AI Threat Alert AI Threat Alert

AI Security Threat Feed

Latest CVEs affecting AI/ML systems, updated continuously. Tracked from NVD, GitHub Advisory, and CISA KEV.

1,604

AI/ML CVEs Tracked

225

Critical

78

New This Week

16

In CISA KEV

Sort: Date CVSS EPSS KEV first Most exploited
Filter: All Critical High Medium KEV only Active exploitation Has patch No patch

Latest AI Security Threats

Showing 20 of 910 results — Active exploitation
Severity CVE ID Summary CVSS EPSS Package Date
MEDI E CVE-2024-7035 Open WebUI: CSRF wipes RAG DB and AI memories via GET 6.9 0.1% open-webui Mar 20 MEDI E CVE-2024-7045 open-webui: missing authz exposes admin prompts 4.3 0.2% open-webui Mar 20 HIGH E CVE-2024-7776 ONNX: path traversal in download_model enables RCE 8.1 5.3% onnx Mar 20 HIGH E CVE-2024-7036 open-webui: unauthenticated DoS disables Admin panel 7.5 1.8% open-webui Mar 20 MEDI E CVE-2024-7034 open-webui: path traversal allows arbitrary file write/RCE 6.5 6.7% open-webui Mar 20 HIGH E CVE-2024-6982 lollms: RCE via eval() sandbox bypass in Calculate 8.4 0.1% lollms Mar 20 HIGH E CVE-2024-7039 open-webui: Privilege bypass enables admin account deletion 8.3 0.2% open-webui Mar 20 MEDI E CVE-2024-7044 Open WebUI: Stored XSS via file upload, session hijack 6.8 0.2% open-webui Mar 20 HIGH E CVE-2024-7043 Open WebUI: auth bypass exposes all user files 8.1 0.2% open-webui Mar 20 HIGH E CVE-2024-6825 LiteLLM: RCE via post_call_rules callback injection 8.8 3.0% litellm Mar 20 MEDI E CVE-2024-7033 open-webui: path traversal allows file write and RCE 6.5 1.3% open-webui Mar 20 MEDI E CVE-2024-12910 llama-index: DoS via infinite recursion in web reader 5.9 0.4% llama-index Mar 20 CRIT E CVE-2024-12909 llama-index finchat: SQL injection enables RCE 10.0 4.1% llama-index-packs-finchat Mar 20 HIGH E CVE-2024-12534 open-webui: unauthenticated DoS via login payload flood 7.5 0.6% open-webui Mar 20 HIGH E CVE-2024-12537 Open-WebUI: unauthenticated DoS via code formatter 7.5 2.7% open-webui Mar 20 CRIT E CVE-2024-11958 llama-index DuckDB retriever: SQLi enables RCE 9.8 4.1% llama-index-retrievers-duckdb-retriever Mar 20 HIGH E CVE-2024-10572 H2O-3: unauthenticated AST parser enables DoS + file write 7.5 0.4% Mar 20 MEDI E CVE-2025-1474 MLflow: passwordless accounts enable persistent backdoor 5.5 0.1% mlflow Mar 20 HIGH E CVE-2025-1473 MLflow: CSRF in signup allows rogue account creation 7.1 0.2% mlflow Mar 20 HIGH E CVE-2025-0453 MLflow: GraphQL DoS disables ML tracking server 7.5 0.3% mlflow Mar 20

Need deeper analysis?

Get ATLAS technique mappings, compliance reports (ISO 42001, EU AI Act), breaking alerts, and full CISO analysis with a Pro subscription.

Start 14-Day Free Trial