AI Security Threat Feed

fickling's `platform` module subprocess invocation evades `check_safety()` with `LIKELY_SAFE`

fickling modules linecache, difflib and gc are missing from the unsafe modules blocklist

LangGraph checkpoint loading has unsafe msgpack deserialization

Fickling has safety check bypass via REDUCE+BUILD opcode sequence

Ray dashboard DELETE endpoints allow unauthenticated browser-triggered DoS (Serve shutdown / job deletion)

Pydantic AI is a Python agent framework for building applications and workflows with Generative AI. From 1.34.0 to before 1.51.0, a path traversal vulnerability in the Pydantic AI web UI allows an...

SageMaker Python SDK has Insecure TLS Configuration

picklescan vulnerable to arbitrary file create using logging.FileHandler

llama-index-core vulnerable to Uncontrolled Resource Consumption

Chainlit contains an authorization bypass vulnerability

MONAI has Path Traversal (Zip Slip) in NGC Private Bundle Download

Picklescan is vulnerable to RCE through missing detection when calling numpy.f2py.crackfortran._eval_length

Picklescan is vulnerable to RCE via missing detection when calling numpy.f2py.crackfortran.param_eval

The Keras.Model.load_model method, including when executed with the intended security mitigation safe_mode=True, is vulnerable to arbitrary local file loading and Server-Side Request Forgery (SSRF)....

vLLM: Resource-Exhaustion (DoS) through Malicious Jinja Template in OpenAI-Compatible Server

clearml is vulnerable to Path Traversal through its `safe_extract` function

xgrammar vulnerable to denial of service by huge enum grammar

Picklescan is missing detection when calling built-in python library asyncio.unix_events._UnixSubprocessTransport._start

Picklescan is missing detection when calling built-in python cProfile.run

Picklescan is missing detection when calling built-in python cProfile.runctx

Picklescan is missing detection when calling built-in python doctest.debug_script

Picklescan is missing detection when calling built-in python idlelib.pyshell.ModifiedInterpreter.runcode

Picklescan is missing detection when calling built-in python idlelib.pyshell.ModifiedInterpreter.runcommand

Picklescan is missing detection when calling built-in python idlelib.run.Executive.runcode

Picklescan is missing detection when calling built-in python lib2to3.pgen2.pgen.ParserGenerator.make_label

Picklescan is missing detection when calling built-in python ensurepip._run_pip

Picklescan is missing detection when calling pytorch function torch.utils.bottleneck.__main__.run_autograd_prof

Picklescan has a missing detection when calling built-in python library idlelib.calltip.get_entity

Picklescan has a missing detection when calling built-in python idlelib.calltip.Calltip

Picklescan has a missing detection when calling built-in python code.InteractiveInterpreter

Picklescan has a missing detection when calling built-in python idlelib.autocomplete.AutoComplete.fetch_completions

Picklescan has a missing detection when calling built-in python idlelib.autocomplete.AutoComplete.get_entity

Picklescan has a missing detection when calling built-in python idlelib.debugobj.ObjectTreeItem

Picklescan has a missing detection when calling built-in python lib2to3.pgen2.grammar.Grammar.loads

Picklescan has a missing detection when calling built-in python profile.Profile.runctx

Picklescan has a missing detection when calling built-in python profile.Profile.run

Picklescan has a missing detection when calling built-in python trace.Trace.runctx

Picklescan has a missing detection when calling built-in python trace.Trace.run

Picklescan missing detection when calling pytorch function torch.utils._config_module.load_config

Picklescan missing detection when calling pytorch function torch.jit.unsupported_tensor_ops.execWrapper

Picklescan missing detection when calling pytorch function torch.utils.data.datapipes.utils.decoder.basichandlers

Picklescan missing detection when calling pytorch function torch.utils.collect_env.run

Picklescan missing detection when calling pytorch function torch.fx.experimental.symbolic_shapes.ShapeEnv.evaluate_guards_expression

Picklescan missing detection when calling pytorch function torch._dynamo.guards.GuardBuilder.get

Picklescan missing detection when calling pytorch function torch.utils.bottleneck.__main__.run_cprofile

LlamaIndex vulnerable to data loss through hash collisions in its DocugamiReader class

LlamaIndex vulnerable to DoS attack through uncontrolled recursive JSON parsing

LlamaIndex has Incomplete Documentation of Program Execution related to JsonPickleSerializer component

gateway_proxy_handler in MLflow before 3.1.0 lacks gateway_path validation.

vLLM vulnerable to Regular Expression Denial of Service