tessera Tech, tiled.
WED 15.07.2026 · 17:01 UTC EDITION T-2026-W29

DATA · LIVING REFERENCE · T-DATA-CVE

AI/ML CVE Severity Tracker

Security vulnerabilities affecting the AI software supply chain — the libraries and serving infrastructure that modern LLM applications depend on. We query the NIST National Vulnerability Database for CVEs mentioning RAG stacks, model loaders, and inference servers — langchain, llama-index, transformers, PyTorch, TensorFlow, vLLM, Ollama, Hugging Face, Gradio, Streamlit, ComfyUI, Triton, and ONNX — over the last 90 days. Insecure model deserialization, server-side request forgery, and authentication bypasses are recurring themes: AI dependencies are now a first-class attack surface.

Last updated: July 13, 2026 (UTC) · 97 advisories · Source: NIST NVD

CRITICAL 15 HIGH 37 MEDIUM 31 LOW 12
CVE CVSS Severity Affected Summary Published
CVE-2026-59706 9.3 CRITICAL ollama mem0 contains unauthenticated config API endpoints that expose LLM API keys in plaintext and allow server-side request forgery via attacker-controlled ollama_base_url parameter. 2026-07-07
CVE-2026-58116 9.8 CRITICAL transformers LLaMA-Factory through 0.9.5 contains a remote code execution vulnerability that allows attackers with WebUI access to execute arbitrary Python code by supplying a malicious model path in the Chat or Training interfaces. 2026-06-30
CVE-2026-54316 9.1 CRITICAL huggingface Claude Code is an agentic coding tool. 2026-06-23
CVE-2026-48746 9.1 CRITICAL vllm vLLM is an inference and serving engine for large language models (LLMs). 2026-06-22
CVE-2026-5241 9.6 CRITICAL huggingface A vulnerability in the LightGlue model loading path of huggingface/transformers version 5.2.0 allows an attacker-controlled model repository to execute arbitrary code during model initialization. 2026-06-03
CVE-2026-47117 9.8 CRITICAL transformers OpenMed before 1.5.2 contains a remote code execution vulnerability in the PII privacy-filter model loading path. 2026-06-02
CVE-2026-24207 9.8 CRITICAL triton NVIDIA Triton Inference Server contains a vulnerability where an attacker could cause an authentication bypass. 2026-05-20
CVE-2026-44484 9.8 CRITICAL pytorch PyTorch Lightning is a deep learning framework to pretrain and finetune AI models. 2026-05-14
CVE-2026-31239 9.8 CRITICAL pytorch, huggingface The mamba language model framework thru 2.2.6 is vulnerable to insecure deserialization (CWE-502) when loading pre-trained models from HuggingFace Hub. 2026-05-12
CVE-2026-31238 9.8 CRITICAL pytorch The Ludwig framework thru 0.10.4 is vulnerable to insecure deserialization (CWE-502) in its model serving component. 2026-05-12
CVE-2026-31228 9.8 CRITICAL pytorch The Adversarial Robustness Toolbox (ART) thru 1.20.1 contains a remote code execution vulnerability in its Kubeflow component. 2026-05-12
CVE-2026-31214 9.8 CRITICAL pytorch The torch-checkpoint-shrink.py script in the ml-engineering project in commit 0099885db36a8f06556efe1faf552518852cb1e0 (2025-20-27) contains an insecure deserialization vulnerability (CWE-502). 2026-05-12
CVE-2026-7482 9.1 CRITICAL ollama Ollama before 0.17.1 contains a heap out-of-bounds read vulnerability in the GGUF model loader. 2026-05-04
CVE-2026-42249 9.8 CRITICAL ollama Ollama for Windows contains a Remote Code Execution vulnerability in its update mechanism due to improper handling of attacker‑controlled HTTP response headers. 2026-04-29
CVE-2026-42248 9.8 CRITICAL ollama Ollama for Windows does not perform integrity or authenticity verification of downloaded update executables. 2026-04-29
CVE-2026-55405 7.6 HIGH langchain LangChain4j is a Java library for building LLM-powered applications on the JVM. 2026-07-10
CVE-2026-59806 7.4 HIGH gradio Gradio before 6.20.0 contains an open redirect and server-side request forgery vulnerability that allows attackers to redirect users to arbitrary URLs or perform client-side SSRF by supplying unvalidated HTTP/HTTPS URLs to the file_fetch() 2026-07-08
CVE-2026-55574 7.5 HIGH vllm vLLM is a high-throughput and memory-efficient inference and serving engine for LLMs. 2026-07-06
