AI Threat Alert
AI Security Threat Feed
Latest CVEs affecting AI/ML systems, updated continuously. Tracked from NVD, GitHub Advisory, and CISA KEV.
AI/ML CVEs Tracked
Critical
New This Week
In CISA KEV
Latest AI Security Threats
Showing 20 of 766 results — Active exploitation, no patchMLflow: path traversal exposes arbitrary file read/write
CVE-2023-6753 MLflow: SSTI enables RCE in ML experiment tracking
CVE-2023-6709 MLflow: reflected XSS via Content-Type header injection
CVE-2023-6568 MLflow: unauth REST API leaks sensitive ML data
CVE-2023-43472 Ray: unauthenticated RCE via job submission API
CVE-2023-48022 MLflow: auth bypass allows arbitrary account creation
CVE-2023-6014 MLflow: unauth file overwrite enables model poisoning
CVE-2023-6018 MLflow: unauthenticated arbitrary file write via PUT
CVE-2023-6015 MLeap: zip slip in model loading enables RCE
CVE-2023-5245 LangChain: prompt injection triggers SSRF via URL fetch
CVE-2023-32786 LangChain: SSRF in URL loader exposes internal network
CVE-2023-46229 LangChain: RCE bypass via __import__ in PAL chain
CVE-2023-44467 TorchServe: SSRF + RCE via unrestricted model URL loading
CVE-2023-43654 LangChain: RCE via numexpr evaluate injection
CVE-2023-39631 LangChain: RCE via malicious JSON prompt template
CVE-2023-36281 LangChain: RCE via unsanitized PythonAstREPL input
CVE-2023-39659 LangChain: RCE via unsandboxed LLM code execution
CVE-2023-38896 LangChain: RCE via unsanitized prompt parameter
CVE-2023-38860 LangChain PALChain: RCE via unsanitized exec() calls
CVE-2023-36095 MLflow: OS command injection enables local code execution
CVE-2023-4033 Need deeper analysis?
Get ATLAS technique mappings, compliance reports (ISO 42001, EU AI Act), breaking alerts, and full CISO analysis with a Pro subscription.
Start 14-Day Free Trial