AI Security Threat Feed

Latest CVEs affecting AI/ML systems, updated continuously. Tracked from NVD, GitHub Advisory, and CISA KEV.

1,604

AI/ML CVEs Tracked

225

Critical

New This Week

In CISA KEV

Sort: Date CVSS EPSS KEV first Most exploited

Filter: All Critical High Medium KEV only Active exploitation Has patch No patch

Latest AI Security Threats

Showing 20 of 910 results — Active exploitation

MEDIUM EXPLOIT AVAIL

PyTorch: lstm_cell memory corruption, local code exec

Code Execution DoS Framework

pytorch 21.9K 3 ATLAS

MEDIUM EXPLOIT AVAIL

PyTorch: memory corruption in torch.jit.script compiler

Code Execution Supply Chain Framework Inference

pytorch 21.9K 3 ATLAS

MEDIUM EXPLOIT AVAIL

PyTorch: memory corruption in RNN sequence unpacking

Code Execution Data Extraction Supply Chain Framework Training Data Inference

pytorch 21.9K 3 ATLAS

MEDIUM EXPLOIT AVAIL

PyTorch: memory corruption in RNN pad_packed_sequence

Code Execution Supply Chain DoS Framework Training Data

pytorch 21.9K 3 ATLAS

MEDIUM EXPLOIT AVAIL

PyTorch: DoS via mkldnn_max_pool2d resource leak

DoS Supply Chain Framework Inference Model

pytorch CWE-404 21.9K 3 ATLAS

MEDIUM EXPLOIT AVAIL

openairinterface5g: segfault enables DoS via crafted UE message

openairinterface5g 13.8K 2 ATLAS

CRITICAL EXPLOIT AVAIL

InvokeAI: RCE via unsafe torch.load deserialization

Code Execution Supply Chain Framework Model

CWE-502 5 ATLAS

HIGH EXPLOIT AVAIL

LiteLLM: Langfuse API key leak via error handling

Data Leakage Auth Bypass Data Extraction Framework API Inference

litellm CWE-1230 4 4 ATLAS

MEDIUM EXPLOIT AVAIL

SageMaker SDK: MD5 collision silently replaces ML workflows

Supply Chain Model Poisoning Framework Training Data

sagemaker Patch: 2.237.3 CWE-328 51 3 ATLAS

HIGH EXPLOIT AVAIL

litellm: privilege escalation viewer→proxy admin via bad API key

Auth Bypass Data Extraction API Framework

litellm Patch: 1.61.15 CWE-266 4 4 ATLAS

HIGH EXPLOIT AVAIL

litellm: unauthenticated DoS via multipart boundary parsing

DoS API Framework Inference

litellm Patch: 1.56.2 CWE-400 4 3 ATLAS

HIGH EXPLOIT AVAIL

open-webui: unauthenticated DoS via markdown parser

DoS Auth Bypass API Framework

open-webui CWE-400 3 ATLAS

HIGH EXPLOIT AVAIL

OpenWebUI: path traversal RCE via audio upload API

Code Execution Data Extraction Framework API

open-webui Patch: 0.5.17 CWE-22 5 ATLAS

HIGH EXPLOIT AVAIL

pytorch-lightning: unauthenticated DoS crashes LightningApp

pytorch-lightning CWE-248 1.6K 3 ATLAS

HIGH EXPLOIT AVAIL

open-webui: Stored XSS enables admin session hijack

Code Execution Data Extraction Auth Bypass Framework API

open-webui CWE-79 3 ATLAS

HIGH EXPLOIT AVAIL

Open-WebUI: unauthenticated PDF endpoint enables DoS

Auth Bypass DoS API Inference

open-webui CWE-287 3 ATLAS

HIGH EXPLOIT AVAIL

Open-WebUI: CSRF enables RCE via pipeline code injection

Code Execution Auth Bypass Framework API

open-webui Patch: 0.3.33 CWE-352 6 ATLAS

HIGH EXPLOIT AVAIL

open-webui: XSS enables admin session hijack via chat

Auth Bypass Code Execution Data Extraction Framework API

open-webui CWE-79 6 ATLAS

CRITICAL EXPLOIT AVAIL

pytorch-lightning: file upload RCE (Windows)

Code Execution Supply Chain Framework Training Data

pytorch-lightning Patch: 2.4.0 CWE-434 1.6K 4 ATLAS

MEDIUM EXPLOIT AVAIL

Open WebUI: missing authz leaks admin credentials

Auth Bypass Data Extraction Privacy Violation API Framework

open-webui CWE-475 3 ATLAS

Need deeper analysis?

Get ATLAS technique mappings, compliance reports (ISO 42001, EU AI Act), breaking alerts, and full CISO analysis with a Pro subscription.

Start 14-Day Free Trial

AI Security Threat Feed

Weekly CISO Take + top threats

Latest AI Security Threats

Need deeper analysis?