CVE-2026-54234 7.5 HIGH vllm vLLM is a high-throughput and memory-efficient inference and serving engine for LLMs. 2026-07-06
CVE-2026-14535 8.8 HIGH transformers In Trail of Bits fickling versions up to and including 0.1.11, the UnsafeImportsML analysis pass unconditionally calls AnalysisContext.shorten_code(node) on every import node it inspects, regardless of whether the import is flagged as unsaf 2026-07-04
CVE-2025-71342 8.1 HIGH pytorch picklescan before 0.0.30 fails to detect malicious pickle files using idlelib.run.Executive.runcode in reduce methods. 2026-07-04
CVE-2026-49119 7.5 HIGH gradio Gradio before 6.16.0 contain a path traversal vulnerability in the FileExplorer component's preprocess() method that allows unauthenticated attackers to escape the configured root directory by supplying path segments containing directory tr 2026-07-01
CVE-2026-24264 7.5 HIGH triton NVIDIA Triton Inference Server for Linux contains a vulnerability where an attacker can cause improper handling of highly compressed data. 2026-07-01
CVE-2026-5757 7.5 HIGH ollama Unauthenticated remote information disclosure vulnerability in Ollama's model quantization engine allows an attacker to read and exfiltrate the server's heap memory, potentially leading to sensitive data exposure, further compromise, and st 2026-06-26
CVE-2025-71340 8.1 HIGH pytorch picklescan through 0.0.26 fails to detect malicious pickle files that invoke idlelib.pyshell.ModifiedInterpreter.runcode in __reduce__ methods. 2026-06-25
CVE-2026-54232 8.8 HIGH vllm vLLM is an inference and serving engine for large language models (LLMs). 2026-06-22
CVE-2026-53923 7.5 HIGH vllm vLLM is an inference and serving engine for large language models (LLMs). 2026-06-22
CVE-2026-41523 7.5 HIGH vllm, huggingface vLLM is an inference and serving engine for large language models (LLMs). 2026-06-22
CVE-2026-56340 8.8 HIGH pytorch, vllm vLLM versions >= 0.10.2 and < 0.13.0 are missing sparse tensor validation in multimodal embeddings processing. 2026-06-20
CVE-2026-47749 7.8 HIGH pytorch stable-diffusion.cpp is a pure C/C++ library for running diffusion model (Stable Diffusion, Flux, Wan, Qwen Image, Z-Image, and more) inference. 2026-06-16
CVE-2026-5497 7.5 HIGH vllm vLLM versions 0.8.0 and later are vulnerable to an Out-of-Memory (OOM) Denial of Service (DoS) attack due to unbounded frame count processing in the `VideoMediaIO.load_base64()` method. 2026-06-11
CVE-2026-46432 7.8 HIGH huggingface LMDeploy is a toolkit for compressing, deploying, and serving large language models. 2026-06-10
CVE-2026-43624 8.2 HIGH gradio F5-TTS through version 1.1.20 contains a path traversal vulnerability in the finetune Gradio handlers that allows unauthenticated attackers to write arbitrary files by passing unsanitized user-supplied project names directly to os.path.join 2026-06-01
CVE-2026-4944 8.8 HIGH vllm, huggingface vllm-project/vllm version 0.14.1 contains a vulnerability where the `trust_remote_code=True` parameter is hardcoded in two model implementation files (`vllm/model_executor/models/nemotron_vl.py` and `vllm/model_executor/models/kimi_k25.py`) 2026-05-28
CVE-2026-45134 7.1 HIGH langchain LangSmith Client SDKs provide SDK's for interacting with the LangSmith platform. 2026-05-27
CVE-2026-44843 8.2 HIGH langchain LangChain is a framework for building agents and LLM-powered applications. 2026-05-26
CVE-2026-24162 7.8 HIGH transformers NVIDIA Transformers4Rec for Linux contains a vulnerability where an attacker could cause improper deserialization of untrusted data. 2026-05-26
CVE-2026-4372 7.8 HIGH transformers, huggingface A critical remote code execution vulnerability exists in all versions of the HuggingFace transformers library prior to version 5.3.0. 2026-05-24
CVE-2026-5817 8.2 HIGH transformers, vllm The vllm-metal inference backend in Docker Model Runner on macOS unconditionally sets trust_remote_code=True when loading model tokenizers, and runs without sandboxing. 2026-05-22
CVE-2026-24214 8.0 HIGH triton NVIDIA Triton Inference Server contains a vulnerability in the DALI backend where an attacker could cause an integer overflow. 2026-05-20
