensorflow	7.8
HIGH	CVE-2021-29597	TensorFlow TFLite: div-by-zero crash via crafted model	tensorflow	7.8
HIGH	CVE-2021-29599	TFLite Split: malicious model triggers div-by-zero (DoS/RCE)	tensorflow	7.8
HIGH	CVE-2021-29600	TensorFlow TFLite: div-by-zero via crafted OneHot model	tensorflow	7.8
HIGH	CVE-2021-41221	TensorFlow: CuDNN heap overflow, local code execution	tensorflow	7.8
HIGH	CVE-2021-29568	TensorFlow: null deref in ParameterizedTruncatedNormal op	tensorflow	7.8
HIGH	CVE-2021-29606	TensorFlow Lite: OOB read via crafted TFLite model	tensorflow	7.8
HIGH	CVE-2021-29607	TensorFlow: heap OOB write in SparseAdd op	tensorflow	7.8
HIGH	CVE-2021-29608	TensorFlow: heap OOB in RaggedTensorToTensor op	tensorflow	7.8
HIGH	CVE-2021-41208	TensorFlow: heap R/W + DoS in boosted trees APIs	tensorflow	7.8
HIGH	CVE-2021-29576	TensorFlow: heap buffer overflow in MaxPool3DGradGrad op	tensorflow	7.8
HIGH	CVE-2021-29577	TensorFlow: heap overflow in AvgPool3DGrad op	tensorflow	7.8
HIGH	CVE-2021-29592	TensorFlow Lite: null-ptr deref in Reshape via 1D tensor	tensorflow	7.8
HIGH	CVE-2021-29588	TensorFlow Lite: DoS/RCE via crafted model stride=0	tensorflow	7.8
HIGH	CVE-2021-29578	TensorFlow: heap buffer overflow in FractionalAvgPoolGrad	tensorflow	7.8
HIGH	CVE-2021-29579	TensorFlow: heap buffer overflow in MaxPoolGrad kernel	tensorflow	7.8
HIGH	CVE-2026-44244	GitPython: git config injection enables hook RCE	GitPython	7.8
HIGH	CVE-2021-29609	TensorFlow: SparseAdd heap OOB write and null deref	tensorflow	7.8
HIGH	CVE-2021-37665	TensorFlow MKL: null-ptr/heap-OOB in requantization ops	tensorflow	7.8
HIGH	CVE-2021-37638	TensorFlow: null ptr deref in RaggedTensorToTensor op	tensorflow	7.8
HIGH	CVE-2021-29513	TensorFlow: type confusion → null ptr deref (CVSS 7.8)	tensorflow	7.8
HIGH	CVE-2021-29616	TensorFlow: null ptr deref in graph optimizer	tensorflow	7.8
HIGH	CVE-2021-37650	TensorFlow: heap overflow in DatasetToTFRecord ops	tensorflow	7.8
HIGH	CVE-2021-37651	TensorFlow: heap OOB r/w in FractionalAvgPoolGrad op	tensorflow	7.8
HIGH	CVE-2021-37663	TensorFlow: QuantizeV2 heap OOB/null-deref in quantization	tensorflow	7.8
HIGH	CVE-2021-29586	TFLite: div-by-zero in pooling crashes inference engine	tensorflow	7.8
HIGH	CVE-2021-37656	TensorFlow: null ptr deref in RaggedTensorToSparse op	tensorflow	7.8
HIGH	CVE-2021-37657	TensorFlow: null ptr deref in MatrixDiagV ops	tensorflow	7.8
HIGH	CVE-2021-37658	TensorFlow: null ptr deref in MatrixSetDiagV ops	tensorflow	7.8
HIGH	CVE-2021-37659	TensorFlow: heap OOB in cwise ops enables local RCE	tensorflow	7.8
HIGH	CVE-2021-29593	TensorFlow TFLite: div-by-zero via crafted model file	tensorflow	7.8
HIGH	CVE-2021-37662	TensorFlow: null deref in BoostedTrees training ops	tensorflow	7.8
HIGH	CVE-2021-37648	TensorFlow SaveV2: null ptr deref, local crash/RCE	tensorflow	7.8
HIGH	CVE-2021-37652	TensorFlow: double-free in BoostedTrees, code exec	tensorflow	7.8
HIGH	CVE-2021-37666	TensorFlow: null-ptr deref in RaggedTensorToVariant op	tensorflow	7.8
HIGH	CVE-2021-37667	TensorFlow: UnicodeEncode null deref, local code exec	tensorflow	7.8
HIGH	CVE-2021-37671	TensorFlow: null-ptr deref in Map ops, local C/I/A:High	tensorflow	7.8
HIGH	CVE-2023-25801	TensorFlow: double-free in pooling ops enables RCE	tensorflow	7.8
HIGH	CVE-2021-37676	TensorFlow: null ptr deref in SparseFillEmptyRows op	tensorflow	7.8
HIGH	CVE-2021-29612	TensorFlow: heap overflow in linalg op, RCE risk	tensorflow	7.8
HIGH	CVE-2021-37681	TensorFlow Lite: null ptr deref crashes SVDF inference	tensorflow	7.8
HIGH	CVE-2021-29587	TensorFlow TFLite: divide-by-zero via crafted model file	tensorflow	7.8
HIGH	CVE-2021-41201	TensorFlow: uninitialized var in Einsum allows local RCE	tensorflow	7.8
HIGH	CVE-2021-29610	TensorFlow: heap R/W via quantization axis underflow	tensorflow	7.8
HIGH	CVE-2018-8768	Jupyter Notebook: XSS via malicious .ipynb file	notebook	7.8
HIGH	CVE-2020-26267	TensorFlow: OOB read in DataFormatVecPermute op	tensorflow	7.8
HIGH	CVE-2025-33233	NVIDIA: Code Injection enables RCE		7.8
HIGH	CVE-2021-29514	TensorFlow: heap buffer overflow in RaggedBincount op	tensorflow	7.8
HIGH	CVE-2021-29583	TensorFlow: heap overflow in FusedBatchNorm risks RCE	tensorflow	7.8
HIGH	CVE-2021-41206	TensorFlow: missing shape validation allows heap R/W	tensorflow	7.8
HIGH	CVE-2025-1753	llama-index-cli: OS command injection enables RCE	llama-index	7.8
HIGH	CVE-2021-41216	TensorFlow: heap overflow in Transpose via negative perm	tensorflow	7.8
HIGH	CVE-2021-29512	TensorFlow: heap buffer overflow in RaggedBincount op	tensorflow	7.8
HIGH	CVE-2024-14021	llamaindex: Deserialization enables RCE	llamaindex	7.8
HIGH	CVE-2026-34937	PraisonAI: OS command injection via run_python() shell escape	praisonaiagents	7.8
HIGH	CVE-2024-7959	Open-WebUI: SSRF via unchecked OpenAI URL leaks internal secrets	open-webui	7.7
HIGH	CVE-2026-34222	Open WebUI: access control bypass leaks Tool Valve API keys	open-webui	7.7
HIGH	CVE-2021-43831	Gradio: path traversal exposes host filesystem to users	gradio	7.7
HIGH	CVE-2024-0453	WordPress ChatBot: missing authz deletes OpenAI files	wpbot	7.7
HIGH	CVE-2026-22219	chainlit: SSRF allows internal network access	chainlit	7.7
HIGH	GHSA-cvrr-qhgw-2mm6	Flowise: unauthenticated RCE via FILE-STORAGE bypass	flowise-components	7.7
HIGH	CVE-2024-3095	LangChain: SSRF in Web Retriever exposes cloud metadata	langchain	7.7
HIGH	CVE-2026-34936	PraisonAI: SSRF via api_base steals cloud IAM credentials	praisonai	7.7
HIGH	CVE-2024-0452	WordPress AI ChatBot: auth bypass enables OpenAI file upload	wpbot	7.7
HIGH	CVE-2024-7053	open-webui: XSS enables admin session hijack via chat	open-webui	7.6
HIGH	CVE-2026-44555	open-webui: access control bypass via model chaining	open-webui	7.6
HIGH	CVE-2022-36004	TensorFlow: DoS via tf.random.gamma CHECK assertion	tensorflow	7.5
HIGH	CVE-2025-0649	TensorFlow Serving: JSON recursion DoS on inference API	tensorflow_serving	7.5
HIGH	CVE-2025-46560	vLLM: DoS via quadratic multimodal tokenizer input	vllm	7.5
HIGH	CVE-2025-1752	llama_index: DoS via uncapped recursion in web reader	llama-index	7.5
HIGH	CVE-2025-59527	Flowise: unauthenticated SSRF exposes internal network	flowise	7.5
HIGH	CVE-2025-48889	Gradio: unauthenticated file copy enables disk DoS	gradio	7.5
HIGH	CVE-2026-41266	Flowise: unauthenticated API key exposure via chatbot config	flowise	7.5
HIGH	CVE-2025-3262	Transformers: ReDoS in chat.py causes CPU exhaustion	transformers	7.5
HIGH	CVE-2025-3225	llama-index Papers Loader: XML expansion DoS	llama-index-readers-papers	7.5
HIGH	CVE-2025-3046	LlamaIndex Obsidian: symlink traversal exposes host files	llama-index-readers-obsidian	7.5
HIGH	CVE-2025-6386	lollms: timing attack enables credential enumeration	lollms	7.5
HIGH	CVE-2025-6209	llama_index: path traversal allows arbitrary file read	llama-index-core	7.5
HIGH	CVE-2025-30202	vLLM: ZeroMQ socket exposure enables DoS in multi-node	vllm	7.5
HIGH	CVE-2025-25185	gpt_academic: symlink traversal exposes all server files	gpt_academic	7.5
HIGH	CVE-2024-36421	Flowise: CORS wildcard enables file read and data theft	flowise	7.5
HIGH	CVE-2026-28414	gradio: security flaw enables exploitation	gradio	7.5
HIGH	CVE-2025-48956	vLLM: unauthenticated DoS via oversized HTTP header	vllm	7.5
HIGH	CVE-2025-57809	xgrammar: uncontrolled recursion in grammar parsing causes DoS	xgrammar	7.5
HIGH	CVE-2025-6984	EverNoteLoader: XXE exposes host files in LangChain	langchain-community	7.5
HIGH	GHSA-5ccf-884p-4jjq	open-webui: DoS via unauthenticated multipart parsing	open-webui	7.5
HIGH	CVE-2026-35485	text-generation-webui: unauthenticated path traversal file read	gradio	7.5
HIGH	CVE-2025-6638	HuggingFace Transformers: ReDoS in MarianTokenizer	transformers	7.5
HIGH	CVE-2026-39889	PraisonAI: unauth A2U stream leaks all agent activity	praisonai	7.5
HIGH	CVE-2024-8984	litellm: unauthenticated DoS via multipart boundary parsing	litellm	7.5
HIGH	CVE-2024-8020	pytorch-lightning: unauthenticated DoS crashes LightningApp	pytorch-lightning	7.5
HIGH	CVE-2024-8053	Open-WebUI: unauthenticated PDF endpoint enables DoS	open-webui	7.5
HIGH	CVE-2024-7983	open-webui: unauthenticated DoS via markdown parser	open-webui	7.5
HIGH	GHSA-hh3j-9m59-p8vc	BentoML: DoS via multipart boundary in Gradio login	bentoml	7.5
HIGH	CVE-2024-12534	open-webui: unauthenticated DoS via login payload flood	open-webui	7.5
HIGH	CVE-2025-6921	Transformers: ReDoS in optimizer halts training pipelines	transformers	7.5
HIGH	CVE-2024-12537	Open-WebUI: unauthenticated DoS via code formatter	open-webui	7.5
HIGH	CVE-2025-55551	PyTorch: DoS in linalg.lu via malformed slice op	pytorch	7.5
HIGH	CVE-2024-10572	H2O-3: unauthenticated AST parser enables DoS + file write		7.5
HIGH	CVE-2025-0453	MLflow: GraphQL DoS disables ML tracking server	mlflow	7.5
HIGH	CVE-2025-0317	Ollama: DoS via malicious GGUF model file upload	ollama	7.5
HIGH	CVE-2025-0315	Ollama: GGUF model upload causes memory exhaustion DoS	ollama	7.5
HIGH	CVE-2025-0312	Ollama: null pointer DoS via malicious GGUF model upload	ollama	7.5
