aisecwatch.com
DashboardVulnerabilitiesNewsResearchArchiveStatsDatasetFor devs
Subscribe
aisecwatch.com

Real-time AI security monitoring. Tracking AI-related vulnerabilities, safety and security incidents, privacy risks, research developments, and policy changes.

Navigation

VulnerabilitiesNewsResearchDigest ArchiveNewsletter ArchiveSubscribeData SourcesStatisticsDatasetAPIIntegrationsWidgetRSS Feed

Maintained by

Truong (Jack) Luu

Information Systems Researcher

AI & LLM Vulnerabilities

Security vulnerabilities, privacy incidents, safety concerns, and policy updates affecting LLMs and AI agents.

to
Export CSV
2164 items

CVE-2024-38514: NextChat is a cross-platform ChatGPT/Gemini UI. There is a Server-Side Request Forgery (SSRF) vulnerability due to a lac

highvulnerability
security
Jun 28, 2024
CVE-2024-38514EPSS: 72.6%

NextChat, a user interface for ChatGPT and Gemini, has a Server-Side Request Forgery vulnerability (SSRF, a flaw that lets attackers trick the server into making requests to unintended destinations) in its WebDav API endpoint because the `endpoint` parameter is not validated. An attacker could use this to make unauthorized HTTPS requests from the vulnerable server or inject malicious JavaScript code into users' browsers.

Fix: This vulnerability has been patched in version 2.12.4. Users should update to this version or later.

NVD/CVE Database

CVE-2024-5826: In the latest version of vanna-ai/vanna, the `vanna.ask` function is vulnerable to remote code execution due to prompt i

highvulnerability
security
Jun 27, 2024
CVE-2024-5826

CVE-2024-5826 is a remote code execution vulnerability in the vanna-ai/vanna library's `vanna.ask` function, caused by prompt injection (tricking an AI by hiding instructions in its input) without code sandboxing. An attacker can manipulate the code executed by the `exec` function to gain full control of the app's backend server.

CVE-2024-4839: A Cross-Site Request Forgery (CSRF) vulnerability exists in the 'Servers Configurations' function of the parisneo/lollms

lowvulnerability
security
Jun 24, 2024
CVE-2024-4839

A CSRF vulnerability (cross-site request forgery, where an attacker tricks a user's browser into making unwanted requests on their behalf) exists in the 'Servers Configurations' function of parisneo/lollms-webui versions 9.6 and later, affecting services like XTTS and vLLM that lack CSRF protection. Attackers can exploit this to deceive users into installing unwanted packages without their knowledge or consent.

CVE-2024-4940: An open redirect vulnerability exists in the gradio-app/gradio, affecting the latest version. The vulnerability allows a

mediumvulnerability
security
Jun 22, 2024
CVE-2024-4940

Gradio (a popular framework for building AI interfaces) has a vulnerability called an open redirect, which means attackers can trick the application into sending users to fake websites by exploiting improper URL validation. This can be used for phishing attacks (tricking people into revealing passwords), XSS (cross-site scripting, where attackers inject malicious code into web pages), and other exploits.

CVE-2024-37902: DeepJavaLibrary(DJL) is an Engine-Agnostic Deep Learning Framework in Java. DJL versions 0.1.0 through 0.27.0 do not pre

criticalvulnerability
security
Jun 17, 2024
CVE-2024-37902

DeepJavaLibrary (DJL), a framework for building deep learning applications in Java, has a path traversal vulnerability (CWE-22, a flaw where an attacker can access files outside intended directories) in versions 0.1.0 through 0.27.0. This flaw allows attackers to overwrite system files by inserting archived files from absolute paths into the system.

CVE-2024-38459: langchain_experimental (aka LangChain Experimental) before 0.0.61 for LangChain provides Python REPL access without an o

highvulnerability
security
Jun 16, 2024
CVE-2024-38459

A security vulnerability in LangChain Experimental (a Python library for building AI applications) before version 0.0.61 allows users to access a Python REPL (read-eval-print loop, an interactive environment where code can be run directly) without requiring explicit permission. This issue happened because a previous attempt to fix a related vulnerability (CVE-2024-27444) was incomplete.

CVE-2024-0103: NVIDIA Triton Inference Server for Linux contains a vulnerability where a user may cause an incorrect Initialization of

mediumvulnerability
security
Jun 13, 2024
CVE-2024-0103

CVE-2024-0103 is a vulnerability in NVIDIA Triton Inference Server for Linux where incorrect initialization of resources caused by network issues could allow a user to disclose sensitive information. The vulnerability has a CVSS 4.0 severity rating, which measures the seriousness of security flaws on a scale of 0-10.

