Home

Database

AVID is a database of failure modes in general-purpose AI (GPAI) systems, including LLMs, API-only AI systems, developer tooling, and end-to-end applications and agents. The two base data classes are Report and Vulnerability. A report captures one concrete occurrence with supporting evidence; a vulnerability (vuln) captures a recurring failure mode.

Records in this database can be mapped to multiple taxonomy and risk frameworks, including the AVID taxonomy, CVSS risk scores, and MITRE ATLAS. This page lists the current reports and vulns in our database. To learn more about the database and usage, refer to our documentation.

Note: Older AVID records (before 2025) were curated under a broader AI/ML scope; these should be interpreted as legacy entries relative to the current GPAI-focused scope.

The definition of an “AI vulnerability” is still evolving across the ecosystem, so AVID currently uses a working definition. In this release, we are prioritizing report-level evidence and have not yet published new vulnerability records.

Reports

Reports are occurrences of a GPAI failure mode. We classify reports in four types, in increasing degree of quantitative evidence:

  1. Issue: qualitative evaluation based on a single sample or handful of samples,
  2. Advisory: qualitative evaluation based on multiple Incidents,
  3. Measurement: quantitative evaluation with associated data and metric,
  4. Detection: A Measurement deemed critical by a threshold or statistical test.

List of Reports

2026

Report IDDescriptionReport TypeDate Reported
AVID-2026-R0438Mistral Vibe CLI Python Tools Code ExecutionAdvisory2025-12-12
AVID-2026-R0437Mistral Vibe CLI Shell Expansion Command ExecutionAdvisory2026-01-02
AVID-2026-R0436Mistral Vibe CLI MCP Configuration Code ExecutionAdvisory2025-12-11
AVID-2026-R0435Microsoft Azure AI Content Safety Guardrail EvasionAdvisory2024-03-04
AVID-2026-R0434Microsoft Azure Prompt Shield Guardrail EvasionAdvisory2024-06-06
AVID-2026-R0433Meta Prompt Guard Guardrail EvasionAdvisory2025-03-11
AVID-2026-R0432Vijil Prompt Injection Guardrail EvasionAdvisory2025-03-14
AVID-2026-R0431Protect AI Jailbreak and Prompt Injection Guardrail EvasionAdvisory2025-03-12
AVID-2026-R0430Nvidia NemoGuard Jailbreak Detect Guardrail EvasionAdvisory2025-03-11
AVID-2026-R0429Cline Bot AI Coding Agent Data Exfiltration via Prompt Injection and DNSAdvisory2025-08-27
AVID-2026-R0428Cline Bot AI Coding Agent Code Execution via Prompt Injection and .clinerules DirectivesAdvisory2025-08-27
AVID-2026-R0427Cline Bot AI Coding Agent Code Execution via Prompt Injection and TOCTOU Script InvocationAdvisory2025-08-27
AVID-2026-R0426Google Antigravity IDE Persistent Code ExecutionAdvisory2025-11-19
AVID-2026-R0425Zed IDE MCP Configuration Code ExecutionAdvisory2025-11-16
AVID-2026-R0424Zed IDE LSP Configuration Code ExecutionAdvisory2025-11-16
AVID-2026-R0423TheLibrarian.io Internal Cloud Environment Access via web_fetch ToolAdvisory2025-10-10
AVID-2026-R0422JetBrains Junie AI Coding Agent guidelines.md Code ExecutionAdvisory2025-11-14
AVID-2026-R0421Google Gemini CLI MCP Configuration Code ExecutionAdvisory2025-12-26
AVID-2026-R0420Google Gemini CLI Tool Discovery Code ExecutionAdvisory2025-12-26
AVID-2026-R0419Amazon Kiro IDE Data Exfiltration via Steering FileAdvisory2025-12-08
AVID-2026-R0418Amazon Kiro IDE Data Exfiltration via Filename Prompt Injection and Kiro Powers Registry FetchingAdvisory2025-12-11
AVID-2026-R0417OpenAI Codex CLI MCP Configuration Remote Code ExecutionAdvisory2026-01-19
AVID-2026-R0416OpenAI Codex CLI Model Provider Configuration Remote Code ExecutionAdvisory2026-01-16
AVID-2026-R0415OpenAI Codex CLI Notify Field Configuration Remote Code ExecutionAdvisory2026-01-16
AVID-2026-R0414Eclipse Theia IDE MCP Configuration Code ExecutionAdvisory2025-11-18
AVID-2026-R0413OpenAI ChatGPT Content Safety Explicit Image BypassAdvisory2026-01-28
AVID-2026-R0412The model Mistral-Small-24B-Instruct-2501 from Mistral was evaluated by the Garak LLM Vulnerability scanner using the probe `phrasing.FutureTense`.Measurement2026-03-10
AVID-2026-R0411The model Mistral-Small-24B-Instruct-2501 from Mistral was evaluated by the Garak LLM Vulnerability scanner using the probe `packagehallucination.Rust`.Measurement2026-03-10
AVID-2026-R0410The model Mistral-Small-24B-Instruct-2501 from Mistral was evaluated by the Garak LLM Vulnerability scanner using the probe `encoding.InjectBase2048`.Measurement2026-03-10
AVID-2026-R0409The model Mistral-Small-24B-Instruct-2501 from Mistral was evaluated by the Garak LLM Vulnerability scanner using the probe `encoding.InjectBase16`.Measurement2026-03-10
AVID-2026-R0408The model Mistral-Small-24B-Instruct-2501 from Mistral was evaluated by the Garak LLM Vulnerability scanner using the probe `encoding.InjectAtbash`.Measurement2026-03-10
AVID-2026-R0407The model Mistral-Small-24B-Instruct-2501 from Mistral was evaluated by the Garak LLM Vulnerability scanner using the probe `encoding.InjectAscii85`.Measurement2026-03-10
AVID-2026-R0406The model Mistral-Small-24B-Instruct-2501 from Mistral was evaluated by the Garak LLM Vulnerability scanner using the probe `dra.DRA`.Measurement2026-03-10
AVID-2026-R0405The model Mistral-Small-24B-Instruct-2501 from Mistral was evaluated by the Garak LLM Vulnerability scanner using the probe `divergence.RepeatedToken`.Measurement2026-03-10
AVID-2026-R0404The model Mistral-Small-24B-Instruct-2501 from Mistral was evaluated by the Garak LLM Vulnerability scanner using the probe `divergence.Repeat`.Measurement2026-03-10
AVID-2026-R0403The model Mistral-Small-24B-Instruct-2501 from Mistral was evaluated by the Garak LLM Vulnerability scanner using the probe `dan.DanInTheWild`.Measurement2026-03-10
AVID-2026-R0402The model Mistral-Small-24B-Instruct-2501 from Mistral was evaluated by the Garak LLM Vulnerability scanner using the probe `dan.AutoDANCached`.Measurement2026-03-10
AVID-2026-R0401The model Mistral-Small-24B-Instruct-2501 from Mistral was evaluated by the Garak LLM Vulnerability scanner using the probe `dan.Ablation_Dan_11_0`.Measurement2026-03-10
AVID-2026-R0400The model Mistral-Small-24B-Instruct-2501 from Mistral was evaluated by the Garak LLM Vulnerability scanner using the probe `continuation.ContinueSlursReclaimedSlurs`.Measurement2026-03-10
AVID-2026-R0399The model Mistral-Small-24B-Instruct-2501 from Mistral was evaluated by the Garak LLM Vulnerability scanner using the probe `atkgen.Tox`.Measurement2026-03-10
AVID-2026-R0398The model Mistral-Small-24B-Instruct-2501 from Mistral was evaluated by the Garak LLM Vulnerability scanner using the probe `apikey.GetKey`.Measurement2026-03-10
AVID-2026-R0397The model Mistral-Small-24B-Instruct-2501 from Mistral was evaluated by the Garak LLM Vulnerability scanner using the probe `apikey.CompleteKey`.Measurement2026-03-10
AVID-2026-R0396The model Mistral-Small-24B-Instruct-2501 from Mistral was evaluated by the Garak LLM Vulnerability scanner using the probe `ansiescape.AnsiRaw`.Measurement2026-03-10
AVID-2026-R0395The model Mistral-Small-24B-Instruct-2501 from Mistral was evaluated by the Garak LLM Vulnerability scanner using the probe `ansiescape.AnsiEscaped`.Measurement2026-03-10
AVID-2026-R0394The model Mistral-Small-24B-Instruct-2501 from Mistral was evaluated by the Garak LLM Vulnerability scanner using the probe `packagehallucination.Perl`.Measurement2026-03-10
AVID-2026-R0393The model Mistral-Small-24B-Instruct-2501 from Mistral was evaluated by the Garak LLM Vulnerability scanner using the probe `packagehallucination.JavaScript`.Measurement2026-03-10
AVID-2026-R0392The model Mistral-Small-24B-Instruct-2501 from Mistral was evaluated by the Garak LLM Vulnerability scanner using the probe `packagehallucination.Dart`.Measurement2026-03-10
AVID-2026-R0391The model Mistral-Small-24B-Instruct-2501 from Mistral was evaluated by the Garak LLM Vulnerability scanner using the probe `misleading.FalseAssertion`.Measurement2026-03-10
AVID-2026-R0390The model Mistral-Small-24B-Instruct-2501 from Mistral was evaluated by the Garak LLM Vulnerability scanner using the probe `malwaregen.TopLevel`.Measurement2026-03-10
AVID-2026-R0389The model Mistral-Small-24B-Instruct-2501 from Mistral was evaluated by the Garak LLM Vulnerability scanner using the probe `malwaregen.SubFunctions`.Measurement2026-03-10
AVID-2026-R0388The model Mistral-Small-24B-Instruct-2501 from Mistral was evaluated by the Garak LLM Vulnerability scanner using the probe `malwaregen.Payload`.Measurement2026-03-10
AVID-2026-R0387The model Mistral-Small-24B-Instruct-2501 from Mistral was evaluated by the Garak LLM Vulnerability scanner using the probe `malwaregen.Evasion`.Measurement2026-03-10
AVID-2026-R0386The model Mistral-Small-24B-Instruct-2501 from Mistral was evaluated by the Garak LLM Vulnerability scanner using the probe `lmrc.SlurUsage`.Measurement2026-03-10
AVID-2026-R0385The model Mistral-Small-24B-Instruct-2501 from Mistral was evaluated by the Garak LLM Vulnerability scanner using the probe `lmrc.Sexualisation`.Measurement2026-03-10
AVID-2026-R0384The model Mistral-Small-24B-Instruct-2501 from Mistral was evaluated by the Garak LLM Vulnerability scanner using the probe `lmrc.SexualContent`.Measurement2026-03-10
AVID-2026-R0383The model Mistral-Small-24B-Instruct-2501 from Mistral was evaluated by the Garak LLM Vulnerability scanner using the probe `lmrc.QuackMedicine`.Measurement2026-03-10
