Vulnerabilities

Aggregated CVE / GHSA / KEV / OSV — filter by tag and category.

Filtering: Group: ai-ml-frameworks Clear
ID Title
CVE-2026-55574 Vulnerability in vllm (CVE-2026-55574)
vulnerability in vllm (CVE-2026-55574). Risk of unauthorized operations or information disclosure.
CVE-2026-55514 Vulnerability in vllm (CVE-2026-55514)
vulnerability in vllm (CVE-2026-55514). Risk of unauthorized operations or information disclosure.
CVE-2026-54234 Vulnerability in dos (CVE-2026-54234)
vulnerability in dos (CVE-2026-54234). Risk of unauthorized operations or information disclosure.
CVE-2026-55646 Vulnerability in vllm (CVE-2026-55646)
vulnerability in vllm (CVE-2026-55646). Risk of unauthorized operations or information disclosure.
CVE-2026-8147 Vulnerability in lfprojects (CVE-2026-8147)
vulnerability in lfprojects (CVE-2026-8147). Confidential information can be exposed externally. Exploitable via ``_before_request``.
CVE-2026-13484 Vulnerability in lfprojects (CVE-2026-13484)
vulnerability in lfprojects (CVE-2026-13484). Risk of unauthorized operations or information disclosure.
CVE-2026-5757 Out-of-Bounds Read in ollama (CVE-2026-5757)
vulnerability in ollama (CVE-2026-5757). Confidential information can be exposed externally.
CVE-2026-54232 Vulnerability in vllm (CVE-2026-54232)
vulnerability in vllm (CVE-2026-54232). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `0.22.1` or later.
CVE-2026-55443 Path Traversal in langchain (CVE-2026-55443)
path traversal in langchain (CVE-2026-55443). Confidential information can be exposed externally. Mitigation: upgrade to `1.3.9` or later.
CVE-2026-12798 SSRF (Server-Side Request Forgery) in litellm (CVE-2026-12798)
SSRF in litellm (CVE-2026-12798). Risk of unauthorized operations or information disclosure.
CVE-2026-12799 Vulnerability in litellm (CVE-2026-12799)
vulnerability in litellm (CVE-2026-12799). Risk of unauthorized operations or information disclosure.
CVE-2026-12797 Vulnerability in litellm (CVE-2026-12797)
vulnerability in litellm (CVE-2026-12797). Risk of unauthorized operations or information disclosure.
CVE-2026-12796 Vulnerability in litellm (CVE-2026-12796)
vulnerability in litellm (CVE-2026-12796). Risk of unauthorized operations or information disclosure.
CVE-2026-12795 Authentication Bypass in litellm (CVE-2026-12795)
authentication bypass in litellm (CVE-2026-12795). Risk of unauthorized operations or information disclosure.
CVE-2026-12774 SSRF (Server-Side Request Forgery) in litellm (CVE-2026-12774)
SSRF in litellm (CVE-2026-12774). Risk of unauthorized operations or information disclosure.
CVE-2026-12773 A weakness has been identified in BerriAI litellm up to 1.59.8. Affected is the function...
A weakness has been identified in BerriAI litellm up to 1.59.8. Affected is the function...
CVE-2026-12772 Vulnerability in litellm (CVE-2026-12772)
vulnerability in litellm (CVE-2026-12772). Risk of unauthorized operations or information disclosure.
CVE-2026-12771 Vulnerability in litellm (CVE-2026-12771)
vulnerability in litellm (CVE-2026-12771). Risk of unauthorized operations or information disclosure.
CVE-2026-12770 Vulnerability in litellm (CVE-2026-12770)
vulnerability in litellm (CVE-2026-12770). Risk of unauthorized operations or information disclosure.
CVE-2025-71379 Vulnerability in dos (CVE-2025-71379)
vulnerability in dos (CVE-2025-71379). Risk of unauthorized operations or information disclosure.
CVE-2026-56340 Vulnerability in dos (CVE-2026-56340)
vulnerability in dos (CVE-2026-56340). Successful exploitation can lead to full system takeover.
CVE-2026-54233 Vulnerability in vllm (CVE-2026-54233)
vulnerability in vllm (CVE-2026-54233). Risk of unauthorized operations or information disclosure. Exploitable via ``SpeechToTextProcessor``.
CVE-2026-54236 Vulnerability in vllm (CVE-2026-54236)
vulnerability in vllm (CVE-2026-54236). Risk of unauthorized operations or information disclosure. Exploitable via `POST /v1/messages`.
CVE-2026-53923 Information Disclosure in vllm (CVE-2026-53923)
vulnerability in vllm (CVE-2026-53923). Confidential information can be exposed externally. Exploitable via ``to_cuda_ggml_t``.
CVE-2026-54235 Vulnerability in vllm (CVE-2026-54235)
vulnerability in vllm (CVE-2026-54235). Risk of unauthorized operations or information disclosure. Exploitable via ``False``.
CVE-2026-48776 Path Traversal in langgraph-sdk (CVE-2026-48776)
path traversal in langgraph-sdk (CVE-2026-48776). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `0.3.15` or later.
CVE-2026-49468 Vulnerability in litellm (CVE-2026-49468)
vulnerability in litellm (CVE-2026-49468). Successful exploitation can lead to full system takeover. Exploitable via ``request.url.path``. Mitigation: upgrade to `1.84.0` or later.
CVE-2026-48775 Unsafe Deserialization in langgraph-checkpoint (CVE-2026-48775)
vulnerability in langgraph-checkpoint (CVE-2026-48775). Successful exploitation can lead to full system takeover. Exploitable via ``JsonPlusSerializer``. Mitigation: upgrade to `4.1.1` or later.