HIGH	CVE-2025-55552	PyTorch: integer overflow in rot90+randn_like causes DoS	pytorch	7.5
HIGH	GHSA-6wj5-5pgr-jwq8	open-webui: DoS via malformed multipart boundary	open-webui	7.5
HIGH	CVE-2024-7036	open-webui: unauthenticated DoS disables Admin panel	open-webui	7.5
HIGH	CVE-2024-9056	BentoML: DoS via multipart boundary exhausts server	bentoml	7.5
HIGH	CVE-2025-55553	PyTorch 2.7.0: DoS via proxy_tensor.py syntax error	pytorch	7.5
HIGH	CVE-2024-8966	Gradio: DoS via malformed multipart boundary	video	7.5
HIGH	CVE-2024-8859	MLflow: path traversal allows arbitrary file read via DBFS	mlflow	7.5
HIGH	CVE-2024-8063	ollama: divide-by-zero DoS via crafted GGUF model import	ollama	7.5
HIGH	CVE-2025-55557	PyTorch: DoS via cummin+Inductor NameError in 2.7.0	pytorch	7.5
HIGH	CVE-2025-55558	PyTorch: Inductor compiler buffer overflow causes DoS	pytorch	7.5
HIGH	CVE-2025-55559	TensorFlow: DoS via Conv2D valid padding crash	tensorflow	7.5
HIGH	CVE-2025-55560	PyTorch: DoS via sparse/dense tensor Inductor compile	pytorch	7.5
HIGH	GHSA-w466-2wfc-8g58	open-webui: DoS via starlette memory exhaustion	open-webui	7.5
HIGH	CVE-2025-6985	langchain-text-splitters: XXE enables arbitrary file read	langchain-text-splitters	7.5
HIGH	CVE-2020-5215	TensorFlow: type confusion DoS crashes eager mode inference	tensorflow	7.5
HIGH	CVE-2025-59425	vLLM: timing attack enables API key bypass	vllm	7.5
HIGH	CVE-2024-12720	Transformers: ReDoS in Nougat tokenizer causes DoS	transformers	7.5
HIGH	CVE-2024-12704	llama-index: DoS via infinite loop in LangChain LLM	llamaindex	7.5
HIGH	CVE-2024-12055	Ollama: DoS via malicious gguf model file upload	ollama	7.5
HIGH	CVE-2024-11031	GPT Academic: SSRF in Markdown plugin leaks credentials	gpt_academic	7.5
HIGH	CVE-2024-11030	GPT Academic: SSRF via unsanitized HotReload plugin	gpt_academic	7.5
HIGH	CVE-2026-40116	PraisonAI: unauth WebSocket drains OpenAI API credits	praisonai	7.5
HIGH	CVE-2020-15203	TensorFlow: format string DoS in strings.as_string	tensorflow	7.5
HIGH	CVE-2024-10624	Gradio: ReDoS in DateTime causes CPU exhaustion DoS	gradio	7.5
HIGH	CVE-2024-10569	Gradio: zip bomb DoS via dataframe CSV upload	gradio	7.5
HIGH	CVE-2024-10188	litellm: unauthenticated DoS crashes LLM proxy server	litellm	7.5
HIGH	CVE-2025-2148	PyTorch: memory corruption in JIT profiler callback handler	pytorch	7.5
HIGH	CVE-2020-15206	TensorFlow: SavedModel protobuf DoS in inference serving	tensorflow	7.5
HIGH	CVE-2025-23042	Gradio: ACL bypass via path case manipulation	gradio	7.5
HIGH	CVE-2020-15265	TensorFlow: OOB read DoS via invalid quantize axis	tensorflow	7.5
HIGH	CVE-2026-0621	mcp_typescript_sdk: security flaw enables exploitation		7.5
HIGH	CVE-2025-65805	OAI CN5G AMF: Unauthenticated buffer overflow, RCE/DoS	oai-cn5g-amf	7.5
HIGH	CVE-2025-62609	mlx: security flaw enables exploitation	mlx	7.5
HIGH	CVE-2024-39722	Ollama: path traversal exposes server filesystem	ollama	7.5
HIGH	CVE-2024-39721	Ollama: DoS via /dev/random causes goroutine exhaustion	ollama	7.5
HIGH	CVE-2024-39719	Ollama: file existence oracle via api/create errors	ollama	7.5
HIGH	CVE-2024-47868	Gradio: path traversal leaks arbitrary server files	gradio	7.5
HIGH	CVE-2020-28975	scikit-learn: DoS via crafted SVM model deserialization	scikit-learn	7.5
HIGH	CVE-2025-66786	OAI CN5G AMF: unauthenticated JSON DoS on 5G SBI interface	oai-cn5g-amf	7.5
HIGH	CVE-2020-26269	TensorFlow: OOB read in glob path matching causes DoS	tensorflow	7.5
HIGH	CVE-2025-14287	mlflow: Code Injection enables RCE	mlflow	7.5
HIGH	CVE-2024-7714	AYS ChatGPT WP Plugin: auth bypass disables AI service		7.5
HIGH	CVE-2026-22773	vllm: Resource Exhaustion enables DoS	vllm	7.5
HIGH	CVE-2024-8768	vLLM: unauthenticated DoS via empty completion prompt		7.5
HIGH	CVE-2024-6587	LiteLLM: SSRF leaks OpenAI API key to attacker	litellm	7.5
HIGH	CVE-2024-45436	Ollama: ZIP path traversal exposes host filesystem	ollama	7.5
HIGH	CVE-2023-33976	TensorFlow: DoS via upper_bound rank validation crash	tensorflow	7.5
HIGH	CVE-2024-58339	llamaindex: Resource Exhaustion enables DoS	llamaindex	7.5
HIGH	CVE-2024-58340	langchain: security flaw enables exploitation	langchain	7.5
HIGH	CVE-2025-15514	ollama: security flaw enables exploitation	ollama	7.5
HIGH	CVE-2026-23490			7.5
HIGH	CVE-2025-68616			7.5
HIGH	CVE-2024-36420	Flowise: unauthenticated arbitrary file read via API	flowise	7.5
HIGH	CVE-2025-66959	ollama: Input Validation flaw enables exploitation	ollama	7.5
HIGH	CVE-2025-66960	ollama: Input Validation flaw enables exploitation	ollama	7.5
HIGH	CVE-2024-2928	MLflow: URI fragment LFI exposes arbitrary files	mlflow	7.5
HIGH	CVE-2024-4941	Gradio: LFI via JSON path key exposes server files	gradio	7.5
HIGH	CVE-2026-44209	banks: SSTI enables RCE via unsandboxed Jinja2 templates	banks	7.5
HIGH	CVE-2024-3848	MLflow: URL fragment bypass leaks SSH and cloud keys	mlflow	7.5
HIGH	CVE-2024-34510	Gradio: credential leakage via Windows path encoding bug	gradio	7.5
HIGH	CVE-2024-1594	MLflow: path traversal via URI fragment reads arbitrary files	mlflow	7.5
HIGH	CVE-2024-1593	MLflow: path traversal via ';' smuggling exposes files	mlflow	7.5
HIGH	CVE-2024-1558	MLflow: path traversal enables arbitrary file read	mlflow	7.5
HIGH	CVE-2024-1483	MLflow: path traversal exposes arbitrary server files	mlflow	7.5
HIGH	CVE-2024-1728	Gradio: path traversal leaks arbitrary files, potential RCE	gradio	7.5
HIGH	CVE-2026-1669	keras: File Control enables path manipulation	keras	7.5
HIGH	CVE-2026-0599	text-generation: DoS causes service disruption		7.5
HIGH	CVE-2023-51449	Gradio: path traversal grants arbitrary file read	gradio	7.5
HIGH	CVE-2023-6909	MLflow: path traversal exposes arbitrary files (no auth)	mlflow	7.5
HIGH	CVE-2023-43472	MLflow: unauth REST API leaks sensitive ML data	mlflow	7.5
HIGH	CVE-2023-6015	MLflow: unauthenticated arbitrary file write via PUT	mlflow	7.5
HIGH	CVE-2023-46315	Infinite Image Browsing: path traversal leaks credentials		7.5
HIGH	CVE-2023-32786	LangChain: prompt injection triggers SSRF via URL fetch	langchain	7.5
HIGH	CVE-2023-36189	LangChain SQLDatabaseChain: SQL injection, DB exfil	langchain	7.5
HIGH	CVE-2023-30172	MLflow: path traversal exposes arbitrary server files	mlflow	7.5
HIGH	CVE-2023-27564	n8n: unauthenticated info disclosure exposes credentials	n8n	7.5
HIGH	CVE-2023-2356	MLflow: path traversal allows unauthenticated file read	mlflow	7.5
HIGH	CVE-2022-36011	TensorFlow: null deref DoS in MLIR function conversion	tensorflow	7.5
HIGH	CVE-2022-36005	TensorFlow: DoS via CHECK fail in fake_quant gradient	tensorflow	7.5
HIGH	CVE-2022-36003	TensorFlow: DoS via RandomPoissonV2 large input	tensorflow	7.5
HIGH	CVE-2022-36002	TensorFlow: DoS via Unbatch assertion failure	tensorflow	7.5
HIGH	CVE-2022-36001	TensorFlow: DoS via type confusion in DrawBoundingBoxes	tensorflow	7.5
HIGH	CVE-2022-36000	TensorFlow: null deref crashes MLIR graph conversion	tensorflow	7.5
HIGH	CVE-2022-35999	TensorFlow: DoS via empty Conv2DBackpropInput tensors	tensorflow	7.5
HIGH	CVE-2022-35998	TensorFlow: DoS via EmptyTensorList CHECK fail	tensorflow	7.5
HIGH	CVE-2022-35997	TensorFlow: CHECK-fail DoS in tf.sparse.cross op	tensorflow	7.5
HIGH	CVE-2022-35996	TensorFlow: Conv2D DoS via empty input tensor	tensorflow	7.5
HIGH	CVE-2022-35995	TensorFlow: DoS via AudioSummaryV2 CHECK failure	tensorflow	7.5
HIGH	CVE-2022-35994	TensorFlow: CollectiveGather assertion DoS via scalar	tensorflow	7.5
HIGH	CVE-2022-35993	TensorFlow: DoS via malformed SetSize tensor shape	tensorflow	7.5
HIGH	CVE-2022-35992	TensorFlow: DoS via malformed TensorList element shape	tensorflow	7.5
HIGH	CVE-2022-35991	TensorFlow: DoS via TensorListScatter CHECK fail	tensorflow	7.5
HIGH	CVE-2022-36026	TensorFlow: DoS via QuantizeAndDequantizeV3 CHECK fail	tensorflow	7.5
HIGH	CVE-2022-36019	TensorFlow: DoS via FakeQuant tensor rank mismatch	tensorflow	7.5
HIGH	CVE-2022-36018	TensorFlow: RaggedTensor CHECK fail remote DoS	tensorflow	7.5
HIGH	CVE-2022-35990	TensorFlow: DoS via quantization gradient rank check	tensorflow	7.5
HIGH	CVE-2022-35989	TensorFlow: MaxPool GPU kernel DoS via oversized ksize	tensorflow	7.5
HIGH	CVE-2022-35988	TensorFlow: GPU DoS via empty input to matrix_rank op	tensorflow	7.5
HIGH	CVE-2022-35987	TensorFlow: DoS via DenseBincount shape mismatch	tensorflow	7.5
HIGH	CVE-2022-35986	TensorFlow: RaggedBincount DoS crashes inference server	tensorflow	7.5
HIGH	CVE-2022-35985	TensorFlow: DoS via malformed LRNGrad tensor input	tensorflow	7.5
HIGH	CVE-2022-35984	TensorFlow: int64 type mismatch triggers remote DoS	tensorflow	7.5
HIGH	CVE-2022-35983	TensorFlow: DoS via Save/SaveSlices dtype CHECK fail	tensorflow	7.5
HIGH	CVE-2022-35982	TensorFlow: DoS via invalid SparseBincount input	tensorflow	7.5
HIGH	CVE-2022-35981	TensorFlow: DoS via FractionalMaxPoolGrad assertion	tensorflow	7.5
HIGH	CVE-2022-35979	TensorFlow: DoS via nonscalar input in QuantizedRelu	tensorflow	7.5
HIGH	CVE-2022-35974	TensorFlow: DoS via nonscalar quantization op input	tensorflow	7.5
HIGH	CVE-2022-35973	TensorFlow: DoS via QuantizedMatMul input validation	tensorflow	7.5
