AI Threat Alert AI Threat Alert

AI Security Threat Feed

Latest CVEs affecting AI/ML systems, updated continuously. Tracked from NVD, GitHub Advisory, and CISA KEV.

1,604

AI/ML CVEs Tracked

225

Critical

78

New This Week

16

In CISA KEV

Sort: Date CVSS EPSS KEV first Most exploited
Filter: All Critical High Medium KEV only Active exploitation Has patch No patch

Latest AI Security Threats

Showing 20 of 910 results — Active exploitation
HIGH EXPLOIT AVAIL

Ollama: DoS via malicious gguf model file upload

CVE-2024-12055
7.5
EPSS 0.1%
DoS Supply Chain Inference Model Framework
ollama 1.5K 4 ATLAS
CRITICAL EXPLOIT AVAIL

vllm: RCE via unsafe pickle deserialization in MessageQueue

CVE-2024-11041
9.8
EPSS 5.6%
Code Execution Framework Inference
vllm CWE-502 127 4 ATLAS
UNKNOWN EXPLOIT AVAIL

gpt_academic: path traversal exposes LLM API keys

CVE-2024-11037
--
EPSS 0.2%
Data Extraction Auth Bypass API Framework
gpt_academic 5 ATLAS
HIGH EXPLOIT AVAIL

GPT Academic: SSRF in Markdown plugin leaks credentials

CVE-2024-11031
7.5
EPSS 0.2%
Data Extraction Auth Bypass Framework Plugin
gpt_academic 4 ATLAS
HIGH EXPLOIT AVAIL

GPT Academic: SSRF via unsanitized HotReload plugin

CVE-2024-11030
7.5
EPSS 0.3%
Data Extraction Auth Bypass Framework Plugin
gpt_academic 4 ATLAS
UNKNOWN EXPLOIT AVAIL

gpt_academic: RCE via unsandboxed prompt injection

CVE-2024-10950
--
EPSS 2.8%
Prompt Injection Code Execution Framework Plugin
gpt_academic 6 ATLAS
MEDIUM EXPLOIT AVAIL

langchain-core: file read via prompt template inputs

CVE-2024-10940
5.3
EPSS 0.3%
Data Extraction Data Leakage Privacy Violation Framework Agent
langchain-core Patch: 0.1.53 CWE-497 4.4K 4 ATLAS
UNKNOWN EXPLOIT AVAIL

ChuanhuChatGPT: path traversal exposes server files unauthed

CVE-2024-10707
--
EPSS 0.2%
Data Extraction Auth Bypass Framework API
chuanhuchatgpt 3 ATLAS
UNKNOWN EXPLOIT AVAIL

ChuanhuChatGPT: DoS via multipart payload exhaustion

CVE-2024-10650
--
EPSS 0.7%
DoS Framework API
chuanhuchatgpt 3 ATLAS
HIGH EXPLOIT AVAIL

Gradio: path traversal enables arbitrary file deletion DoS

CVE-2024-10648
8.2
EPSS 0.3%
DoS Supply Chain Framework Inference
gradio CWE-29 679 3 ATLAS
HIGH EXPLOIT AVAIL

Gradio: ReDoS in DateTime causes CPU exhaustion DoS

CVE-2024-10624
7.5
EPSS 0.8%
DoS Framework Inference
gradio CWE-400 679 3 ATLAS
HIGH EXPLOIT AVAIL

Gradio: zip bomb DoS via dataframe CSV upload

CVE-2024-10569
7.5
EPSS 0.5%
DoS Framework
gradio CWE-475 679 3 ATLAS
CRITICAL EXPLOIT AVAIL

vLLM: RCE via unsafe deserialization in Mooncake KV

CVE-2025-29783
9.0
EPSS 2.8%
Code Execution Supply Chain Framework Inference
vllm CWE-502 127 5 ATLAS
MEDIUM EXPLOIT AVAIL

vLLM: DoS via unbounded grammar cache exhausts disk

CVE-2025-29770
6.5
EPSS 0.7%
DoS Inference Framework API
vllm CWE-770 127 4 ATLAS
CRITICAL EXPLOIT AVAIL

Keras: safe_mode bypass enables RCE via model loading

CVE-2025-1550
9.8
EPSS 8.0%
Code Execution Supply Chain Framework Model
keras CWE-94 1.5K 6 ATLAS
LOW EXPLOIT AVAIL

PyTorch: improper init in quantized sigmoid skews model output

CVE-2025-2149
2.5
EPSS 0.1%
Supply Chain Adversarial Examples Framework Inference Model
pytorch 21.9K 3 ATLAS
HIGH EXPLOIT AVAIL

PyTorch: memory corruption in JIT profiler callback handler

CVE-2025-2148
7.5
EPSS 0.1%
Code Execution Supply Chain Framework Inference
pytorch 21.9K 3 ATLAS
CRITICAL EXPLOIT AVAIL

picklescan: ZIP flag bypass enables RCE in PyTorch models

CVE-2025-1945
9.8
EPSS 0.9%
Supply Chain Code Execution Model Framework
picklescan CWE-345 3 6 ATLAS
MEDIUM EXPLOIT AVAIL

picklescan: ZIP spoof lets malicious PyTorch models bypass scan

CVE-2025-1944
6.5
EPSS 0.1%
Supply Chain Code Execution Framework Model
picklescan Patch: 0.0.23 CWE-345 3 5 ATLAS
CRITICAL EXPLOIT AVAIL

spacy-llm: SSTI allows unauthenticated RCE (CVSS 9.8)

CVE-2025-25362
9.8
EPSS 0.0%
Code Execution Data Extraction Framework
spacy-llm Patch: 0.7.3 CWE-94 143 4 ATLAS

Need deeper analysis?

Get ATLAS technique mappings, compliance reports (ISO 42001, EU AI Act), breaking alerts, and full CISO analysis with a Pro subscription.

Start 14-Day Free Trial