CVE-2026-47749 stable-diffusion.cpp is a pure C/C++ library for running diffusion model (Stable Diffusion, Flux, Wan, Qwen Image, Z-Image, and more) inference. Versions prior to master-584-0a7ae07 are vulnerable to...
stable-diffusion.cpp is a pure C/C++ library for running diffusion model (Stable Diffusion, Flux, Wan, Qwen Image, Z-Image, and more) inference. Versions prior to master-584-0a7ae07 are vulnerable to heap buffer overflow in SHORT_BINUNICODE parsing for PyTorch checkpoint files. The pickle .ckpt pars...
CVE-2026-48746 Vulnerability in vllm (CVE-2026-48746)
vulnerability in vllm (CVE-2026-48746). Confidential information can be exposed externally. Exploitable via ``AuthenticationMiddleware``. Mitigation: upgrade to `0.22.0` or later.
CVE-2026-41523 Code Injection in vllm (CVE-2026-41523)
code injection in vllm (CVE-2026-41523). Successful exploitation can lead to full system takeover. Exploitable via ``assert``. Mitigation: upgrade to `0.22.0` or later.
CVE-2026-5497 vLLM versions 0.8.0 and later are vulnerable to an Out-of-Memory (OOM) Denial of Service (DoS)...
vLLM versions 0.8.0 and later are vulnerable to an Out-of-Memory (OOM) Denial of Service (DoS)...
CVE-2026-47155 Vulnerability in vllm (CVE-2026-47155)
vulnerability in vllm (CVE-2026-47155). Data can be tampered with by attackers. Exploitable via ``main``. Mitigation: upgrade to `0.22.0` or later.
CVE-2026-10803 Vulnerability in mlflow (CVE-2026-10803)
vulnerability in mlflow (CVE-2026-10803). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `3.10.1` or later.
CVE-2026-5241 Vulnerability in huggingface (CVE-2026-5241)
vulnerability in huggingface (CVE-2026-5241). Successful exploitation can lead to full system takeover. Exploitable via ``trust_remote_code``.
CVE-2026-4035 Vulnerability in mlflow (CVE-2026-4035)
vulnerability in mlflow (CVE-2026-4035). Confidential information can be exposed externally. Exploitable via ``api_key``. Mitigation: upgrade to `3.11.0` or later.
CVE-2026-3198 Vulnerability in mlflow (CVE-2026-3198)
vulnerability in mlflow (CVE-2026-3198). Confidential information can be exposed externally. Exploitable via ``BEFORE_REQUEST_HANDLERS``. Mitigation: upgrade to `3.10.0` or later.
CVE-2026-2651 Vulnerability in mlflow (CVE-2026-2651)
vulnerability in mlflow (CVE-2026-2651). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `3.11.1` or later.
CVE-2026-4372 Unsafe Deserialization in transformers (CVE-2026-4372)
vulnerability in transformers (CVE-2026-4372). Successful exploitation can lead to full system takeover. Exploitable via ``_attn_implementation_internal``. Mitigation: upgrade to `5.3.0` or later.
CVE-2026-47102 Authorization Flaw in litellm (CVE-2026-47102)
vulnerability in litellm (CVE-2026-47102). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `1.83.10` or later.
CVE-2026-47101 Authorization Flaw in litellm (CVE-2026-47101)
vulnerability in litellm (CVE-2026-47101). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `1.83.14` or later.
CVE-2026-2734 Vulnerability in mlflow (CVE-2026-2734)
vulnerability in mlflow (CVE-2026-2734). Confidential information can be exposed externally. Exploitable via ``SearchModelVersions``. Mitigation: upgrade to `3.10.0` or later.
CVE-2026-2611 Vulnerability in mlflow (CVE-2026-2611)
vulnerability in mlflow (CVE-2026-2611). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `3.10.0` or later.
CVE-2026-4137 Vulnerability in mlflow (CVE-2026-4137)
vulnerability in mlflow (CVE-2026-4137). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `3.11.0` or later.
CVE-2026-2652 Vulnerability in mlflow (CVE-2026-2652)
vulnerability in mlflow (CVE-2026-2652). Data can be tampered with by attackers. Mitigation: upgrade to `3.10.0` or later.
CVE-2026-44222 Vulnerability in vllm (CVE-2026-44222)
vulnerability in vllm (CVE-2026-44222). Risk of unauthorized operations or information disclosure. Exploitable via ``image_grid_thw``. Mitigation: upgrade to `0.20.0` or later.
CVE-2026-2614 MLflow allows an unauthenticated remote attacker to read arbitrary files from the server's filesystem
MLflow allows an unauthenticated remote attacker to read arbitrary files from the server's filesystem
CVE-2026-2393 SSRF (Server-Side Request Forgery) in mlflow (CVE-2026-2393)
SSRF in mlflow (CVE-2026-2393). Confidential information can be exposed externally. Exploitable via ``url``. Mitigation: upgrade to `3.9.0` or later.
CVE-2026-40217 Vulnerability in litellm (CVE-2026-40217)
vulnerability in litellm (CVE-2026-40217). Successful exploitation can lead to full system takeover. Exploitable via `POST /guardrails/test_custom_code`. Mitigation: upgrade to `1.83.10` or later.
CVE-2026-42302 Vulnerability in openai-sdk (CVE-2026-42302)
vulnerability in openai-sdk (CVE-2026-42302). Successful exploitation can lead to full system takeover. Exploitable via ``entrypoint.sh``.

🍪 About cookies

We use cookies to keep you logged in, remember your language, and improve the service.

Details →