AI Threat Alert
AI Security Threat Feed
Latest CVEs affecting AI/ML systems, updated continuously. Tracked from NVD, GitHub Advisory, and CISA KEV.
AI/ML CVEs Tracked
Critical
New This Week
In CISA KEV
Latest AI Security Threats
Showing 20 of 766 results — Active exploitation, no patchLiteLLM: RCE via post_call_rules callback injection
CVE-2024-6825 open-webui: path traversal allows arbitrary file write/RCE
CVE-2024-7034 Open WebUI: Stored XSS via file upload, session hijack
CVE-2024-7044 llama-index finchat: SQL injection enables RCE
CVE-2024-12909 Open-WebUI: unauthenticated DoS via code formatter
CVE-2024-12537 open-webui: unauthenticated DoS via login payload flood
CVE-2024-12534 H2O-3: unauthenticated AST parser enables DoS + file write
CVE-2024-10572 MLflow: passwordless accounts enable persistent backdoor
CVE-2025-1474 MLflow: CSRF in signup allows rogue account creation
CVE-2025-1473 MLflow: GraphQL DoS disables ML tracking server
CVE-2025-0453 Ollama: DoS via malicious GGUF model file upload
CVE-2025-0317 Ollama: GGUF model upload causes memory exhaustion DoS
CVE-2025-0315 Ollama: null pointer DoS via malicious GGUF model upload
CVE-2025-0312 Gradio: DoS via oversized upload filename
CVE-2025-0187 BentoML: unauthenticated RCE via runner deserialization
CVE-2024-9070 BentoML: DoS via multipart boundary exhausts server
CVE-2024-9056 vllm: RCE via unsafe pickle deserialization in RPC server
CVE-2024-9053 Gradio: DoS via malformed multipart boundary
CVE-2024-8966 MLflow: path traversal allows arbitrary file read via DBFS
CVE-2024-8859 ollama: divide-by-zero DoS via crafted GGUF model import
CVE-2024-8063 Need deeper analysis?
Get ATLAS technique mappings, compliance reports (ISO 42001, EU AI Act), breaking alerts, and full CISO analysis with a Pro subscription.
Start 14-Day Free Trial