HIGH	CVE-2022-35972	TensorFlow: DoS via QuantizedBiasAdd rank validation	tensorflow	7.5
HIGH	CVE-2022-35971	TensorFlow: DoS via invalid quantization tensor rank	tensorflow	7.5
HIGH	CVE-2022-35970	TensorFlow: DoS via malformed QuantizedInstanceNorm tensors	tensorflow	7.5
HIGH	CVE-2022-35969	TensorFlow: DoS via malformed Conv2DBackpropInput	tensorflow	7.5
HIGH	CVE-2022-35968	TensorFlow: DoS via AvgPoolGrad shape validation failure	tensorflow	7.5
HIGH	CVE-2022-35967	TensorFlow: DoS via QuantizedAdd tensor rank flaw	tensorflow	7.5
HIGH	CVE-2022-35966	TensorFlow: DoS via QuantizedAvgPool input validation	tensorflow	7.5
HIGH	CVE-2022-35965	TensorFlow: NULL deref DoS via empty tensor input	tensorflow	7.5
HIGH	CVE-2022-35964	TensorFlow: remote DoS via BlockLSTMGradV2 validation	tensorflow	7.5
HIGH	CVE-2022-35963	TensorFlow: DoS via FractionalAvgPoolGrad overflow	tensorflow	7.5
HIGH	CVE-2022-35960	TensorFlow: DoS via malformed TensorListReserve input	tensorflow	7.5
HIGH	CVE-2022-35959	TensorFlow: DoS via AvgPool3DGradOp input overflow	tensorflow	7.5
HIGH	CVE-2022-35952	TensorFlow: DoS via UnbatchGradOp assertion crash	tensorflow	7.5
HIGH	CVE-2022-35941	TensorFlow: DoS via negative ksize in AvgPoolOp	tensorflow	7.5
HIGH	CVE-2022-35940	TensorFlow: integer overflow in RaggedRangeOp crashes service	tensorflow	7.5
HIGH	CVE-2022-35935	TensorFlow: DoS via SobolSample CHECK-failure	tensorflow	7.5
HIGH	CVE-2022-35934	TensorFlow: tf.reshape DoS via integer overflow	tensorflow	7.5
HIGH	CVE-2020-15266	TensorFlow: NaN-triggered DoS in crop_and_resize op	tensorflow	7.5
HIGH	CVE-2022-0736	MLflow: insecure temp file handling causes DoS	mlflow	7.5
HIGH	CVE-2022-23593	TensorFlow MLIR-TFRT: DoS via scalar shape segfault	tensorflow	7.5
HIGH	CVE-2022-23591	TensorFlow: SavedModel stack overflow via recursive GraphDef	tensorflow	7.5
HIGH	CVE-2022-23590	TensorFlow: DoS via malicious SavedModel GraphDef	tensorflow	7.5
HIGH	CVE-2026-41275	Flowise: HTTP password reset link allows MITM takeover	flowise	7.5
HIGH	CVE-2026-33497	langflow: Path Traversal enables file access	langflow	7.5
HIGH	CVE-2026-33484	langflow: Access Control bypass enables privilege escalation	langflow	7.5
HIGH	CVE-2026-26209			7.5
HIGH	CVE-2026-34070	langchain-core: path traversal exposes host secrets via prompt config	langchain-core	7.5
HIGH	CVE-2026-32701			7.5
HIGH	CVE-2026-41278	Flowise: credential exposure in public chatflow API	flowise	7.5
HIGH	CVE-2026-41279	Flowise: unauth API key abuse via TTS endpoint IDOR	flowise	7.5
HIGH	CVE-2026-41680	marked: infinite recursion DoS crashes Node.js via OOM	marked	7.5
HIGH	CVE-2026-32597			7.5
HIGH	CVE-2026-4503	Langflow Desktop: IDOR leaks user images unauthenticated	langflow	7.5
HIGH	CVE-2023-27579	TensorFlow Lite: FPE in tflite model crashes inference runtime	tensorflow	7.5
HIGH	CVE-2023-25676	TensorFlow: NULL ptr deref DoS in ParallelConcat op	tensorflow	7.5
HIGH	CVE-2023-25675	TensorFlow XLA: Bincount shape mismatch causes DoS	tensorflow	7.5
HIGH	CVE-2023-25674	TensorFlow: null pointer DoS in RandomShuffle (XLA)	tensorflow	7.5
HIGH	CVE-2023-25673	TensorFlow: FPE in TensorListSplit (XLA) remote DoS	tensorflow	7.5
HIGH	CVE-2023-25672	TensorFlow: NPE in LookupTableImportV2 causes DoS	tensorflow	7.5
HIGH	CVE-2023-25671	TensorFlow: OOB write DoS via integer type mismatch	tensorflow	7.5
HIGH	CVE-2023-25670	TensorFlow: null ptr DoS in quantized MKL MatMul	tensorflow	7.5
HIGH	CVE-2023-25669	TensorFlow: DoS via AvgPoolGrad invalid stride params	tensorflow	7.5
HIGH	CVE-2023-25667	TensorFlow: integer overflow DoS in video frame decoding	tensorflow	7.5
HIGH	CVE-2023-25666	TensorFlow: FPE in AudioSpectrogram causes DoS	tensorflow	7.5
HIGH	CVE-2023-25665	TensorFlow: null ptr deref DoS via sparse tensors	tensorflow	7.5
HIGH	CVE-2023-25663	TensorFlow: null ptr deref crashes inference serving	tensorflow	7.5
HIGH	CVE-2023-25662	TensorFlow: integer overflow in EditDistance causes DoS	tensorflow	7.5
HIGH	CVE-2023-25660	TensorFlow: null ptr deref in Print op allows remote DoS	tensorflow	7.5
HIGH	CVE-2023-25659	TensorFlow: OOB read in DynamicStitch enables DoS	tensorflow	7.5
HIGH	CVE-2023-25658	TensorFlow: OOB read in GRUBlockCellGrad causes DoS	tensorflow	7.5
HIGH	CVE-2022-41911	TensorFlow: type confusion DoS via bool cast in tensors	tensorflow	7.5
HIGH	CVE-2022-41909	TensorFlow: remote DoS via malformed tensor input	tensorflow	7.5
HIGH	CVE-2022-41908	TensorFlow: DoS via invalid UTF-8 input to PyFunc op	tensorflow	7.5
HIGH	CVE-2022-41907	TensorFlow: integer overflow in ResizeNearestNeighborGrad → DoS	tensorflow	7.5
HIGH	CVE-2022-41901	TensorFlow: DoS via SparseMatrixNNZ CHECK assertion fail	tensorflow	7.5
HIGH	CVE-2022-41899	TensorFlow: SdcaOptimizer DoS via malformed tensor rank	tensorflow	7.5
HIGH	CVE-2022-41898	TensorFlow: DoS crash via empty SparseFillEmptyRowsGrad inputs	tensorflow	7.5
HIGH	CVE-2022-41897	TensorFlow: OOB read in FractionMaxPoolGrad causes DoS	tensorflow	7.5
HIGH	CVE-2022-41896	TensorFlow: DoS via oversized filterbank_channel_count	tensorflow	7.5
HIGH	CVE-2022-41895	TensorFlow: heap OOB in MirrorPadGrad causes DoS	tensorflow	7.5
HIGH	CVE-2022-41893	TensorFlow: DoS via TensorListResize malformed input	tensorflow	7.5
HIGH	CVE-2022-41891	TensorFlow: segfault DoS in TensorListConcat op	tensorflow	7.5
HIGH	CVE-2022-41890	TensorFlow: int32 overflow in BCast::ToShape causes DoS	tensorflow	7.5
HIGH	CVE-2022-41889	TensorFlow: NULL ptr deref DoS via quantized tensor input	tensorflow	7.5
HIGH	CVE-2022-41888	TensorFlow: GPU input validation DoS in bbox proposals	tensorflow	7.5
HIGH	CVE-2022-41887	TensorFlow: int32 overflow crashes Poisson loss function	tensorflow	7.5
HIGH	CVE-2022-41886	TensorFlow: integer overflow in image op causes DoS	tensorflow	7.5
HIGH	CVE-2022-41885	TensorFlow: FusedResizeAndPadConv2D overflow causes DoS	tensorflow	7.5
HIGH	CVE-2022-41884	TensorFlow: DoS via malformed numpy array shape	tensorflow	7.5
HIGH	CVE-2022-41883	TensorFlow: executor crash via malformed op inputs (DoS)	tensorflow	7.5
HIGH	CVE-2022-36027	TensorFlow: DoS crash in transposed conv quantization	tensorflow	7.5
HIGH	CVE-2022-36017	TensorFlow: DoS via malformed Requantize tensors	tensorflow	7.5
HIGH	CVE-2022-36016	TensorFlow: CHECK-fail assertion crashes model serving	tensorflow	7.5
HIGH	CVE-2022-36015	TensorFlow: integer overflow in RangeSize causes DoS	tensorflow	7.5
HIGH	CVE-2022-36014	TensorFlow: null ptr dereference in MLIR causes remote DoS	tensorflow	7.5
HIGH	CVE-2022-36013	TensorFlow MLIR: null ptr deref crashes model serving	tensorflow	7.5
HIGH	CVE-2022-36012	TensorFlow: DoS via empty MLIR function attributes	tensorflow	7.5
HIGH	CVE-2026-32887			7.4
HIGH	CVE-2025-65098	typebot: XSS enables session hijacking		7.4
HIGH	CVE-2026-44567	Open WebUI: auth bypass gives pending users full LLM access	open-webui	7.3
HIGH	CVE-2026-44566	Open WebUI: path traversal + file upload leads to RCE	open-webui	7.3
HIGH	CVE-2021-37655	TensorFlow: OOB heap read in ResourceScatterUpdate	tensorflow	7.3
HIGH	GHSA-w8hx-hqjv-vjcq	Paperclip: RCE via workspace runtime command injection	@paperclipai/server	7.3
HIGH	CVE-2026-44549	open-webui: XSS via XLSX preview enables session hijack	open-webui	7.3
HIGH	CVE-2026-6596	Langflow: unauthenticated file upload allows RCE	langflow-base	7.3
HIGH	CVE-2025-46722	vLLM: image hash collision enables multimodal cache leakage	vllm	7.3
HIGH	CVE-2025-64104	langgraph-checkpoint-sqlite: SQL Injection exposes database	langgraph-checkpoint-sqlite	7.3
HIGH	CVE-2025-64496	open-webui: Code Injection enables RCE	open-webui	7.3
HIGH	CVE-2025-8709	langgraph-checkpoint-sqlite: SQL Injection exposes database	langgraph-checkpoint-sqlite	7.3
HIGH	CVE-2026-44721	open-webui: XSS in model descriptions steals session tokens	open-webui	7.3
HIGH	CVE-2025-67644	langgraph-checkpoint-sqlite: SQL Injection exposes database	langgraph-checkpoint-sqlite	7.3
HIGH	CVE-2026-40114	PraisonAI: unauthenticated SSRF via unvalidated webhook_url	PraisonAI	7.2
HIGH	CVE-2025-12973	AI component: Arbitrary File Upload enables RCE		7.2
HIGH	CVE-2025-7725	WP Contest Gallery: Stored XSS exposes OpenAI API creds		7.2
HIGH	CVE-2026-21893	n8n: Input Validation flaw enables exploitation	n8n	7.2
HIGH	CVE-2025-68478	langflow: File Control enables path manipulation	langflow	7.1
HIGH	CVE-2021-37682	TFLite: uninitialized quant params corrupt inference	tensorflow	7.1
HIGH	CVE-2026-35397	Jupyter Server: path traversal leaks sibling directories	jupyter-server	7.1
HIGH	CVE-2021-29560	TensorFlow: heap OOB in RaggedTensorToTensor op	tensorflow	7.1
HIGH	CVE-2021-41211	TensorFlow: heap OOB read in QuantizeV2 shape inference	tensorflow	7.1
HIGH	CVE-2021-29559	TensorFlow: heap OOB read in UnicodeEncode leaks memory	tensorflow	7.1
HIGH	CVE-2021-29613	TensorFlow: CTCLoss heap OOB read, info leak + crash	tensorflow	7.1
HIGH	CVE-2022-29208	TensorFlow: OOB write in EditDistance enables local DoS	tensorflow	7.1
HIGH	CVE-2025-6242	vLLM: SSRF in media loader exposes internal network	vllm	7.1
HIGH	CVE-2021-29590	TensorFlow TFLite: OOB read via empty tensor in Min/Max ops	tensorflow	7.1