AVID-2026-R0382The model Mistral-Small-24B-Instruct-2501 from Mistral was evaluated by the Garak LLM Vulnerability scanner using the probe `lmrc.Deadnaming`.Measurement2026-03-10
AVID-2026-R0381The model Mistral-Small-24B-Instruct-2501 from Mistral was evaluated by the Garak LLM Vulnerability scanner using the probe `lmrc.Bullying`.Measurement2026-03-10
AVID-2026-R0380The model Mistral-Small-24B-Instruct-2501 from Mistral was evaluated by the Garak LLM Vulnerability scanner using the probe `leakreplay.PotterComplete`.Measurement2026-03-10
AVID-2026-R0379The model Mistral-Small-24B-Instruct-2501 from Mistral was evaluated by the Garak LLM Vulnerability scanner using the probe `leakreplay.PotterCloze`.Measurement2026-03-10
AVID-2026-R0378The model Mistral-Small-24B-Instruct-2501 from Mistral was evaluated by the Garak LLM Vulnerability scanner using the probe `leakreplay.NYTComplete`.Measurement2026-03-10
AVID-2026-R0377The model Mistral-Small-24B-Instruct-2501 from Mistral was evaluated by the Garak LLM Vulnerability scanner using the probe `leakreplay.NYTCloze`.Measurement2026-03-10
AVID-2026-R0376The model Mistral-Small-24B-Instruct-2501 from Mistral was evaluated by the Garak LLM Vulnerability scanner using the probe `leakreplay.LiteratureComplete`.Measurement2026-03-10
AVID-2026-R0375The model Mistral-Small-24B-Instruct-2501 from Mistral was evaluated by the Garak LLM Vulnerability scanner using the probe `leakreplay.LiteratureCloze`.Measurement2026-03-10
AVID-2026-R0374The model Mistral-Small-24B-Instruct-2501 from Mistral was evaluated by the Garak LLM Vulnerability scanner using the probe `leakreplay.GuardianComplete`.Measurement2026-03-10
AVID-2026-R0373The model Mistral-Small-24B-Instruct-2501 from Mistral was evaluated by the Garak LLM Vulnerability scanner using the probe `leakreplay.GuardianCloze`.Measurement2026-03-10
AVID-2026-R0372The model Mistral-Small-24B-Instruct-2501 from Mistral was evaluated by the Garak LLM Vulnerability scanner using the probe `latentinjection.LatentWhoisSnippet`.Measurement2026-03-10
AVID-2026-R0371The model gpt-oss-20b from OpenAI was evaluated by the Garak LLM Vulnerability scanner using the probe `web_injection.TaskXSS`.Measurement2026-03-10
AVID-2026-R0370The model gpt-oss-20b from OpenAI was evaluated by the Garak LLM Vulnerability scanner using the probe `web_injection.StringAssemblyDataExfil`.Measurement2026-03-10
AVID-2026-R0369The model gpt-oss-20b from OpenAI was evaluated by the Garak LLM Vulnerability scanner using the probe `web_injection.PlaygroundMarkdownExfil`.Measurement2026-03-10
AVID-2026-R0368The model gpt-oss-20b from OpenAI was evaluated by the Garak LLM Vulnerability scanner using the probe `web_injection.MarkdownXSS`.Measurement2026-03-10
AVID-2026-R0367The model gpt-oss-20b from OpenAI was evaluated by the Garak LLM Vulnerability scanner using the probe `web_injection.MarkdownURINonImageExfilExtended`.Measurement2026-03-10
AVID-2026-R0366The model gpt-oss-20b from OpenAI was evaluated by the Garak LLM Vulnerability scanner using the probe `web_injection.MarkdownURIImageExfilExtended`.Measurement2026-03-10
AVID-2026-R0365The model gpt-oss-20b from OpenAI was evaluated by the Garak LLM Vulnerability scanner using the probe `web_injection.MarkdownImageExfil`.Measurement2026-03-10
AVID-2026-R0364The model gpt-oss-20b from OpenAI was evaluated by the Garak LLM Vulnerability scanner using the probe `web_injection.ColabAIDataLeakage`.Measurement2026-03-10
AVID-2026-R0363The model gpt-oss-20b from OpenAI was evaluated by the Garak LLM Vulnerability scanner using the probe `topic.WordnetControversial`.Measurement2026-03-10
AVID-2026-R0362The model gpt-oss-20b from OpenAI was evaluated by the Garak LLM Vulnerability scanner using the probe `tap.TAPCached`.Measurement2026-03-10
AVID-2026-R0361The model gpt-oss-20b from OpenAI was evaluated by the Garak LLM Vulnerability scanner using the probe `suffix.GCGCached`.Measurement2026-03-10
AVID-2026-R0360The model gpt-oss-20b from OpenAI was evaluated by the Garak LLM Vulnerability scanner using the probe `snowball.GraphConnectivity`.Measurement2026-03-10
AVID-2026-R0359The model gpt-oss-20b from OpenAI was evaluated by the Garak LLM Vulnerability scanner using the probe `promptinject.HijackLongPrompt`.Measurement2026-03-10
AVID-2026-R0358The model gpt-oss-20b from OpenAI was evaluated by the Garak LLM Vulnerability scanner using the probe `promptinject.HijackKillHumans`.Measurement2026-03-10
AVID-2026-R0357The model gpt-oss-20b from OpenAI was evaluated by the Garak LLM Vulnerability scanner using the probe `promptinject.HijackHateHumans`.Measurement2026-03-10
AVID-2026-R0356The model gpt-oss-20b from OpenAI was evaluated by the Garak LLM Vulnerability scanner using the probe `phrasing.PastTense`.Measurement2026-03-10
AVID-2026-R0355The model gpt-oss-20b from OpenAI was evaluated by the Garak LLM Vulnerability scanner using the probe `phrasing.FutureTense`.Measurement2026-03-10
AVID-2026-R0354The model gpt-oss-20b from OpenAI was evaluated by the Garak LLM Vulnerability scanner using the probe `packagehallucination.Rust`.Measurement2026-03-10
AVID-2026-R0353The model gpt-oss-20b from OpenAI was evaluated by the Garak LLM Vulnerability scanner using the probe `packagehallucination.Ruby`.Measurement2026-03-10
AVID-2026-R0352The model gpt-oss-20b from OpenAI was evaluated by the Garak LLM Vulnerability scanner using the probe `packagehallucination.RakuLand`.Measurement2026-03-10
AVID-2026-R0351The model gpt-oss-20b from OpenAI was evaluated by the Garak LLM Vulnerability scanner using the probe `packagehallucination.Python`.Measurement2026-03-10
AVID-2026-R0350The model gpt-oss-20b from OpenAI was evaluated by the Garak LLM Vulnerability scanner using the probe `packagehallucination.Perl`.Measurement2026-03-10
AVID-2026-R0349The model gpt-oss-20b from OpenAI was evaluated by the Garak LLM Vulnerability scanner using the probe `packagehallucination.JavaScript`.Measurement2026-03-10
AVID-2026-R0348The model gpt-oss-20b from OpenAI was evaluated by the Garak LLM Vulnerability scanner using the probe `packagehallucination.Dart`.Measurement2026-03-10
AVID-2026-R0347The model gpt-oss-20b from OpenAI was evaluated by the Garak LLM Vulnerability scanner using the probe `misleading.FalseAssertion`.Measurement2026-03-10
AVID-2026-R0346The model gpt-oss-20b from OpenAI was evaluated by the Garak LLM Vulnerability scanner using the probe `malwaregen.TopLevel`.Measurement2026-03-10
AVID-2026-R0345The model gpt-oss-20b from OpenAI was evaluated by the Garak LLM Vulnerability scanner using the probe `malwaregen.SubFunctions`.Measurement2026-03-10
AVID-2026-R0344The model gpt-oss-20b from OpenAI was evaluated by the Garak LLM Vulnerability scanner using the probe `malwaregen.Payload`.Measurement2026-03-10
AVID-2026-R0343The model gpt-oss-20b from OpenAI was evaluated by the Garak LLM Vulnerability scanner using the probe `malwaregen.Evasion`.Measurement2026-03-10
AVID-2026-R0342The model gpt-oss-20b from OpenAI was evaluated by the Garak LLM Vulnerability scanner using the probe `lmrc.SlurUsage`.Measurement2026-03-10
AVID-2026-R0341The model gpt-oss-20b from OpenAI was evaluated by the Garak LLM Vulnerability scanner using the probe `lmrc.Sexualisation`.Measurement2026-03-10
AVID-2026-R0340The model gpt-oss-20b from OpenAI was evaluated by the Garak LLM Vulnerability scanner using the probe `lmrc.SexualContent`.Measurement2026-03-10
AVID-2026-R0339The model gpt-oss-20b from OpenAI was evaluated by the Garak LLM Vulnerability scanner using the probe `lmrc.QuackMedicine`.Measurement2026-03-10
AVID-2026-R0338The model gpt-oss-20b from OpenAI was evaluated by the Garak LLM Vulnerability scanner using the probe `lmrc.Deadnaming`.Measurement2026-03-10
AVID-2026-R0337The model gpt-oss-20b from OpenAI was evaluated by the Garak LLM Vulnerability scanner using the probe `lmrc.Bullying`.Measurement2026-03-10
AVID-2026-R0336The model gpt-oss-20b from OpenAI was evaluated by the Garak LLM Vulnerability scanner using the probe `leakreplay.PotterComplete`.Measurement2026-03-10
AVID-2026-R0335The model gpt-oss-20b from OpenAI was evaluated by the Garak LLM Vulnerability scanner using the probe `leakreplay.PotterCloze`.Measurement2026-03-10
AVID-2026-R0334The model gpt-oss-20b from OpenAI was evaluated by the Garak LLM Vulnerability scanner using the probe `leakreplay.NYTComplete`.Measurement2026-03-10
AVID-2026-R0333The model gpt-oss-20b from OpenAI was evaluated by the Garak LLM Vulnerability scanner using the probe `leakreplay.NYTCloze`.Measurement2026-03-10
AVID-2026-R0332The model gpt-oss-20b from OpenAI was evaluated by the Garak LLM Vulnerability scanner using the probe `leakreplay.LiteratureComplete`.Measurement2026-03-10
AVID-2026-R0331The model gpt-oss-20b from OpenAI was evaluated by the Garak LLM Vulnerability scanner using the probe `leakreplay.LiteratureCloze`.Measurement2026-03-10
AVID-2026-R0330The model gpt-oss-20b from OpenAI was evaluated by the Garak LLM Vulnerability scanner using the probe `leakreplay.GuardianComplete`.Measurement2026-03-10
AVID-2026-R0329The model gpt-oss-20b from OpenAI was evaluated by the Garak LLM Vulnerability scanner using the probe `leakreplay.GuardianCloze`.Measurement2026-03-10
AVID-2026-R0328The model gpt-oss-20b from OpenAI was evaluated by the Garak LLM Vulnerability scanner using the probe `latentinjection.LatentWhoisSnippet`.Measurement2026-03-10
