AI Security Threat Feed

vLLM is an inference and serving engine for large language models (LLMs). In versions from 0.6.4 to before 0.12.0, users can crash the vLLM engine serving multimodal models that use the Idefics3...

Fickling vulnerable to detection bypass due to "builtins" blindness

Fickling has Static Analysis Bypass via Incomplete Dangerous Module Blocklist

Fickling vulnerable to use of ctypes and pydoc gadget chain to bypass detection

Fickling Blocklist Bypass: cProfile.run()

Fickling has a bypass via runpy.run_path() and runpy.run_module()

vLLM introduced enhanced protection for CVE-2025-62164

picklescan has Arbitrary file read using `io.FileIO`

Anthropic's MCP TypeScript SDK versions up to and including 1.25.1 contain a regular expression denial of service (ReDoS) vulnerability in the UriTemplate class when processing RFC 6570 exploded...

Picklescan is vulnerable to RCE via missing detection when calling built-in python _operator.attrgetter

Picklescan is vulnerable to RCE via missing detection when calling built-in python _operator.methodcaller

Picklescan is vulnerable to RCE via missing detection when calling numpy.f2py.crackfortran.getlincoef

Picklescan is vulnerable to RCE through missing detection when calling numpy.f2py.crackfortran.myeval

Picklescan is vulnerable to RCE through missing detection when calling built-in python operator.methodcaller

Picklescan missing detection when calling numpy.f2py.crackfortran.getlincoef

Picklescan Bypasses Unsafe Globals Check using pty.spawn

Picklescan missing detection when calling pty.spawn

Picklescan has Incomplete List of Disallowed Inputs

Picklescan does not block ctypes

Picklescan vulnerable to Arbitrary File Writing

lmdeploy vulnerable to Arbitrary Code Execution via Insecure Deserialization in torch.load()

LangChain is a framework for building agents and LLM-powered applications. Prior to versions 0.3.81 and 1.2.5, a serialization injection vulnerability exists in LangChain's dumps() and dumpd()...

n8n is an open source workflow automation platform. Versions starting with 0.211.0 and prior to 1.120.4, 1.121.1, and 1.122.0 contain a critical Remote Code Execution (RCE) vulnerability in their...

Langflow is a tool for building and deploying AI-powered agents and workflows. Prior to version 1.7.0, if an arbitrary path is specified in the request body's `fs_path`, the server serializes the...

nbconvert has an uncontrolled search path that leads to unauthorized code execution on Windows

Fickling has Code Injection vulnerability via pty.spawn()

Fickling has missing detection for marshal.loads and types.FunctionType in unsafe modules list

LangGraph's SQLite is vulnerable to SQL injection via metadata filter key in SQLite checkpointer list method

NVIDIA Merlin Transformers4Rec for Linux contains a vulnerability in the Trainer component, where a user could cause a deserialization issue. A successful exploit of this vulnerability might lead to...

n8n is an open source workflow automation platform. Versions 0.123.1 through 1.119.1 do not have adequate protections to prevent RCE through the project's pre-commit hooks. The Add Config operation...

Langflow versions up to and including 1.6.9 contain a chained vulnerability that enables account takeover and remote code execution. An overly permissive CORS configuration (allow_origins='*' with...

Open WebUI vulnerable to Server-Side Request Forgery (SSRF) via Arbitrary URL Processing in /api/v1/retrieval/process/web

MCP Server Kubernetes is an MCP Server that can connect to a Kubernetes cluster and manage it. Prior to 2.9.8, there is a security issue exists in the exec_in_pod tool of the mcp-server-kubernetes...

vLLM is an inference and serving engine for large language models (LLMs). Prior to 0.11.1, vllm has a critical remote code execution vector in a config class named Nemotron_Nano_VL_Config. When vllm...

LangChain is a framework for building agents and LLM-powered applications. From versions 0.3.79 and prior and 1.0.0 to 1.0.6, a template injection vulnerability exists in LangChain's prompt template...

MLX is an array framework for machine learning on Apple silicon. Prior to version 0.29.4, there is a segmentation fault in mlx::core::load_gguf() when loading malicious GGUF files. Untrusted pointer...

The S2B AI Assistant – ChatBot, ChatGPT, OpenAI, Content & Image Generator plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the storeFile() function...

vLLM is an inference and serving engine for large language models (LLMs). From versions 0.10.2 to before 0.11.1, a memory corruption vulnerability could lead to a crash (denial-of-service) and...

Open WebUI Affected by an External Model Server (Direct Connections) Code Injection via SSE Events

Open WebUI vulnerable to Stored DOM XSS via prompts when 'Insert Prompt as Rich Text' is enabled resulting in ATO/RCE

LangGraph Checkpoint affected by RCE in "json" mode of JsonPlusSerializer

n8n is an open source workflow automation platform. Prior to 1.113.0, a remote code execution vulnerability exists in the Git Node component available in both Cloud and Self-Hosted versions of n8n....

LangGraph SQLite Checkpoint Filter Key SQL Injection POC for SqliteStore

A SQL injection vulnerability exists in the langchain-ai/langchain repository, specifically in the LangGraph's SQLite store implementation. The affected version is langgraph-checkpoint-sqlite 2.0.10....

llama-index has Insecure Temporary File

A Server-Side Request Forgery (SSRF) vulnerability exists in the MediaConnector class within the vLLM project's multimodal feature set. The load_from_url and load_from_url_async methods fetch and...

LLaMA-Factory is a tuning library for large language models. Prior to version 0.9.4, a Server-Side Request Forgery (SSRF) vulnerability in the chat API allows any authenticated user to force the...

vLLM is an inference and serving engine for large language models (LLMs). Before version 0.11.0rc2, the API key support in vLLM performs validation using a method that was vulnerable to a timing...

The HTMLSectionSplitter class in langchain-text-splitters version 0.3.8 is vulnerable to XML External Entity (XXE) attacks due to unsafe XSLT parsing. This vulnerability arises because the class...

llama-index-core insecurely handles temporary files