CVE-2024-0095: NVIDIA Triton Inference Server for Linux and Windows contains a vulnerability where a user can inject forged logs and ex

criticalvulnerability
security
Jun 13, 2024
CVE-2024-0095

CVE-2024-0095 is a vulnerability in NVIDIA Triton Inference Server (software that runs AI models) for Linux and Windows that allows users to inject fake log entries and commands, potentially leading to code execution (running unauthorized programs), denial of service (making the system unavailable), privilege escalation (gaining higher access rights), information disclosure (exposing sensitive data), and data tampering (modifying information). The vulnerability stems from improper neutralization of log output, meaning the system doesn't properly sanitize or clean user input before adding it to logs.

CVE-2024-37014: Langflow through 0.6.19 allows remote code execution if untrusted users are able to reach the "POST /api/v1/custom_compo

criticalvulnerability
security
Jun 10, 2024
CVE-2024-37014

Langflow versions up to 0.6.19 have a vulnerability that allows remote code execution (RCE, where attackers can run commands on a system they don't own) if untrusted users can access a specific API endpoint called POST /api/v1/custom_component and submit Python code through it. The vulnerability stems from code injection (CWE-94, where malicious code is inserted into a program), which happens because the application does not properly control how user-provided Python scripts are executed.

CVE-2024-5206: A sensitive data leakage vulnerability was identified in scikit-learn's TfidfVectorizer, specifically in versions up to

mediumvulnerability
securityprivacy

CVE-2024-5187: A vulnerability in the `download_model_with_test_data` function of the onnx/onnx framework, version 1.16.0, allows for a

highvulnerability
security
Jun 6, 2024
CVE-2024-5187

A vulnerability in the ONNX framework (version 1.16.0) allows attackers to overwrite any file on a system by uploading a malicious tar file (a compressed archive format) with specially crafted paths. Because the vulnerable function doesn't check whether file paths are safe before extracting the tar file, attackers could potentially execute malicious code, delete important files, or compromise system security.

CVE-2024-4888: BerriAI's litellm, in its latest version, is vulnerable to arbitrary file deletion due to improper input validation on t

highvulnerability
security
Jun 6, 2024
CVE-2024-4888

BerriAI's litellm has a vulnerability (CVE-2024-4888) where the `/audio/transcriptions` endpoint improperly validates user input, allowing attackers to delete arbitrary files on the server without authorization. The flaw occurs because the code uses `os.remove()` (a function that deletes files) directly on user-supplied file paths, potentially exposing sensitive files like SSH keys or databases.

CVE-2024-3234: The gaizhenbiao/chuanhuchatgpt application is vulnerable to a path traversal attack due to its use of an outdated gradio

criticalvulnerability
security
Jun 6, 2024
CVE-2024-3234EPSS: 67.6%

The gaizhenbiao/chuanhuchatgpt application has a path traversal vulnerability (a flaw that lets attackers access files outside their allowed directory) because it uses an outdated version of gradio (a library for building AI interfaces). This vulnerability allows attackers to bypass security restrictions and read sensitive files like `config.json` that contain API keys (secret credentials for accessing services).

CVE-2024-3099: A vulnerability in mlflow/mlflow version 2.11.1 allows attackers to create multiple models with the same name by exploit

mediumvulnerability
security
Jun 6, 2024
CVE-2024-3099

MLflow version 2.11.1 has a vulnerability where attackers can create multiple models with the same name by using URL encoding (a technique that converts special characters into a format safe for web addresses). This allows attackers to cause denial of service (making a service unavailable) or data poisoning (inserting corrupted or malicious data), where an authenticated user might accidentally use a fake model instead of the real one because the system treats URL-encoded and regular names as different.

CVE-2024-3095: A Server-Side Request Forgery (SSRF) vulnerability exists in the Web Research Retriever component of langchain-ai/langch

highvulnerability
security
Jun 6, 2024
CVE-2024-3095

A Server-Side Request Forgery vulnerability (SSRF, a flaw that lets attackers trick a server into making requests to unintended targets) exists in langchain version 0.1.5's Web Research Retriever component, which fails to block requests to local network addresses. This allows attackers to scan ports, access local services, read cloud metadata, and potentially execute arbitrary code (run commands on a system they don't own) by exploiting internal APIs.

