AI Security Threat Feed

clearml is vulnerable to Path Traversal through its `safe_extract` function

TensorFlow v2.18.0 was discovered to output random results when compiling Embedding, leading to unexpected behavior in the application.

pytorch v2.8.0 was discovered to contain an integer overflow in the component torch.nan_to_num-.long().

PyTorch before 3.7.0 has a bernoulli_p decompose function in decompositions.py even though it lacks full consistency with the eager CPU implementation, negatively affecting nn.Dropout1d,...

In PyTorch before 2.7.0, bitwise_right_shift produces incorrect output for certain out-of-bounds values of the "other" argument.

In PyTorch before 2.7.0, when torch.compile is used, FractionalMaxPool2d has inconsistent results.

In PyTorch before 2.7.0, when inductor is used, nn.Fold has an assertion error.

In PyTorch through 2.6.0, when eager is used, nn.PairwiseDistance(p=2) produces incorrect results.

n8n is an open source workflow automation platform. From 1.24.0 to before 1.107.0, there is a stored cross-site scripting (XSS) vulnerability in @n8n/n8n-nodes-langchain.chatTrigger. An authorized...

A Regular Expression Denial of Service (ReDoS) vulnerability was discovered in the Hugging Face Transformers library, specifically within the `normalize_numbers()` method of the `EnglishNormalizer`...

xgrammar vulnerable to denial of service by huge enum grammar

Picklescan is missing detection when calling built-in python library asyncio.unix_events._UnixSubprocessTransport._start

Picklescan is missing detection when calling built-in python cProfile.run

Picklescan is missing detection when calling built-in python cProfile.runctx

Picklescan is missing detection when calling built-in python doctest.debug_script

Picklescan is missing detection when calling built-in python idlelib.pyshell.ModifiedInterpreter.runcode

Picklescan is missing detection when calling built-in python idlelib.pyshell.ModifiedInterpreter.runcommand

Picklescan is missing detection when calling built-in python idlelib.run.Executive.runcode

Picklescan is missing detection when calling built-in python lib2to3.pgen2.pgen.ParserGenerator.make_label

Picklescan is missing detection when calling built-in python ensurepip._run_pip

Picklescan is missing detection when calling pytorch function torch.utils.bottleneck.__main__.run_autograd_prof

Picklescan has a missing detection when calling built-in python library idlelib.calltip.get_entity

Picklescan has a missing detection when calling built-in python idlelib.calltip.Calltip

Picklescan has a missing detection when calling built-in python code.InteractiveInterpreter

Picklescan has a missing detection when calling built-in python idlelib.autocomplete.AutoComplete.fetch_completions

Picklescan has a missing detection when calling built-in python idlelib.autocomplete.AutoComplete.get_entity

Picklescan has a missing detection when calling built-in python idlelib.debugobj.ObjectTreeItem

Picklescan has a missing detection when calling built-in python lib2to3.pgen2.grammar.Grammar.loads

Picklescan has a missing detection when calling built-in python profile.Profile.runctx

Picklescan has a missing detection when calling built-in python profile.Profile.run

Picklescan has a missing detection when calling built-in python trace.Trace.runctx

Picklescan has a missing detection when calling built-in python trace.Trace.run

Picklescan missing detection when calling pytorch function torch.utils._config_module.load_config

Picklescan missing detection when calling pytorch function torch.jit.unsupported_tensor_ops.execWrapper

Picklescan missing detection when calling pytorch function torch.utils.data.datapipes.utils.decoder.basichandlers

Picklescan missing detection when calling pytorch function torch.utils.collect_env.run

Picklescan missing detection when calling pytorch function torch.fx.experimental.symbolic_shapes.ShapeEnv.evaluate_guards_expression

Picklescan missing detection when calling pytorch function torch._dynamo.guards.GuardBuilder.get

Picklescan missing detection when calling pytorch function torch.utils.bottleneck.__main__.run_cprofile

n8n is a workflow automation platform. Before 1.106.0, a symlink traversal vulnerability was discovered in the Read/Write File node in n8n. While the node attempts to restrict access to sensitive...

n8n is a workflow automation platform. From 1.77.0 to before 1.98.2, a stored Cross-Site Scripting (XSS) vulnerability was identified in n8n, specifically in the Form Trigger node's HTML form...

ExecuTorch integer overflow vulnerability leads to code execution

An issue in Ollama v0.1.33 allows attackers to delete arbitrary files via sending a crafted packet to the endpoint /api/pull.

A Regular Expression Denial of Service (ReDoS) vulnerability exists in the Hugging Face Transformers library, specifically in the `convert_tf_weight_name_to_pt_weight_name()` function. This function,...

MS SWIFT Deserialization RCE Vulnerability

OpenAI Codex CLI before 0.9.0 auto-approves ripgrep (aka rg) execution even with the --pre or --hostname-bin or --search-zip or -z flag.

The AI Engine plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.9.4. The simpleTranscribeAudio endpoint fails to restrict URL schemes before...

Cross-Domain Token Exposure in server.auth.getAuthorizationToken in Ollama 0.6.7 allows remote attackers to steal authentication tokens and bypass access controls via a malicious realm value in a...

Dagster Local File Inclusion vulnerability

DSpace open source software is a repository application which provides durable access to digital resources. Two related XML External Entity (XXE) injection possibilities impact all versions of DSpace...