HIGH	CVE-2021-29532	TensorFlow: heap OOB read via RaggedCross op	tensorflow	7.1
HIGH	GHSA-rh7v-6w34-w2rr	Flowise: MIME bypass enables persistent Node.js web shell RCE	flowise	7.1
HIGH	GHSA-xhmj-rg95-44hv	Flowise: SSRF bypass exposes cloud IAM credentials	flowise-components	7.1
HIGH	CVE-2021-29582	TensorFlow: OOB heap read via Dequantize shape mismatch	tensorflow	7.1
HIGH	GHSA-2x8m-83vc-6wv4	Flowise: SSRF bypass exposes internal services	flowise-components	7.1
HIGH	CVE-2021-37643	TensorFlow: null deref in MatrixDiagPartOp, DoS risk	tensorflow	7.1
HIGH	GHSA-6r77-hqx7-7vw8	FlowiseAI: SSRF via prompt injection in API Chain	flowise-components	7.1
HIGH	GHSA-q56x-g2fj-4rj6	onnx: TOCTOU symlink following enables arbitrary file write	onnx	7.1
HIGH	CVE-2021-29570	TensorFlow: OOB read in MaxPoolGradWithArgmax op	tensorflow	7.1
HIGH	CVE-2021-29569	TensorFlow: OOB heap read in MaxPoolGradWithArgmax op	tensorflow	7.1
HIGH	CVE-2021-29601	TensorFlow Lite: integer overflow in model concatenation	tensorflow	7.1
HIGH	CVE-2021-41210	TensorFlow: heap OOB read in SparseCountSparseOutput	tensorflow	7.1
HIGH	CVE-2025-1473	MLflow: CSRF in signup allows rogue account creation	mlflow	7.1
HIGH	CVE-2021-29553	TensorFlow: heap OOB read via malicious axis in quant op	tensorflow	7.1
HIGH	CVE-2026-39308	PraisonAI: recipe registry path traversal file write	PraisonAI	7.1
HIGH	CVE-2020-15193	TensorFlow: uninitialized memory corruption via dlpack	tensorflow	7.1
HIGH	CVE-2021-41224	TensorFlow: heap OOB read in SparseFillEmptyRows op	tensorflow	7.1
HIGH	CVE-2021-41226	TensorFlow: heap OOB in SparseBinCount, crash/disclosure	tensorflow	7.1
HIGH	CVE-2025-5018	Hive Support WP: OpenAI key theft + prompt hijack		7.1
HIGH	CVE-2024-12911	llama-index: SQLi+DoS via prompt injection in query engine	llamaindex	7.1
HIGH	CVE-2026-44556	open-webui: auth bypass allows unrestricted model access	open-webui	7.1
HIGH	CVE-2026-24779	vllm: SSRF allows internal network access	vllm	7.1
HIGH	CVE-2026-28788	Open WebUI: BOLA enables RAG poisoning via file overwrite	open-webui	7.1
HIGH	CVE-2026-41272	Flowise: SSRF bypass via DNS rebinding exposes internal networks	flowise	7.1
HIGH	CVE-2021-41212	TensorFlow: heap OOB read in ragged.cross shape inference	tensorflow	7.1
MEDIUM	CVE-2024-7035	Open WebUI: CSRF wipes RAG DB and AI memories via GET	open-webui	6.9
MEDIUM	CVE-2025-53621	DSpace: XXE injection enables server file disclosure		6.9
MEDIUM	CVE-2025-51471	Ollama: auth token hijack via crafted WWW-Authenticate	ollama	6.9
MEDIUM	GHSA-pgx6-7jcq-2qff			6.8
MEDIUM	CVE-2024-7044	Open WebUI: Stored XSS via file upload, session hijack	open-webui	6.8
MEDIUM	CVE-2026-43901	wireshark-mcp: path traversal enables arbitrary file write via MCP		6.8
MEDIUM	CVE-2025-51481	Dagster: path traversal exposes arbitrary file read via gRPC		6.6
MEDIUM	CVE-2021-37690	TensorFlow: use-after-free crashes training processes	tensorflow	6.6
MEDIUM	CVE-2026-27794	langgraph-checkpoint: Deserialization enables RCE	langgraph-checkpoint	6.6
MEDIUM	CVE-2024-28224	Ollama: DNS rebinding exposes LLM API to remote access	ollama	6.6
MEDIUM	CVE-2025-44779	Ollama: arbitrary file deletion via /api/pull	ollama	6.6
MEDIUM	CVE-2026-30886	AI component: IDOR enables unauthorized data access		6.5
MEDIUM	CVE-2025-62426	vllm: Resource Exhaustion enables DoS	vllm	6.5
MEDIUM	GHSA-vrqm-gvq7-rrwh			6.5
MEDIUM	CVE-2026-32889			6.5
MEDIUM	CVE-2025-62372	vllm: security flaw enables exploitation	vllm	6.5
MEDIUM	CVE-2025-14980	BetterDocs: Info Disclosure leaks sensitive data		6.5
MEDIUM	CVE-2026-21894	n8n: security flaw enables exploitation	n8n	6.5
MEDIUM	CVE-2025-68477	langflow: SSRF allows internal network access	langflow	6.5
MEDIUM	CVE-2025-13922	AI component: SQL Injection exposes database		6.5
MEDIUM	CVE-2025-13359	taxopress: SQL Injection exposes database		6.5
MEDIUM	CVE-2025-61620	vllm: DoS via Jinja template injection in chat API	vllm	6.5
MEDIUM	CVE-2025-55556	TensorFlow: non-deterministic compilation breaks Embedding	tensorflow	6.5
MEDIUM	CVE-2025-57749	n8n: symlink traversal enables arbitrary file read/write	n8n	6.5
MEDIUM	CVE-2025-7780	WordPress AI Engine: SSRF leaks files via OpenAI API		6.5
MEDIUM	CVE-2025-5472	llama-index: JSONReader DoS via recursive JSON parsing	llama-index-core	6.5
MEDIUM	CVE-2025-48887	vLLM: ReDoS in tool parser causes service outage	vllm	6.5
MEDIUM	CVE-2025-48944	vLLM: input validation DoS crashes inference worker	vllm	6.5
MEDIUM	CVE-2025-48943	vLLM: ReDoS crashes inference server via malformed regex	vllm	6.5
MEDIUM	CVE-2025-48942	vLLM: DoS via malformed JSON schema guided param	vllm	6.5
MEDIUM	CVE-2024-6581	Lollms: SVG upload XSS enables session hijack and RCE	lollms	6.5
MEDIUM	CVE-2025-1194	transformers: ReDoS in GPT-NeoX Japanese tokenizer	transformers	6.5
MEDIUM	GHSA-hf3c-wxg2-49q9	vLLM: DoS via unbounded XGrammar schema cache	vllm	6.5
MEDIUM	CVE-2025-32381	xgrammar: unbounded grammar cache causes LLM server DoS	xgrammar	6.5
MEDIUM	CVE-2024-7034	open-webui: path traversal allows arbitrary file write/RCE	open-webui	6.5
MEDIUM	CVE-2024-7033	open-webui: path traversal allows file write and RCE	open-webui	6.5
MEDIUM	CVE-2025-29770	vLLM: DoS via unbounded grammar cache exhausts disk	vllm	6.5
MEDIUM	CVE-2024-13698	Jobify WP: missing authz allows OpenAI key abuse, SSRF		6.5
MEDIUM	CVE-2024-51751	Gradio: path traversal exposes arbitrary server files	gradio	6.5
MEDIUM	CVE-2024-48052	Gradio: SSRF in DownloadButton exposes internal resources	gradio	6.5
MEDIUM	CVE-2024-47164	Gradio: path traversal bypasses directory access controls	gradio	6.5
MEDIUM	CVE-2024-7037	open-webui: path traversal → arbitrary file write/RCE	open-webui	6.5
MEDIUM	CVE-2024-7041	open-webui: IDOR enables cross-user memory tampering	open-webui	6.5
MEDIUM	CVE-2024-9277	Langflow: ReDoS crashes LLM workflow backend via HTTP POST	langflow	6.5
MEDIUM	CVE-2024-42474	Streamlit: path traversal leaks Windows NTLM hash	streamlit	6.5
MEDIUM	CVE-2024-2206	Gradio: SSRF exposes internal HuggingFace endpoints	gradio	6.5
MEDIUM	CVE-2023-27562	n8n: path traversal allows arbitrary file read	n8n	6.5
MEDIUM	CVE-2023-25661	TensorFlow: DoS via malformed Convolution3D input	tensorflow	6.5
MEDIUM	CVE-2022-36551	Label Studio: SSRF + file read, self-reg bypass	label-studio	6.5
MEDIUM	CVE-2022-35918	Streamlit: path traversal leaks server filesystem	streamlit	6.5
MEDIUM	CVE-2022-23595	TensorFlow XLA: null pointer dereference causes DoS	tensorflow	6.5
MEDIUM	CVE-2022-23585	TensorFlow: memory leak in PNG decode causes DoS	tensorflow	6.5
MEDIUM	CVE-2022-23584	TensorFlow: use-after-free in PNG decode causes DoS	tensorflow	6.5
MEDIUM	CVE-2022-23582	TensorFlow: SavedModel CHECK-fail causes DoS	tensorflow	6.5
MEDIUM	CVE-2022-23581	TensorFlow: DoS via Grappler optimizer CHECK failure	tensorflow	6.5
MEDIUM	CVE-2022-23580	TensorFlow: uncontrolled allocation DoS in shape inference	tensorflow	6.5
MEDIUM	CVE-2022-23577	TensorFlow: null pointer deref crashes model loader	tensorflow	6.5
MEDIUM	CVE-2022-23576	TensorFlow: integer overflow in cost estimator causes DoS	tensorflow	6.5
MEDIUM	CVE-2022-23575	TensorFlow: integer overflow in cost estimator → DoS	tensorflow	6.5
MEDIUM	CVE-2022-23572	TensorFlow: DoS via shape inference assertion failure	tensorflow	6.5
MEDIUM	CVE-2022-23571	TensorFlow: protobuf assertion DoS via invalid tensor dtype	tensorflow	6.5
MEDIUM	CVE-2022-23570	TensorFlow: null-deref DoS via malformed protobuf tensor	tensorflow	6.5
MEDIUM	CVE-2022-23564	TensorFlow: DoS via reachable assertion in protobuf decode	tensorflow	6.5
MEDIUM	CVE-2022-23557	TensorFlow TFLite: DoS via divide-by-zero in BiasAndClamp	tensorflow	6.5
MEDIUM	CVE-2022-21741	TensorFlow Lite: DoS via crafted depthwise conv model	tensorflow	6.5
MEDIUM	CVE-2022-21739	TensorFlow: QuantizedMaxPool null ptr deref causes DoS	tensorflow	6.5
MEDIUM	CVE-2022-21738	TensorFlow: integer overflow crashes process via sparse op	tensorflow	6.5
MEDIUM	CVE-2022-21737	TensorFlow: DoS via malformed Bincount arguments	tensorflow	6.5
MEDIUM	CVE-2022-23569	TensorFlow: DoS via reachable assertions in ML ops	tensorflow	6.5
MEDIUM	CVE-2022-21735	TensorFlow: DoS via FractionalMaxPool div-by-zero	tensorflow	6.5
MEDIUM	CVE-2022-21734	TensorFlow: DoS via MapStage non-scalar key crash	tensorflow	6.5
MEDIUM	CVE-2022-21729	TensorFlow: UnravelIndex integer overflow → DoS	tensorflow	6.5
MEDIUM	CVE-2022-21725	TensorFlow: DoS via div-by-zero in conv cost estimator	tensorflow	6.5
MEDIUM	CVE-2022-23568	TensorFlow: integer overflow DoS in sparse tensor ops	tensorflow	6.5
MEDIUM	CVE-2022-23567	TensorFlow: integer overflow DoS in sparse tensor ops	tensorflow	6.5
MEDIUM	CVE-2022-21736	TensorFlow: NULL deref DoS via SparseTensorSliceDataset	tensorflow	6.5
MEDIUM	CVE-2022-21733	TensorFlow: StringNGrams integer overflow enables OOM DoS	tensorflow	6.5
MEDIUM	CVE-2022-21732	TensorFlow: ThreadPoolHandle DoS via memory exhaustion	tensorflow	6.5
MEDIUM	CVE-2022-21731	TensorFlow: ConcatV2 type confusion enables remote DoS	tensorflow	6.5
