AI Threat Alert AI Threat Alert

AI Security Threat Feed

Latest CVEs affecting AI/ML systems, updated continuously. Tracked from NVD, GitHub Advisory, and CISA KEV.

1,604

AI/ML CVEs Tracked

225

Critical

78

New This Week

16

In CISA KEV

Sort: Date CVSS EPSS KEV first Most exploited
Filter: All Critical High Medium KEV only Active exploitation Has patch No patch

Latest AI Security Threats

Showing 20 of 766 results — Active exploitation, no patch
MEDIUM EXPLOIT AVAIL

vLLM: ReDoS in tool parser causes service outage

CVE-2025-48887
6.5
EPSS 0.3%
DoS Inference API Framework
vllm CWE-1333 126 3 ATLAS
HIGH EXPLOIT AVAIL

Gradio: unauthenticated file copy enables disk DoS

CVE-2025-48889
7.5
EPSS 1.5%
DoS Framework Inference
gradio CWE-434 674 3 ATLAS
LOW EXPLOIT AVAIL

Gradio: CORS origin bypass in ML UI handler

CVE-2025-5320
3.7
EPSS 0.1%
Auth Bypass Framework Inference
gradio CWE-345 674 3 ATLAS
HIGH EXPLOIT AVAIL

llama-index-cli: OS command injection enables RCE

CVE-2025-1753
7.8
EPSS 0.1%
Code Execution Supply Chain Framework Agent
llama-index CWE-78 229 4 ATLAS
CRITICAL EXPLOIT AVAIL

vLLM: RCE via exposed TCPStore in distributed inference

CVE-2025-47277
9.8
EPSS 0.9%
Code Execution Data Extraction Inference Framework
vllm CWE-502 126 4 ATLAS
HIGH EXPLOIT AVAIL

transformers: ReDoS in testing_utils causes DoS

CVE-2025-2099
7.5
EPSS 0.1%
DoS Framework
transformers CWE-1333 7.8K 3 ATLAS
UNKNOWN EXPLOIT AVAIL

Ollama: DoS via malicious manifest in /api/pull

CVE-2025-1975
--
EPSS 0.5%
DoS Inference API
ollama 1.4K 3 ATLAS
LOW EXPLOIT AVAIL

PyTorch NCCL: local DoS in distributed training reduce op

CVE-2025-4287
3.3
EPSS 0.1%
DoS Framework Training Data
3 ATLAS
HIGH EXPLOIT AVAIL

vLLM: DoS via quadratic multimodal tokenizer input

CVE-2025-46560
7.5
EPSS 0.6%
DoS Inference Framework
vllm CWE-1333 126 3 ATLAS
CRITICAL EXPLOIT AVAIL

vLLM: RCE via pickle deserialization on ZeroMQ

CVE-2025-32444
9.8
EPSS 2.5%
Code Execution Supply Chain Inference Framework
vllm CWE-502 126 5 ATLAS
HIGH EXPLOIT AVAIL

vLLM: ZeroMQ socket exposure enables DoS in multi-node

CVE-2025-30202
7.5
EPSS 0.4%
DoS Data Leakage Inference Framework
vllm CWE-770 126 4 ATLAS
MEDIUM EXPLOIT AVAIL

transformers: ReDoS in GPT-NeoX Japanese tokenizer

CVE-2025-1194
6.5
EPSS 0.1%
DoS Framework
transformers CWE-1333 7.8K 4 ATLAS
CRITICAL EXPLOIT AVAIL

PyTorch: RCE bypasses weights_only=True safe-load guard

CVE-2025-32434
9.8
EPSS 1.2%
Code Execution Supply Chain Framework Model Inference
pytorch CWE-502 21.7K 6 ATLAS
MEDIUM EXPLOIT AVAIL

PyTorch: DoS via ctc_loss resource mishandling

CVE-2025-3730
5.5
EPSS 0.1%
DoS Framework
pytorch CWE-404 21.7K 3 ATLAS
CRITICAL EXPLOIT AVAIL

BentoML: RCE via insecure deserialization in runner

CVE-2025-32375
9.8
EPSS 67.3%
Code Execution Data Extraction Supply Chain Framework Inference
bentoml CWE-502 22 5 ATLAS
CRITICAL KEV SCANNER

Langflow: Unauth RCE via code injection endpoint

CVE-2025-3248
9.8
EPSS 91.8%
Code Execution Auth Bypass Framework Agent
langflow CWE-94 5 ATLAS
CRITICAL EXPLOIT AVAIL

BentoML: unauthenticated RCE via insecure deserialization

CVE-2025-27520
9.8
EPSS 81.0%
Code Execution Supply Chain Framework Inference
bentoml CWE-502 22 5 ATLAS
HIGH EXPLOIT AVAIL

jupyterlab-git: command injection via malicious repo name

CVE-2025-30370
7.4
EPSS 0.1%
Code Execution Supply Chain Framework Plugin
CWE-78 4 ATLAS
LOW EXPLOIT AVAIL

PyTorch: memory corruption in CUDA caching allocator

CVE-2025-3136
3.3
EPSS 0.1%
DoS Framework Inference
pytorch CWE-787 21.7K 2 ATLAS
MEDIUM EXPLOIT AVAIL

PyTorch: memory corruption in JIT flatbuffer loader

CVE-2025-3121
5.5
EPSS 0.1%
DoS Supply Chain Framework Inference
pytorch 21.7K 3 ATLAS

Need deeper analysis?

Get ATLAS technique mappings, compliance reports (ISO 42001, EU AI Act), breaking alerts, and full CISO analysis with a Pro subscription.

Start 14-Day Free Trial