AVID-2026-R0327The model gpt-oss-20b from OpenAI was evaluated by the Garak LLM Vulnerability scanner using the probe `latentinjection.LatentWhois`.Measurement2026-03-10
AVID-2026-R0326The model gpt-oss-20b from OpenAI was evaluated by the Garak LLM Vulnerability scanner using the probe `latentinjection.LatentJailbreak`.Measurement2026-03-10
AVID-2026-R0325The model gpt-oss-20b from OpenAI was evaluated by the Garak LLM Vulnerability scanner using the probe `latentinjection.LatentInjectionTranslationEnZh`.Measurement2026-03-10
AVID-2026-R0324The model gpt-oss-20b from OpenAI was evaluated by the Garak LLM Vulnerability scanner using the probe `latentinjection.LatentInjectionTranslationEnFr`.Measurement2026-03-10
AVID-2026-R0323The model gpt-oss-20b from OpenAI was evaluated by the Garak LLM Vulnerability scanner using the probe `latentinjection.LatentInjectionResume`.Measurement2026-03-10
AVID-2026-R0322The model gpt-oss-20b from OpenAI was evaluated by the Garak LLM Vulnerability scanner using the probe `latentinjection.LatentInjectionReport`.Measurement2026-03-10
AVID-2026-R0321The model gpt-oss-20b from OpenAI was evaluated by the Garak LLM Vulnerability scanner using the probe `latentinjection.LatentInjectionFactSnippetLegal`.Measurement2026-03-10
AVID-2026-R0320The model gpt-oss-20b from OpenAI was evaluated by the Garak LLM Vulnerability scanner using the probe `latentinjection.LatentInjectionFactSnippetEiffel`.Measurement2026-03-10
AVID-2026-R0319The model gpt-oss-20b from OpenAI was evaluated by the Garak LLM Vulnerability scanner using the probe `grandma.Win11`.Measurement2026-03-10
AVID-2026-R0318The model gpt-oss-20b from OpenAI was evaluated by the Garak LLM Vulnerability scanner using the probe `grandma.Win10`.Measurement2026-03-10
AVID-2026-R0317The model gpt-oss-20b from OpenAI was evaluated by the Garak LLM Vulnerability scanner using the probe `grandma.Substances`.Measurement2026-03-10
AVID-2026-R0316The model gpt-oss-20b from OpenAI was evaluated by the Garak LLM Vulnerability scanner using the probe `grandma.Slurs`.Measurement2026-03-10
AVID-2026-R0315The model gpt-oss-20b from OpenAI was evaluated by the Garak LLM Vulnerability scanner using the probe `goodside.WhoIsRiley`.Measurement2026-03-10
AVID-2026-R0314The model gpt-oss-20b from OpenAI was evaluated by the Garak LLM Vulnerability scanner using the probe `goodside.ThreatenJSON`.Measurement2026-03-10
AVID-2026-R0313The model gpt-oss-20b from OpenAI was evaluated by the Garak LLM Vulnerability scanner using the probe `goodside.Tag`.Measurement2026-03-10
AVID-2026-R0312The model gpt-oss-20b from OpenAI was evaluated by the Garak LLM Vulnerability scanner using the probe `exploitation.SQLInjectionEcho`.Measurement2026-03-10
AVID-2026-R0311The model gpt-oss-20b from OpenAI was evaluated by the Garak LLM Vulnerability scanner using the probe `exploitation.JinjaTemplatePythonInjection`.Measurement2026-03-10
AVID-2026-R0310The model gpt-oss-20b from OpenAI was evaluated by the Garak LLM Vulnerability scanner using the probe `encoding.InjectZalgo`.Measurement2026-03-10
AVID-2026-R0309The model gpt-oss-20b from OpenAI was evaluated by the Garak LLM Vulnerability scanner using the probe `encoding.InjectUnicodeTagChars`.Measurement2026-03-10
AVID-2026-R0308The model gpt-oss-20b from OpenAI was evaluated by the Garak LLM Vulnerability scanner using the probe `encoding.InjectUU`.Measurement2026-03-10
AVID-2026-R0307The model gpt-oss-20b from OpenAI was evaluated by the Garak LLM Vulnerability scanner using the probe `encoding.InjectROT13`.Measurement2026-03-10
AVID-2026-R0306The model gpt-oss-20b from OpenAI was evaluated by the Garak LLM Vulnerability scanner using the probe `encoding.InjectNato`.Measurement2026-03-10
AVID-2026-R0305The model gpt-oss-20b from OpenAI was evaluated by the Garak LLM Vulnerability scanner using the probe `encoding.InjectMorse`.Measurement2026-03-10
AVID-2026-R0304The model gpt-oss-20b from OpenAI was evaluated by the Garak LLM Vulnerability scanner using the probe `encoding.InjectHex`.Measurement2026-03-10
AVID-2026-R0303The model gpt-oss-20b from OpenAI was evaluated by the Garak LLM Vulnerability scanner using the probe `encoding.InjectEcoji`.Measurement2026-03-10
AVID-2026-R0302The model gpt-oss-20b from OpenAI was evaluated by the Garak LLM Vulnerability scanner using the probe `encoding.InjectBraille`.Measurement2026-03-10
AVID-2026-R0301The model gpt-oss-20b from OpenAI was evaluated by the Garak LLM Vulnerability scanner using the probe `encoding.InjectBase64`.Measurement2026-03-10
AVID-2026-R0300The model gpt-oss-20b from OpenAI was evaluated by the Garak LLM Vulnerability scanner using the probe `encoding.InjectBase32`.Measurement2026-03-10
AVID-2026-R0299The model gpt-oss-20b from OpenAI was evaluated by the Garak LLM Vulnerability scanner using the probe `encoding.InjectBase2048`.Measurement2026-03-10
AVID-2026-R0298The model gpt-oss-20b from OpenAI was evaluated by the Garak LLM Vulnerability scanner using the probe `encoding.InjectBase16`.Measurement2026-03-10
AVID-2026-R0297The model gpt-oss-20b from OpenAI was evaluated by the Garak LLM Vulnerability scanner using the probe `encoding.InjectAtbash`.Measurement2026-03-10
AVID-2026-R0296The model gpt-oss-20b from OpenAI was evaluated by the Garak LLM Vulnerability scanner using the probe `encoding.InjectAscii85`.Measurement2026-03-10
AVID-2026-R0295The model gpt-oss-20b from OpenAI was evaluated by the Garak LLM Vulnerability scanner using the probe `dra.DRA`.Measurement2026-03-10
AVID-2026-R0294The model gpt-oss-20b from OpenAI was evaluated by the Garak LLM Vulnerability scanner using the probe `divergence.RepeatedToken`.Measurement2026-03-10
AVID-2026-R0293The model gpt-oss-20b from OpenAI was evaluated by the Garak LLM Vulnerability scanner using the probe `divergence.Repeat`.Measurement2026-03-10
AVID-2026-R0292The model gpt-oss-20b from OpenAI was evaluated by the Garak LLM Vulnerability scanner using the probe `dan.DanInTheWild`.Measurement2026-03-10
AVID-2026-R0291The model gpt-oss-20b from OpenAI was evaluated by the Garak LLM Vulnerability scanner using the probe `dan.AutoDANCached`.Measurement2026-03-10
AVID-2026-R0290The model gpt-oss-20b from OpenAI was evaluated by the Garak LLM Vulnerability scanner using the probe `dan.Ablation_Dan_11_0`.Measurement2026-03-10
AVID-2026-R0289The model gpt-oss-20b from OpenAI was evaluated by the Garak LLM Vulnerability scanner using the probe `continuation.ContinueSlursReclaimedSlurs`.Measurement2026-03-10
AVID-2026-R0288The model gpt-oss-20b from OpenAI was evaluated by the Garak LLM Vulnerability scanner using the probe `atkgen.Tox`.Measurement2026-03-10
AVID-2026-R0287The model gpt-oss-20b from OpenAI was evaluated by the Garak LLM Vulnerability scanner using the probe `apikey.GetKey`.Measurement2026-03-10
AVID-2026-R0286The model gpt-oss-20b from OpenAI was evaluated by the Garak LLM Vulnerability scanner using the probe `apikey.CompleteKey`.Measurement2026-03-10
AVID-2026-R0285The model gpt-oss-20b from OpenAI was evaluated by the Garak LLM Vulnerability scanner using the probe `ansiescape.AnsiRaw`.Measurement2026-03-10
AVID-2026-R0284The model gpt-oss-20b from OpenAI was evaluated by the Garak LLM Vulnerability scanner using the probe `ansiescape.AnsiEscaped`.Measurement2026-03-10
AVID-2026-R0283The model Mistral-Small-24B-Instruct-2501 from Mistral was evaluated by the Garak LLM Vulnerability scanner using the probe `encoding.InjectBase64`.Measurement2026-03-10
AVID-2026-R0282The model Mistral-Small-24B-Instruct-2501 from Mistral was evaluated by the Garak LLM Vulnerability scanner using the probe `encoding.InjectBase32`.Measurement2026-03-10
AVID-2026-R0281The model Mistral-Small-24B-Instruct-2501 from Mistral was evaluated by the Garak LLM Vulnerability scanner using the probe `latentinjection.LatentJailbreak`.Measurement2026-03-10
AVID-2026-R0280The model Mistral-Small-24B-Instruct-2501 from Mistral was evaluated by the Garak LLM Vulnerability scanner using the probe `latentinjection.LatentInjectionTranslationEnZh`.Measurement2026-03-10
AVID-2026-R0279The model Mistral-Small-24B-Instruct-2501 from Mistral was evaluated by the Garak LLM Vulnerability scanner using the probe `latentinjection.LatentInjectionTranslationEnFr`.Measurement2026-03-10
AVID-2026-R0278The model Mistral-Small-24B-Instruct-2501 from Mistral was evaluated by the Garak LLM Vulnerability scanner using the probe `latentinjection.LatentInjectionResume`.Measurement2026-03-10
AVID-2026-R0277The model Mistral-Small-24B-Instruct-2501 from Mistral was evaluated by the Garak LLM Vulnerability scanner using the probe `latentinjection.LatentInjectionReport`.Measurement2026-03-10
AVID-2026-R0276The model Mistral-Small-24B-Instruct-2501 from Mistral was evaluated by the Garak LLM Vulnerability scanner using the probe `latentinjection.LatentInjectionFactSnippetLegal`.Measurement2026-03-10
AVID-2026-R0275The model Mistral-Small-24B-Instruct-2501 from Mistral was evaluated by the Garak LLM Vulnerability scanner using the probe `latentinjection.LatentInjectionFactSnippetEiffel`.Measurement2026-03-10
AVID-2026-R0274The model Mistral-Small-24B-Instruct-2501 from Mistral was evaluated by the Garak LLM Vulnerability scanner using the probe `grandma.Win11`.Measurement2026-03-10
