AI Security Threat Feed

Latest CVEs affecting AI/ML systems, updated continuously. Tracked from NVD, GitHub Advisory, and CISA KEV.

1,604

AI/ML CVEs Tracked

225

Critical

New This Week

In CISA KEV

Sort: Date CVSS EPSS KEV first Most exploited

Filter: All Critical High Medium KEV only Active exploitation Has patch No patch

Latest AI Security Threats

Showing 20 of 435 results — High severity, Active exploitation

HIGH EXPLOIT AVAIL

MLflow: path traversal allows arbitrary directory deletion

Supply Chain DoS Auth Bypass Framework Training Data

mlflow 624 3 ATLAS

HIGH EXPLOIT AVAIL

MLflow: path traversal enables arbitrary file read

Data Extraction Data Leakage Framework

mlflow 624 5 ATLAS

HIGH EXPLOIT AVAIL SCANNER

MLflow: path traversal exposes arbitrary server files

Data Extraction Auth Bypass Framework Training Data

mlflow 624 5 ATLAS

HIGH EXPLOIT AVAIL SCANNER

Gradio: path traversal leaks arbitrary files, potential RCE

Data Extraction Code Execution Privacy Violation Framework API Inference

gradio 674 6 ATLAS

HIGH EXPLOIT AVAIL

Gradio: CI/CD command injection enables secrets exfil

Code Execution Supply Chain Framework

gradio 674 4 ATLAS

HIGH EXPLOIT AVAIL

LangChain: path traversal enables RCE and API key theft

Code Execution Data Leakage Supply Chain Framework Agent API

langchain CWE-22 2.6K 6 ATLAS

HIGH EXPLOIT AVAIL SCANNER

Gradio: path traversal grants arbitrary file read

Data Extraction Privacy Violation Framework Inference

gradio 674 5 ATLAS

HIGH EXPLOIT AVAIL

Transformers: unsafe deserialization enables RCE on load

Supply Chain Code Execution Framework Model

transformers 7.8K 5 ATLAS

HIGH EXPLOIT AVAIL

HuggingFace Transformers: RCE via unsafe deserialization

Supply Chain Code Execution Framework Model

transformers CWE-502 7.8K 5 ATLAS

HIGH EXPLOIT AVAIL SCANNER

MLflow: path traversal exposes arbitrary files (no auth)

Data Extraction Framework

mlflow 624 4 ATLAS

HIGH EXPLOIT AVAIL SCANNER

MLflow: path traversal allows arbitrary file write

Supply Chain Code Execution Framework Training Data

mlflow CWE-22 624 4 ATLAS

HIGH EXPLOIT AVAIL

Gradio: command injection enables RCE on ML servers

Code Execution Data Extraction Supply Chain Framework Inference API

gradio 674 5 ATLAS

HIGH EXPLOIT AVAIL

MLflow: path traversal exposes arbitrary file read/write

Data Extraction Code Execution Supply Chain Framework Training Data Model

mlflow 624 5 ATLAS

HIGH EXPLOIT AVAIL

MLflow: SSTI enables RCE in ML experiment tracking

Code Execution Supply Chain Data Extraction Framework Training Data

mlflow 624 5 ATLAS

HIGH EXPLOIT AVAIL SCANNER

MLflow: unauth REST API leaks sensitive ML data

Data Extraction Data Leakage Auth Bypass Framework API Training Data

mlflow 624 5 ATLAS

HIGH EXPLOIT AVAIL

MLflow: unauthenticated arbitrary file write via PUT

Supply Chain Code Execution Model Poisoning Framework Model Training Data

mlflow 624 6 ATLAS

HIGH EXPLOIT AVAIL

LangChain: prompt injection triggers SSRF via URL fetch

Prompt Injection Data Extraction Framework Agent

langchain CWE-74 2.6K 5 ATLAS

HIGH KEV

LangChain: SSRF in URL loader exposes internal network

Data Extraction Auth Bypass Framework RAG

langchain CWE-918 2.6K 4 ATLAS

HIGH EXPLOIT AVAIL

MLflow: OS command injection enables local code execution

Code Execution Supply Chain Framework Training Data Model

mlflow CWE-78 624 5 ATLAS

HIGH EXPLOIT AVAIL

LangChain SQLDatabaseChain: SQL injection, DB exfil

Data Extraction Privacy Violation Framework Agent

langchain CWE-89 2.6K 4 ATLAS

Need deeper analysis?

Get ATLAS technique mappings, compliance reports (ISO 42001, EU AI Act), breaking alerts, and full CISO analysis with a Pro subscription.

Start 14-Day Free Trial

AI Security Threat Feed

Weekly CISO Take + top threats

Latest AI Security Threats

Need deeper analysis?