AI Threat Alert AI Threat Alert

AI Security Threat Feed

Latest CVEs affecting AI/ML systems, updated continuously. Tracked from NVD, GitHub Advisory, and CISA KEV.

1,604

AI/ML CVEs Tracked

225

Critical

78

New This Week

16

In CISA KEV

Sort: Date CVSS EPSS KEV first Most exploited
Filter: All Critical High Medium KEV only Active exploitation Has patch No patch

Latest AI Security Threats

Showing 20 of 910 results — Active exploitation
Severity CVE ID Summary CVSS EPSS Package Date
HIGH E CVE-2025-0317 Ollama: DoS via malicious GGUF model file upload 7.5 2.9% ollama Mar 20 HIGH E CVE-2025-0315 Ollama: GGUF model upload causes memory exhaustion DoS 7.5 0.1% ollama Mar 20 HIGH E CVE-2025-0312 Ollama: null pointer DoS via malicious GGUF model upload 7.5 0.2% ollama Mar 20 UNKN E CVE-2025-0187 Gradio: DoS via oversized upload filename 0.8% gradio Mar 20 CRIT E CVE-2024-9070 BentoML: unauthenticated RCE via runner deserialization 9.8 0.4% bentoml Mar 20 HIGH E CVE-2024-9056 BentoML: DoS via multipart boundary exhausts server 7.5 0.3% bentoml Mar 20 CRIT E CVE-2024-9053 vllm: RCE via unsafe pickle deserialization in RPC server 9.8 10.0% vllm Mar 20 HIGH E CVE-2024-8966 Gradio: DoS via malformed multipart boundary 7.5 0.3% video Mar 20 HIGH E CVE-2024-8859 MLflow: path traversal allows arbitrary file read via DBFS 7.5 25.7% mlflow Mar 20 HIGH E CVE-2024-8063 ollama: divide-by-zero DoS via crafted GGUF model import 7.5 0.1% ollama Mar 20 MEDI E CVE-2024-8021 Gradio: open redirect exposes AI demo users to phishing 6.1 2.4% gradio Mar 20 HIGH E CVE-2024-7959 Open-WebUI: SSRF via unchecked OpenAI URL leaks internal secrets 7.7 0.5% open-webui Mar 20 MEDI E CVE-2024-6838 MLflow: unconstrained input causes UI denial of service 5.3 0.6% mlflow Mar 20 MEDI E CVE-2024-6577 TorchServe: unverified S3 bucket exposes benchmark data 6.3 0.2% Mar 20 HIGH E CVE-2024-12911 llama-index: SQLi+DoS via prompt injection in query engine 7.1 0.3% llamaindex Mar 20 UNKN E CVE-2024-12775 Dify: SSRF via custom tool URL enables credential theft 0.3% Mar 20 HIGH E CVE-2024-12720 Transformers: ReDoS in Nougat tokenizer causes DoS 7.5 0.2% transformers Mar 20 HIGH E CVE-2024-12704 llama-index: DoS via infinite loop in LangChain LLM 7.5 0.4% llamaindex Mar 20 MEDI E CVE-2024-12217 Gradio: NTFS ADS bypass exposes blocked file paths 5.3 0.3% gradio Mar 20 UNKN E CVE-2024-12065 LLaVA: path traversal allows arbitrary file read 0.6% Mar 20

Need deeper analysis?

Get ATLAS technique mappings, compliance reports (ISO 42001, EU AI Act), breaking alerts, and full CISO analysis with a Pro subscription.

Start 14-Day Free Trial