AI Security Threat Feed

Supply Chain Model Poisoning Code Execution Framework Model

HIGH CVE-2025-14287

1 week ago

A command injection vulnerability exists in mlflow/mlflow versions before v3.7.0, specifically in the `mlflow/sagemaker/__init__.py` file at lines 161-167. The vulnerability arises from the direct...

CVSS 7.5 EPSS 0.1% mlflow Patch: 3.8.0rc0 CWE-94

HIGH CVE-2026-27826

CVSS 8.2 EPSS 0.1% mcp-atlassian Patch: 0.17.0 CWE-918

MCP Atlassian has SSRF via unvalidated X-Atlassian-Jira-Url / X-Atlassian-Confluence-Url headers

HIGH GHSA-5r2p-pjr8-7fh7

sagemaker Patch: 3.4.0 CWE-184

SageMaker Python SDK replaced eval() with safe parser in JumpStart search functionality

HIGH CVE-2026-25048

EPSS 0.1% xgrammar Patch: 0.1.32 CWE-674

xgrammar vulnerable to DoS via multi-layer nesting

HIGH GHSA-5hwf-rc88-82xm

fickling Patch: 0.1.9 CWE-184

Fickling missing RCE-capable modules in UNSAFE_IMPORTS

HIGH GHSA-wccx-j62j-r448

fickling Patch: 0.1.9 CWE-693

Fickling has `always_check_safety()` bypass: pickle.loads and _pickle.loads remain unhooked

HIGH GHSA-mxhj-88fx-4pcv

4 weeks ago

Fickling: OBJ opcode call invisibility bypasses all safety checks

fickling Patch: 0.1.8 CWE-436

HIGH CVE-2026-2033

Data Extraction Model Poisoning Code Execution Framework RAG Model

MLflow Tracking Server Artifact Handler Directory Traversal Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of...

CVSS 8.1 EPSS 9.2% mlflow Patch: 3.8.0rc0 CWE-22

HIGH GHSA-97f8-7cmv-76j2

picklescan Patch: 1.0.3 CWE-184

Picklescan (scan_pytorch) Bypass via dynamic eval MAGIC_NUMBER

HIGH CVE-2026-25580

CVSS 8.6 EPSS 0.0% pydantic-ai Patch: 1.56.0 CWE-918

Pydantic AI is a Python agent framework for building applications and workflows with Generative AI. From 0.0.26 to before 1.56.0, aServer-Side Request Forgery (SSRF) vulnerability exists in Pydantic...

HIGH CVE-2026-1777

CVSS 7.2 EPSS 0.0% sagemaker Patch: 3.2.0 CWE-201

SageMaker Python SDK has Exposed HMAC

HIGH GHSA-9m3x-qqw2-h32h

picklescan Patch: 1.0.1 CWE-502

picklescan missing detection by simple obfuscation of a `builtins.eval` call

HIGH CVE-2026-1117

CVSS 8.2 EPSS 0.1% lollms Patch: 2.1.0 CWE-284

Lollms has an Improper Access Control vulnerability

HIGH CVE-2025-10279

CVSS 7.0 EPSS 0.0% mlflow Patch: 3.4.0rc0 CWE-379

In mlflow version 2.20.3, the temporary directory used for creating Python virtual environments is assigned insecure world-writable permissions (0o777). This vulnerability allows an attacker with...

HIGH CVE-2026-22219

CVSS 7.7 EPSS 0.0% chainlit Patch: 2.9.4 CWE-918

Chainlit contain a server-side request forgery (SSRF) vulnerability

HIGH CVE-2026-0897

EPSS 0.0% keras Patch: 3.12.1 CWE-770

Google Keras Allocates Resources Without Limits or Throttling in the HDF5 weight loading component

HIGH CVE-2025-14279

CVSS 8.1 EPSS 0.0% mlflow Patch: 3.5.0 CWE-346

MLFlow versions up to and including 3.4.0 are vulnerable to DNS rebinding attacks due to a lack of Origin header validation in the MLFlow REST server. This vulnerability allows malicious websites to...

