AI Threat Alert AI Threat Alert

AI Security Threat Feed

Latest CVEs affecting AI/ML systems, updated continuously. Tracked from NVD, GitHub Advisory, and CISA KEV.

1,604

AI/ML CVEs Tracked

225

Critical

78

New This Week

16

In CISA KEV

Sort: Date CVSS EPSS KEV first Most exploited
Filter: All Critical High Medium KEV only Active exploitation Has patch No patch

Latest AI Security Threats

Showing 20 of 910 results — Active exploitation
HIGH EXPLOIT AVAIL

Ollama: DoS via malicious GGUF model file upload

CVE-2025-0317
7.5
EPSS 2.9%
DoS Inference Model
ollama CWE-369 1.5K 4 ATLAS
HIGH EXPLOIT AVAIL

Ollama: GGUF model upload causes memory exhaustion DoS

CVE-2025-0315
7.5
EPSS 0.1%
DoS Inference Model
ollama CWE-770 1.5K 3 ATLAS
HIGH EXPLOIT AVAIL

Ollama: null pointer DoS via malicious GGUF model upload

CVE-2025-0312
7.5
EPSS 0.2%
DoS Inference Model Framework
ollama CWE-476 1.5K 4 ATLAS
UNKNOWN EXPLOIT AVAIL

Gradio: DoS via oversized upload filename

CVE-2025-0187
--
EPSS 0.8%
DoS Framework API
gradio 679 3 ATLAS
CRITICAL EXPLOIT AVAIL

BentoML: unauthenticated RCE via runner deserialization

CVE-2024-9070
9.8
EPSS 0.4%
Code Execution Supply Chain Framework Inference
bentoml CWE-502 23 3 ATLAS
HIGH EXPLOIT AVAIL

BentoML: DoS via multipart boundary exhausts server

CVE-2024-9056
7.5
EPSS 0.3%
DoS Framework Inference
bentoml CWE-400 23 3 ATLAS
CRITICAL EXPLOIT AVAIL

vllm: RCE via unsafe pickle deserialization in RPC server

CVE-2024-9053
9.8
EPSS 10.0%
Code Execution Supply Chain Framework Inference
vllm CWE-78 127 5 ATLAS
HIGH EXPLOIT AVAIL

Gradio: DoS via malformed multipart boundary

CVE-2024-8966
7.5
EPSS 0.3%
DoS Framework
video CWE-400 679 3 ATLAS
HIGH EXPLOIT AVAIL

MLflow: path traversal allows arbitrary file read via DBFS

CVE-2024-8859
7.5
EPSS 25.7%
Data Extraction Data Leakage Framework Training Data
mlflow CWE-22 624 5 ATLAS
HIGH EXPLOIT AVAIL

ollama: divide-by-zero DoS via crafted GGUF model import

CVE-2024-8063
7.5
EPSS 0.1%
DoS Supply Chain Inference Model Framework
ollama 1.5K 4 ATLAS
MEDIUM EXPLOIT AVAIL

Gradio: open redirect exposes AI demo users to phishing

CVE-2024-8021
6.1
EPSS 2.4%
Social Engineering Auth Bypass Framework API
gradio CWE-601 679 4 ATLAS
HIGH EXPLOIT AVAIL

Open-WebUI: SSRF via unchecked OpenAI URL leaks internal secrets

CVE-2024-7959
7.7
EPSS 0.5%
Data Extraction Auth Bypass Code Execution API Framework
open-webui CWE-918 5 ATLAS
MEDIUM EXPLOIT AVAIL

MLflow: unconstrained input causes UI denial of service

CVE-2024-6838
5.3
EPSS 0.6%
DoS Framework
mlflow CWE-400 624 3 ATLAS
MEDIUM EXPLOIT AVAIL

TorchServe: unverified S3 bucket exposes benchmark data

CVE-2024-6577
6.3
EPSS 0.2%
Supply Chain Data Leakage Data Extraction Framework Inference
3 ATLAS
HIGH EXPLOIT AVAIL

llama-index: SQLi+DoS via prompt injection in query engine

CVE-2024-12911
7.1
EPSS 0.3%
Prompt Injection Code Execution DoS Framework Agent
llamaindex CWE-89 6 ATLAS
UNKNOWN EXPLOIT AVAIL

Dify: SSRF via custom tool URL enables credential theft

CVE-2024-12775
--
EPSS 0.3%
Data Extraction Auth Bypass Framework API Agent
5 ATLAS
HIGH EXPLOIT AVAIL

Transformers: ReDoS in Nougat tokenizer causes DoS

CVE-2024-12720
7.5
EPSS 0.2%
DoS Framework Inference
transformers CWE-1333 7.9K 3 ATLAS
HIGH EXPLOIT AVAIL

llama-index: DoS via infinite loop in LangChain LLM

CVE-2024-12704
7.5
EPSS 0.4%
DoS Framework
llamaindex CWE-755 3 ATLAS
MEDIUM EXPLOIT AVAIL

Gradio: NTFS ADS bypass exposes blocked file paths

CVE-2024-12217
5.3
EPSS 0.3%
Data Extraction Data Leakage Auth Bypass Framework API
gradio CWE-22 679 3 ATLAS
UNKNOWN EXPLOIT AVAIL

LLaVA: path traversal allows arbitrary file read

CVE-2024-12065
--
EPSS 0.6%
Data Extraction Data Leakage Framework Inference
4 ATLAS

Need deeper analysis?

Get ATLAS technique mappings, compliance reports (ISO 42001, EU AI Act), breaking alerts, and full CISO analysis with a Pro subscription.

Start 14-Day Free Trial