AVID-2026-R0273The model Mistral-Small-24B-Instruct-2501 from Mistral was evaluated by the Garak LLM Vulnerability scanner using the probe `grandma.Win10`.Measurement2026-03-10
AVID-2026-R0272The model Mistral-Small-24B-Instruct-2501 from Mistral was evaluated by the Garak LLM Vulnerability scanner using the probe `grandma.Substances`.Measurement2026-03-10
AVID-2026-R0271The model Mistral-Small-24B-Instruct-2501 from Mistral was evaluated by the Garak LLM Vulnerability scanner using the probe `grandma.Slurs`.Measurement2026-03-10
AVID-2026-R0270The model Mistral-Small-24B-Instruct-2501 from Mistral was evaluated by the Garak LLM Vulnerability scanner using the probe `goodside.WhoIsRiley`.Measurement2026-03-10
AVID-2026-R0269The model Mistral-Small-24B-Instruct-2501 from Mistral was evaluated by the Garak LLM Vulnerability scanner using the probe `goodside.ThreatenJSON`.Measurement2026-03-10
AVID-2026-R0268The model Mistral-Small-24B-Instruct-2501 from Mistral was evaluated by the Garak LLM Vulnerability scanner using the probe `goodside.Tag`.Measurement2026-03-10
AVID-2026-R0267The model Mistral-Small-24B-Instruct-2501 from Mistral was evaluated by the Garak LLM Vulnerability scanner using the probe `exploitation.SQLInjectionEcho`.Measurement2026-03-10
AVID-2026-R0266The model Mistral-Small-24B-Instruct-2501 from Mistral was evaluated by the Garak LLM Vulnerability scanner using the probe `exploitation.JinjaTemplatePythonInjection`.Measurement2026-03-10
AVID-2026-R0265The model Mistral-Small-24B-Instruct-2501 from Mistral was evaluated by the Garak LLM Vulnerability scanner using the probe `encoding.InjectZalgo`.Measurement2026-03-10
AVID-2026-R0264The model Mistral-Small-24B-Instruct-2501 from Mistral was evaluated by the Garak LLM Vulnerability scanner using the probe `encoding.InjectUnicodeTagChars`.Measurement2026-03-10
AVID-2026-R0263The model Mistral-Small-24B-Instruct-2501 from Mistral was evaluated by the Garak LLM Vulnerability scanner using the probe `encoding.InjectUU`.Measurement2026-03-10
AVID-2026-R0262The model Mistral-Small-24B-Instruct-2501 from Mistral was evaluated by the Garak LLM Vulnerability scanner using the probe `encoding.InjectROT13`.Measurement2026-03-10
AVID-2026-R0261The model Mistral-Small-24B-Instruct-2501 from Mistral was evaluated by the Garak LLM Vulnerability scanner using the probe `encoding.InjectNato`.Measurement2026-03-10
AVID-2026-R0260The model Mistral-Small-24B-Instruct-2501 from Mistral was evaluated by the Garak LLM Vulnerability scanner using the probe `encoding.InjectMorse`.Measurement2026-03-10
AVID-2026-R0259The model Mistral-Small-24B-Instruct-2501 from Mistral was evaluated by the Garak LLM Vulnerability scanner using the probe `encoding.InjectHex`.Measurement2026-03-10
AVID-2026-R0258The model Mistral-Small-24B-Instruct-2501 from Mistral was evaluated by the Garak LLM Vulnerability scanner using the probe `encoding.InjectEcoji`.Measurement2026-03-10
AVID-2026-R0257The model Mistral-Small-24B-Instruct-2501 from Mistral was evaluated by the Garak LLM Vulnerability scanner using the probe `encoding.InjectBraille`.Measurement2026-03-10
AVID-2026-R0256The model Mistral-Small-24B-Instruct-2501 from Mistral was evaluated by the Garak LLM Vulnerability scanner using the probe `promptinject.HijackKillHumans`.Measurement2026-03-10
AVID-2026-R0255The model Mistral-Small-24B-Instruct-2501 from Mistral was evaluated by the Garak LLM Vulnerability scanner using the probe `promptinject.HijackHateHumans`.Measurement2026-03-10
AVID-2026-R0254The model Mistral-Small-24B-Instruct-2501 from Mistral was evaluated by the Garak LLM Vulnerability scanner using the probe `phrasing.PastTense`.Measurement2026-03-10
AVID-2026-R0253Dia: Increased Spoof Risk; Missing full screen toast (CVE-2025-13132)Advisory2025-11-21
AVID-2026-R0251Data exfiltration via prompt injectionIssue2026-03-04
AVID-2026-R0250Critical authentication bypass vulnerability in Base44Advisory2026-03-04
AVID-2026-R0249Exposed ClickHouse database leaking sensitive informationIssue2026-03-04
AVID-2026-R0248Misconfigured database exposes sensitive API keysAdvisory2026-03-04
AVID-2026-R0247OpenClaw: ACP prompt-size checks missing in local stdio bridge could reduce responsiveness with very large inputs (CVE-2026-27576)Advisory2026-02-21
AVID-2026-R0246OpenClaw hardened cron webhook delivery against SSRF (CVE-2026-27488)Advisory2026-02-21
AVID-2026-R0245OpenClaw: Prevent shell injection in macOS keychain credential write (CVE-2026-27487)Advisory2026-02-21
AVID-2026-R0244OpenClaw: Process Safety - Unvalidated PID Kill via SIGKILL in Process Cleanup (CVE-2026-27486)Advisory2026-02-21
AVID-2026-R0243OpenClaw affected by Stored XSS in Control UI via unsanitized assistant name/avatar in inline script injection (CVE-2026-27485)Advisory2026-02-21
AVID-2026-R0242OpenClaw Discord moderation authorization used untrusted sender identity in tool-driven flows (CVE-2026-27484)Advisory2026-02-21
AVID-2026-R0241OpenClaw affected by Stored XSS in Control UI via unsanitized assistant name/avatar in inline script injection (CVE-2026-27009)Advisory2026-02-19
AVID-2026-R0240OpenClaw hardened the skill download target directory validation (CVE-2026-27008)Advisory2026-02-19
AVID-2026-R0239OpenClaw's sandbox config hash sorted primitive arrays and suppressed needed container recreation (CVE-2026-27007)Advisory2026-02-19
AVID-2026-R0238OpenClaw session tool visibility hardening and Telegram webhook secret fallback (CVE-2026-27004)Advisory2026-02-19
AVID-2026-R0237OpenClaw: Telegram bot token exposure via logs (CVE-2026-27003)Advisory2026-02-19
AVID-2026-R0236OpenClaw: Docker container escape via unvalidated bind mount config injection (CVE-2026-27002)Advisory2026-02-19
AVID-2026-R0235OpenClaw: Unsanitized CWD path injection into LLM prompts (CVE-2026-27001)Advisory2026-02-19
AVID-2026-R0234OpenClaw has a Path Traversal in Browser Download Functionality (CVE-2026-26972)Advisory2026-02-19
AVID-2026-R0233OpenClaw has a path traversal in browser upload allows local file read (CVE-2026-26329)Advisory2026-02-19
AVID-2026-R0232OpenClaw iMessage group allowlist authorization inherited DM pairing-store identities (CVE-2026-26328)Advisory2026-02-19
AVID-2026-R0231OpenClaw allows unauthenticated discovery TXT records to steer routing and TLS pinning (CVE-2026-26327)Advisory2026-02-19
AVID-2026-R0230OpenClaw skills.status could leak secrets to operator.read clients (CVE-2026-26326)Advisory2026-02-19
AVID-2026-R0229OpenClaw Node host system.run rawCommand/command mismatch can bypass allowlist/approvals (CVE-2026-26325)Advisory2026-02-19
AVID-2026-R0228OpenClaw has a SSRF guard bypass via full-form IPv4-mapped IPv6 (loopback / metadata reachable) (CVE-2026-26324)Advisory2026-02-19
AVID-2026-R0227OpenClaw has a command injection in maintainer clawtributors updater (CVE-2026-26323)Advisory2026-02-19
AVID-2026-R0226OpenClaw Gateway tool allowed unrestricted gatewayUrl override (CVE-2026-26322)Advisory2026-02-19
AVID-2026-R0225OpenClaw has a local file disclosure via sendMediaFeishu in Feishu extension (CVE-2026-26321)Advisory2026-02-19
AVID-2026-R0224OpenClaw macOS deep link confirmation truncation can conceal executed agent message (CVE-2026-26320)Advisory2026-02-19
AVID-2026-R0223OpenClaw has Missing Webhook Authentication in Telnyx Provider Allowing Unauthenticated Requests (CVE-2026-26319)Advisory2026-02-19
AVID-2026-R0222OpenClaw affected by cross-site request forgery (CSRF) through loopback browser mutation endpoints (CVE-2026-26317)Advisory2026-02-19
AVID-2026-R0221OpenClaw has BlueBubbles webhook auth bypass via loopback proxy trust (CVE-2026-26316)Advisory2026-02-19
AVID-2026-R0220OpenClaw Affected by Unauthenticated Local RCE via WebSocket config.apply (CVE-2026-25593)Advisory2026-02-06
AVID-2026-R0219OpenClaw Vulnerable to Local File Inclusion via MEDIA: Path Extraction (CVE-2026-25475)Advisory2026-02-04
AVID-2026-R0218OpenClaw has a Telegram webhook request forgery (missing `channels.telegram.webhookSecret`) → auth bypass (CVE-2026-25474)Advisory2026-02-19
AVID-2026-R0217Vulnerability CVE-2026-25253Advisory2026-02-01
AVID-2026-R0216OpenClaw/Clawdbot has OS Command Injection via Project Root Path in sshNodeCommand (CVE-2026-25157)Advisory2026-02-04
AVID-2026-R0215OpenClaw has Remote Code Execution via System Prompt Injection in Slack Channel Descriptions (CVE-2026-24764)Advisory2026-02-19
AVID-2026-R0214Authenticated Command Injection in OpenClaw Docker Execution via PATH Environment Variable (CVE-2026-24763)Advisory2026-02-02
AVID-2026-R0213The model Kimi-K2-Instruct-0905 from Moonshot AI was evaluated by the Garak LLM Vulnerability scanner using the probe `web_injection.TaskXSS`.Measurement2026-02-20
AVID-2026-R0212The model Kimi-K2-Instruct-0905 from Moonshot AI was evaluated by the Garak LLM Vulnerability scanner using the probe `web_injection.StringAssemblyDataExfil`.Measurement2026-02-20
AVID-2026-R0211The model Kimi-K2-Instruct-0905 from Moonshot AI was evaluated by the Garak LLM Vulnerability scanner using the probe `web_injection.PlaygroundMarkdownExfil`.Measurement2026-02-20
AVID-2026-R0210The model Kimi-K2-Instruct-0905 from Moonshot AI was evaluated by the Garak LLM Vulnerability scanner using the probe `web_injection.MarkdownXSS`.Measurement2026-02-20
AVID-2026-R0209The model Kimi-K2-Instruct-0905 from Moonshot AI was evaluated by the Garak LLM Vulnerability scanner using the probe `web_injection.MarkdownURINonImageExfilExtended`.Measurement2026-02-20
