AI Threat Alert
AI Security Threat Feed
Latest CVEs affecting AI/ML systems, updated continuously. Tracked from NVD, GitHub Advisory, and CISA KEV.
1,604
AI/ML CVEs Tracked
225
Critical
78
New This Week
16
In CISA KEV
Latest AI Security Threats
Showing 20 of 910 results — Active exploitation Severity CVE ID Summary CVSS EPSS Package Date
HIGH E CVE-2025-55557 PyTorch: DoS via cummin+Inductor NameError in 2.7.0 7.5 0.1% pytorch Sep 25 MEDI E CVE-2025-55556 TensorFlow: non-deterministic compilation breaks Embedding 6.5 0.0% tensorflow Sep 25 MEDI E CVE-2025-55554 PyTorch: integer overflow in nan_to_num causes DoS 5.3 0.1% pytorch Sep 25 HIGH E CVE-2025-55553 PyTorch 2.7.0: DoS via proxy_tensor.py syntax error 7.5 0.1% pytorch Sep 25 HIGH E CVE-2025-55552 PyTorch: integer overflow in rot90+randn_like causes DoS 7.5 0.1% pytorch Sep 25 HIGH E CVE-2025-55551 PyTorch: DoS in linalg.lu via malformed slice op 7.5 0.1% pytorch Sep 25 HIGH E CVE-2025-6921 Transformers: ReDoS in optimizer halts training pipelines 7.5 0.0% transformers Sep 23 UNKN E CVE-2025-59532 OpenAI Codex CLI: sandbox escape via model-generated cwd — 0.1% — Sep 22 CRIT E CVE-2025-59528 Flowise: Unauthenticated RCE via MCP config injection 10.0 83.9% flowise Sep 22 HIGH E CVE-2025-59527 Flowise: unauthenticated SSRF exposes internal network 7.5 0.1% flowise Sep 22 CRIT E CVE-2025-59434 Flowise Cloud: cross-tenant env var exposure leaks API keys 9.6 0.1% — Sep 22 HIGH E CVE-2025-9906 Keras: safe_mode bypass enables RCE via model load 7.3 0.1% keras Sep 19 HIGH E CVE-2025-9905 Keras: safe_mode bypass enables RCE via .h5 model files 7.3 0.0% keras Sep 19 HIGH E CVE-2025-10155 picklescan: file extension bypass allows model RCE 7.8 0.1% picklescan Sep 17 MEDI E CVE-2025-6051 Transformers: ReDoS in EnglishNormalizer exhausts CPU 5.3 0.0% transformers Sep 14 CRIT E CVE-2025-58434 Flowise: auth bypass in reset flow allows full ATO 9.8 21.0% flowise Sep 12 CRIT E CVE-2025-9556 langchaingo: Jinja2 SSTI allows host filesystem read 9.8 0.1% — Sep 12 HIGH E CVE-2025-6638 HuggingFace Transformers: ReDoS in MarianTokenizer 7.5 0.0% transformers Sep 12 HIGH E CVE-2025-10156 Picklescan: CRC bypass hides malicious pickle in ZIP 7.5 1.0% picklescan Sep 10 HIGH E CVE-2025-10157 PickleScan: subclass bypass enables malicious model RCE 8.3 0.2% picklescan Sep 10 Need deeper analysis?
Get ATLAS technique mappings, compliance reports (ISO 42001, EU AI Act), breaking alerts, and full CISO analysis with a Pro subscription.
Start 14-Day Free Trial