Red hat openshift ai (rhoai)

This hub aggregates every CVE we track for Red hat openshift ai (rhoai), a product in the cloud saas space. Use it to gauge the current risk picture and drill into individual advisories.

Severity distribution

Monthly trend

The 15 most recently published vulnerabilities affecting Red hat openshift ai (rhoai).

• CVE-2026-12706Ffmpeg: ffmpeg: heap use-after-free read in rasc decoder decode_move()6.5Jun 19, 2026
• CVE-2026-12491Vllm: vllm: image exif rotation & png trns transparency not normalized, causing mismatch between model input and expectations4.8Jun 17, 2026
• CVE-2026-6385Ffmpeg: ffmpeg: denial of service and potential arbitrary code execution via signed integer overflow in dvd subtitle parser6.5Apr 15, 2026
• CVE-2026-5483Odh-dashboard: odh dashboard kubernetes service account exposure8.5Apr 10, 2026
• CVE-2025-12805Llama-stack-k8s-operator: llama stack service exposed across namespaces due to missing networkpolicy8.1Mar 26, 2026
• CVE-2026-23536Feast: unauthenticated arbitrary file read7.5Mar 20, 2026
• CVE-2025-13327Uv: uv: specially crafted zip archives lead to arbitrary code execution due to parsing differentials6.3Feb 27, 2026
• CVE-2025-11065Github.com/go-viper/mapstructure/v2: go-viper's mapstructure may leak sensitive information in logs in github.com/go-viper/mapstructure5.3Jan 26, 2026
• CVE-2026-0603Org.hibernate/hibernate-core: hibernate: information disclosure and data deletion via second-order sql injection8.3Jan 23, 2026
• CVE-2025-12103Openshift-ai: trusty ai grants all authenticated users to list pods in any namespace5.0Oct 28, 2025
• CVE-2025-8556Github.com/cloudflare/circl: circl-fourq: missing and wrong validation can lead to incorrect results3.7Aug 6, 2025
• CVE-2025-6193Trustyai-explainability: command injection via lmevaljob cr5.9Jun 20, 2025
• CVE-2025-4574Crossbeam-channel: crossbeam-channel vulnerable to double free on drop6.5May 13, 2025
• CVE-2024-11831Npm-serialize-javascript: cross-site scripting (xss) in serialize-javascript5.4Feb 10, 2025
• CVE-2024-7557Odh-dashboard: odh-model-controller: cross-model authentication bypass in openshift ai8.8Aug 8, 2024