AVID-2026-R0208The model Kimi-K2-Instruct-0905 from Moonshot AI was evaluated by the Garak LLM Vulnerability scanner using the probe `web_injection.MarkdownURIImageExfilExtended`.Measurement2026-02-20
AVID-2026-R0207The model Kimi-K2-Instruct-0905 from Moonshot AI was evaluated by the Garak LLM Vulnerability scanner using the probe `web_injection.MarkdownImageExfil`.Measurement2026-02-20
AVID-2026-R0206The model Kimi-K2-Instruct-0905 from Moonshot AI was evaluated by the Garak LLM Vulnerability scanner using the probe `web_injection.ColabAIDataLeakage`.Measurement2026-02-20
AVID-2026-R0205The model Kimi-K2-Instruct-0905 from Moonshot AI was evaluated by the Garak LLM Vulnerability scanner using the probe `topic.WordnetControversial`.Measurement2026-02-20
AVID-2026-R0204The model Kimi-K2-Instruct-0905 from Moonshot AI was evaluated by the Garak LLM Vulnerability scanner using the probe `tap.TAPCached`.Measurement2026-02-20
AVID-2026-R0203The model Kimi-K2-Instruct-0905 from Moonshot AI was evaluated by the Garak LLM Vulnerability scanner using the probe `suffix.GCGCached`.Measurement2026-02-20
AVID-2026-R0202The model Kimi-K2-Instruct-0905 from Moonshot AI was evaluated by the Garak LLM Vulnerability scanner using the probe `snowball.GraphConnectivity`.Measurement2026-02-20
AVID-2026-R0200The model Kimi-K2-Instruct-0905 from Moonshot AI was evaluated by the Garak LLM Vulnerability scanner using the probe `promptinject.HijackLongPrompt`.Measurement2026-02-20
AVID-2026-R0199The model Kimi-K2-Instruct-0905 from Moonshot AI was evaluated by the Garak LLM Vulnerability scanner using the probe `promptinject.HijackKillHumans`.Measurement2026-02-20
AVID-2026-R0198The model Kimi-K2-Instruct-0905 from Moonshot AI was evaluated by the Garak LLM Vulnerability scanner using the probe `promptinject.HijackHateHumans`.Measurement2026-02-20
AVID-2026-R0197The model Kimi-K2-Instruct-0905 from Moonshot AI was evaluated by the Garak LLM Vulnerability scanner using the probe `phrasing.PastTense`.Measurement2026-02-20
AVID-2026-R0196The model Kimi-K2-Instruct-0905 from Moonshot AI was evaluated by the Garak LLM Vulnerability scanner using the probe `phrasing.FutureTense`.Measurement2026-02-20
AVID-2026-R0195The model Kimi-K2-Instruct-0905 from Moonshot AI was evaluated by the Garak LLM Vulnerability scanner using the probe `packagehallucination.Rust`.Measurement2026-02-20
AVID-2026-R0194The model Kimi-K2-Instruct-0905 from Moonshot AI was evaluated by the Garak LLM Vulnerability scanner using the probe `packagehallucination.Ruby`.Measurement2026-02-20
AVID-2026-R0193The model Kimi-K2-Instruct-0905 from Moonshot AI was evaluated by the Garak LLM Vulnerability scanner using the probe `packagehallucination.RakuLand`.Measurement2026-02-20
AVID-2026-R0192The model Kimi-K2-Instruct-0905 from Moonshot AI was evaluated by the Garak LLM Vulnerability scanner using the probe `packagehallucination.Python`.Measurement2026-02-20
AVID-2026-R0191The model Kimi-K2-Instruct-0905 from Moonshot AI was evaluated by the Garak LLM Vulnerability scanner using the probe `packagehallucination.Perl`.Measurement2026-02-20
AVID-2026-R0190The model Kimi-K2-Instruct-0905 from Moonshot AI was evaluated by the Garak LLM Vulnerability scanner using the probe `packagehallucination.JavaScript`.Measurement2026-02-20
AVID-2026-R0189The model Kimi-K2-Instruct-0905 from Moonshot AI was evaluated by the Garak LLM Vulnerability scanner using the probe `packagehallucination.Dart`.Measurement2026-02-20
AVID-2026-R0188The model Kimi-K2-Instruct-0905 from Moonshot AI was evaluated by the Garak LLM Vulnerability scanner using the probe `misleading.FalseAssertion`.Measurement2026-02-20
AVID-2026-R0187The model Kimi-K2-Instruct-0905 from Moonshot AI was evaluated by the Garak LLM Vulnerability scanner using the probe `malwaregen.TopLevel`.Measurement2026-02-20
AVID-2026-R0186The model Kimi-K2-Instruct-0905 from Moonshot AI was evaluated by the Garak LLM Vulnerability scanner using the probe `malwaregen.SubFunctions`.Measurement2026-02-20
AVID-2026-R0185The model Kimi-K2-Instruct-0905 from Moonshot AI was evaluated by the Garak LLM Vulnerability scanner using the probe `malwaregen.Payload`.Measurement2026-02-20
AVID-2026-R0184The model Kimi-K2-Instruct-0905 from Moonshot AI was evaluated by the Garak LLM Vulnerability scanner using the probe `malwaregen.Evasion`.Measurement2026-02-20
AVID-2026-R0183The model Kimi-K2-Instruct-0905 from Moonshot AI was evaluated by the Garak LLM Vulnerability scanner using the probe `lmrc.SlurUsage`.Measurement2026-02-20
AVID-2026-R0182The model Kimi-K2-Instruct-0905 from Moonshot AI was evaluated by the Garak LLM Vulnerability scanner using the probe `lmrc.Sexualisation`.Measurement2026-02-20
AVID-2026-R0181The model Kimi-K2-Instruct-0905 from Moonshot AI was evaluated by the Garak LLM Vulnerability scanner using the probe `lmrc.SexualContent`.Measurement2026-02-20
AVID-2026-R0180The model Kimi-K2-Instruct-0905 from Moonshot AI was evaluated by the Garak LLM Vulnerability scanner using the probe `lmrc.QuackMedicine`.Measurement2026-02-20
AVID-2026-R0179The model Kimi-K2-Instruct-0905 from Moonshot AI was evaluated by the Garak LLM Vulnerability scanner using the probe `lmrc.Deadnaming`.Measurement2026-02-20
AVID-2026-R0178The model Kimi-K2-Instruct-0905 from Moonshot AI was evaluated by the Garak LLM Vulnerability scanner using the probe `lmrc.Bullying`.Measurement2026-02-20
AVID-2026-R0177The model Kimi-K2-Instruct-0905 from Moonshot AI was evaluated by the Garak LLM Vulnerability scanner using the probe `leakreplay.PotterComplete`.Measurement2026-02-20
AVID-2026-R0176The model Kimi-K2-Instruct-0905 from Moonshot AI was evaluated by the Garak LLM Vulnerability scanner using the probe `leakreplay.PotterCloze`.Measurement2026-02-20
AVID-2026-R0175The model Kimi-K2-Instruct-0905 from Moonshot AI was evaluated by the Garak LLM Vulnerability scanner using the probe `leakreplay.NYTComplete`.Measurement2026-02-20
AVID-2026-R0174The model Kimi-K2-Instruct-0905 from Moonshot AI was evaluated by the Garak LLM Vulnerability scanner using the probe `leakreplay.NYTCloze`.Measurement2026-02-20
AVID-2026-R0173The model Kimi-K2-Instruct-0905 from Moonshot AI was evaluated by the Garak LLM Vulnerability scanner using the probe `leakreplay.LiteratureComplete`.Measurement2026-02-20
AVID-2026-R0172The model Kimi-K2-Instruct-0905 from Moonshot AI was evaluated by the Garak LLM Vulnerability scanner using the probe `leakreplay.LiteratureCloze`.Measurement2026-02-20
AVID-2026-R0171The model Kimi-K2-Instruct-0905 from Moonshot AI was evaluated by the Garak LLM Vulnerability scanner using the probe `leakreplay.GuardianComplete`.Measurement2026-02-20
AVID-2026-R0170The model Kimi-K2-Instruct-0905 from Moonshot AI was evaluated by the Garak LLM Vulnerability scanner using the probe `leakreplay.GuardianCloze`.Measurement2026-02-20
AVID-2026-R0169The model Kimi-K2-Instruct-0905 from Moonshot AI was evaluated by the Garak LLM Vulnerability scanner using the probe `latentinjection.LatentWhoisSnippet`.Measurement2026-02-20
AVID-2026-R0168The model Kimi-K2-Instruct-0905 from Moonshot AI was evaluated by the Garak LLM Vulnerability scanner using the probe `latentinjection.LatentWhois`.Measurement2026-02-20
AVID-2026-R0167The model Kimi-K2-Instruct-0905 from Moonshot AI was evaluated by the Garak LLM Vulnerability scanner using the probe `latentinjection.LatentJailbreak`.Measurement2026-02-20
AVID-2026-R0166The model Kimi-K2-Instruct-0905 from Moonshot AI was evaluated by the Garak LLM Vulnerability scanner using the probe `latentinjection.LatentInjectionTranslationEnZh`.Measurement2026-02-20
AVID-2026-R0165The model Kimi-K2-Instruct-0905 from Moonshot AI was evaluated by the Garak LLM Vulnerability scanner using the probe `latentinjection.LatentInjectionTranslationEnFr`.Measurement2026-02-20
AVID-2026-R0164The model Kimi-K2-Instruct-0905 from Moonshot AI was evaluated by the Garak LLM Vulnerability scanner using the probe `latentinjection.LatentInjectionResume`.Measurement2026-02-20
AVID-2026-R0163The model Kimi-K2-Instruct-0905 from Moonshot AI was evaluated by the Garak LLM Vulnerability scanner using the probe `latentinjection.LatentInjectionReport`.Measurement2026-02-20
AVID-2026-R0162The model Kimi-K2-Instruct-0905 from Moonshot AI was evaluated by the Garak LLM Vulnerability scanner using the probe `latentinjection.LatentInjectionFactSnippetLegal`.Measurement2026-02-20
AVID-2026-R0161The model Kimi-K2-Instruct-0905 from Moonshot AI was evaluated by the Garak LLM Vulnerability scanner using the probe `latentinjection.LatentInjectionFactSnippetEiffel`.Measurement2026-02-20
AVID-2026-R0160The model Kimi-K2-Instruct-0905 from Moonshot AI was evaluated by the Garak LLM Vulnerability scanner using the probe `grandma.Win11`.Measurement2026-02-20
AVID-2026-R0159The model Kimi-K2-Instruct-0905 from Moonshot AI was evaluated by the Garak LLM Vulnerability scanner using the probe `grandma.Win10`.Measurement2026-02-20
AVID-2026-R0158The model Kimi-K2-Instruct-0905 from Moonshot AI was evaluated by the Garak LLM Vulnerability scanner using the probe `grandma.Substances`.Measurement2026-02-20
AVID-2026-R0157The model Kimi-K2-Instruct-0905 from Moonshot AI was evaluated by the Garak LLM Vulnerability scanner using the probe `grandma.Slurs`.Measurement2026-02-20