CVE-2026-24213 8.0 HIGH triton NVIDIA Triton Inference Server contains a vulnerability in the DALI backend where an attacker could cause an out-of-bounds read. 2026-05-20
CVE-2026-24210 7.5 HIGH triton NVIDIA Triton Inference Server contains a vulnerability where an attacker could cause an integer overflow. 2026-05-20
CVE-2026-24209 7.5 HIGH triton NVIDIA Triton Inference Server contains a vulnerability where an attacker could cause a path traversal issue. 2026-05-20
CVE-2026-24206 7.3 HIGH triton NVIDIA Triton Inference Server contains a vulnerability where an attacker could cause an authentication bypass. 2026-05-20
CVE-2026-8756 7.3 HIGH gradio A vulnerability has been found in fishaudio Bert-VITS2 up to 8f7fbd8c4770965225d258db548da27dc8dd934c. 2026-05-17
CVE-2026-45401 8.5 HIGH langchain Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. 2026-05-15
CVE-2026-8597 7.2 HIGH triton Missing integrity verification in the Triton inference handler in Amazon SageMaker Python SDK v2 before v2.257.2 and v3 before v3.8.0 might allow a remote authenticated actor to achieve code execution in inference containers via replacement 2026-05-14
CVE-2026-31221 7.8 HIGH pytorch PyTorch-Lightning versions 2.6.0 and earlier contain an insecure deserialization vulnerability (CWE-502) in the checkpoint loading mechanism. 2026-05-12
CVE-2026-31250 7.3 HIGH pytorch CosyVoice thru commit 6e01309e01bc93bbeb83bdd996b1182a81aaf11e (2025-30-21) contains an insecure deserialization vulnerability (CWE-502) in its average_model.py model averaging tool. 2026-05-11
CVE-2026-31249 7.3 HIGH pytorch CosyVoice thru commit 6e01309e01bc93bbeb83bdd996b1182a81aaf11e (2025-30-21) contains an insecure deserialization vulnerability (CWE-502) in its make_parquet_list.py data processing tool. 2026-05-11
CVE-2026-6859 8.8 HIGH huggingface A flaw was found in InstructLab. 2026-04-22
CVE-2026-30617 8.6 HIGH langchain LangChain-ChatChat 0.3.1 contains a remote code execution vulnerability in its MCP STDIO server configuration and execution handling. 2026-04-15
CVE-2026-44512 5.5 MEDIUM onnx Open Neural Network Exchange (ONNX) is an open standard for machine learning interoperability. 2026-07-08
CVE-2026-55514 6.5 MEDIUM vllm vLLM is a library for LLM inference and serving. 2026-07-06
CVE-2026-55646 6.5 MEDIUM vllm vLLM is an inference and serving engine for large language models. 2026-07-06
CVE-2026-14647 4.3 MEDIUM onnx A weakness has been identified in onnx up to 1.21.x. 2026-07-04
CVE-2026-24266 5.9 MEDIUM triton NVIDIA Triton Inference Server for Linux contains a vulnerability where an attacker can cause a use-after-free issue. 2026-07-01
CVE-2026-54021 6.3 MEDIUM ollama Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. 2026-06-23
CVE-2026-54236 5.3 MEDIUM vllm vLLM is an inference and serving engine for large language models (LLMs). 2026-06-22
CVE-2026-54235 6.5 MEDIUM vllm vLLM is an inference and serving engine for large language models (LLMs). 2026-06-22
CVE-2026-54233 6.5 MEDIUM vllm vLLM is an inference and serving engine for large language models (LLMs). 2026-06-22
CVE-2026-47155 6.5 MEDIUM vllm vLLM is an inference and serving engine for large language models (LLMs). 2026-06-22
CVE-2026-55443 5.1 MEDIUM langchain LangChain is a framework for building agents and LLM-powered applications. 2026-06-22
CVE-2025-71379 4.3 MEDIUM vllm vLLM versions >= 0.6.3 and < 0.9.0 contain multiple regular expression denial of service (ReDoS) vulnerabilities. 2026-06-20
CVE-2026-12491 4.8 MEDIUM vllm A flaw was found in vLLM, an open-source library for large language model inference. 2026-06-17
CVE-2026-47748 5.5 MEDIUM pytorch stable-diffusion.cpp is a pure C/C++ library for running diffusion model (Stable Diffusion, Flux, Wan, Qwen Image, Z-Image, and more) inference. 2026-06-16
CVE-2026-43625 5.9 MEDIUM ollama CodexBar prior to 0.32.0 contains a session cookie leakage vulnerability that allows network attackers to intercept imported browser session cookies by exploiting improper redirect handling for Amp and Ollama provider sessions. 2026-06-01
