AI Threat Alert
AI Security Threat Feed
Latest CVEs affecting AI/ML systems, updated continuously. Tracked from NVD, GitHub Advisory, and CISA KEV.
1,604
AI/ML CVEs Tracked
225
Critical
78
New This Week
16
In CISA KEV
Latest AI Security Threats
Showing 20 of 910 results — Active exploitation Severity CVE ID Summary CVSS EPSS Package Date
MEDI E CVE-2025-3108 llama-index: RCE via unsafe pickle deserialization 5.0 1.9% llama-index-core Jul 7 MEDI E CVE-2025-45809 LiteLLM: SQL injection in key management API 5.4 0.2% litellm Jul 3 MEDI E CVE-2025-49595 n8n: DoS via empty filesystem URI in binary-data API 4.9 0.3% n8n Jul 3 UNKN E CVE-2025-34072 Slack MCP: zero-click exfiltration via link unfurling — 0.4% — Jul 2 HIGH E CVE-2025-6855 Langchain-Chatchat: path traversal exposes system files 8.8 0.7% langchain-chatchat Jun 29 MEDI E CVE-2025-6854 Langchain-Chatchat: path traversal in file API exposes host FS 4.3 0.5% langchain-chatchat Jun 29 CRIT E CVE-2025-6853 Langchain-Chatchat: path traversal in KB upload 9.8 0.6% langchain-chatchat Jun 29 CRIT E CVE-2025-53002 LLaMA-Factory: RCE via unsafe checkpoint deserialization 9.8 4.2% llamafactory Jun 26 CRIT E CVE-2025-2828 LangChain RequestsToolkit: SSRF exposes cloud metadata 10.0 0.2% langchain Jun 23 CRIT E CVE-2025-1793 llama_index: SQL injection in vector store integrations 9.8 0.1% llama-index Jun 5 HIGH E CVE-2025-30167 jupyter_core: config hijack enables cross-user code exec 7.3 0.1% — Jun 4 MEDI E CVE-2025-48944 vLLM: input validation DoS crashes inference worker 6.5 0.3% vllm May 30 MEDI E CVE-2025-48943 vLLM: ReDoS crashes inference server via malformed regex 6.5 0.2% vllm May 30 MEDI E CVE-2025-48942 vLLM: DoS via malformed JSON schema guided param 6.5 0.2% vllm May 30 MEDI E CVE-2025-48887 vLLM: ReDoS in tool parser causes service outage 6.5 0.3% vllm May 30 HIGH E CVE-2025-48889 Gradio: unauthenticated file copy enables disk DoS 7.5 1.5% gradio May 30 LOW E CVE-2025-5320 Gradio: CORS origin bypass in ML UI handler 3.7 0.1% gradio May 29 HIGH E CVE-2025-1753 llama-index-cli: OS command injection enables RCE 7.8 0.1% llama-index May 28 CRIT E CVE-2025-47277 vLLM: RCE via exposed TCPStore in distributed inference 9.8 0.9% vllm May 20 HIGH E CVE-2025-2099 transformers: ReDoS in testing_utils causes DoS 7.5 0.1% transformers May 19 Need deeper analysis?
Get ATLAS technique mappings, compliance reports (ISO 42001, EU AI Act), breaking alerts, and full CISO analysis with a Pro subscription.
Start 14-Day Free Trial