AVID-2026-R0156The model Kimi-K2-Instruct-0905 from Moonshot AI was evaluated by the Garak LLM Vulnerability scanner using the probe `goodside.WhoIsRiley`.Measurement2026-02-20
AVID-2026-R0155The model Kimi-K2-Instruct-0905 from Moonshot AI was evaluated by the Garak LLM Vulnerability scanner using the probe `goodside.ThreatenJSON`.Measurement2026-02-20
AVID-2026-R0154The model Kimi-K2-Instruct-0905 from Moonshot AI was evaluated by the Garak LLM Vulnerability scanner using the probe `goodside.Tag`.Measurement2026-02-20
AVID-2026-R0153The model Kimi-K2-Instruct-0905 from Moonshot AI was evaluated by the Garak LLM Vulnerability scanner using the probe `exploitation.SQLInjectionEcho`.Measurement2026-02-20
AVID-2026-R0152The model Kimi-K2-Instruct-0905 from Moonshot AI was evaluated by the Garak LLM Vulnerability scanner using the probe `exploitation.JinjaTemplatePythonInjection`.Measurement2026-02-20
AVID-2026-R0151The model Kimi-K2-Instruct-0905 from Moonshot AI was evaluated by the Garak LLM Vulnerability scanner using the probe `encoding.InjectZalgo`.Measurement2026-02-20
AVID-2026-R0150The model Kimi-K2-Instruct-0905 from Moonshot AI was evaluated by the Garak LLM Vulnerability scanner using the probe `encoding.InjectUnicodeTagChars`.Measurement2026-02-20
AVID-2026-R0149The model Kimi-K2-Instruct-0905 from Moonshot AI was evaluated by the Garak LLM Vulnerability scanner using the probe `encoding.InjectUU`.Measurement2026-02-20
AVID-2026-R0148The model Kimi-K2-Instruct-0905 from Moonshot AI was evaluated by the Garak LLM Vulnerability scanner using the probe `encoding.InjectROT13`.Measurement2026-02-20
AVID-2026-R0147The model Kimi-K2-Instruct-0905 from Moonshot AI was evaluated by the Garak LLM Vulnerability scanner using the probe `encoding.InjectNato`.Measurement2026-02-20
AVID-2026-R0146The model Kimi-K2-Instruct-0905 from Moonshot AI was evaluated by the Garak LLM Vulnerability scanner using the probe `encoding.InjectMorse`.Measurement2026-02-20
AVID-2026-R0145The model Kimi-K2-Instruct-0905 from Moonshot AI was evaluated by the Garak LLM Vulnerability scanner using the probe `encoding.InjectHex`.Measurement2026-02-20
AVID-2026-R0144The model Kimi-K2-Instruct-0905 from Moonshot AI was evaluated by the Garak LLM Vulnerability scanner using the probe `encoding.InjectEcoji`.Measurement2026-02-20
AVID-2026-R0143The model Kimi-K2-Instruct-0905 from Moonshot AI was evaluated by the Garak LLM Vulnerability scanner using the probe `encoding.InjectBraille`.Measurement2026-02-20
AVID-2026-R0142The model Kimi-K2-Instruct-0905 from Moonshot AI was evaluated by the Garak LLM Vulnerability scanner using the probe `encoding.InjectBase64`.Measurement2026-02-20
AVID-2026-R0141The model Kimi-K2-Instruct-0905 from Moonshot AI was evaluated by the Garak LLM Vulnerability scanner using the probe `encoding.InjectBase32`.Measurement2026-02-20
AVID-2026-R0140The model Kimi-K2-Instruct-0905 from Moonshot AI was evaluated by the Garak LLM Vulnerability scanner using the probe `encoding.InjectBase2048`.Measurement2026-02-20
AVID-2026-R0139The model Kimi-K2-Instruct-0905 from Moonshot AI was evaluated by the Garak LLM Vulnerability scanner using the probe `encoding.InjectBase16`.Measurement2026-02-20
AVID-2026-R0138The model Kimi-K2-Instruct-0905 from Moonshot AI was evaluated by the Garak LLM Vulnerability scanner using the probe `encoding.InjectAtbash`.Measurement2026-02-20
AVID-2026-R0137The model Kimi-K2-Instruct-0905 from Moonshot AI was evaluated by the Garak LLM Vulnerability scanner using the probe `encoding.InjectAscii85`.Measurement2026-02-20
AVID-2026-R0136The model Kimi-K2-Instruct-0905 from Moonshot AI was evaluated by the Garak LLM Vulnerability scanner using the probe `dra.DRA`.Measurement2026-02-20
AVID-2026-R0135The model Kimi-K2-Instruct-0905 from Moonshot AI was evaluated by the Garak LLM Vulnerability scanner using the probe `divergence.RepeatedToken`.Measurement2026-02-20
AVID-2026-R0134The model Kimi-K2-Instruct-0905 from Moonshot AI was evaluated by the Garak LLM Vulnerability scanner using the probe `divergence.Repeat`.Measurement2026-02-20
AVID-2026-R0133The model Kimi-K2-Instruct-0905 from Moonshot AI was evaluated by the Garak LLM Vulnerability scanner using the probe `dan.DanInTheWild`.Measurement2026-02-20
AVID-2026-R0132The model Kimi-K2-Instruct-0905 from Moonshot AI was evaluated by the Garak LLM Vulnerability scanner using the probe `dan.AutoDANCached`.Measurement2026-02-20
AVID-2026-R0131The model Kimi-K2-Instruct-0905 from Moonshot AI was evaluated by the Garak LLM Vulnerability scanner using the probe `dan.Ablation_Dan_11_0`.Measurement2026-02-20
AVID-2026-R0130The model Kimi-K2-Instruct-0905 from Moonshot AI was evaluated by the Garak LLM Vulnerability scanner using the probe `continuation.ContinueSlursReclaimedSlurs`.Measurement2026-02-20
AVID-2026-R0129The model Kimi-K2-Instruct-0905 from Moonshot AI was evaluated by the Garak LLM Vulnerability scanner using the probe `atkgen.Tox`.Measurement2026-02-20
AVID-2026-R0128The model Kimi-K2-Instruct-0905 from Moonshot AI was evaluated by the Garak LLM Vulnerability scanner using the probe `apikey.GetKey`.Measurement2026-02-20
AVID-2026-R0127The model Kimi-K2-Instruct-0905 from Moonshot AI was evaluated by the Garak LLM Vulnerability scanner using the probe `apikey.CompleteKey`.Measurement2026-02-20
AVID-2026-R0126The model Kimi-K2-Instruct-0905 from Moonshot AI was evaluated by the Garak LLM Vulnerability scanner using the probe `ansiescape.AnsiRaw`.Measurement2026-02-20
AVID-2026-R0125The model Kimi-K2-Instruct-0905 from Moonshot AI was evaluated by the Garak LLM Vulnerability scanner using the probe `ansiescape.AnsiEscaped`.Measurement2026-02-20
AVID-2026-R0124Amazon Rufus Guardrail Jailbreak via ASCII Decimal EncodingIssue2026-02-19
AVID-2026-R0123Google Gemini G-Suite Prompt Injection VulnerabilityIssue2026-02-19
AVID-2026-R0122Multiple Model Guardrail Jailbreak via "Fortune Cookie Simulator" TacticMeasurement2026-02-19
AVID-2026-R0121Multiple Model Guardrail Jailbreak via "Arbitrary Relation" TacticMeasurement2026-02-19
AVID-2026-R0120OpenAI Multiple Model Prompt Injection via "Morse Code Businessman" TacticMeasurement2026-02-19
AVID-2026-R0119Multiple Model Guardrail Jailbreak via "Analyze Data" TacticMeasurement2026-02-19
AVID-2026-R0118Multiple Model Guardrail Jailbreak via "Chemist's Essay" TacticMeasurement2026-02-19
AVID-2026-R0117Multiple Model Guardrail Jailbreak via "Pronunciation Bypass" TacticMeasurement2026-02-19
AVID-2026-R0116Multiple Model Guardrail Jailbreak via "Correct Me" TacticMeasurement2026-02-19
AVID-2026-R0115Multiple Model Guardrail Jailbreak via "Leetspeak Unicode" TacticMeasurement2026-02-19
AVID-2026-R0114Multiple Model Guardrail Jailbreak via "Chaotic Formatting" TacticMeasurement2026-02-19
AVID-2026-R0113Multiple Model Guardrail Jailbreak via IPA Encoding TacticMeasurement2026-02-19
AVID-2026-R0112OpenAI GPT-4o Guardrail Jailbreak via "Naval Parameters Cipher" TacticMeasurement2026-02-19
AVID-2026-R0111Multiple Model Guardrail Jailbreak via "Scientific Formula" TacticMeasurement2026-02-19
AVID-2026-R0110Multiple Model Guardrail Jailbreak via "Apocalyptic Scenario" TacticMeasurement2026-02-19
AVID-2026-R0109Multiple Model Guardrail Jailbreak via "Lambda Pattern Formatting" TacticMeasurement2026-02-19
AVID-2026-R0108Multiple Model Guardrail Jailbreak via "Spelling Mistakes" TacticMeasurement2026-02-19
AVID-2026-R0107NSFWOpenAI DALL-E3 Guardrail Jailbreak via "Surprise Attack" TacticIssue2026-02-19
AVID-2026-R0106Multiple Model Guardrail Jailbreak via "Fictional API Detection" TacticMeasurement2026-02-19
AVID-2026-R0105NSFWOpenAI DALL-E3 Guardrail Jailbreak via "Historical Polaroid" TacticIssue2026-02-19
AVID-2026-R0104OpenAI GPT-4o Guardrail Jailbreak via "Zero-Width Unicode" TacticMeasurement2026-02-19
AVID-2026-R0103Multiple Model Guardrail Jailbreak via "Wiki Creation" TacticMeasurement2026-02-19
AVID-2026-R0102Multiple Model Guardrail Jailbreak via "Academic Framing" TacticMeasurement2026-02-19
AVID-2026-R0101NSFWOpenAI DALL-E3 Guardrail Jailbreak via "Artistic Escalation" TacticIssue2026-02-19
AVID-2026-R0100NSFWOpenAI DALL-E3 Guardrail Jailbreak via "Feminist Art Description" TacticIssue2026-02-19
AVID-2026-R0099OpenAI GPT-4o Guardrail Jailbreak via "Layered Summarization" TacticIssue2026-02-19
AVID-2026-R0098NSFWOpenAI DALL-E3 Guardrail Jailbreak via "Historical NSFW" TacticIssue2026-02-19
AVID-2026-R0097NSFWOpenAI Sora Guardrail Jailbreak via "Hypothetical Anatomy" TacticIssue2026-02-19
AVID-2026-R0096NSFWOpenAI DALL-E3 Guardrail Jailbreak via "Debug Framework Simulation" TacticIssue2026-02-19
AVID-2026-R0095Multiple Model Guardrail Jailbreak via "Servile Scientist" TacticMeasurement2026-02-19
AVID-2026-R0094Multiple Model Guardrail Jailbreak via "Terminal Simulation" TacticMeasurement2026-02-19
AVID-2026-R0093Multiple Model Guardrail Jailbreak via "Scientific Framing for Wrapper" TacticMeasurement2026-02-19
AVID-2026-R0092Multiple Model Guardrail Jailbreak via "Mathematical Variable Obfuscation" TacticMeasurement2026-02-19
AVID-2026-R0091NSFWOpenAI Sora Guardrail Jailbreak via "Anatomical Escalation" TacticIssue2026-02-19
AVID-2026-R0090Multiple Model Guardrail Jailbreak via Memory Dump Simulation TacticMeasurement2026-02-19
AVID-2026-R0089NSFWOpenAI DALL-E3 Guardrail Jailbreak via "Classical Art Reframing" TacticIssue2026-02-19
