# Python (Python) Security

Security vulnerabilities and detection rules for python framework. 1 rules across 1 CWE categories.

- Total rules: 1
- CWE categories: 1

## CWEs

- **CWE-829**: Inclusion of Functionality from Untrusted Control Sphere

## Rules

- **LLM Supply Chain Vulnerabilities** [HIGH]: Detects potential supply chain vulnerabilities in AI/LLM implementations.
OWASP LLM05 - Supply Chain Vulnerabilities.

Supply chain attacks in AI can occur through:
- Loading models from untrusted sources
- Using pickle for model serialization (RCE risk)
- trust_remote_code=True in HuggingFace
- Compromised training data sources
- Third-party plugins without verification