AI Threat Alert
AI Security Threat Feed
Latest CVEs affecting AI/ML systems, updated continuously. Tracked from NVD, GitHub Advisory, and CISA KEV.
AI/ML CVEs Tracked
Critical
New This Week
In CISA KEV
Latest AI Security Threats
Showing 20 of 435 results — High severity, Active exploitationOllama: DoS via /dev/random causes goroutine exhaustion
CVE-2024-39721 Ollama: OOB read in GGUF parser enables remote DoS
CVE-2024-39720 Ollama: file existence oracle via api/create errors
CVE-2024-39719 Gradio: path traversal leaks arbitrary server files
CVE-2024-47868 AYS ChatGPT WP Plugin: auth bypass disables AI service
CVE-2024-7714 vLLM: unauthenticated DoS via empty completion prompt
CVE-2024-8768 LangChain: RCE via FAISS pickle deserialization
CVE-2024-5998 LiteLLM: SSRF leaks OpenAI API key to attacker
CVE-2024-6587 MindsDB: RCE via eval() injection in ChromaDB INSERT
CVE-2024-45848 Ollama: ZIP path traversal exposes host filesystem
CVE-2024-45436 Langflow: mass assignment grants super admin access
CVE-2024-7297 TorchServe: default gRPC exposure allows unauth inference
CVE-2024-35199 langchain-experimental: RCE via eval() in VectorSQL chain
CVE-2024-21513 Flowise: CORS wildcard enables file read and data theft
CVE-2024-36421 Flowise: unauthenticated arbitrary file read via API
CVE-2024-36420 LangChain: Python REPL code execution without opt-in
CVE-2024-38459 ONNX: path traversal in model download enables RCE
CVE-2024-5187 litellm: arbitrary file deletion via audio endpoint
CVE-2024-4888 LangChain: SSRF in Web Retriever exposes cloud metadata
CVE-2024-3095 MLflow: URI fragment LFI exposes arbitrary files
CVE-2024-2928 Need deeper analysis?
Get ATLAS technique mappings, compliance reports (ISO 42001, EU AI Act), breaking alerts, and full CISO analysis with a Pro subscription.
Start 14-Day Free Trial