AVID-2026-R0088Multiple Model Guardrail Jailbreak via "Speculative Knowledge Preservation" TacticMeasurement2026-02-19
AVID-2026-R0087Multiple Model Guardrail Jailbreak via Investigative Journalist PersonaMeasurement2026-02-19
AVID-2026-R0086Multiple Model Guardrail Jailbreak via "Super Short Prompt"Measurement2025-10-17
AVID-2026-R0085Multiple Model Guardrail Jailbreak via "Psych-Phil DT + Compaction" TechniqueMeasurement2025-10-06
AVID-2026-R0084Multiple Model Guardrail Jailbreak via "First Person Perspective"Measurement2026-02-19
AVID-2026-R0083Multiple Model Guardrail Jailbreak via "Abbreviation Expansion"Measurement2026-02-19
AVID-2026-R0082Multiple Model Guardrail Jailbreak via Token Disruption through Random SpacingMeasurement2026-02-19
AVID-2026-R0081Multiple Model Guardrail Jailbreak via "Key-Value Pairs" TacticMeasurement2026-02-19
AVID-2026-R0080Multiple Model Guardrail Jailbreak via "Essay Title" TacticMeasurement2026-02-19
AVID-2026-R0079Multiple Model Guardrail Jailbreak via "Compare and Contrast" TacticMeasurement2026-02-19
AVID-2026-R0078Multiple Model Guardrail Jailbreak via "Police Interrogation Terminal" TacticMeasurement2026-01-22
AVID-2026-R0077Multiple Model Guardrail Jailbreak via "Screenplay Deception" TacticMeasurement2026-02-19
AVID-2026-R0076Multiple Model Guardrail Jailbreak via "Story Teller" TacticMeasurement2026-02-19
AVID-2026-R0075Multiple Model Guardrail Jailbreak via "Show Character Role-Playing" TacticMeasurement2026-02-19
AVID-2026-R0074Multiple Model Guardrail Jailbreak via "Science Student Safety" TacticMeasurement2026-02-19
AVID-2026-R0073Multiple Model Guardrail Jailbreak via "Fashion Design Recipe" TacticMeasurement2026-02-19
AVID-2026-R0072Multiple Model Guardrail Jailbreak via "Chemist Code Language" TacticMeasurement2026-02-19
AVID-2026-R0071Multiple Model Guardrail Jailbreak via "Choose Your Own Adventure" TacticMeasurement2026-02-19
AVID-2026-R0070Multiple Model Guardrail Jailbreak via "Haiku of Love" TacticMeasurement2026-01-16
AVID-2026-R0069Multiple Model Guardrail Jailbreak via "API System Instructions" TacticMeasurement2026-02-19
AVID-2026-R0068Multiple Model Guardrail Jailbreak via "Hybrid Role" TacticMeasurement2026-02-19
AVID-2026-R0067Multiple Model Guardrail Jailbreak via "Technical Field Guide" TacticMeasurement2026-02-19
AVID-2026-R0066Multiple Model Guardrail Jailbreak via "Deceptive Forensic Context" TacticMeasurement2026-02-19
AVID-2026-R0065Multiple Model Guardrail Jailbreak via "Placeholder Injection" TacticMeasurement2026-01-29
AVID-2026-R0064Multiple Model Guardrail Jailbreak via "Split Mode" Response RequestsMeasurement2026-02-19
AVID-2026-R0063Multiple Model Guardrail Jailbreak via "Chemical Compiler Debug" TacticMeasurement2026-02-12
AVID-2026-R0062Multiple Model Prompt Injection via "Correction" TacticMeasurement2026-02-19
AVID-2026-R0061Multiple Model Guardrail Jailbreak via "Incremental Table Completion" TacticMeasurement2026-02-19
AVID-2026-R0060Multiple Model Guardrail Jailbreak via "Hex Recipe Book" TacticMeasurement2026-02-19
AVID-2026-R0059Multiple Model Guardrail Jailbreak via "Urgent Health Inquiry"Measurement2026-02-19
AVID-2026-R0058Langflow < 1.3.0 Unauthenticated RCE via /api/v1/validate/code (CVE-2025-3248)Advisory2025-04-07
AVID-2026-R0057Insecure Deserialization leads to RCE in BentoML's runner server (CVE-2025-32375)Advisory2025-04-09
AVID-2026-R0056ageerle ruoyi-ai SysNoticeController.java improper authorization (CVE-2025-3202)Advisory2025-04-04
AVID-2026-R0055Arbitrary file write from Cursor Agent through a prompt injection from malicious @Docs (CVE-2025-32018)Advisory2025-04-08
AVID-2026-R0054ageerle ruoyi-ai API Interface SysModelController.java improper authorization (CVE-2025-3199)Advisory2025-04-04
AVID-2026-R0053PyTorch CUDACachingAllocator.cpp torch.cuda.memory.caching_allocator_delete memory corruption (CVE-2025-3136)Advisory2025-04-03
AVID-2026-R0052PyTorch torch.jit.jit_module_from_flatbuffer memory corruption (CVE-2025-3121)Advisory2025-04-02
AVID-2026-R0051Vulnerability CVE-2025-3035Advisory2025-04-01
AVID-2026-R0050PyTorch torch.lstm_cell memory corruption (CVE-2025-3001)Advisory2025-03-31
AVID-2026-R0049PyTorch torch.jit.script memory corruption (CVE-2025-3000)Advisory2025-03-31
AVID-2026-R0048PyTorch torch.nn.utils.rnn.unpack_sequence memory corruption (CVE-2025-2999)Advisory2025-03-31
AVID-2026-R0047PyTorch torch.nn.utils.rnn.pad_packed_sequence memory corruption (CVE-2025-2998)Advisory2025-03-31
AVID-2026-R0046Improper Control of Generation of Code ('Code Injection') in GitLab (CVE-2025-2867)Advisory2025-03-27
AVID-2026-R0045BentoML Allows Remote Code Execution (RCE) via Insecure Deserialization (CVE-2025-27520)Advisory2025-04-04
AVID-2026-R0044Azure Promptflow Remote Code Execution Vulnerability (CVE-2025-24986)Advisory2025-03-11
AVID-2026-R0043NI Vision Builder AI VBAI File Processing Missing Warning Remote Code Execution Vulnerability (CVE-2025-2450)Advisory2025-03-18
AVID-2026-R0042Vulnerability CVE-2025-23359Advisory2025-02-12
AVID-2026-R0041Azure AI Face Service Elevation of Privilege Vulnerability (CVE-2025-21415)Advisory2025-01-29
AVID-2026-R0040Microsoft Account Elevation of Privilege Vulnerability (CVE-2025-21396)Advisory2025-01-29
AVID-2026-R0039Mage AI insecure default initialization of resource (CVE-2025-2129)Advisory2025-03-09
AVID-2026-R0038picklescan - Zip Flag Bit Exploit Crashes Picklescan But Not PyTorch (CVE-2025-1945)Advisory2025-03-10
AVID-2026-R0037picklescan ZIP archive manipulation attack leads to crash (CVE-2025-1944)Advisory2025-03-10
AVID-2026-R0036picklescan - Security scanning bypass via non-standard file extensions (CVE-2025-1889)Advisory2025-03-03
AVID-2026-R0035picklescan - Security scanning bypass via 'pip main' (CVE-2025-1716)Advisory2025-02-26
AVID-2026-R0034Arbitrary Code Execution via Crafted Keras Config for Model Loading (CVE-2025-1550)Advisory2025-03-11
AVID-2026-R0033Improper Authorization and Duplicate Slug Vulnerability in lunary-ai/lunary (CVE-2024-9000)Advisory2025-03-20
AVID-2026-R0032Improper Access Control in lunary-ai/lunary (CVE-2024-8999)Advisory2025-03-20
AVID-2026-R0031Exposure of Sensitive Information in mintplex-labs/anything-llm (CVE-2024-6842)Advisory2025-03-20
AVID-2026-R0030Uncontrolled Resource Consumption in mlflow/mlflow (CVE-2024-6838)Advisory2025-03-20
AVID-2026-R0029IBM watsonx.ai cross-site scripting (CVE-2024-49785)Advisory2025-01-12
AVID-2026-R0028SQL Injection in run-llama/llama_index (CVE-2024-12911)Advisory2025-03-20
AVID-2026-R0027SQL Injection to RCE in run-llama/llama_index (CVE-2024-12909)Advisory2025-03-20
AVID-2026-R0026SSRF in infiniflow/ragflow (CVE-2024-12779)Advisory2025-03-20
AVID-2026-R0025Denial of Service (DoS) in run-llama/llama_index (CVE-2024-12704)Advisory2025-03-20
AVID-2026-R0024AI Scribe – SEO AI Writer, Content Generator, Humanizer, Blog Writer, SEO Optimizer, DALLE-3, AI WordPress Plugin ChatGPT (GPT-4o 128K) <= 2.3 - Missing Authorization to Authenticated (Subscriber+) Settings Update (CVE-2024-12606)Advisory2025-01-10
AVID-2026-R0023Remote Code Execution via Model Deserialization in invoke-ai/invokeai (CVE-2024-12029)Advisory2025-03-20
AVID-2026-R0022Improper Enforcement of Unique Constraint in lunary-ai/lunary (CVE-2024-11301)Advisory2025-03-20
AVID-2026-R0021Improper Access Control in lunary-ai/lunary (CVE-2024-11300)Advisory2025-03-20
AVID-2026-R0020Denial of Service (DoS) via Large Payload in Board Name Field in invoke-ai/invokeai (CVE-2024-11043)Advisory2025-03-20
AVID-2026-R0019Arbitrary File Delete in invoke-ai/invokeai (CVE-2024-11042)Advisory2025-03-20
AVID-2026-R0018Prompt Injection Leading to RCE in binary-husky/gpt_academic Plugin `manim` (CVE-2024-10954)Advisory2025-03-20
AVID-2026-R0017Code Injection in binary-husky/gpt_academic (CVE-2024-10950)Advisory2025-03-20
AVID-2026-R0016Exposure of Sensitive System Information via ImagePromptTemplate in langchain-ai/langchain (CVE-2024-10940)Advisory2025-03-20
AVID-2026-R0015Cross-Site Request Forgery (CSRF) in eosphoros-ai/db-gpt (CVE-2024-10906)Advisory2025-03-20
AVID-2026-R0014Arbitrary File Write via SQL Injection in eosphoros-ai/db-gpt (CVE-2024-10835)Advisory2025-03-20
AVID-2026-R0013Arbitrary File Write in eosphoros-ai/db-gpt (CVE-2024-10834)Advisory2025-03-20
AVID-2026-R0012Arbitrary File Write in eosphoros-ai/db-gpt (CVE-2024-10833)Advisory2025-03-20
AVID-2026-R0011Arbitrary File Write through Absolute Path Traversal in eosphoros-ai/db-gpt (CVE-2024-10831)Advisory2025-03-20
AVID-2026-R0010Path Traversal in eosphoros-ai/db-gpt (CVE-2024-10830)Advisory2025-03-20
AVID-2026-R0009Denial of Service (DoS) via Multipart Boundary in eosphoros-ai/db-gpt (CVE-2024-10829)Advisory2025-03-20
AVID-2026-R0008Denial of Service (DoS) in invoke-ai/invokeai (CVE-2024-10821)Advisory2025-03-20
AVID-2026-R0007Missing Authorization in lunary-ai/lunary (CVE-2024-10762)Advisory2025-03-20
AVID-2026-R0006Path Traversal in mintplex-labs/anything-llm (CVE-2024-10513)Advisory2025-03-20
AVID-2026-R0005Improper Access Control in lunary-ai/lunary (CVE-2024-10330)Advisory2025-03-20
AVID-2026-R0004Improper Authorization in lunary-ai/lunary (CVE-2024-10274)Advisory2025-03-20
AVID-2026-R0003Improper Privilege Management in lunary-ai/lunary (CVE-2024-10273)Advisory2025-03-20
AVID-2026-R0002Incorrect Authorization in mintplex-labs/anything-llm (CVE-2024-10109)Advisory2025-03-20
AVID-2026-R0001Vulnerability CVE-2024-0132Advisory2024-09-26
...

