ONNX 1.14.1 Python Wheel Contains 7 Critical Vulnerabilities, Including 9.1 Severity Flaw

A critical security alert has been flagged for a widely-used machine learning framework component. The Python wheel file for ONNX (Open Neural Network Exchange) version 1.14.1, specifically the `cp37-cp37m-manylinux_2_17_x86_64.manylinux2014_x86_64` build, has been found to contain seven distinct vulnerabilities. The most severe of these carries a critical Common Vulnerability Scoring System (CVSS) score of 9.1, indicating a high risk of exploitation that could lead to remote code execution or severe system compromise.

The vulnerable library was identified within a GitHub repository's `requirements.txt` file, pinpointing its direct inclusion in a project's dependency chain. This specific build of ONNX 1.14.1 is a core component for interoperability between various AI and deep learning frameworks, making its potential compromise a significant supply chain risk. The discovery was made through automated scanning of the repository's HEAD commit, confirming the active presence of the flawed package in a live codebase.

This finding exposes a critical weakness in the AI/ML development ecosystem. Projects relying on this specific version of the ONNX runtime are now at immediate risk. The high-severity flaws could be weaponized to attack systems performing model inference, potentially allowing attackers to hijack AI pipelines, steal proprietary models, or use compromised servers for further network penetration. Developers and organizations must urgently audit their dependencies for this specific wheel file and upgrade to a patched version to mitigate the severe security threat.