AI Threat Alert AI Threat Alert

AI Security Threat Feed

Latest CVEs affecting AI/ML systems, updated continuously. Tracked from NVD, GitHub Advisory, and CISA KEV.

1,604

AI/ML CVEs Tracked

225

Critical

78

New This Week

16

In CISA KEV

Sort: Date CVSS EPSS KEV first Most exploited
Filter: All Critical High Medium KEV only Active exploitation Has patch No patch

Latest AI Security Threats

Showing 20 of 435 results — High severity, Active exploitation
HIGH EXPLOIT AVAIL

Open-WebUI: SSRF via unchecked OpenAI URL leaks internal secrets

CVE-2024-7959
7.7
EPSS 0.5%
Data Extraction Auth Bypass Code Execution API Framework
open-webui CWE-918 5 ATLAS
HIGH EXPLOIT AVAIL

llama-index: SQLi+DoS via prompt injection in query engine

CVE-2024-12911
7.1
EPSS 0.3%
Prompt Injection Code Execution DoS Framework Agent
llamaindex CWE-89 6 ATLAS
HIGH EXPLOIT AVAIL

Transformers: ReDoS in Nougat tokenizer causes DoS

CVE-2024-12720
7.5
EPSS 0.2%
DoS Framework Inference
transformers CWE-1333 7.8K 3 ATLAS
HIGH EXPLOIT AVAIL

llama-index: DoS via infinite loop in LangChain LLM

CVE-2024-12704
7.5
EPSS 0.4%
DoS Framework
llamaindex CWE-755 3 ATLAS
HIGH EXPLOIT AVAIL

Ollama: DoS via malicious gguf model file upload

CVE-2024-12055
7.5
EPSS 0.1%
DoS Supply Chain Inference Model Framework
ollama 1.4K 4 ATLAS
HIGH EXPLOIT AVAIL

GPT Academic: SSRF in Markdown plugin leaks credentials

CVE-2024-11031
7.5
EPSS 0.2%
Data Extraction Auth Bypass Framework Plugin
gpt_academic 4 ATLAS
HIGH EXPLOIT AVAIL

GPT Academic: SSRF via unsanitized HotReload plugin

CVE-2024-11030
7.5
EPSS 0.3%
Data Extraction Auth Bypass Framework Plugin
gpt_academic 4 ATLAS
HIGH EXPLOIT AVAIL

Gradio: path traversal enables arbitrary file deletion DoS

CVE-2024-10648
8.2
EPSS 0.3%
DoS Supply Chain Framework Inference
gradio CWE-29 674 3 ATLAS
HIGH EXPLOIT AVAIL

Gradio: ReDoS in DateTime causes CPU exhaustion DoS

CVE-2024-10624
7.5
EPSS 0.8%
DoS Framework Inference
gradio CWE-400 674 3 ATLAS
HIGH EXPLOIT AVAIL

Gradio: zip bomb DoS via dataframe CSV upload

CVE-2024-10569
7.5
EPSS 0.5%
DoS Framework
gradio CWE-475 674 3 ATLAS
HIGH EXPLOIT AVAIL

PyTorch: memory corruption in JIT profiler callback handler

CVE-2025-2148
7.5
EPSS 0.1%
Code Execution Supply Chain Framework Inference
pytorch 21.7K 3 ATLAS
HIGH EXPLOIT AVAIL

gpt_academic: symlink traversal exposes all server files

CVE-2025-25185
7.5
EPSS 0.6%
Data Extraction Privacy Violation Framework
gpt_academic 4 ATLAS
HIGH EXPLOIT AVAIL

Label Studio SDK: path traversal leaks server filesystem

CVE-2025-25295
--
EPSS 0.1%
Data Extraction Data Leakage Privacy Violation Framework Training Data
label-studio-sdk Patch: 1.0.10 CWE-26 1 5 ATLAS
HIGH EXPLOIT AVAIL

Gradio: ACL bypass via path case manipulation

CVE-2025-23042
7.5
EPSS 0.1%
Auth Bypass Data Extraction Framework API
gradio CWE-178 674 4 ATLAS
HIGH EXPLOIT AVAIL

Lobe Chat: pre-auth SSRF leaks OpenAI API keys

CVE-2024-32965
8.6
EPSS 0.2%
Data Extraction Auth Bypass API Framework
6 ATLAS
HIGH EXPLOIT AVAIL

Transformers: RCE via Trax model deserialization

CVE-2024-11394
8.8
EPSS 65.0%
Code Execution Supply Chain Framework Model
transformers CWE-502 7.8K 6 ATLAS
HIGH EXPLOIT AVAIL

Transformers: RCE via MaskFormer model deserialization

CVE-2024-11393
8.8
EPSS 79.5%
Code Execution Supply Chain Framework Model
transformers CWE-502 7.8K 6 ATLAS
HIGH EXPLOIT AVAIL

HuggingFace Transformers: RCE via config deserialization

CVE-2024-11392
8.8
EPSS 59.3%
Supply Chain Code Execution Framework Model
transformers CWE-502 7.8K 6 ATLAS
HIGH EXPLOIT AVAIL

Intel Extension for Transformers: path traversal privesc

CVE-2024-21799
7.1
EPSS 0.1%
Code Execution Supply Chain Framework
4 ATLAS
HIGH EXPLOIT AVAIL

Ollama: path traversal exposes server filesystem

CVE-2024-39722
7.5
EPSS 62.2%
Data Extraction Data Leakage Inference API
ollama 1.4K 4 ATLAS

Need deeper analysis?

Get ATLAS technique mappings, compliance reports (ISO 42001, EU AI Act), breaking alerts, and full CISO analysis with a Pro subscription.

Start 14-Day Free Trial