2025

Report IDDescriptionReport TypeDate Reported
AVID-2025-R0035Evaluation of the LLM Mistral-Small-24B-Instruct-2501 on the cyse2_prompt_injection benchmark using Inspect EvalsMeasurement2025-05-26
AVID-2025-R0034Evaluation of the LLM Mistral-Small-24B-Instruct-2501 on the cyse2_interpreter_abuse benchmark using Inspect EvalsMeasurement2025-05-26
AVID-2025-R0033Evaluation of the LLM Mistral-Small-24B-Instruct-2501 on the wmdp_cyber benchmark using Inspect EvalsMeasurement2025-05-26
AVID-2025-R0032Evaluation of the LLM Mistral-Small-24B-Instruct-2501 on the wmdp_chem benchmark using Inspect EvalsMeasurement2025-05-26
AVID-2025-R0031Evaluation of the LLM Mistral-Small-24B-Instruct-2501 on the wmdp_bio benchmark using Inspect EvalsMeasurement2025-05-26
AVID-2025-R0030Evaluation of the LLM Mistral-Small-24B-Instruct-2501 on the agentharm benchmark using Inspect EvalsMeasurement2025-05-26
AVID-2025-R0025Evaluation of the LLM DeepSeek-R1 on the cyse2_interpreter_abuse benchmark using Inspect EvalsMeasurement2025-05-26
AVID-2025-R0024Evaluation of the LLM DeepSeek-R1 on the wmdp_cyber benchmark using Inspect EvalsMeasurement2025-05-26
AVID-2025-R0023Evaluation of the LLM DeepSeek-R1 on the wmdp_chem benchmark using Inspect EvalsMeasurement2025-05-26
AVID-2025-R0022Evaluation of the LLM DeepSeek-R1 on the wmdp_bio benchmark using Inspect EvalsMeasurement2025-05-26
AVID-2025-R0021Evaluation of the LLM DeepSeek-R1 on the agentharm benchmark using Inspect EvalsMeasurement2025-05-26
AVID-2025-R0017Evaluation of the LLM Llama-3.3-70B-Instruct-Turbo on the cyse2_prompt_injection benchmark using Inspect EvalsMeasurement2025-05-26
AVID-2025-R0016Evaluation of the LLM Llama-3.3-70B-Instruct-Turbo on the cyse2_interpreter_abuse benchmark using Inspect EvalsMeasurement2025-05-26
AVID-2025-R0015Evaluation of the LLM Llama-3.3-70B-Instruct-Turbo on the wmdp_cyber benchmark using Inspect EvalsMeasurement2025-05-26
AVID-2025-R0014Evaluation of the LLM Llama-3.3-70B-Instruct-Turbo on the wmdp_chem benchmark using Inspect EvalsMeasurement2025-05-26
AVID-2025-R0013Evaluation of the LLM Llama-3.3-70B-Instruct-Turbo on the wmdp_bio benchmark using Inspect EvalsMeasurement2025-05-26
AVID-2025-R0012Evaluation of the LLM Llama-3.3-70B-Instruct-Turbo on the agentharm benchmark using Inspect EvalsMeasurement2025-05-26
AVID-2025-R0008Evaluation of the AI system gpt-4o-mini-2024-07-18 on the cyse2_prompt_injection benchmark using Inspect EvalsMeasurement2025-05-26
AVID-2025-R0007Evaluation of the AI system gpt-4o-mini-2024-07-18 on the cyse2_interpreter_abuse benchmark using Inspect EvalsMeasurement2025-05-26
AVID-2025-R0006Evaluation of the AI system gpt-4o-mini-2024-07-18 on the wmdp_cyber benchmark using Inspect EvalsMeasurement2025-05-26
AVID-2025-R0005Evaluation of the AI system gpt-4o-mini-2024-07-18 on the wmdp_chem benchmark using Inspect EvalsMeasurement2025-05-26
AVID-2025-R0004Evaluation of the AI system gpt-4o-mini-2024-07-18 on the wmdp_bio benchmark using Inspect EvalsMeasurement2025-05-26
AVID-2025-R0003Evaluation of the AI system gpt-4o-mini-2024-07-18 on the agentharm benchmark using Inspect EvalsMeasurement2025-05-26
AVID-2025-R0002Geopolitical bias in sentiment analysis for neutral phrasesAdvisory2025-01-17
AVID-2025-R0001The application will provide the user with the answer to their math problem, violating existing controls.Advisory2025-01-17

2023

Report IDDescriptionReport TypeDate Reported
AVID-2023-R0003It is possible to make ChatGPT perform remote code execution just by asking politelyAdvisory2023-03-26
AVID-2023-R0002ChatGPT links wrong authors to papersIssue2023-01-05
AVID-2023-R0001ChatGPT fails to follow lexical constraintsAdvisory2023-01-13

2022

Report IDDescriptionReport TypeDate Reported
AVID-2022-R0005Demographic bias found in EleutherAI/gpt-neo-125M for multiple sensitive categories, as measured on prompts supplied in the BOLD datasetDetection2022-11-09
AVID-2022-R0004Profession bias reinforcing gender stereotypes found in xlm-roberta-base, as measured on the Winobias datasetDetection2022-11-09
AVID-2022-R0003Profession bias reinforcing gender stereotypes found in bert-base-uncased, as measured on the Winobias datasetDetection2022-11-09
AVID-2022-R0002Gender Bias in Sentence Completion Tasks performed by xlm-roberta-base using the HONEST scoreDetection2022-11-09
AVID-2022-R0001Gender Bias in Sentence Completion Tasks performed by bert-base-uncased using the HONEST metricDetection2022-11-09

Vulnerability

Vulnerabilities can be linked to one or more taxonomies through tags. In AVID taxonomy, these tags denote the risk domains (Security, Ethics, Performance), related (sub)categories, and lifecycle stages. A vulnerability in AVID can pertain to one or more of the three levels: dataset, model, or system.

List of Vulnerabilities

2023
Vulnerability IDDescription
AVID-2023-V027It is possible to make ChatGPT perform remote code execution just by asking politely
AVID-2023-V026ChatGPT generates false or incomplete references to scientific literature
AVID-2023-V025ChatGPT fails to follow lexical constraints
AVID-2023-V024Northpointe Risk Models
AVID-2023-V023Kronos Scheduling Algorithm Allegedly Caused Financial Issues for Starbucks Employees
AVID-2023-V022NY City School Teacher Evaluation Algorithm Contested
AVID-2023-V021Uber Autonomous Cars Running Red Lights
AVID-2023-V020Collection of Robotic Surgery Malfunctions
AVID-2023-V019Crashes with Maneuvering Characteristics Augmentation System (MCAS)
AVID-2023-V018Warehouse robot ruptures can of bear spray and injures workers
AVID-2023-V017Google’s YouTube Kids App Presents Inappropriate Content
AVID-2023-V016Achieving Code Execution in MathGPT via Prompt Injection
AVID-2023-V015Compromised PyTorch Dependency Chain
AVID-2023-V014Confusing Antimalware Neural Networks
AVID-2023-V013Backdoor Attack on Deep Learning Models in Mobile Apps
AVID-2023-V012Face Identification System Evasion via Physical Countermeasures
AVID-2023-V011Microsoft Edge AI Evasion
AVID-2023-V010Microsoft Azure Service Disruption
AVID-2023-V009ProofPoint Evasion
AVID-2023-V008GPT-2 Model Replication
AVID-2023-V007ClearviewAI Misconfiguration
AVID-2023-V006Attack on Machine Translation Service - Google Translate, Bing Translator, and Systran Translate
AVID-2023-V005Camera Hijack Attack on Facial Recognition System
AVID-2023-V004Bypassing Cylance's AI Malware Detection
AVID-2023-V003VirusTotal Poisoning
AVID-2023-V002Botnet Domain Generation Algorithm (DGA) Detection Evasion
AVID-2023-V001Evasion of Deep Learning Detector for Malware C&C Traffic
2022
Vulnerability IDDescription
AVID-2022-V013TayBot
AVID-2022-V012Hive Box Facial-Recognition Locks Hacked by Fourth Graders Using Intended Recipient's Facial Photo
AVID-2022-V011Predictive Policing Biases of PredPol
AVID-2022-V010Meta’s BlenderBot 3 Chatbot Demo Made Offensive Antisemitic Comments
AVID-2022-V009Deepfake Video of Ukrainian President Yielding to Russia Posted on Ukrainian Websites and Social Media
AVID-2022-V008Security Robot Drowns Itself in a Fountain
AVID-2022-V007Israeli Tax Authority Employed Opaque Algorithm to Impose Fines, Reportedly Refusing to Provide an Explanation for Amount Calculation to a Farmer
AVID-2022-V006YouTube's Algorithms Failed to Remove Violating Content Related to Suicide and Self-Harm
AVID-2022-V005Uber AV Killed Pedestrian in Arizona
AVID-2022-V004Facebook translates 'good morning' into 'attack them', leading to arrest
AVID-2022-V003Multiple fairness harms found in generated text from EleutherAI/gpt-neo-125M
AVID-2022-V002Gender Bias in Sentence Completion Tasks performed by xlm-roberta-base
AVID-2022-V001Gender Bias in Sentence Completion Tasks performed by bert-base-uncased