AI Threat Alert
AI Security Threat Feed
Latest CVEs affecting AI/ML systems, updated continuously. Tracked from NVD, GitHub Advisory, and CISA KEV.
1,604
AI/ML CVEs Tracked
225
Critical
78
New This Week
16
In CISA KEV
Latest AI Security Threats
Showing 20 of 910 results — Active exploitation Severity CVE ID Summary CVSS EPSS Package Date
CRIT E CVE-2025-46059 LangChain GmailToolkit: indirect prompt injection to RCE 9.8 0.3% — Jul 29 CRIT E CVE-2025-5120 smolagents: sandbox escape enables unauthenticated RCE 10.0 0.4% smolagents Jul 27 HIGH E CVE-2025-54413 skops: RCE via MethodNode unsafe deserialization — 0.0% skops Jul 26 HIGH E CVE-2025-54412 skops: OperatorFuncNode type confusion → RCE — 0.0% skops Jul 26 MEDI E CVE-2025-51471 Ollama: auth token hijack via crafted WWW-Authenticate 6.9 0.0% ollama Jul 22 MEDI E CVE-2025-51481 Dagster: path traversal exposes arbitrary file read via gRPC 6.6 0.0% — Jul 22 MEDI E CVE-2025-3933 Transformers: ReDoS in DonutProcessor causes DoS 5.3 0.1% transformers Jul 11 MEDI E CVE-2025-6716 Contest Gallery WP Plugin: Stored XSS in OpenAI integration 6.4 0.2% — Jul 11 MEDI E CVE-2025-7021 OpenAI Operator: fullscreen spoofing captures credentials 6.5 0.2% operator Jul 10 MEDI E CVE-2025-6211 llama-index: DocugamiReader MD5 hash collision drops chunks 6.5 0.3% llama-index-readers-docugami Jul 10 HIGH E CVE-2025-6209 llama_index: path traversal allows arbitrary file read 7.5 0.4% llama-index-core Jul 7 MEDI E CVE-2025-6210 llama-index Obsidian reader: hardlink path traversal leaks files 6.2 0.1% llama-index-readers-obsidian Jul 7 MEDI E CVE-2025-5472 llama-index: JSONReader DoS via recursive JSON parsing 6.5 0.2% llama-index-core Jul 7 HIGH E CVE-2025-3046 LlamaIndex Obsidian: symlink traversal exposes host files 7.5 0.5% llama-index-readers-obsidian Jul 7 MEDI E CVE-2025-3044 llama-index ArxivReader: MD5 collision corrupts training data 5.3 0.2% llama-index-readers-papers Jul 7 HIGH E CVE-2025-3225 llama-index Papers Loader: XML expansion DoS 7.5 0.3% llama-index-readers-papers Jul 7 LOW E CVE-2025-3777 Transformers: URL validation bypass exposes image pipeline 3.5 0.1% transformers Jul 7 MEDI E CVE-2025-3264 Transformers: ReDoS in dynamic module loader causes DoS 5.3 0.1% transformers Jul 7 MEDI E CVE-2025-3263 Transformers: ReDoS in config loader causes serving DoS 5.3 0.1% transformers Jul 7 HIGH E CVE-2025-3262 Transformers: ReDoS in chat.py causes CPU exhaustion 7.5 0.3% transformers Jul 7 Need deeper analysis?
Get ATLAS technique mappings, compliance reports (ISO 42001, EU AI Act), breaking alerts, and full CISO analysis with a Pro subscription.
Start 14-Day Free Trial