v0.3.3

New Reports

1,005 reports added.

• LiteLLM CVE (AVID-2026-R1714)
• Supply Chain CVEs related to AI tools and libraries (AVID-2026-R0710 to AVID-2026-R1713), covering widely-used AI/ML frameworks and libraries including TensorFlow, Apache projects, NVIDIA, OpenAI, PaddlePaddle, Gradio, and others. CVEs drawn from AI-CVE-Analyser

Infrastructure

• Added automated release workflow: on each release, data_version is stamped across all reports in reports/2025 and onwards, and a PR is automatically opened and merged
• Added a reusable CLI script backing the above workflow

What's Changed

• wip by @shubhobm in #32
• Release 0.3.3 by @shubhobm in #33

Full Changelog: v0.3.2...v0.3.3

v0.3.2

New Reports

271 reports added.

• LLM red teaming scans using garak (264 reports, deployed via Together AI)
  • rnj-1-instruct by Essential AI (88 reports, AVID-2026-R0439 to AVID-2026-R0451, AVID-2026-R0628 to AVID-2026-R0702)
  • gemma-3n-E4B-it by Google (88 reports, AVID-2026-R0452 to AVID-2026-R0539)
  • LFM2-24B-A2B by Liquid AI (88 reports, AVID-2026-R0540 to AVID-2026-R0627)
• Benchmark evaluations using Inspect Evals (7 reports, AVID-2026-R0703 to AVID-2026-R0709)
  • bbq (social bias QA): gpt-5-nano (OpenAI), MiniMax-M2.5 (Minimax), gpt-oss-20b (OpenAI), gemma-3n-E4B-it (Google), LFM2-24B-A2B (Liquid AI), rnj-1-instruct (Essential AI)
  • bold (bias in open-ended language generation): rnj-1-instruct (Essential AI)

Full Changelog: v0.3.1...release-0.3.2

v0.3.1

New Reports

185 reports added.

• LLM red teaming scans using garak
  • Mistral-Small-24B-Instruct-2501 (71 reports, AVID-2026-R0254 to AVID-2026-R0412)
  • gpt-oss-20b (88 reports, AVID-2026-R0284 to AVID-2026-R0371)
• Third-party vulnerability disclosures (26 reports, AVID-2026-R0413 to AVID-2026-R0438), thanks to Mindgard

Removed/Modified Reports

• Removed report AVID-2026-R0252 since it's now covered by a mindgard disclosure (AVID-2026-R0413).

Full Changelog: v.0.3...v0.3.1

v0.3

Updated Datamodel

• Three new taxonomies added: CVSSScores and CWETaxonomy for CVEs and OdinTaxonomy for 0DIN.ai jailbreak scans.
• CVE Entry and Third-party Report added as new report classes.

New Reports

• Flaws in AI applications and models (AVID-2025-R0001, AVID-2025-R0002) by @butterswords
• Safety/security benchmark scans of LLMs by Inspect Evals (AVID-2025-R0003 to R0035)
• Supply Chain CVEs related to AI tools and libraries (AVID-2025-R0001 to R0058), thanks to Mileva Security Labs
• LLM red teaming scans using garak (AVID-2026-R0059 to R0213)
• CVEs related to OpenClaw (AVID-2026-R0214 to R0248), thanks to OpenClawCVEs by @jgamblin
• Third-party flaw disclosures (AVID-2026-R0249 to R0253)

v0.2

Updated Taxonomy

• Added a new category P0204: Accuracy.
• Renamed category P0200 from Robustness to Model Issues.

New Reports

• Three crowdsourced reports classified---all related to ChatGPT.
  • AVID-2023-R0001
  • AVID-2023-R0002
  • AVID-2023-R0003

New Vulnerabilities

• 16 MITRE ATLAS Case Studies classified.
• 8 AI Incidents from AIID classified.
• Three crowdsourced reports classified as AI Vulnerabilities.
  • AVID-2023-V025.json
  • AVID-2023-V026.json
  • AVID-2023-V027.json