AI Security Threat Feed

Latest CVEs affecting AI/ML systems, updated continuously. Tracked from NVD, GitHub Advisory, and CISA KEV.

1,604

AI/ML CVEs Tracked

225

Critical

New This Week

In CISA KEV

Sort: Date CVSS EPSS KEV first Most exploited

Filter: All Critical High Medium KEV only Active exploitation Has patch No patch

Latest AI Security Threats

Showing 20 of 435 results — High severity, Active exploitation

HIGH EXPLOIT AVAIL

MLflow: path traversal enables RCE via dataset loading

Code Execution Supply Chain Data Leakage Framework Training Data

mlflow 624 5 ATLAS

HIGH EXPLOIT AVAIL

Gradio: LFI via JSON path key exposes server files

Data Extraction Data Leakage Framework Inference

gradio 674 4 ATLAS

HIGH KEV SCANNER

Gradio: SSRF exposes internal network and cloud metadata

Data Extraction Auth Bypass Framework Inference

gradio 674 4 ATLAS

HIGH EXPLOIT AVAIL

MLflow: RCE via malicious MLproject file execution

Code Execution Supply Chain Framework Training Data

mlflow CWE-94 624 6 ATLAS

HIGH EXPLOIT AVAIL

MLflow: RCE via deserialization in crafted Recipes

Code Execution Supply Chain Framework Training Data

mlflow CWE-502 624 5 ATLAS

HIGH EXPLOIT AVAIL

MLflow: RCE via malicious PyTorch model deserialization

Code Execution Supply Chain Framework Model

mlflow CWE-502 624 4 ATLAS

HIGH EXPLOIT AVAIL

MLflow: RCE via malicious LangChain model deserialization

Supply Chain Code Execution Framework Model Agent

mlflow CWE-502 624 5 ATLAS

HIGH EXPLOIT AVAIL

MLflow: RCE via malicious TensorFlow model deserialization

Supply Chain Code Execution Framework Model

mlflow CWE-502 624 5 ATLAS

HIGH EXPLOIT AVAIL

MLflow: RCE via LightGBM model deserialization

Supply Chain Code Execution Framework Model

mlflow CWE-502 624 5 ATLAS

HIGH EXPLOIT AVAIL

MLflow: RCE via pmdarima model deserialization

Code Execution Supply Chain Framework Model

mlflow CWE-502 624 5 ATLAS

HIGH EXPLOIT AVAIL

MLflow: deserialization RCE via malicious PyFunc model

Supply Chain Code Execution Framework Model

mlflow CWE-502 624 5 ATLAS

HIGH EXPLOIT AVAIL

MLflow: RCE via malicious scikit-learn model deserialization

Supply Chain Code Execution Framework Model

mlflow CWE-502 624 5 ATLAS

HIGH EXPLOIT AVAIL

MLflow: RCE via malicious scikit-learn model upload

Code Execution Supply Chain Framework Model

mlflow CWE-502 624 5 ATLAS

HIGH KEV

Ollama: path traversal enables RCE via model blob API

Code Execution Data Extraction Inference Framework API

ollama 1.4K 4 ATLAS

HIGH EXPLOIT AVAIL

WordPress AI ChatBot: auth bypass enables OpenAI file upload

Auth Bypass Data Leakage Model Poisoning API Plugin

wpbot CWE-862 5 ATLAS

HIGH EXPLOIT AVAIL SCANNER

MLflow: URL fragment bypass leaks SSH and cloud keys

Data Extraction Auth Bypass Framework

mlflow CWE-22 624 4 ATLAS

HIGH EXPLOIT AVAIL

Gradio: credential leakage via Windows path encoding bug

Data Leakage Data Extraction Framework Inference API

gradio CWE-116 674 5 ATLAS

HIGH EXPLOIT AVAIL

LangChain: path traversal allows arbitrary file R/W

Code Execution Data Extraction Framework Agent

langchain 2.6K 6 ATLAS

HIGH EXPLOIT AVAIL

MLflow: path traversal via URI fragment reads arbitrary files

Data Extraction Data Leakage Framework Training Data

mlflow 624 5 ATLAS

HIGH EXPLOIT AVAIL

MLflow: path traversal via ';' smuggling exposes files

Data Extraction Auth Bypass Framework Training Data

mlflow 624 4 ATLAS

Need deeper analysis?

Get ATLAS technique mappings, compliance reports (ISO 42001, EU AI Act), breaking alerts, and full CISO analysis with a Pro subscription.

Start 14-Day Free Trial

AI Security Threat Feed

Weekly CISO Take + top threats

Latest AI Security Threats

Need deeper analysis?