AI Threat Alert
AI Security Threat Feed
Latest CVEs affecting AI/ML systems, updated continuously. Tracked from NVD, GitHub Advisory, and CISA KEV.
AI/ML CVEs Tracked
Critical
New This Week
In CISA KEV
Latest AI Security Threats
Showing 20 of 910 results — Active exploitationOllama: DoS via malicious manifest in /api/pull
CVE-2025-1975 Label Studio: XSS enables unauthorized actions via CSRF
CVE-2025-47783 llama_index: DoS via uncapped recursion in web reader
CVE-2025-1752 PyTorch NCCL: local DoS in distributed training reduce op
CVE-2025-4287 browser-use: URL allowlist bypass enables SSRF in agents
CVE-2025-47241 LLaMA-Factory: RCE via torch.load() unsafe deserialization
CVE-2025-46567 vLLM: DoS via quadratic multimodal tokenizer input
CVE-2025-46560 vLLM: RCE via pickle deserialization on ZeroMQ
CVE-2025-32444 vLLM: ZeroMQ socket exposure enables DoS in multi-node
CVE-2025-30202 transformers: ReDoS in GPT-NeoX Japanese tokenizer
CVE-2025-1194 PyTorch: RCE bypasses weights_only=True safe-load guard
CVE-2025-32434 PyTorch: DoS via ctc_loss resource mishandling
CVE-2025-3730 jupyter-remote-desktop-proxy: VNC network exposure
CVE-2025-32428 BentoML: RCE via insecure deserialization in runner
CVE-2025-32375 picklescan: scanner bypass enables DNS data exfiltration
CVE-2025-46417 Langflow: Unauth RCE via code injection endpoint
CVE-2025-3248 BentoML: unauthenticated RCE via insecure deserialization
CVE-2025-27520 jupyterlab-git: command injection via malicious repo name
CVE-2025-30370 PyTorch: memory corruption in CUDA caching allocator
CVE-2025-3136 PyTorch: memory corruption in JIT flatbuffer loader
CVE-2025-3121 Need deeper analysis?
Get ATLAS technique mappings, compliance reports (ISO 42001, EU AI Act), breaking alerts, and full CISO analysis with a Pro subscription.
Start 14-Day Free Trial