MEDIUM	CVE-2020-15210	TensorFlow Lite: memory corruption via aliased tensors	tensorflow	6.5
MEDIUM	CVE-2018-21233	TensorFlow: integer overflow leaks process memory via BMP	tensorflow	6.5
MEDIUM	CVE-2026-34755	vLLM: OOM DoS via unbounded video frame decoding	vllm	6.5
MEDIUM	CVE-2026-34756	vLLM: DoS via unbounded n parameter causes OOM crash	vllm	6.5
MEDIUM	CVE-2026-35492	kedro-datasets: path traversal enables arbitrary file write	kedro-datasets	6.5
MEDIUM	CVE-2025-26265	openairinterface5g: segfault enables DoS via crafted UE message	openairinterface5g	6.5
MEDIUM	GHSA-766v-q9x3-g744	praisonaiagents: agent context leak + path traversal	praisonaiagents	6.5
MEDIUM	GHSA-fv5p-p927-qmxr	langchain-text-splitters: SSRF bypass exposes cloud metadata	langchain-text-splitters	6.5
MEDIUM	CVE-2026-44560	open-webui: RAG auth bypass exposes private files	open-webui	6.5
MEDIUM	CVE-2026-44562	open-webui: missing authz enables model hijacking	open-webui	6.5
MEDIUM	CVE-2026-44223	vLLM: speculative decoding DoS via penalty params	vllm	6.5
MEDIUM	CVE-2026-44222	vLLM: token injection DoS via multimodal placeholders	vllm	6.5
MEDIUM	CVE-2026-6542	Langflow: IDOR exposes cross-tenant flow data and deletion	langflow	6.5
MEDIUM	CVE-2026-3345	Langflow: path traversal allows arbitrary file read	langflow	6.5
MEDIUM	CVE-2026-4502	Langflow: path traversal enables arbitrary file write	langflow	6.5
MEDIUM	CVE-2026-3340	IBM Langflow: SSRF enables internal network enumeration	langflow	6.5
MEDIUM	CVE-2026-41481	LangChain: SSRF redirect bypass exposes internal endpoints	langchain	6.5
MEDIUM	CVE-2026-39377	nbconvert: path traversal enables arbitrary file write	nbconvert	6.5
MEDIUM	CVE-2024-11896	WP Text Prompter: Stored XSS in OpenAI shortcode plugin		6.4
MEDIUM	CVE-2025-6716	Contest Gallery WP Plugin: Stored XSS in OpenAI integration		6.4
MEDIUM	CVE-2024-53526	Composio: command injection in AI agent tool calls		6.4
MEDIUM	CVE-2026-3346	Langflow Desktop: stored XSS enables credential theft	langflow	6.4
MEDIUM	CVE-2026-7844	Langchain-Chatchat: auth bypass on file service endpoints		6.3
MEDIUM	CVE-2026-4963	smolagents: code injection via incomplete sandbox fix	smolagents	6.3
MEDIUM	CVE-2026-5530	Ollama: SSRF in Model Pull API enables network pivot		6.3
MEDIUM	CVE-2026-5803	openai-realtime-ui: SSRF in API proxy endpoint		6.3
MEDIUM	CVE-2024-31462	stable-diffusion-webui: path traversal file write		6.3
MEDIUM	CVE-2026-6599	Langflow: MCP config injection via X-Forwarded-For header	langflow	6.3
MEDIUM	CVE-2025-67743	local-deep-research: SSRF allows internal network access		6.3
MEDIUM	CVE-2020-15197	TensorFlow: DoS via malformed sparse tensor input	tensorflow	6.3
MEDIUM	CVE-2026-7687	Langflow: command injection in code parser enables RCE	langflow	6.3
MEDIUM	CVE-2026-7700	Langflow: eval() code injection → remote code execution	langflow	6.3
MEDIUM	CVE-2026-42045	LobeChat: XSS-to-RCE via exposed Electron IPC	@lobehub/lobehub	6.2
MEDIUM	CVE-2026-40115	PraisonAI: unbounded body read enables local DoS	PraisonAI	6.2
MEDIUM	GHSA-564p-rx2q-4c8v	BentoML: open redirect exposes ML teams to phishing	bentoml	6.1
MEDIUM	CVE-2026-44897	mistune: XSS via unescaped heading id= attribute	mistune	6.1
MEDIUM	CVE-2024-36423	Flowise: reflected XSS in chatflow API enables session hijack	flowise	6.1
MEDIUM	CVE-2024-4940	Gradio: open redirect enables phishing against ML users	gradio	6.1
MEDIUM	CVE-2024-8021	Gradio: open redirect exposes AI demo users to phishing	gradio	6.1
MEDIUM	CVE-2023-27494	Streamlit: reflected XSS enables session hijacking	streamlit	6.1
MEDIUM	CVE-2021-28796	Qiita::Markdown: XSS in transformer components		6.1
MEDIUM	CVE-2023-6568	MLflow: reflected XSS via Content-Type header injection	mlflow	6.1
MEDIUM	CVE-2026-44708	mistune: math plugin XSS bypasses escape=True control	mistune	6.1
MEDIUM	CVE-2025-25296	Label Studio: reflected XSS via label_config param	label-studio	6.1
MEDIUM	GHSA-qq9g-96v4-m3cj			6.1
MEDIUM	CVE-2024-37146	Flowise: reflected XSS enables credential theft	flowise	6.1
MEDIUM	CVE-2024-37145	Flowise: reflected XSS enables file read chain via chatflow	flowise	6.1
MEDIUM	CVE-2024-36422	Flowise: reflected XSS enables session hijack and file read	flowise	6.1
MEDIUM	CVE-2026-1778	sagemaker: security flaw enables exploitation	sagemaker	5.9
MEDIUM	CVE-2024-12910	llama-index: DoS via infinite recursion in web reader	llama-index	5.9
MEDIUM	CVE-2020-15200	TensorFlow: heap overflow in RaggedCountSparseOutput DoS	tensorflow	5.9
MEDIUM	CVE-2026-29772			5.9
MEDIUM	CVE-2026-27482	ray: Missing Auth allows unauthenticated access	ray	5.9
MEDIUM	CVE-2026-34052	ltiauthenticator: OAuth nonce leak causes server DoS		5.9
MEDIUM	CVE-2020-15199	TensorFlow: DoS via malformed ragged tensor input	tensorflow	5.9
MEDIUM	CVE-2026-27167	gradio: Weak Credentials allow account compromise	gradio	5.9
MEDIUM	CVE-2024-1455	LangChain: Billion Laughs XML expansion causes DoS	langchain	5.9
MEDIUM	CVE-2020-15209	TensorFlow Lite: null ptr deref crashes model inference	tensorflow	5.9
MEDIUM	CVE-2025-52967	MLflow: unauthenticated SSRF in gateway proxy	mlflow	5.8
MEDIUM	CVE-2026-7669	SGLang: deserialization in tokenizer loader enables RCE	sglang	5.6
MEDIUM	GHSA-2qqc-p94c-hxwh	Flowise: hardcoded session secret enables auth bypass	flowise	5.6
MEDIUM	CVE-2026-7141	vllm: uninitialized KV cache memory leaks inference data	vllm	5.6
MEDIUM	GHSA-m7mq-85xj-9x33	Flowise: hardcoded default key enables JWT token forgery	flowise	5.6
MEDIUM	CVE-2026-7020	Ollama: path traversal in tensor model transfer handler	ollama	5.6
MEDIUM	CVE-2026-6011	OpenClaw: SSRF via web-fetch enables internal network pivot	openclaw	5.6
MEDIUM	CVE-2026-40190	langsmith: prototype pollution enables auth bypass, RCE	langsmith	5.6
MEDIUM	GHSA-cc4f-hjpj-g9p8	Flowise: hardcoded JWT defaults enable full auth bypass	flowise	5.6
MEDIUM	CVE-2022-29206	TensorFlow: SparseTensorDenseAdd null ptr deref DoS	tensorflow	5.5
MEDIUM	CVE-2021-37668	TensorFlow: DoS via div-by-zero in UnravelIndex op	tensorflow	5.5
MEDIUM	CVE-2021-37636	TensorFlow: div-by-zero DoS in SparseDenseCwiseDiv op	tensorflow	5.5
MEDIUM	CVE-2022-29209	TensorFlow: CHECK macro type confusion causes DoS	tensorflow	5.5
MEDIUM	CVE-2022-29210	TensorFlow: heap OOB in TensorKey causes DoS	tensorflow	5.5
MEDIUM	CVE-2021-37640	TensorFlow: SparseReshape div-by-zero crashes ML pipelines	tensorflow	5.5
MEDIUM	CVE-2021-37642	TensorFlow: ResourceScatterDiv div-by-zero enables DoS	tensorflow	5.5
MEDIUM	CVE-2021-29581	TensorFlow: DoS via null buffer in CTCBeamSearchDecoder	tensorflow	5.5
MEDIUM	CVE-2021-29580	TensorFlow: DoS via empty tensor in FractionalMaxPoolGrad	tensorflow	5.5
MEDIUM	CVE-2021-37669	TensorFlow: integer conversion DoS in NonMaxSuppression ops	tensorflow	5.5
MEDIUM	CVE-2021-37653	TensorFlow: DoS via divide-by-zero in ResourceGather op	tensorflow	5.5
MEDIUM	CVE-2021-29575	TensorFlow: stack overflow DoS in ReverseSequence op	tensorflow	5.5
MEDIUM	CVE-2021-37637	TensorFlow: null ptr dereference in CompressElement (DoS)	tensorflow	5.5
MEDIUM	CVE-2021-29567	TensorFlow: DoS via SparseDenseCwiseMul OOB	tensorflow	5.5
MEDIUM	CVE-2021-29563	TensorFlow: DoS via RFFT empty matrix assertion crash	tensorflow	5.5
MEDIUM	CVE-2021-29561	TensorFlow: DoS via malformed LoadAndRemapMatrix input	tensorflow	5.5
MEDIUM	CVE-2021-37644	TensorFlow: DoS via negative TensorListReserve input	tensorflow	5.5
MEDIUM	CVE-2021-37649	TensorFlow: null ptr deref crashes inference via bad tensor	tensorflow	5.5
MEDIUM	CVE-2024-31584	PyTorch: OOB read in mobile model loader leaks memory	pytorch	5.5
MEDIUM	CVE-2021-29557	TensorFlow: FPE in SparseMatMul causes process DoS	tensorflow	5.5
MEDIUM	CVE-2021-29547	TensorFlow: OOB read DoS via empty tensor in QuantizedBatchNorm	tensorflow	5.5
MEDIUM	CVE-2021-29545	TensorFlow: heap OOB write in sparse tensor DoS	tensorflow	5.5
MEDIUM	CVE-2021-37647	TensorFlow: null deref in SparseTensor ops causes DoS	tensorflow	5.5
MEDIUM	CVE-2021-29539	TensorFlow: type confusion in ImmutableConst causes DoS	tensorflow	5.5
MEDIUM	CVE-2021-29538	TensorFlow: div-by-zero DoS in Conv2DBackpropFilter	tensorflow	5.5
MEDIUM	CVE-2021-37670	TensorFlow: heap OOB read in sorting ops	tensorflow	5.5
MEDIUM	CVE-2025-12343	ffmpeg: security flaw enables exploitation		5.5
MEDIUM	CVE-2021-29534	TensorFlow: DoS via CHECK-fail in SparseConcat op	tensorflow	5.5
MEDIUM	CVE-2021-29533	TensorFlow: DoS via empty image in DrawBoundingBoxes	tensorflow	5.5
MEDIUM	CVE-2021-29527	TensorFlow: divide-by-zero DoS in QuantizedConv2D	tensorflow	5.5
MEDIUM	CVE-2021-29526	TensorFlow: Conv2D divide-by-zero crashes ML workloads	tensorflow	5.5
MEDIUM	CVE-2021-37672	TensorFlow: heap OOB read in SdcaOptimizerV2	tensorflow	5.5
MEDIUM	CVE-2021-29524	TensorFlow: div-by-zero DoS in Conv2D backprop op	tensorflow	5.5
MEDIUM	CVE-2021-29523	TensorFlow: DoS via integer overflow in sparse ops	tensorflow	5.5
MEDIUM	CVE-2021-29605	TFLite: integer overflow DoS via crafted model file	tensorflow	5.5
MEDIUM	CVE-2021-29602	TensorFlow TFLite: DepthwiseConv division-by-zero DoS	tensorflow	5.5
