AI Threat Alert AI Threat Alert

AI Security Threat Feed

Latest CVEs affecting AI/ML systems, updated continuously. Tracked from NVD, GitHub Advisory, and CISA KEV.

1,604

AI/ML CVEs Tracked

225

Critical

79

New This Week

16

In CISA KEV

Sort: Date CVSS EPSS KEV first Most exploited
Filter: All Critical High Medium KEV only Active exploitation Has patch No patch

Latest AI Security Threats

Showing 15 of 15 results — KEV only, Active exploitation, no patch
CRITICAL KEV

langflow: Code Injection enables RCE

CVE-2026-33017
9.8
EPSS 41.2%
Model Poisoning Code Execution Framework Agent API
langflow CWE-95 6 ATLAS
HIGH KEV SCANNER

langflow: security flaw enables exploitation

CVE-2026-0770
--
EPSS 11.9%
Code Execution Auth Bypass Framework Agent
langflow CWE-829 5 ATLAS
CRITICAL KEV SCANNER

n8n: Input Validation flaw enables exploitation

CVE-2026-21858
10.0
EPSS 6.6%
Data Extraction Code Execution Auth Bypass Agent Framework API
n8n 16 6 ATLAS
HIGH KEV SCANNER

n8n: security flaw enables exploitation

CVE-2025-68613
8.8
EPSS 81.7%
Code Execution Auth Bypass Data Extraction Agent Framework Plugin
n8n CWE-913 16 9 ATLAS
HIGH KEV SCANNER

langflow: security flaw enables exploitation

CVE-2025-34291
8.8
EPSS 13.3%
Auth Bypass Code Execution Framework Agent
langflow CWE-346 8 ATLAS
CRITICAL KEV SCANNER

Langflow: Unauth RCE via code injection endpoint

CVE-2025-3248
9.8
EPSS 91.8%
Code Execution Auth Bypass Framework Agent
langflow CWE-94 5 ATLAS
HIGH KEV

LiteLLM: SSRF leaks OpenAI API key to attacker

CVE-2024-6587
7.5
EPSS 88.4%
Data Extraction Auth Bypass API Framework
litellm 4 5 ATLAS
HIGH KEV SCANNER

Gradio: SSRF exposes internal network and cloud metadata

CVE-2024-4325
8.6
EPSS 65.1%
Data Extraction Auth Bypass Framework Inference
gradio 674 4 ATLAS
HIGH KEV

Ollama: path traversal enables RCE via model blob API

CVE-2024-37032
8.8
EPSS 93.7%
Code Execution Data Extraction Inference Framework API
ollama 1.4K 4 ATLAS
UNKNOWN KEV SCANNER

Gradio: path traversal enables arbitrary file read

CVE-2024-1561
--
EPSS 93.4%
Data Extraction Data Leakage Framework API
gradio 674 5 ATLAS
CRITICAL KEV SCANNER

Ray: unauthenticated RCE via job submission API

CVE-2023-48022
9.8
EPSS 92.2%
Code Execution Auth Bypass Framework Training Data Inference
ray CWE-829 845 6 ATLAS
HIGH KEV

LangChain: SSRF in URL loader exposes internal network

CVE-2023-46229
8.8
EPSS 1.8%
Data Extraction Auth Bypass Framework RAG
langchain CWE-918 2.6K 4 ATLAS
CRITICAL KEV

LangChain: RCE bypass via __import__ in PAL chain

CVE-2023-44467
9.8
EPSS 0.1%
Code Execution Auth Bypass Framework Agent
langchain_experimental 2.6K 4 ATLAS
CRITICAL KEV SCANNER

TorchServe: SSRF + RCE via unrestricted model URL loading

CVE-2023-43654
9.8
EPSS 91.6%
Code Execution Supply Chain Data Extraction Framework Inference Model
torchserve 21.7K 5 ATLAS
CRITICAL KEV SCANNER

MLflow: path traversal allows arbitrary file read/write

CVE-2023-1177
9.8
EPSS 93.3%
Data Extraction Code Execution Supply Chain Framework Model Training Data
mlflow 624 7 ATLAS

Need deeper analysis?

Get ATLAS technique mappings, compliance reports (ISO 42001, EU AI Act), breaking alerts, and full CISO analysis with a Pro subscription.

Start 14-Day Free Trial