Solution sectors / ai-ml
AI & ML
The AI/ML stack — LLM serving and inference engines, ML frameworks, vector databases and agent tooling — is evolving fast and increasingly exposed to the internet. This hub tracks its emerging CVEs.
ai-agent-tooling · 135llm-serving-inference · 41ml-framework · 32vector-db-rag · 20notebook-mlops · 16
Cumulative CVEs
3,720
across 116 monthly snapshots
Latest month
259
-5.5% MoM · +531.7% YoY
Peak month
315
Mar 25
KEV this month
0
99 vendors affected
CVEs per month
Newest period on the right. Click a point to open that monthly report.
Deployment mix
How this sector's software is typically delivered — whether you patch it yourself or a vendor does. AI-assisted vendor classification.
- SaaS65%
- Mixed25%
- On-prem10%
Latest CVEs in this sector
The 15 most recently published vulnerabilities tagged to AI & ML.
- CVE-2026-56399Open WebUI - Server-Side Request Forgery via Location Redirect in /api/v1/retrieval/process/web5.0
- CVE-2026-56278Flowise - Session Hijacking via Weak Default Express Session Secret9.1
- CVE-2026-56264Crawl4AI - Arbitrary JavaScript Execution via /execute_js Endpoint8.1
- CVE-2025-12530Vulnerabilities found in Watson Data Intelligence5.9
- CVE-2025-36319Vulnerabilities found in Watson Data Intelligence4.3
- CVE-2025-36320Vulnerabilities found in Watson Data Intelligence6.4
- CVE-2025-36321Vulnerabilities found in Watson Data Intelligence5.7
- CVE-2025-36323Vulnerabilities found in Watson Data Intelligence5.4
- CVE-2025-36324Vulnerabilities found in Watson Data Intelligence4.3
- CVE-2025-36327Vulnerabilities found in Watson Data Intelligence6.5
- CVE-2025-36328Error Message Containing Sensitive Information found in Watson Data Intelligence4.3
- CVE-2025-36333Vulnerabilities found in Watson Data Intelligence4.3
- CVE-2025-36336Transmission of Sensitive Information found in Watson Data Intelligence5.9
- CVE-2026-58373CVAT < 2.69.0 - Missing Authorization on Quality Reports parent_id Filter Leaks Cross-Organization Report Existence4.3
- CVE-2026-58116LLaMA-Factory 0.9.5 Remote Code Execution via WebUI Model Path9.8
Weakness fingerprint
Top CWE classes in this sector, latest monthly snapshot.
Top vendors
Most CVEs in this sector, latest monthly snapshot.
| Vendor | CVEs | Crit | KEV |
|---|---|---|---|
| flowiseai | 27 | 6 | · |
| flowise | 23 | 7 | · |
| open-webui | 17 | · | · |
| openwebui | 16 | · | · |
| langflow | 14 | 6 | · |
| berriai | 11 | 1 | · |
| litellm | 11 | 1 | · |
| vllm | 11 | 1 | · |
| langflow-ai | 10 | 4 | · |
| nousresearch | 9 | · | · |
Subsectors
Breakdown for the latest monthly snapshot.
| Subsector | CVEs | Crit | KEV | Vendors | MoM | Top products |
|---|---|---|---|---|---|---|
| ai-agent-tooling | 135 | 28 | · | 34 | — | flowise (50) · open-webui (17) · open webui (16) |
| llm-serving-inference | 41 | 7 | · | 21 | — | litellm (22) · vllm (19) · claude code (3) |
| ml-framework | 32 | 4 | · | 18 | — | docling (6) · stable-diffusion.cpp (4) · keras-team/keras (2) |
| vector-db-rag | 20 | · | · | 8 | — | watsonx.data intelligence (10) · chromadb (9) · milvus (2) |
| notebook-mlops | 16 | 1 | · | 12 | — | jupyter server (3) · jupyter/jupyter (3) · mlflow (3) |
| — | 15 | 6 | · | 6 | — | langflow (10) · comfyui-copilot (1) · gorse (1) |
Sector classification is AI-assisted with human review. How tagging works · Report a misclassification