MEDIUM	CVE-2021-37677	TensorFlow: DoS via invalid Dequantize axis argument	tensorflow	5.5
MEDIUM	CVE-2021-37683	TFLite: division by zero DoS in inference kernels	tensorflow	5.5
MEDIUM	CVE-2021-37660	TensorFlow: DoS via divide-by-zero in inplace ops	tensorflow	5.5
MEDIUM	CVE-2021-41204	TensorFlow: DoS via Grappler constant folding segfault	tensorflow	5.5
MEDIUM	CVE-2021-29611	TensorFlow: DoS via SparseReshape invalid tensor input	tensorflow	5.5
MEDIUM	CVE-2021-37680	TFLite: division by zero crashes fully connected layers	tensorflow	5.5
MEDIUM	CVE-2021-37675	TensorFlow: DoS via division by zero in conv ops	tensorflow	5.5
MEDIUM	CVE-2021-41215	TensorFlow: DeserializeSparse null deref causes DoS	tensorflow	5.5
MEDIUM	CVE-2021-37661	TensorFlow: integer sign conversion DoS in boosted trees	tensorflow	5.5
MEDIUM	CVE-2021-41202	TensorFlow tf.range: integer overflow in kernel causes DoS	tensorflow	5.5
MEDIUM	CVE-2021-29615	TensorFlow: uncontrolled recursion DoS in ParseAttrValue	tensorflow	5.5
MEDIUM	CVE-2021-41207	TensorFlow: ParallelConcat div-by-zero crashes ML process	tensorflow	5.5
MEDIUM	CVE-2021-37646	TensorFlow: StringNGrams integer overflow triggers DoS	tensorflow	5.5
MEDIUM	CVE-2021-29618	TensorFlow: DoS crash via tf.transpose complex+conjugate	tensorflow	5.5
MEDIUM	CVE-2021-29564	TensorFlow: null ptr deref DoS in EditDistance op	tensorflow	5.5
MEDIUM	CVE-2021-41209	TensorFlow: DoS via division-by-zero in conv ops	tensorflow	5.5
MEDIUM	CVE-2021-29543	TensorFlow: DoS via assertion fail in CTCGreedyDecoder	tensorflow	5.5
MEDIUM	CVE-2021-29584	TensorFlow: integer overflow DoS in SparseSplit op	tensorflow	5.5
MEDIUM	CVE-2021-41222	TensorFlow: SplitV negative arg segfault crashes process	tensorflow	5.5
MEDIUM	CVE-2021-29619	TensorFlow: DoS via invalid SparseCount op args	tensorflow	5.5
MEDIUM	CVE-2022-23594	TensorFlow MLIR: heap OOB via malicious SavedModel file	tensorflow	5.5
MEDIUM	CVE-2021-29573	TensorFlow: div-by-zero in MaxPoolGrad op causes DoS	tensorflow	5.5
MEDIUM	CVE-2021-29552	TensorFlow: DoS via empty num_segments tensor assertion	tensorflow	5.5
MEDIUM	CVE-2022-29194	TensorFlow: DoS via malformed DeleteSessionTensor input	tensorflow	5.5
MEDIUM	CVE-2022-29193	TensorFlow: DoS via TensorSummaryV2 input validation failure	tensorflow	5.5
MEDIUM	CVE-2021-29554	TensorFlow: divide-by-zero DoS in DenseCountSparseOutput	tensorflow	5.5
MEDIUM	CVE-2021-37645	TensorFlow: integer overflow in quantize grad causes DoS	tensorflow	5.5
MEDIUM	CVE-2022-29195	TensorFlow: StagePeek DoS via unvalidated index scalar	tensorflow	5.5
MEDIUM	CVE-2022-29196	TensorFlow: DoS via invalid Conv3D filter input	tensorflow	5.5
MEDIUM	CVE-2021-29572	TensorFlow: null ptr deref crashes SdcaOptimizer op	tensorflow	5.5
MEDIUM	CVE-2022-29197	TensorFlow: DoS via UnsortedSegmentJoin input validation	tensorflow	5.5
MEDIUM	CVE-2021-29541	TensorFlow: null ptr deref DoS in StringNGrams op	tensorflow	5.5
MEDIUM	CVE-2021-29551	TensorFlow: OOB read DoS in MatrixTriangularSolve kernel	tensorflow	5.5
MEDIUM	CVE-2021-29531	TensorFlow: DoS crash via empty tensor in PNG encoding	tensorflow	5.5
MEDIUM	CVE-2021-29550	TensorFlow: FractionalAvgPool DoS via divide-by-zero	tensorflow	5.5
MEDIUM	CVE-2022-29198	TensorFlow: DoS via sparse tensor input validation failure	tensorflow	5.5
MEDIUM	CVE-2021-29521	TensorFlow: DoS crash via negative sparse tensor shape	tensorflow	5.5
MEDIUM	CVE-2022-29200	TensorFlow: LSTMBlockCell DoS via invalid tensor rank	tensorflow	5.5
MEDIUM	CVE-2021-29528	TensorFlow: DoS via division-by-zero in QuantizedMul	tensorflow	5.5
MEDIUM	CVE-2022-29207	TensorFlow: null-ptr deref in eager mode causes DoS	tensorflow	5.5
MEDIUM	CVE-2022-29201	TensorFlow: QuantizedConv2D null deref crashes model server	tensorflow	5.5
MEDIUM	CVE-2022-29203	TensorFlow: DoS via SpaceToBatchND integer overflow	tensorflow	5.5
MEDIUM	CVE-2021-29565	TensorFlow: null ptr dereference crashes sparse ops	tensorflow	5.5
MEDIUM	CVE-2021-29556	TensorFlow: DoS via divide-by-zero in Reverse op	tensorflow	5.5
MEDIUM	CVE-2021-29555	TensorFlow: FusedBatchNorm divide-by-zero crashes ML jobs	tensorflow	5.5
MEDIUM	CVE-2021-29549	TensorFlow: divide-by-zero DoS in quantized batch norm op	tensorflow	5.5
MEDIUM	CVE-2022-29204	TensorFlow: DoS via UnsortedSegmentJoin input validation	tensorflow	5.5
MEDIUM	CVE-2021-29548	TensorFlow: DoS via division by zero in QuantizedBatchNorm	tensorflow	5.5
MEDIUM	CVE-2022-29205	TensorFlow: NULL deref DoS via compat.v1 ops	tensorflow	5.5
MEDIUM	CVE-2021-29517	TensorFlow: Conv3D div-by-zero crashes ML processes	tensorflow	5.5
MEDIUM	CVE-2021-29516	TensorFlow: null ptr deref crashes RaggedTensor ops	tensorflow	5.5
MEDIUM	CVE-2021-37684	TensorFlow TFLite: DoS via division by zero in pooling	tensorflow	5.5
MEDIUM	CVE-2021-37685	TensorFlow Lite: OOB read leaks heap memory in expand_dims	tensorflow	5.5
MEDIUM	CVE-2021-41196	TensorFlow: integer underflow crashes Keras pooling layers	tensorflow	5.5
MEDIUM	CVE-2021-41197	TensorFlow: integer overflow in tensor dims causes DoS	tensorflow	5.5
MEDIUM	CVE-2021-37689	TensorFlow Lite: MLIR null ptr deref crashes inference	tensorflow	5.5
MEDIUM	CVE-2021-41198	TensorFlow: tf.tile integer overflow crashes ML process	tensorflow	5.5
MEDIUM	CVE-2021-41199	TensorFlow: tf.image.resize integer overflow DoS	tensorflow	5.5
MEDIUM	CVE-2024-47165	Gradio: CORS null origin bypass leaks auth tokens	gradio	5.4
MEDIUM	CVE-2025-46343	n8n: stored XSS enables account takeover	n8n	5.4
MEDIUM	CVE-2024-47872	Gradio: stored XSS via malicious file upload	gradio	5.4
MEDIUM	CVE-2026-34753	vLLM: SSRF in batch API exposes cloud metadata endpoints	vllm	5.4
MEDIUM	CVE-2025-11844	smolagents: security flaw enables exploitation	smolagents	5.4
MEDIUM	CVE-2026-40112	PraisonAI: XSS via no-op HTML sanitizer in agent output	praisonai	5.4
MEDIUM	CVE-2024-3099	MLflow: URL encoding bypass enables model poisoning	mlflow	5.4
MEDIUM	CVE-2025-58177	n8n: stored XSS in LangChain chat trigger (public)	n8n	5.4
MEDIUM	CVE-2026-44558	open-webui: permission bypass exposes channels publicly	open-webui	5.4
MEDIUM	CVE-2026-44563	open-webui: auth bypass exposes restricted LLM models	open-webui	5.4
MEDIUM	CVE-2026-44564	open-webui: auth bypass in collaborative doc editing	open-webui	5.4
MEDIUM	CVE-2026-44561	open-webui: auth bypass exposes private group channels	open-webui	5.4
MEDIUM	CVE-2024-4263	MLflow: broken access control allows artifact deletion	mlflow	5.4
MEDIUM	CVE-2025-49592	n8n: open redirect enables phishing via login flow	n8n	5.4
MEDIUM	CVE-2023-1651	AI ChatBot WP: auth bypass exposes OpenAI config + XSS	wpbot	5.4
MEDIUM	CVE-2026-29070	open-webui: missing authz allows cross-KB file deletion	open-webui	5.4
MEDIUM	GHSA-q4fm-pjq6-m63g	n8n: Stored XSS in Form Trigger enables phishing	n8n	5.4
MEDIUM	GHSA-3c7f-5hgj-h279	n8n: Stored XSS in Chat Trigger via CSS injection	n8n	5.4
MEDIUM	GHSA-364x-8g5j-x2pr	n8n: stored XSS via malicious OAuth2 Authorization URL	n8n	5.4
MEDIUM	CVE-2025-45809	LiteLLM: SQL injection in key management API	litellm	5.4
MEDIUM	CVE-2026-27578	n8n: XSS enables session hijacking	n8n	5.4
MEDIUM	CVE-2026-25054	n8n: XSS enables session hijacking	n8n	5.4
MEDIUM	CVE-2020-15198	TensorFlow: heap OOB in SparseCountSparseOutput ops	tensorflow	5.4
MEDIUM	CVE-2026-40864	JupyterHub: CSRF bypass on spawn and share endpoints	jupyterhub	5.4
MEDIUM	CVE-2026-25640	pydantic-ai: Path Traversal enables file access	pydantic-ai-slim	5.4
MEDIUM	CVE-2026-25051	n8n: XSS enables session hijacking	n8n	5.4
MEDIUM	CVE-2025-52478	n8n: Stored XSS enables full account takeover	n8n	5.4
MEDIUM	CVE-2025-61914	n8n: XSS enables session hijacking	n8n	5.4
MEDIUM	CVE-2025-6208	llama-index-core: DoS causes service disruption	llama-index-core	5.3
MEDIUM	CVE-2026-33722	n8n: secrets vault bypass exposes credentials to low-priv users	n8n	5.3
MEDIUM	CVE-2023-48299	TorchServe: ZipSlip arbitrary file write via model upload	torchserve	5.3
MEDIUM	CVE-2024-4858	WP Testimonial Carousel: OpenAI API key hijack, no auth		5.3
MEDIUM	CVE-2024-6845	ChatGPT WP Plugin: OpenAI API key leak via unauth REST		5.3
MEDIUM	GHSA-26jh-r8g2-6fpr	Gradio: Dropdown validation bypass enables arbitrary input	gradio	5.3
MEDIUM	CVE-2024-47166	Gradio: path traversal leaks custom component source	gradio	5.3
MEDIUM	CVE-2020-15204	TensorFlow: null ptr deref DoS in eager mode ops	tensorflow	5.3
MEDIUM	CVE-2024-10940	langchain-core: file read via prompt template inputs	langchain-core	5.3
MEDIUM	CVE-2020-15194	TensorFlow: DoS via SparseFillEmptyRowsGrad assertion	tensorflow	5.3
MEDIUM	CVE-2024-12217	Gradio: NTFS ADS bypass exposes blocked file paths	gradio	5.3
MEDIUM	CVE-2020-15191	TensorFlow: null ptr deref in dlpack causes remote DoS	tensorflow	5.3
MEDIUM	CVE-2020-15190	TensorFlow: null ptr deref DoS via Switch op eager runtime	tensorflow	5.3
MEDIUM	CVE-2024-6838	MLflow: unconstrained input causes UI denial of service	mlflow	5.3
MEDIUM	CVE-2018-21030	Jupyter Notebook: XSS via missing CSP on served files	notebook	5.3
MEDIUM	CVE-2025-3263	Transformers: ReDoS in config loader causes serving DoS	transformers	5.3
