AI Threat Alert
AI Security Threat Feed
Latest CVEs affecting AI/ML systems, updated continuously. Tracked from NVD, GitHub Advisory, and CISA KEV.
1,604
AI/ML CVEs Tracked
225
Critical
77
New This Week
16
In CISA KEV
Latest AI Security Threats
Showing 20 of 910 results — Active exploitation Severity CVE ID Summary CVSS EPSS Package Date
HIGH E CVE-2024-12055 Ollama: DoS via malicious gguf model file upload 7.5 0.1% ollama Mar 20 CRIT E CVE-2024-11041 vllm: RCE via unsafe pickle deserialization in MessageQueue 9.8 5.6% vllm Mar 20 UNKN E CVE-2024-11037 gpt_academic: path traversal exposes LLM API keys — 0.2% gpt_academic Mar 20 HIGH E CVE-2024-11031 GPT Academic: SSRF in Markdown plugin leaks credentials 7.5 0.2% gpt_academic Mar 20 HIGH E CVE-2024-11030 GPT Academic: SSRF via unsanitized HotReload plugin 7.5 0.3% gpt_academic Mar 20 UNKN E CVE-2024-10950 gpt_academic: RCE via unsandboxed prompt injection — 2.8% gpt_academic Mar 20 MEDI E CVE-2024-10940 langchain-core: file read via prompt template inputs 5.3 0.3% langchain-core Mar 20 UNKN E CVE-2024-10707 ChuanhuChatGPT: path traversal exposes server files unauthed — 0.2% chuanhuchatgpt Mar 20 UNKN E CVE-2024-10650 ChuanhuChatGPT: DoS via multipart payload exhaustion — 0.7% chuanhuchatgpt Mar 20 HIGH E CVE-2024-10648 Gradio: path traversal enables arbitrary file deletion DoS 8.2 0.3% gradio Mar 20 HIGH E CVE-2024-10624 Gradio: ReDoS in DateTime causes CPU exhaustion DoS 7.5 0.8% gradio Mar 20 HIGH E CVE-2024-10569 Gradio: zip bomb DoS via dataframe CSV upload 7.5 0.5% gradio Mar 20 CRIT E CVE-2025-29783 vLLM: RCE via unsafe deserialization in Mooncake KV 9.0 2.8% vllm Mar 19 MEDI E CVE-2025-29770 vLLM: DoS via unbounded grammar cache exhausts disk 6.5 0.7% vllm Mar 19 CRIT E CVE-2025-1550 Keras: safe_mode bypass enables RCE via model loading 9.8 8.0% keras Mar 11 LOW E CVE-2025-2149 PyTorch: improper init in quantized sigmoid skews model output 2.5 0.1% pytorch Mar 10 HIGH E CVE-2025-2148 PyTorch: memory corruption in JIT profiler callback handler 7.5 0.1% pytorch Mar 10 CRIT E CVE-2025-1945 picklescan: ZIP flag bypass enables RCE in PyTorch models 9.8 0.9% picklescan Mar 10 MEDI E CVE-2025-1944 picklescan: ZIP spoof lets malicious PyTorch models bypass scan 6.5 0.1% picklescan Mar 10 CRIT E CVE-2025-25362 spacy-llm: SSTI allows unauthenticated RCE (CVSS 9.8) 9.8 0.0% spacy-llm Mar 5 Need deeper analysis?
Get ATLAS technique mappings, compliance reports (ISO 42001, EU AI Act), breaking alerts, and full CISO analysis with a Pro subscription.
Start 14-Day Free Trial