AI Security Threat Feed

Latest CVEs affecting AI/ML systems, updated continuously. Tracked from NVD, GitHub Advisory, and CISA KEV.

1,604

AI/ML CVEs Tracked

225

Critical

New This Week

In CISA KEV

Sort: Date CVSS EPSS KEV first Most exploited

Filter: All Critical High Medium KEV only Active exploitation Has patch No patch

Latest AI Security Threats

Showing 20 of 766 results — Active exploitation, no patch

HIGH EXPLOIT AVAIL

Gradio: zip bomb DoS via dataframe CSV upload

DoS Framework

gradio CWE-475 674 3 ATLAS

CRITICAL EXPLOIT AVAIL

vLLM: RCE via unsafe deserialization in Mooncake KV

Code Execution Supply Chain Framework Inference

vllm CWE-502 126 5 ATLAS

MEDIUM EXPLOIT AVAIL

vLLM: DoS via unbounded grammar cache exhausts disk

DoS Inference Framework API

vllm CWE-770 126 4 ATLAS

CRITICAL EXPLOIT AVAIL

Keras: safe_mode bypass enables RCE via model loading

Code Execution Supply Chain Framework Model

keras CWE-94 1.5K 6 ATLAS

LOW EXPLOIT AVAIL

PyTorch: improper init in quantized sigmoid skews model output

Supply Chain Adversarial Examples Framework Inference Model

pytorch 21.7K 3 ATLAS

HIGH EXPLOIT AVAIL

PyTorch: memory corruption in JIT profiler callback handler

Code Execution Supply Chain Framework Inference

pytorch 21.7K 3 ATLAS

CRITICAL EXPLOIT AVAIL

picklescan: ZIP flag bypass enables RCE in PyTorch models

Supply Chain Code Execution Model Framework

picklescan CWE-345 3 6 ATLAS

HIGH EXPLOIT AVAIL

gpt_academic: symlink traversal exposes all server files

Data Extraction Privacy Violation Framework

gpt_academic 4 ATLAS

HIGH EXPLOIT AVAIL

Gradio: ACL bypass via path case manipulation

Auth Bypass Data Extraction Framework API

gradio CWE-178 674 4 ATLAS

MEDIUM EXPLOIT AVAIL

Composio: command injection in AI agent tool calls

Code Execution Supply Chain Framework Agent API

CWE-77 5 ATLAS

MEDIUM EXPLOIT AVAIL

Keras: path traversal enables arbitrary file write

Supply Chain Code Execution Framework Training Data

keras CWE-22 1.5K 4 ATLAS

MEDIUM EXPLOIT AVAIL

WP Text Prompter: Stored XSS in OpenAI shortcode plugin

Code Execution Data Extraction Plugin API

4 ATLAS

HIGH EXPLOIT AVAIL

Lobe Chat: pre-auth SSRF leaks OpenAI API keys

Data Extraction Auth Bypass API Framework

6 ATLAS

HIGH EXPLOIT AVAIL

Transformers: RCE via Trax model deserialization

Code Execution Supply Chain Framework Model

transformers CWE-502 7.8K 6 ATLAS

HIGH EXPLOIT AVAIL

Transformers: RCE via MaskFormer model deserialization

Code Execution Supply Chain Framework Model

transformers CWE-502 7.8K 6 ATLAS

HIGH EXPLOIT AVAIL

HuggingFace Transformers: RCE via config deserialization

Supply Chain Code Execution Framework Model

transformers CWE-502 7.8K 6 ATLAS

HIGH EXPLOIT AVAIL

Intel Extension for Transformers: path traversal privesc

Code Execution Supply Chain Framework

4 ATLAS

MEDIUM EXPLOIT AVAIL

Gradio: path traversal exposes arbitrary server files

Data Extraction Data Leakage Framework

gradio CWE-22 674 3 ATLAS

CRITICAL EXPLOIT AVAIL

Langflow: RCE via unsandboxed code component execution

Code Execution Auth Bypass Framework Agent

langflow CWE-94 5 ATLAS

MEDIUM EXPLOIT AVAIL

Gradio: SSRF in DownloadButton exposes internal resources

Data Extraction Privacy Violation Framework Inference

gradio CWE-918 674 4 ATLAS

Need deeper analysis?

Get ATLAS technique mappings, compliance reports (ISO 42001, EU AI Act), breaking alerts, and full CISO analysis with a Pro subscription.

Start 14-Day Free Trial

AI Security Threat Feed

Weekly CISO Take + top threats

Latest AI Security Threats

Need deeper analysis?