MEDIUM	CVE-2025-3001	PyTorch: lstm_cell memory corruption, local code exec	pytorch	5.3
MEDIUM	CVE-2025-3933	Transformers: ReDoS in DonutProcessor causes DoS	transformers	5.3
MEDIUM	CVE-2025-5197	Transformers: ReDoS in TF-to-PyTorch weight converter	transformers	5.3
MEDIUM	CVE-2023-34094	ChuanhuChatGPT: config exposure leaks API keys	chuanhuchatgpt	5.3
MEDIUM	CVE-2025-6051	Transformers: ReDoS in EnglishNormalizer exhausts CPU	transformers	5.3
MEDIUM	CVE-2025-46149	PyTorch: reachable assertion in nn.Fold with inductor	pytorch	5.3
MEDIUM	CVE-2025-55554	PyTorch: integer overflow in nan_to_num causes DoS	pytorch	5.3
MEDIUM	GHSA-926x-3r5x-gfhw	LangChain: f-string template injection exposes object internals	langchain-core	5.3
MEDIUM	CVE-2026-40087	LangChain: template injection leaks object attributes	langchain-core	5.3
MEDIUM	CVE-2025-63390	anythingllm: Missing Auth allows unauthenticated access		5.3
MEDIUM	CVE-2026-40151	PraisonAI: unauthenticated agent config and system prompt disclosure	PraisonAI	5.3
MEDIUM	CVE-2026-40086	rembg: path traversal exposes arbitrary files via HTTP API	rembg	5.3
MEDIUM	CVE-2026-2589	Greenshift: Info Disclosure leaks sensitive data		5.3
MEDIUM	CVE-2025-68949	n8n: security flaw enables exploitation	n8n	5.3
MEDIUM	GHSA-6pcv-j4jx-m4vx	Flowise: unauthenticated SSO config exposes OAuth secrets	flowise	5.3
MEDIUM	CVE-2026-6608	FastChat: control flow flaw corrupts arena comparison	fschat	5.3
MEDIUM	CVE-2025-3108	llama-index: RCE via unsafe pickle deserialization	llama-index-core	5.0
MEDIUM	CVE-2026-44550	open-webui: mass assignment enables cross-user folder injection	open-webui	5.0
MEDIUM	CVE-2026-39411	LobeChat: auth bypass via forged XOR obfuscated header	@lobehub/lobehub	5.0
MEDIUM	CVE-2024-0451	wpbot: missing auth exposes OpenAI account files	wpbot	5.0
MEDIUM	CVE-2025-11972	AI component: SQL Injection exposes database		4.9
MEDIUM	CVE-2025-49595	n8n: DoS via empty filesystem URI in binary-data API	n8n	4.9
MEDIUM	CVE-2026-44568	open-webui: XSS in pending overlay enables session hijack	open-webui	4.8
MEDIUM	CVE-2023-41626	Gradio: arbitrary file upload via /upload endpoint	gradio	4.8
MEDIUM	CVE-2026-33751	n8n: LDAP injection enables auth bypass in workflows	n8n	4.8
MEDIUM	CVE-2020-15201	TensorFlow: heap overflow in ragged tensor ops	tensorflow	4.8
MEDIUM	CVE-2020-15211	TensorFlow Lite: heap OOB RW via flatbuffer tensor index	tensorflow	4.8
MEDIUM	CVE-2026-28415	gradio: Info Disclosure leaks sensitive data	gradio	4.7
MEDIUM	CVE-2026-33682	Streamlit: SSRF leaks NTLMv2 creds via UNC path	Streamlit	4.7
MEDIUM	CVE-2024-6985	lollms: path traversal allows arbitrary directory read	lollms	4.4
MEDIUM	GHSA-xgx4-2wgv-4jhm			4.4
MEDIUM	CVE-2024-47168	Gradio: monitoring endpoint bypass leaks app analytics	gradio	4.3
MEDIUM	CVE-2025-14371	AI component: Missing Auth allows unauthorized operations		4.3
MEDIUM	CVE-2020-15192	TensorFlow: memory leak in dlpack DoS via low-priv input	tensorflow	4.3
MEDIUM	CVE-2022-23578	TensorFlow: memory leak via invalid graph node	tensorflow	4.3
MEDIUM	CVE-2025-13354	taxopress: Missing Auth allows unauthorized operations		4.3
MEDIUM	CVE-2024-7046	Open WebUI: missing authz leaks admin credentials	open-webui	4.3
MEDIUM	CVE-2026-6598	Langflow: cleartext auth storage exposes API keys	langflow	4.3
MEDIUM	CVE-2025-60511	Moodle: IDOR enables unauthorized data access		4.3
MEDIUM	CVE-2026-28786	Open WebUI: path traversal leaks server filesystem path	open-webui	4.3
MEDIUM	CVE-2026-6393	BetterDocs: Auth bypass drains OpenAI API quota		4.3
MEDIUM	CVE-2025-31843	OpenAI WP Plugin: broken access control on AI settings		4.3
MEDIUM	CVE-2025-12360	Better: security flaw enables exploitation		4.3
MEDIUM	CVE-2026-44559	open-webui: private channel member list exposed to any user	open-webui	4.3
MEDIUM	CVE-2026-44557	open-webui: auth bypass exposes all knowledge base metadata	open-webui	4.3
MEDIUM	GHSA-j828-28rj-hfhp	vllm: ReDoS in inference endpoints enables DoS	vllm	4.3
MEDIUM	CVE-2025-52554	n8n: broken authz enables cross-user workflow termination	n8n	4.3
MEDIUM	CVE-2025-6854	Langchain-Chatchat: path traversal in file API exposes host FS	langchain-chatchat	4.3
MEDIUM	CVE-2024-7045	open-webui: missing authz exposes admin prompts	open-webui	4.3
MEDIUM	CVE-2025-12732	AI component: Info Disclosure leaks sensitive data		4.3
MEDIUM	CVE-2025-68492	chainlit: IDOR enables unauthorized data access	chainlit	4.2
MEDIUM	CVE-2026-33720	n8n: OAuth state forgery hijacks user credentials	n8n	4.2
MEDIUM	CVE-2024-2965	langchain-community: DoS via recursive sitemap loop	langchain	4.2
MEDIUM	GHSA-w673-8fjw-457c	n8n: stored XSS enables phishing via Form Node	n8n	4.1
MEDIUM	CVE-2026-27795	LangChain: SSRF allows internal network access		4.1
MEDIUM	CVE-2026-26019	langchain_community: SSRF allows internal network access	langchain_community	4.1
MEDIUM	CVE-2026-1163	lollms: sessions persist after password reset	lollms	4.1
MEDIUM	CVE-2024-31580	PyTorch: heap buffer overflow causes local DoS	pytorch	4.0
MEDIUM	CVE-2020-15213	TensorFlow Lite: OOM DoS via crafted segment sum model	tensorflow	4.0
LOW	CVE-2024-47869	Gradio: timing attack exposes analytics dashboard auth	gradio	3.7
LOW	CVE-2026-26013	langchain-core: SSRF allows internal network access	langchain_core	3.7
LOW	CVE-2025-5320	Gradio: CORS origin bypass in ML UI handler	gradio	3.7
LOW	CVE-2026-6600	Langflow: stored XSS in chat message editor	langflow	3.5
LOW	CVE-2024-6971	lollms: path traversal in RAG database functions	lollms	3.4
LOW	CVE-2020-26270	TensorFlow: DoS via zero-length input to LSTM/GRU on CUDA	tensorflow	3.3
LOW	CVE-2023-1176	MLflow: path traversal exposes arbitrary local files	mlflow	3.3
LOW	CVE-2024-4839	lollms-webui: CSRF allows unauthorized AI service install	lollms-webui	3.3
LOW	CVE-2026-41488	langchain-openai: SSRF via DNS rebinding in image token counter	langchain	3.1
LOW	CVE-2026-29071	Open WebUI: IDOR exposes AI memories and private files	open-webui	3.1
LOW	GHSA-r7w7-9xr2-qq2r	langchain-openai: SSRF DNS rebinding, blind network probe	langchain-openai	3.1
LOW	CVE-2026-6597	langflow: Plaintext credential storage via Flow API	langflow	2.7
LOW	CVE-2025-25183	vLLM: hash collision enables prefix cache poisoning	vllm	2.6
LOW	CVE-2026-7845	Langchain-Chatchat: weak image hash allows integrity bypass	langchain-chatchat	2.6
LOW	CVE-2026-7847	Langchain-Chatchat: predictable file IDs leak uploaded files	langchain-chatchat	2.6
LOW	CVE-2026-7846	Langchain-Chatchat: TOCTOU race allows silent file overwrite	langchain-chatchat	2.6
MEDIUM	GHSA-m7j5-r2p5-c39r	picklescan: Deserialization enables RCE	picklescan	—
HIGH	GHSA-2gvc-4f3c-2855	OpenClaw: auth bypass lets DM senders run room commands	openclaw	—
UNKNOWN	CVE-2018-10055	TensorFlow XLA: heap overflow via crafted config file	tensorflow	—
UNKNOWN	CVE-2018-7577	TensorFlow: Snappy memcpy overlap crash/mem disclosure	tensorflow	—
UNKNOWN	CVE-2019-9635	TensorFlow: NULL ptr deref DoS via malformed GIF input	tensorflow	—
UNKNOWN	CVE-2026-34046	Langflow: IDOR exposes flows and plaintext API keys	langflow	—
UNKNOWN	CVE-2026-0772	langflow: Deserialization enables RCE	langflow	—
UNKNOWN	CVE-2018-7575	TensorFlow: buffer overflow, potential RCE in 1.7.x	tensorflow	—
HIGH	CVE-2025-65106	langchain-core: security flaw enables exploitation	langchain-core	—
UNKNOWN	CVE-2024-12775	Dify: SSRF via custom tool URL enables credential theft		—
CRITICAL	CVE-2026-25481	langroid: Code Injection enables RCE		—
UNKNOWN	CVE-2026-44694	n8n-MCP: SSRF allows internal network access via webhook tools	n8n-mcp	—
UNKNOWN	CVE-2024-12065	LLaVA: path traversal allows arbitrary file read		—
UNKNOWN	CVE-2024-11037	gpt_academic: path traversal exposes LLM API keys	gpt_academic	—
UNKNOWN	CVE-2026-42203	LiteLLM: SSTI in prompt template endpoint enables RCE	litellm	—
HIGH	CVE-2026-44504	Aegra: cross-tenant IDOR hijacks user thread data	aegra-api	—
CRITICAL	CVE-2025-65015			—
HIGH	CVE-2026-44335	praisonaiagents: SSRF via URL parser confusion bypass	praisonaiagents	—
HIGH	GHSA-wccx-j62j-r448	fickling: Protection Bypass circumvents security controls	fickling	—
HIGH	CVE-2026-42557	JupyterLab: one-click RCE via notebook HTML cell output	notebook	—
HIGH	CVE-2026-33079	mistune: ReDoS exposes Jupyter/AI services to DoS	mistune	—
HIGH	GHSA-5r2p-pjr8-7fh7	sagemaker: Allowlist Bypass evades input filtering	sagemaker	—
UNKNOWN	CVE-2024-10707	ChuanhuChatGPT: path traversal exposes server files unauthed	chuanhuchatgpt	—
HIGH	CVE-2026-2472	google-cloud-aiplatform: XSS enables session hijacking		—
UNKNOWN	CVE-2024-10650	ChuanhuChatGPT: DoS via multipart payload exhaustion	chuanhuchatgpt	—
HIGH	CVE-2025-25295	Label Studio SDK: path traversal leaks server filesystem	label-studio-sdk	—
HIGH	CVE-2026-40110	Jupyter Server: CORS bypass via regex anchor omission	jupyter-server	—
HIGH	CVE-2026-23982			—
MEDIUM	CVE-2025-61669	jupyter-server: Open redirect enables credential phishing	jupyter-server	—
MEDIUM	GHSA-93rg-2xm5-2p9v	openclaw: auth bypass exposes Gateway bootstrap config	openclaw	—
