AI Threat Alert AI Threat Alert

AI Security Threat Feed

Latest CVEs affecting AI/ML systems, updated continuously. Tracked from NVD, GitHub Advisory, and CISA KEV.

1,604

AI/ML CVEs Tracked

225

Critical

78

New This Week

16

In CISA KEV

Sort: Date CVSS EPSS KEV first Most exploited
Filter: All Critical High Medium KEV only Active exploitation Has patch No patch

Latest AI Security Threats

Showing 20 of 910 results — Active exploitation
Severity CVE ID Summary CVSS EPSS Package Date
MEDI E CVE-2025-3001 PyTorch: lstm_cell memory corruption, local code exec 5.3 0.1% pytorch Mar 31 MEDI E CVE-2025-3000 PyTorch: memory corruption in torch.jit.script compiler 5.3 0.1% pytorch Mar 31 MEDI E CVE-2025-2999 PyTorch: memory corruption in RNN sequence unpacking 5.3 0.1% pytorch Mar 31 MEDI E CVE-2025-2998 PyTorch: memory corruption in RNN pad_packed_sequence 5.3 0.1% pytorch Mar 31 MEDI E CVE-2025-2953 PyTorch: DoS via mkldnn_max_pool2d resource leak 5.5 0.1% pytorch Mar 30 MEDI E CVE-2025-26265 openairinterface5g: segfault enables DoS via crafted UE message 6.5 0.9% openairinterface5g Mar 27 CRIT E CVE-2024-12029 InvokeAI: RCE via unsafe torch.load deserialization 9.8 44.2% Mar 21 HIGH E CVE-2025-0330 LiteLLM: Langfuse API key leak via error handling 7.5 0.5% litellm Mar 20 MEDI E CVE-2025-0508 SageMaker SDK: MD5 collision silently replaces ML workflows 5.9 0.1% sagemaker Mar 20 HIGH E CVE-2025-0628 litellm: privilege escalation viewer→proxy admin via bad API key 8.1 0.3% litellm Mar 20 HIGH E CVE-2024-8984 litellm: unauthenticated DoS via multipart boundary parsing 7.5 0.6% litellm Mar 20 HIGH E CVE-2024-7983 open-webui: unauthenticated DoS via markdown parser 7.5 0.4% open-webui Mar 20 HIGH E CVE-2024-8060 OpenWebUI: path traversal RCE via audio upload API 8.1 2.1% open-webui Mar 20 HIGH E CVE-2024-8020 pytorch-lightning: unauthenticated DoS crashes LightningApp 7.5 0.1% pytorch-lightning Mar 20 HIGH E CVE-2024-7990 open-webui: Stored XSS enables admin session hijack 8.4 0.3% open-webui Mar 20 HIGH E CVE-2024-8053 Open-WebUI: unauthenticated PDF endpoint enables DoS 7.5 0.7% open-webui Mar 20 HIGH E CVE-2024-7806 Open-WebUI: CSRF enables RCE via pipeline code injection 8.0 1.8% open-webui Mar 20 HIGH E CVE-2024-7053 open-webui: XSS enables admin session hijack via chat 7.6 0.2% open-webui Mar 20 CRIT E CVE-2024-8019 pytorch-lightning: file upload RCE (Windows) 9.1 2.1% pytorch-lightning Mar 20 MEDI E CVE-2024-7046 Open WebUI: missing authz leaks admin credentials 4.3 0.2% open-webui Mar 20

Need deeper analysis?

Get ATLAS technique mappings, compliance reports (ISO 42001, EU AI Act), breaking alerts, and full CISO analysis with a Pro subscription.

Start 14-Day Free Trial