AI Security Threat Feed

Latest CVEs affecting AI/ML systems, updated continuously. Tracked from NVD, GitHub Advisory, and CISA KEV.

1,604

AI/ML CVEs Tracked

225

Critical

New This Week

In CISA KEV

Sort: Date CVSS EPSS KEV first Most exploited

Filter: All Critical High Medium KEV only Active exploitation Has patch No patch

Latest AI Security Threats

Showing 20 of 766 results — Active exploitation, no patch

HIGH EXPLOIT AVAIL

Ollama: path traversal exposes server filesystem

Data Extraction Data Leakage Inference API

ollama 1.5K 4 ATLAS

HIGH EXPLOIT AVAIL

Ollama: DoS via /dev/random causes goroutine exhaustion

DoS Inference API Framework

ollama 1.5K 3 ATLAS

HIGH EXPLOIT AVAIL

Ollama: OOB read in GGUF parser enables remote DoS

DoS Code Execution Inference Framework

ollama 1.5K 3 ATLAS

HIGH EXPLOIT AVAIL

Ollama: file existence oracle via api/create errors

Data Extraction Privacy Violation Inference API

ollama 1.5K 4 ATLAS

CRITICAL EXPLOIT AVAIL

Langflow: Unauthenticated RCE via PythonCodeTool

Code Execution Supply Chain Data Extraction Framework Agent Plugin

langflow 6 ATLAS

CRITICAL EXPLOIT AVAIL

PyTorch: RCE via RemoteModule deserialization

Code Execution Supply Chain Framework Training Data

pytorch CWE-502 21.9K 4 ATLAS

MEDIUM EXPLOIT AVAIL

Lollms: SVG upload XSS enables session hijack and RCE

Code Execution Data Leakage Social Engineering Framework API

lollms CWE-79 4 ATLAS

CRITICAL EXPLOIT AVAIL

LangChain GraphCypher: prompt injection enables DB wipe

Prompt Injection Data Extraction DoS Framework Agent RAG

langchain CWE-74 2.6K 7 ATLAS

CRITICAL EXPLOIT AVAIL

LangChain.js: path traversal, arbitrary file read/write

Data Extraction Code Execution Data Leakage Framework Agent

langchain.js CWE-22 2.6K 5 ATLAS

CRITICAL EXPLOIT AVAIL

LangChainJS: prompt injection enables full graph DB takeover

Prompt Injection Data Extraction Code Execution Framework Agent API

langchain 2.6K 6 ATLAS

CRITICAL EXPLOIT AVAIL

Affiliator WP Plugin: Unauthenticated Web Shell Upload

Code Execution Auth Bypass Supply Chain Framework API

affiliator 1.5K 6 ATLAS

MEDIUM EXPLOIT AVAIL

lollms: path traversal allows arbitrary directory read

Data Extraction Auth Bypass Framework Agent

lollms CWE-23 4 ATLAS

LOW EXPLOIT AVAIL

lollms: path traversal in RAG database functions

Data Extraction Code Execution RAG Framework Agent

lollms CWE-22 4 ATLAS

HIGH EXPLOIT AVAIL

Gradio: path traversal leaks arbitrary server files

Data Extraction Data Leakage Framework Inference

gradio CWE-22 679 5 ATLAS

LOW EXPLOIT AVAIL

open-webui: filesystem enumeration via admin error messages

Data Extraction Data Leakage Framework Inference RAG

open-webui CWE-200 3 ATLAS

MEDIUM EXPLOIT AVAIL

open-webui: path traversal → arbitrary file write/RCE

Code Execution Supply Chain Framework Plugin

open-webui CWE-22 4 ATLAS

MEDIUM EXPLOIT AVAIL

open-webui: IDOR enables cross-user memory tampering

Auth Bypass Model Poisoning Privacy Violation API Agent Framework

open-webui CWE-250 4 ATLAS

MEDIUM EXPLOIT AVAIL

Langflow: ReDoS crashes LLM workflow backend via HTTP POST

langflow CWE-1333 3 ATLAS

HIGH EXPLOIT AVAIL SCANNER

AYS ChatGPT WP Plugin: auth bypass disables AI service

Auth Bypass Data Leakage DoS Plugin API

4 ATLAS 1 incident

MEDIUM EXPLOIT AVAIL SCANNER

ChatGPT WP Plugin: OpenAI API key leak via unauth REST

Data Extraction Auth Bypass API Plugin

CWE-862 5 ATLAS 1 incident

Need deeper analysis?

Get ATLAS technique mappings, compliance reports (ISO 42001, EU AI Act), breaking alerts, and full CISO analysis with a Pro subscription.

Start 14-Day Free Trial

AI Security Threat Feed

Weekly CISO Take + top threats

Latest AI Security Threats

Need deeper analysis?