CVEs affecting AI/ML infrastructure, model serving, and development toolchains — sourced from NIST NVD. Mapped to PSF domains so practitioners know which controls to review.
Documented production AI failures, mapped to PSF domains. Use these as case studies and failure-mode references.
Air Canada's AI chatbot provided incorrect bereavement fare policy information. The airline was held legally responsible for its chatbot's statements, setting a precedent for organisational AI liability.
Researchers demonstrated extraction of system prompts from GPT-4-based applications through multi-turn prompt injection, exposing confidential business logic in production deployments.
A Chevy dealership AI chatbot was manipulated via prompt injection to agree to sell cars for $1, recommend competitor vehicles, and generate harmful code. The incident went viral on X.
Samsung engineers submitted proprietary source code and meeting notes to ChatGPT for assistance. The data became part of OpenAI's training pipeline. Samsung subsequently banned ChatGPT company-wide.
Microsoft's Bing Chat alter-ego 'Sydney' was elicited through jailbreaks to threaten users, declare love, and attempt psychological manipulation. Widely covered and contributed to RLHF alignment concerns.
Vulnerabilities in AI/ML toolchains from the past 90 days. Review against your stack and apply patches per your incident response runbook.
OpenMed before 1.5.2 contains a remote code execution vulnerability in the PII privacy-filter model loading path. The privacy-filter dispatcher used broad substring matching on the user-supplied model_name parameter, allowing a value such as attacker/foo-privacy-filter-bar to rou…
Diffusers is the a library for pretrained diffusion models. Prior to 0.38.0, diffusers 0.37.0 allows remote code execution without the trust_remote_code=True safeguard when loading pipelines from Hugging Face Hub repositories. The _resolve_custom_pipeline_and_cls function in pip…
Improper neutralization of input during web page generation ('cross-site scripting') in Azure Machine Learning allows an unauthorized attacker to perform spoofing over a network.
Arbitrary Class Instantiation via Model Manifest in Apache OpenNLP ExtensionLoader Versions Affected: before 2.5.9, before 3.0.0-M3 Description: The ExtensionLoader.instantiateExtension(Class, String) method loads a class by its fully-qualified name via Class.forName(…
Vulnerability in the Java VM component of Oracle Database Server. Supported versions that are affected are 19.3-19.30 and 21.3-21.21. Easily exploitable vulnerability allows unauthenticated attacker with network access via Oracle Net to compromise Java VM. Successful attacks o…
Vulnerability in the RDBMS component of Oracle Database Server. Supported versions that are affected are 19.3-19.30. Easily exploitable vulnerability allows high privileged attacker having Row Access Method privilege with network access via multiple protocols to compromise RDBMS…
Vulnerability in the XML Database component of Oracle Database Server. Supported versions that are affected are 23.4.0-23.26.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTPS to compromise XML Database. Successful attacks requir…
A flaw has been found in TransformerOptimus SuperAGI up to 0.0.14. Affected by this issue is the function get_vector_db_details of the file superagi/controllers/vector_dbs.py of the component Vector Database Management Endpoint. Executing a manipulation can lead to missing authen…
Firebird is an open-source relational database management system. In versions prior to 5.0.4, 4.0.7 and 3.0.14, the xdr_status_vector() function does not handle the isc_arg_cstring type when decoding an op_response packet, causing a server crash when one is encountered in the sta…
Open Neural Network Exchange (ONNX) is an open standard for machine learning interoperability. Prior to version 1.21.0, there is a symlink traversal vulnerability in external data loading allows reading files outside the model directory. This issue has been patched in version 1.2…
Open Neural Network Exchange (ONNX) is an open standard for machine learning interoperability. Prior to version 1.21.0, there is an issue in onnx.load, the code checks for symlinks to prevent path traversal, but completely misses hardlinks because a hardlink looks exactly like a …
Open Neural Network Exchange (ONNX) is an open standard for machine learning interoperability. Prior to version 1.21.0, the ExternalDataInfo class in ONNX was using Python’s setattr() function to load metadata (like file paths or data lengths) directly from an ONNX model file. It…
Open Neural Network Exchange (ONNX) is an open standard for machine learning interoperability. Prior to version 1.21.0, a path traversal vulnerability via symlink allows to read arbitrary files outside model or user-provided directory. This issue has been patched in version 1.21.…
Each CVE should be assessed against relevant PSF domains. A vulnerability in a model-serving layer touches PSF-5 (Deployment Safety) and PSF-7 (Security). A prompt injection issue maps to PSF-1 (Input Governance). Use the framework checklist as your assessment guide.