HIGH CVE-2026-22612

EPSS 0.1% fickling Patch: 0.1.7 CWE-502

Fickling vulnerable to detection bypass due to "builtins" blindness

HIGH CVE-2026-22609

EPSS 0.1% fickling Patch: 0.1.7 CWE-184

Fickling has Static Analysis Bypass via Incomplete Dangerous Module Blocklist

HIGH CVE-2026-22608

EPSS 0.0% fickling Patch: 0.1.7 CWE-184

Fickling vulnerable to use of ctypes and pydoc gadget chain to bypass detection

HIGH CVE-2026-22607

EPSS 0.1% fickling Patch: 0.1.7 CWE-184

Fickling Blocklist Bypass: cProfile.run()

HIGH CVE-2026-22606

EPSS 0.1% fickling Patch: 0.1.7 CWE-184

Fickling has a bypass via runpy.run_path() and runpy.run_module()

HIGH GHSA-mcmc-2m55-j8jj

CVSS 8.8 vllm Patch: 0.13.0 CWE-20

vLLM introduced enhanced protection for CVE-2025-62164

HIGH GHSA-9726-w42j-3qjr

picklescan Patch: 0.0.35 CWE-22

picklescan has Arbitrary file read using `io.FileIO`

HIGH GHSA-46h3-79wf-xr6c

picklescan Patch: 0.0.34 CWE-94

Picklescan is vulnerable to RCE via missing detection when calling built-in python _operator.attrgetter

HIGH GHSA-955r-x9j8-7rhh

picklescan Patch: 0.0.34 CWE-94

Picklescan is vulnerable to RCE via missing detection when calling built-in python _operator.methodcaller

HIGH GHSA-rrxm-2pvv-m66x

picklescan Patch: 0.0.33 CWE-94

Picklescan is vulnerable to RCE via missing detection when calling numpy.f2py.crackfortran.getlincoef

HIGH GHSA-3329-ghmp-jmv5

picklescan Patch: 0.0.33 CWE-94

Picklescan is vulnerable to RCE through missing detection when calling numpy.f2py.crackfortran.myeval

HIGH GHSA-x843-g5mx-g377

picklescan Patch: 0.0.33 CWE-94

Picklescan is vulnerable to RCE through missing detection when calling built-in python operator.methodcaller

HIGH GHSA-r8g5-cgf2-4m4m

picklescan Patch: 0.0.33 CWE-502

Picklescan missing detection when calling numpy.f2py.crackfortran.getlincoef

HIGH GHSA-hgrh-qx5j-jfwx

CVSS 8.8 picklescan Patch: 0.0.33 CWE-693

Picklescan Bypasses Unsafe Globals Check using pty.spawn

HIGH GHSA-vqmv-47xg-9wpr

picklescan Patch: 0.0.33 CWE-502

Picklescan missing detection when calling pty.spawn

HIGH GHSA-84r2-jw7c-4r5q

picklescan Patch: 0.0.33 CWE-184

Picklescan has Incomplete List of Disallowed Inputs

HIGH GHSA-4675-36f9-wf6r

picklescan Patch: 0.0.33 CWE-184

Picklescan does not block ctypes

HIGH GHSA-m273-6v24-x4m4

picklescan Patch: 0.0.33 CWE-502

Picklescan vulnerable to Arbitrary File Writing

EPSS 0.0% fickling Patch: 0.1.6 CWE-94

HIGH CVE-2025-67748

3 months ago

Fickling has Code Injection vulnerability via pty.spawn()

EPSS 0.1% fickling Patch: 0.1.6 CWE-184

HIGH CVE-2025-67747

3 months ago

Fickling has missing detection for marshal.loads and types.FunctionType in unsafe modules list

CVSS 8.5 EPSS 0.0% open-webui Patch: 0.6.37 CWE-918

HIGH CVE-2025-65958

3 months ago

Open WebUI vulnerable to Server-Side Request Forgery (SSRF) via Arbitrary URL Processing in /api/v1/retrieval/process/web

EPSS 0.1% langchain-core Patch: 1.0.7 CWE-1336

HIGH CVE-2025-65106

4 months ago

LangChain is a framework for building agents and LLM-powered applications. From versions 0.3.79 and prior and 1.0.0 to 1.0.6, a template injection vulnerability exists in LangChain's prompt template...

CVSS 7.3 EPSS 0.2% open-webui Patch: 0.6.35 CWE-95

HIGH CVE-2025-64496

4 months ago

Open WebUI Affected by an External Model Server (Direct Connections) Code Injection via SSE Events

CVSS 8.7 EPSS 0.0% open-webui Patch: 0.6.35 CWE-79

HIGH CVE-2025-64495

4 months ago

Open WebUI vulnerable to Stored DOM XSS via prompts when 'Insert Prompt as Rich Text' is enabled resulting in ATO/RCE

CVSS 7.1 EPSS 0.0% llama-index Patch: 0.13.0 CWE-377

HIGH CVE-2025-7707

5 months ago

llama-index has Insecure Temporary File

CVSS 7.1 EPSS 0.0% vllm Patch: 0.11.0 CWE-601

HIGH CVE-2025-6242

5 months ago

A Server-Side Request Forgery (SSRF) vulnerability exists in the MediaConnector class within the vLLM project's multimodal feature set. The load_from_url and load_from_url_async methods fetch and...