CVE-2024-2928: A Local File Inclusion (LFI) vulnerability was identified in mlflow/mlflow, specifically in version 2.9.2, which was fix

highvulnerability
security
Jun 6, 2024
CVE-2024-2928EPSS: 91.6%

CVE-2024-0520: A vulnerability in mlflow/mlflow version 8.2.1 allows for remote code execution due to improper neutralization of specia

highvulnerability
security
Jun 6, 2024
CVE-2024-0520

MLflow version 8.2.1 has a command injection vulnerability (a flaw where attackers can execute arbitrary commands by inserting malicious code into a system command) in its HTTP dataset loading function. When loading datasets, the software doesn't properly clean up filenames from URLs, allowing attackers to write files anywhere on the system and potentially run harmful commands.

CVE-2024-5452: A remote code execution (RCE) vulnerability exists in the lightning-ai/pytorch-lightning library version 2.2.1 due to im

criticalvulnerability
security
Jun 6, 2024
CVE-2024-5452EPSS: 56.7%

PyTorch Lightning version 2.2.1 has a critical vulnerability where attackers can execute arbitrary code on self-hosted applications by crafting malicious serialized data (deepdiff.Delta objects, which are used to represent changes to data). The vulnerability exists because the application doesn't properly block access to dunder attributes (special Python attributes starting with underscores), allowing attackers to bypass security restrictions and modify the application's state.

CVE-2024-4941: A local file inclusion vulnerability exists in the JSON component of gradio-app/gradio version 4.25. The vulnerability a

highvulnerability
security
Jun 6, 2024
CVE-2024-4941

Gradio version 4.25 has a local file inclusion vulnerability (a security flaw where attackers can read files they shouldn't access) in its JSON component. The problem occurs because the `postprocess()` function doesn't properly validate user input before parsing it as JSON, and if the JSON contains a `path` key, the system automatically moves that file to a temporary directory where attackers can retrieve it using the `/file=..` endpoint.

CVE-2024-4325: A Server-Side Request Forgery (SSRF) vulnerability exists in the gradio-app/gradio version 4.21.0, specifically within t

highvulnerability
security
Jun 6, 2024
CVE-2024-4325EPSS: 65.1%
Previous77 / 109Next
NVD/CVE Database
NVD/CVE Database
NVD/CVE Database

Fix: Upgrade to DJL version 0.28.0 or patch to DJL Large Model Inference containers version 0.27.0.

NVD/CVE Database

Fix: Update langchain_experimental to version 0.0.61 or later. A patch is available in the commit ce0b0f22a175139df8f41cdcfb4d2af411112009 and the version comparison between 0.0.60 and 0.0.61 shows the fix.

NVD/CVE Database
NVD/CVE Database
NVD/CVE Database
NVD/CVE Database
Jun 6, 2024
CVE-2024-5206

A vulnerability in scikit-learn's TfidfVectorizer (a tool that converts text into numerical data for machine learning) stored all words from training data in an attribute called `stop_words_`, instead of just the necessary ones, potentially leaking sensitive information like passwords or keys. The vulnerability affected versions up to 1.4.1.post1 but the risk depends on what type of data is being processed.

Fix: Fixed in version 1.5.0.

NVD/CVE Database
NVD/CVE Database
NVD/CVE Database

Fix: A fixed version of chuanhuchatgpt was released on 20240305 (March 5, 2024). Users should upgrade to this version or later to resolve the vulnerability.

NVD/CVE Database
NVD/CVE Database
NVD/CVE Database

A Local File Inclusion vulnerability (LFI, a flaw that lets attackers read files they shouldn't access) was found in MLflow version 2.9.2. The bug exists because the application doesn't properly check the fragment part of web addresses (the section after the '#' symbol) for directory traversal sequences like '../', which allow attackers to navigate folders and read sensitive files like system password files.

Fix: The vulnerability was fixed in version 2.11.3.

NVD/CVE Database

Fix: The issue is fixed in version 2.9.0.

NVD/CVE Database
NVD/CVE Database
NVD/CVE Database

A Server-Side Request Forgery vulnerability (SSRF, where a server can be tricked into making requests to unintended locations) exists in Gradio version 4.21.0 in the `/queue/join` endpoint and `save_url_to_cache` function. The vulnerability occurs because user-supplied URL input is not properly validated before being used to make HTTP requests, allowing attackers to access internal networks or sensitive cloud server information.

NVD/CVE Database