AI Threat Alert
AI Security Threat Feed
Latest CVEs affecting AI/ML systems, updated continuously. Tracked from NVD, GitHub Advisory, and CISA KEV.
1,604
AI/ML CVEs Tracked
225
Critical
78
New This Week
16
In CISA KEV
Latest AI Security Threats
Showing 20 of 910 results — Active exploitation Severity CVE ID Summary CVSS EPSS Package Date
HIGH E CVE-2025-58757 MONAI: unsafe pickle deserialization RCE in data pipeline 8.8 0.8% monai Sep 9 HIGH E CVE-2025-58756 MONAI: unsafe deserialization in CheckpointLoader allows RCE 8.8 1.7% monai Sep 9 HIGH E CVE-2025-58755 MONAI: path traversal allows arbitrary file write 8.8 0.1% monai Sep 9 HIGH E CVE-2025-56265 n8n: unrestricted file upload RCE via Chat Trigger 8.8 0.1% n8n Sep 8 MEDI E CVE-2025-58446 xgrammar: DoS via oversized JSON schema grammar parsing — 0.1% xgrammar Sep 5 HIGH E CVE-2025-6984 EverNoteLoader: XXE exposes host files in LangChain 7.5 1.9% langchain-community Sep 4 CRIT E CVE-2025-55526 n8n-workflows: path traversal in download_workflow endpoint 9.1 0.6% fastapi Aug 26 HIGH E CVE-2025-5302 llama-index: JSON parsing DoS via deep recursion 8.6 0.1% llama-index-core Aug 26 HIGH E CVE-2025-57809 xgrammar: uncontrolled recursion in grammar parsing causes DoS 7.5 0.0% xgrammar Aug 25 HIGH E CVE-2025-57760 Langflow: privilege escalation to full superuser via CLI 8.8 0.0% langflow Aug 25 HIGH E CVE-2025-48956 vLLM: unauthenticated DoS via oversized HTTP header 7.5 0.3% vllm Aug 21 HIGH E CVE-2025-8747 Keras: safe mode bypass enables RCE via model load 7.8 0.0% keras Aug 11 HIGH E CVE-2025-54886 skops: joblib fallback enables RCE via model load 8.4 0.4% skops Aug 8 MEDI E CVE-2025-54952 ExecuTorch: integer overflow enables RCE via model loading — 0.4% executorch Aug 8 CRIT E CVE-2025-54950 ExecuTorch: OOB read in model loader enables RCE 9.8 0.3% executorch Aug 8 CRIT E CVE-2025-53767 Azure OpenAI: SSRF EoP, no auth required (CVSS 10) 10.0 0.5% azure_openai Aug 7 MEDI E CVE-2025-44779 Ollama: arbitrary file deletion via /api/pull 6.6 0.0% ollama Aug 7 MEDI E CVE-2025-5197 Transformers: ReDoS in TF-to-PyTorch weight converter 5.3 0.0% transformers Aug 6 CRIT E CVE-2025-45150 ChatGLM-Webui: arbitrary file read, no auth required 9.8 0.1% langchain-chatglm-webui Aug 1 CRIT E CVE-2025-54381 BentoML: unauthenticated SSRF via file upload URLs 9.9 0.7% bentoml Jul 29 Need deeper analysis?
Get ATLAS technique mappings, compliance reports (ISO 42001, EU AI Act), breaking alerts, and full CISO analysis with a Pro subscription.
Start 14-Day Free Trial