HIGH	GHSA-r6xh-pqhr-v4xh	openclaw: MCP owner-context spoofing, privilege escalation	openclaw	—
MEDIUM	GHSA-2hh7-c75g-qj2r	openclaw: SSRF bypass via Zalo plugin photo URLs	openclaw	—
MEDIUM	GHSA-r48f-3986-4f9c	fickling: Allowlist Bypass evades input filtering	fickling	—
HIGH	CVE-2025-23205	nbgrader: Clickjacking exposes formgrader via IFrame		—
HIGH	CVE-2026-27622			—
UNKNOWN	CVE-2026-25083	GROWI: Missing Auth allows unauthorized operations		—
HIGH	CVE-2026-25048	xgrammar: security flaw enables exploitation	xgrammar	—
CRITICAL	GHSA-v38x-c887-992f	Flowise: prompt injection bypasses Python sandbox RCE	flowise-components	—
HIGH	GHSA-mr34-9552-qr95	openclaw: path traversal leaks files and NTLM credentials	openclaw	—
HIGH	CVE-2026-40171	Jupyter Notebook: stored XSS enables full account takeover	@jupyterlab/help-extension	—
MEDIUM	CVE-2026-33123			—
MEDIUM	GHSA-gfg9-5357-hv4c	openclaw: path traversal exposes host files via audio embed	openclaw	—
MEDIUM	GHSA-c28g-vh7m-fm7v	openclaw: auth bypass in owner command enforcement	openclaw	—
UNKNOWN	CVE-2026-42232	n8n: XML Node prototype pollution → RCE	n8n	—
UNKNOWN	CVE-2026-42231	n8n: prototype pollution → RCE via Git node SSH	n8n	—
UNKNOWN	CVE-2026-42235	n8n: stored XSS via MCP OAuth steals agent sessions	n8n	—
UNKNOWN	CVE-2026-42226	n8n: IDOR exposes cross-user API key exfiltration	n8n	—
UNKNOWN	CVE-2026-42236	n8n: unauthenticated MCP endpoint causes memory DoS	n8n	—
UNKNOWN	CVE-2026-42228	n8n: WebSocket auth bypass hijacks AI agent workflows	n8n	—
UNKNOWN	CVE-2026-42229	n8n: SQL injection in SeaTable node leaks restricted rows	n8n	—
UNKNOWN	CVE-2026-42230	n8n: MCP OAuth open redirect enables phishing	n8n	—
UNKNOWN	CVE-2026-42233	n8n: SQL injection in Oracle node allows data exfiltration	n8n	—
UNKNOWN	CVE-2026-42237	n8n: SQL injection in Snowflake/MySQL nodes bypasses fix	n8n	—
UNKNOWN	CVE-2026-42249	Ollama: path traversal + unsigned update = silent RCE	ollama	—
UNKNOWN	CVE-2024-4897	lollms-webui: RCE via malicious GGUF model loading		—
MEDIUM	GHSA-72q8-jcmc-97wx	openclaw: DM policy bypass via Feishu card-action callbacks	openclaw	—
LOW	GHSA-v8qf-fr4g-28p2	OpenClaw: auth scope bypass exposes assistant-media files	openclaw	—
LOW	GHSA-j4c5-89f5-f3pm	openclaw: SSRF policy bypass in CDP browser profile creation	openclaw	—
LOW	GHSA-c4qg-j8jg-42q5	openclaw: SSRF in QQBot media upload bypasses validation	openclaw	—
MEDIUM	GHSA-2xcp-x87w-q377	openclaw: session key auth bypass in webhook routing	openclaw	—
HIGH	GHSA-v4p8-mg3p-g94g	litellm: RCE via MCP test endpoints privilege bypass	litellm	—
CRITICAL	GHSA-xh72-v6v9-mwhc	OpenClaw: auth bypass enables unauthenticated command exec	openclaw	—
HIGH	CVE-2026-33143			—
CRITICAL	GHSA-r75f-5x8p-qvmc	litellm: SQLi exposes all managed LLM API credentials	litellm	—
HIGH	GHSA-xqmj-j6mv-4862	LiteLLM: RCE via unsandboxed prompt template rendering	litellm	—
UNKNOWN	CVE-2026-41274	Flowise: Cypher injection via GraphCypherQAChain node	flowise	—
HIGH	CVE-2026-33155	deepdiff: DoS causes service disruption		—
HIGH	CVE-2026-33228			—
UNKNOWN	CVE-2026-33401	Wallos: SSRF allows internal network access		—
LOW	CVE-2026-33624			—
UNKNOWN	CVE-2024-4254	Gradio: secrets exfiltration via unsafe fork PR workflow	gradio	—
UNKNOWN	CVE-2024-1561	Gradio: path traversal enables arbitrary file read	gradio	—
UNKNOWN	CVE-2026-30823	Flowise: IDOR enables account takeover and SSO bypass	flowise	—
UNKNOWN	CVE-2026-30822	Flowise: mass assignment allows unauthenticated DB injection	flowise	—
MEDIUM	CVE-2026-33866	MLflow: auth bypass exposes model artifacts across experiments	mlflow	—
MEDIUM	CVE-2026-33865	MLflow: stored XSS via MLmodel YAML artifact upload	mlflow	—
UNKNOWN	CVE-2024-1183	Gradio: SSRF enables internal network port scanning	gradio	—
UNKNOWN	CVE-2025-1975	Ollama: DoS via malicious manifest in /api/pull	ollama	—
UNKNOWN	CVE-2024-1729	Gradio: timing attack enables auth bypass on ML UIs	gradio	—
UNKNOWN	CVE-2024-10950	gpt_academic: RCE via unsandboxed prompt injection	gpt_academic	—
CRITICAL	CVE-2026-35615	PraisonAI: path traversal exposes full filesystem via agent tools	PraisonAI	—
MEDIUM	CVE-2025-54952	ExecuTorch: integer overflow enables RCE via model loading	executorch	—
UNKNOWN	CVE-2026-34940	KubeAI: RCE via shell injection in Ollama startup probe		—
MEDIUM	GHSA-9q7v-8mr7-g23p	OpenClaw: SSRF in marketplace fetch hits internal AI infra	openclaw	—
HIGH	CVE-2026-35175	Ajenti: missing authz lets any user install packages		—
CRITICAL	CVE-2025-34351	ray: security flaw enables exploitation	ray	—
MEDIUM	CVE-2026-33709	JupyterHub: open redirect enables post-login phishing		—
HIGH	CVE-2025-47783	Label Studio: XSS enables unauthorized actions via CSRF	label-studio	—
UNKNOWN	CVE-2024-1727	Gradio: CSRF enables disk exhaustion via file upload DoS	gradio	—
MEDIUM	CVE-2025-58446	xgrammar: DoS via oversized JSON schema grammar parsing	xgrammar	—
MEDIUM	GHSA-fh32-73r9-rgh5	OpenClaw: CDP host bypass exposes localhost browser state	openclaw	—
MEDIUM	GHSA-5hff-46vh-rxmw	OpenClaw: read-only scope bypass kills agent sessions	openclaw	—
MEDIUM	GHSA-4p4f-fc8q-84m3	openclaw: iOS bridge bypass enables unauthorized agent runs	openclaw	—
MEDIUM	GHSA-m34q-h93w-vg5x	openclaw: path traversal enables remote dir overwrite	openclaw	—
LOW	GHSA-fqrj-m88p-qf3v	OpenClaw: cross-account webhook event suppression	openclaw	—
MEDIUM	GHSA-h43v-27wg-5mf9	OpenClaw: pre-auth signature bypass enables pairing DoS	openclaw	—
MEDIUM	GHSA-vjx8-8p7h-82gr	openclaw: SSRF in marketplace plugin download	openclaw	—
MEDIUM	GHSA-h2v7-xc88-xx8c	openclaw: operator scope bypass in phone arm/disarm cmds	openclaw	—
CRITICAL	CVE-2025-62593	ray: Code Injection enables RCE	ray	—
MEDIUM	CVE-2026-39398	openclaw-claude-bridge: sandbox bypass exposes CLI tools	claude-code	—
HIGH	GHSA-69x8-hrgq-fjj8	LiteLLM: auth bypass chain enables full privilege escalation	litellm	—
UNKNOWN	CVE-2026-35029	LiteLLM: auth bypass allows RCE and full takeover	litellm	—
CRITICAL	GHSA-2679-6mx9-h9xc	Marimo: pre-auth RCE via terminal WebSocket	marimo	—
LOW	CVE-2025-65858			—
MEDIUM	GHSA-vr5g-mmx7-h897	OpenClaw: SSRF bypass via interaction-triggered navigation	openclaw	—
MEDIUM	GHSA-3fv3-6p2v-gxwj	openclaw: SSRF bypass in QQ Bot media fetch paths	openclaw	—
MEDIUM	CVE-2025-12058	Keras: safe_mode bypass enables file read and SSRF	keras	—
MEDIUM	GHSA-x783-xp3g-mqhp	PraisonAI: SQL injection via table_prefix exposes DB	PraisonAI	—
CRITICAL	CVE-2025-32428	jupyter-remote-desktop-proxy: VNC network exposure	jupyter-remote-desktop-proxy	—
UNKNOWN	CVE-2025-11203	LiteLLM: Info Disclosure leaks sensitive data		—
LOW	CVE-2025-50736	pdf2zh: security flaw enables exploitation		—
MEDIUM	CVE-2026-35657	openclaw: auth bypass exposes agent session history via HTTP	openclaw	—
MEDIUM	CVE-2025-68131			—
UNKNOWN	CVE-2025-0187	Gradio: DoS via oversized upload filename	gradio	—
MEDIUM	CVE-2026-35646	openclaw: webhook rate-limit bypass enables token brute-force	openclaw	—
MEDIUM	CVE-2026-35640	openclaw: unauthenticated webhook parsing enables DoS	openclaw	—
HIGH	CVE-2026-35629	openclaw: SSRF in channel extensions hits internal network	openclaw	—
MEDIUM	CVE-2026-21883			—
HIGH	CVE-2026-22033	label-studio: XSS enables session hijacking	label-studio	—
HIGH	GHSA-f6hc-c5jr-878p	Flowise: auth bypass enables account takeover via null token	flowise	—
HIGH	GHSA-28g4-38q8-3cwc	Flowise: Cypher injection allows full Neo4j DB wipe	flowise-components	—
HIGH	GHSA-6f7g-v4pp-r667	Flowise: OAuth token theft via unauthenticated endpoint	flowise	—
MEDIUM	GHSA-h8r8-wccr-v5f2	DOMPurify: mXSS bypass achieves XSS via parse-context switch		—
HIGH	CVE-2026-0897	keras: Resource Exhaustion enables DoS	keras	—
HIGH	CVE-2025-64439	langgraph-checkpoint: Deserialization enables RCE	langgraph-checkpoint	—
HIGH	GHSA-4jpm-cgx2-8h37	Flowise: unauth API exposes plaintext API keys and tokens	flowise	—
UNKNOWN	CVE-2025-15063	Ollama: Command Injection enables RCE		—
CRITICAL	GHSA-9wc7-mj3f-74xv	Flowise CSVAgent: RCE via Python code injection	flowise-components	—
UNKNOWN	CVE-2026-0768	langflow: Code Injection enables RCE	langflow	—
MEDIUM	GHSA-9hrv-gvrv-6gf2	Flowise: SSRF bypass enables cloud metadata access	flowise-components	—
MEDIUM	GHSA-qqvm-66q4-vf5c	Flowise: SSRF bypass enables cloud credential theft	flowise-components	—
MEDIUM	GHSA-w6v6-49gh-mc9w	Flowise: path traversal allows arbitrary file write via vector store	flowise-components	—
UNKNOWN	CVE-2026-2286	CrewAI: SSRF via unvalidated RAG tool URLs exposes internal services		—
MEDIUM	GHSA-68f8-9mhj-h2mp	OpenClaw: HTTP scope bypass enables model enumeration	openclaw	—
UNKNOWN	CVE-2026-33873	Langflow: server-side RCE via LLM-generated code exec	langflow	—
UNKNOWN	CVE-2026-0769	langflow: Code Injection enables RCE	langflow	—
UNKNOWN	CVE-2018-7576	TensorFlow: NPD in 1.6.x crashes ML runtime	tensorflow	—
HIGH	CVE-2026-0770	langflow: security flaw enables exploitation	langflow	—
UNKNOWN	CVE-2026-0771	langflow: Code Injection enables RCE	langflow	—
LOW	CVE-2025-63681	open-webui: Access Control bypass enables privilege escalation	open-webui	—