AI Threat Alert AI Threat Alert

AI Security Threat Feed

Latest CVEs affecting AI/ML systems, updated continuously. Tracked from NVD, GitHub Advisory, and CISA KEV.

1,604

AI/ML CVEs Tracked

225

Critical

78

New This Week

16

In CISA KEV

Sort: Date CVSS EPSS KEV first Most exploited
Filter: All Critical High Medium KEV only Active exploitation Has patch No patch

Latest AI Security Threats

Showing 20 of 766 results — Active exploitation, no patch
MEDIUM EXPLOIT AVAIL

wpbot: missing auth exposes OpenAI account files

CVE-2024-0451
5.0
EPSS 0.4%
Data Extraction Auth Bypass API Plugin
wpbot CWE-862 5 ATLAS
MEDIUM EXPLOIT AVAIL

MLflow: broken access control allows artifact deletion

CVE-2024-4263
5.4
EPSS 0.1%
Auth Bypass Framework Training Data
mlflow 624 3 ATLAS
UNKNOWN EXPLOIT AVAIL

llama_index: RCE via eval() in RunGptLLM connector

CVE-2024-4181
--
EPSS 1.6%
Code Execution Supply Chain Framework Inference
llamaindex 3 ATLAS
HIGH EXPLOIT AVAIL SCANNER

MLflow: URL fragment bypass leaks SSH and cloud keys

CVE-2024-3848
7.5
EPSS 78.7%
Data Extraction Auth Bypass Framework
mlflow CWE-22 624 4 ATLAS
CRITICAL EXPLOIT AVAIL

llama-cpp-python: SSTI in .gguf loader enables RCE

CVE-2024-34359
9.6
EPSS 39.4%
Code Execution Supply Chain Framework Model Inference
5 ATLAS
HIGH EXPLOIT AVAIL

Gradio: credential leakage via Windows path encoding bug

CVE-2024-34510
7.5
EPSS 0.1%
Data Leakage Data Extraction Framework Inference API
gradio CWE-116 679 5 ATLAS
MEDIUM EXPLOIT AVAIL

PyTorch: heap buffer overflow causes local DoS

CVE-2024-31580
4.0
EPSS 0.0%
DoS Framework
pytorch 21.9K 3 ATLAS
CRITICAL EXPLOIT AVAIL

Keras: RCE via malicious model deserialization

CVE-2024-3660
9.8
EPSS 0.4%
Code Execution Supply Chain Framework Model
keras CWE-94 1.5K 5 ATLAS
CRITICAL EXPLOIT AVAIL

MLflow: LFI via URI parsing allows arbitrary file read

CVE-2024-3573
9.3
EPSS 0.2%
Data Extraction Auth Bypass Framework
mlflow CWE-22 624 5 ATLAS
HIGH EXPLOIT AVAIL

LangChain: path traversal allows arbitrary file R/W

CVE-2024-3571
8.8
EPSS 2.0%
Code Execution Data Extraction Framework Agent
langchain 2.6K 6 ATLAS
CRITICAL EXPLOIT AVAIL

BentoML: RCE via insecure deserialization (CVSS 10)

CVE-2024-2912
10.0
EPSS 7.5%
Code Execution Supply Chain Framework Inference
5 ATLAS
HIGH EXPLOIT AVAIL

MLflow: path traversal via URI fragment reads arbitrary files

CVE-2024-1594
7.5
EPSS 0.2%
Data Extraction Data Leakage Framework Training Data
mlflow 624 5 ATLAS
HIGH EXPLOIT AVAIL

MLflow: path traversal via ';' smuggling exposes files

CVE-2024-1593
7.5
EPSS 0.3%
Data Extraction Auth Bypass Framework Training Data
mlflow 624 4 ATLAS
UNKNOWN KEV SCANNER

Gradio: path traversal enables arbitrary file read

CVE-2024-1561
--
EPSS 93.4%
Data Extraction Data Leakage Framework API
gradio 679 5 ATLAS
HIGH EXPLOIT AVAIL

MLflow: path traversal allows arbitrary directory deletion

CVE-2024-1560
8.1
EPSS 0.1%
Supply Chain DoS Auth Bypass Framework Training Data
mlflow 624 3 ATLAS
HIGH EXPLOIT AVAIL

MLflow: path traversal enables arbitrary file read

CVE-2024-1558
7.5
EPSS 0.1%
Data Extraction Data Leakage Framework
mlflow 624 5 ATLAS
HIGH EXPLOIT AVAIL SCANNER

MLflow: path traversal exposes arbitrary server files

CVE-2024-1483
7.5
EPSS 75.0%
Data Extraction Auth Bypass Framework Training Data
mlflow 624 5 ATLAS
UNKNOWN EXPLOIT AVAIL SCANNER

Gradio: SSRF enables internal network port scanning

CVE-2024-1183
--
EPSS 55.0%
Data Extraction Privacy Violation Framework Inference
gradio 679 3 ATLAS
CRITICAL EXPLOIT AVAIL

HuggingFace Transformers: RCE via pickle deserialization

CVE-2024-3568
9.6
EPSS 24.4%
Code Execution Supply Chain Framework Model
transformers 7.9K 5 ATLAS
HIGH EXPLOIT AVAIL SCANNER

Gradio: path traversal leaks arbitrary files, potential RCE

CVE-2024-1728
7.5
EPSS 86.5%
Data Extraction Code Execution Privacy Violation Framework API Inference
gradio 679 6 ATLAS

Need deeper analysis?

Get ATLAS technique mappings, compliance reports (ISO 42001, EU AI Act), breaking alerts, and full CISO analysis with a Pro subscription.

Start 14-Day Free Trial