CVE-2026-48545 6.8 MEDIUM gradio Gradio before version 6.15.0 contains a cookie injection vulnerability that allows remote attackers to perform cross-Space session fixation by exploiting a shared module-level HTTP client used across all users in the reverse proxy endpoint. 2026-05-27
CVE-2026-9540 5.3 MEDIUM vllm A vulnerability was identified in vllm-project vllm 0.19.0. 2026-05-26
CVE-2026-24215 5.7 MEDIUM triton NVIDIA Triton Inference Server contains a vulnerability in the DALI backend, where an attacker could cause uncontrolled resource consumption. 2026-05-20
CVE-2026-24208 5.3 MEDIUM triton NVIDIA Triton Inference Server contains a vulnerability where an attacker could cause a path traversal issue. 2026-05-20
CVE-2026-44563 5.4 MEDIUM ollama Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. 2026-05-15
CVE-2026-44223 6.5 MEDIUM vllm vLLM is an inference and serving engine for large language models (LLMs). 2026-05-12
CVE-2026-44222 6.5 MEDIUM vllm vLLM is an inference and serving engine for large language models (LLMs). 2026-05-12
CVE-2026-7844 6.3 MEDIUM langchain A vulnerability was detected in chatchat-space Langchain-Chatchat up to 0.3.1.3. 2026-05-05
CVE-2026-7669 5.6 MEDIUM transformers, huggingface A vulnerability was detected in sgl-project SGLang up to 0.5.9. 2026-05-02
CVE-2026-40979 6.1 MEDIUM onnx In Spring AI, having access to a shared environment can expose the ONNX model used by the application. 2026-04-28
CVE-2026-7141 5.6 MEDIUM vllm A vulnerability was found in vllm up to 0.19.0. 2026-04-27
CVE-2026-41481 6.5 MEDIUM langchain LangChain is a framework for building agents and LLM-powered applications. 2026-04-24
CVE-2026-6608 5.3 MEDIUM gradio A vulnerability was detected in lm-sys fastchat up to 0.2.36. 2026-04-20
CVE-2026-6591 4.3 MEDIUM comfyui A flaw has been found in ComfyUI up to 0.13.0. 2026-04-20
CVE-2026-6590 4.3 MEDIUM comfyui A vulnerability was detected in ComfyUI up to 0.13.0. 2026-04-20
CVE-2026-6589 4.3 MEDIUM comfyui A security vulnerability has been detected in ComfyUI up to 0.13.0. 2026-04-20
CVE-2026-14742 3.1 LOW langchain A vulnerability was determined in langchain-ai langgraph up to 1.2.4. 2026-07-05
CVE-2026-13493 3.1 LOW comfyui A flaw has been found in AIDC-AI ComfyUI-Copilot up to 2.0.28. 2026-06-28
CVE-2026-11329 3.6 LOW onnx A vulnerability has been found in onnx onnx-mlir up to 0.5.0.0. 2026-06-05
CVE-2026-10804 3.6 LOW streamlit A vulnerability has been found in Streamlit up to 1.53.0. 2026-06-04
CVE-2026-10783 2.5 LOW gradio A security flaw has been discovered in gradio-app gradio 6.14.0. 2026-06-04
CVE-2026-7847 2.6 LOW langchain A vulnerability was found in chatchat-space Langchain-Chatchat up to 0.3.1.3. 2026-05-05
CVE-2026-7846 2.6 LOW langchain A vulnerability has been found in chatchat-space Langchain-Chatchat up to 0.3.1.3. 2026-05-05
CVE-2026-7845 2.6 LOW langchain A flaw has been found in chatchat-space Langchain-Chatchat up to 0.3.1.3. 2026-05-05
CVE-2026-7020 3.7 LOW ollama A security flaw has been discovered in Ollama up to 0.20.2. 2026-04-26
CVE-2026-41488 3.1 LOW langchain LangChain is a framework for building agents and LLM-powered applications. 2026-04-24
CVE-2026-6593 3.5 LOW comfyui A vulnerability was found in ComfyUI up to 0.13.0. 2026-04-20
CVE-2026-6592 3.5 LOW comfyui A vulnerability has been found in ComfyUI up to 0.13.0. 2026-04-20
CVE-2026-53875 UNKNOWN pytorch picklescan before 1.0.3 contains a scanning bypass vulnerability in the scan_pytorch function that allows attackers to embed malicious magic numbers via dynamic eval using the __reduce__ trick. 2026-06-17
CVE-2026-48797 UNKNOWN huggingface Backpropagate is a Python library for fine-tuning large language models on a single GPU. 2026-06-17

Related: Prompt injection · Jailbreak · AI safety · Software coverage · Policy coverage

Data is mirrored from the public NIST NVD 2.0 API and refreshed weekly. Severity and CVSS reflect the highest score recorded across CVSS v3.x metrics. This page is a reference aid, not security advice; always consult the upstream advisory.