AI Security Threat Feed

Latest CVEs affecting AI/ML systems, updated continuously. Tracked from NVD, GitHub Advisory, and CISA KEV.

1,604

AI/ML CVEs Tracked

225

Critical

New This Week

In CISA KEV

Sort: Date CVSS EPSS KEV first Most exploited

Filter: All Critical High Medium KEV only Active exploitation Has patch No patch

Latest AI Security Threats

Showing 20 of 910 results — Active exploitation

HIGH EXPLOIT AVAIL

MONAI: unsafe pickle deserialization RCE in data pipeline

Code Execution Supply Chain Framework Training Data

monai Patch: 1.5.1 CWE-502 105 5 ATLAS

HIGH EXPLOIT AVAIL

MONAI: unsafe deserialization in CheckpointLoader allows RCE

Code Execution Supply Chain Framework Training Data

monai Patch: 1.5.1 CWE-502 105 5 ATLAS

HIGH EXPLOIT AVAIL

MONAI: path traversal allows arbitrary file write

Supply Chain Code Execution Framework

monai Patch: 1.5.1 CWE-22 105 4 ATLAS

HIGH EXPLOIT AVAIL

n8n: unrestricted file upload RCE via Chat Trigger

Code Execution Data Extraction Auth Bypass Framework Agent Plugin

n8n 16 5 ATLAS

MEDIUM EXPLOIT AVAIL

xgrammar: DoS via oversized JSON schema grammar parsing

CVE-2025-58446

EPSS 0.1%

8mo ago

DoS Inference Framework

xgrammar Patch: 0.1.24 CWE-770 152 3 ATLAS

HIGH EXPLOIT AVAIL SCANNER

EverNoteLoader: XXE exposes host files in LangChain

Data Extraction Data Leakage Framework RAG

langchain-community Patch: 0.3.27 CWE-200 1.2K 4 ATLAS

CRITICAL EXPLOIT AVAIL

n8n-workflows: path traversal in download_workflow endpoint

Data Extraction Auth Bypass Code Execution Agent Framework API

fastapi 16 5 ATLAS

HIGH EXPLOIT AVAIL

llama-index: JSON parsing DoS via deep recursion

llama-index-core Patch: 0.12.38 CWE-674 1.1K 3 ATLAS

HIGH EXPLOIT AVAIL

xgrammar: uncontrolled recursion in grammar parsing causes DoS

DoS Supply Chain Framework Inference

xgrammar Patch: 0.1.21 CWE-674 152 3 ATLAS

HIGH EXPLOIT AVAIL

Langflow: privilege escalation to full superuser via CLI

Auth Bypass Code Execution Framework Agent

langflow CWE-269 5 ATLAS

HIGH EXPLOIT AVAIL

vLLM: unauthenticated DoS via oversized HTTP header

DoS Inference API Framework

vllm CWE-400 126 3 ATLAS

HIGH EXPLOIT AVAIL

Keras: safe mode bypass enables RCE via model load

Code Execution Supply Chain Framework Model

keras CWE-502 1.5K 5 ATLAS

HIGH EXPLOIT AVAIL

skops: joblib fallback enables RCE via model load

Supply Chain Code Execution Framework Model

skops Patch: 0.13.0 CWE-502 668 5 ATLAS

MEDIUM EXPLOIT AVAIL

ExecuTorch: integer overflow enables RCE via model loading

CVE-2025-54952

EPSS 0.4%

9mo ago

Code Execution Supply Chain Framework Inference Model

executorch CWE-680 2 4 ATLAS

CRITICAL EXPLOIT AVAIL

ExecuTorch: OOB read in model loader enables RCE

Code Execution Supply Chain Framework Model Inference

executorch Patch: 0.7.0 CWE-125 2 4 ATLAS

CRITICAL EXPLOIT AVAIL

Azure OpenAI: SSRF EoP, no auth required (CVSS 10)

Auth Bypass Data Extraction Privacy Violation API Inference

azure_openai 13.6K 6 ATLAS

MEDIUM EXPLOIT AVAIL

Ollama: arbitrary file deletion via /api/pull

DoS Data Leakage Inference Framework

ollama 1.4K 4 ATLAS

MEDIUM EXPLOIT AVAIL

Transformers: ReDoS in TF-to-PyTorch weight converter

DoS Supply Chain Framework

transformers CWE-1333 7.8K 4 ATLAS

CRITICAL EXPLOIT AVAIL

ChatGLM-Webui: arbitrary file read, no auth required

Data Extraction Auth Bypass Framework API

langchain-chatglm-webui 2.6K 5 ATLAS

CRITICAL EXPLOIT AVAIL

BentoML: unauthenticated SSRF via file upload URLs

Supply Chain Data Extraction Auth Bypass Framework Inference API

bentoml CWE-918 22 5 ATLAS

Need deeper analysis?

Get ATLAS technique mappings, compliance reports (ISO 42001, EU AI Act), breaking alerts, and full CISO analysis with a Pro subscription.

Start 14-Day Free Trial

AI Security Threat Feed

Weekly CISO Take + top threats

Latest AI Security Threats

Need deeper analysis?