AI Threat Alert
AI Security Threat Feed
Latest CVEs affecting AI/ML systems, updated continuously. Tracked from NVD, GitHub Advisory, and CISA KEV.
1,604
AI/ML CVEs Tracked
225
Critical
77
New This Week
16
In CISA KEV
Latest AI Security Threats
Showing 20 of 910 results — Active exploitation Severity CVE ID Summary CVSS EPSS Package Date
MEDI E CVE-2025-1716 picklescan: scanner bypass enables supply chain RCE — 16.2% picklescan Mar 3 MEDI E CVE-2025-1889 picklescan: extension bypass enables RCE on model load — 0.1% picklescan Mar 3 HIGH E CVE-2025-25185 gpt_academic: symlink traversal exposes all server files 7.5 0.6% gpt_academic Mar 3 MEDI E CVE-2025-25296 Label Studio: reflected XSS via label_config param 6.1 20.0% label-studio Feb 14 HIGH E CVE-2025-25295 Label Studio SDK: path traversal leaks server filesystem — 0.1% label-studio-sdk Feb 14 HIGH E CVE-2025-23042 Gradio: ACL bypass via path case manipulation 7.5 0.1% gradio Jan 14 MEDI E CVE-2024-53526 Composio: command injection in AI agent tool calls 6.4 0.8% — Jan 8 MEDI E CVE-2024-55459 Keras: path traversal enables arbitrary file write 6.5 0.1% keras Jan 8 MEDI E CVE-2024-11896 WP Text Prompter: Stored XSS in OpenAI shortcode plugin 6.4 0.1% — Dec 24 HIGH E CVE-2024-32965 Lobe Chat: pre-auth SSRF leaks OpenAI API keys 8.6 0.2% — Nov 26 HIGH E CVE-2024-11394 Transformers: RCE via Trax model deserialization 8.8 65.0% transformers Nov 22 HIGH E CVE-2024-11393 Transformers: RCE via MaskFormer model deserialization 8.8 79.5% transformers Nov 22 HIGH E CVE-2024-11392 HuggingFace Transformers: RCE via config deserialization 8.8 59.3% transformers Nov 22 CRIT E CVE-2024-52803 LlamaFactory: RCE via OS command injection in training 9.8 3.2% llamafactory Nov 21 HIGH E CVE-2024-21799 Intel Extension for Transformers: path traversal privesc 7.1 0.1% — Nov 13 MEDI E CVE-2024-51751 Gradio: path traversal exposes arbitrary server files 6.5 0.3% gradio Nov 6 CRIT E CVE-2024-48061 Langflow: RCE via unsandboxed code component execution 9.8 13.2% langflow Nov 4 MEDI E CVE-2024-48052 Gradio: SSRF in DownloadButton exposes internal resources 6.5 0.1% gradio Nov 4 HIGH E CVE-2024-39722 Ollama: path traversal exposes server filesystem 7.5 62.2% ollama Oct 31 HIGH E CVE-2024-39721 Ollama: DoS via /dev/random causes goroutine exhaustion 7.5 0.3% ollama Oct 31 Need deeper analysis?
Get ATLAS technique mappings, compliance reports (ISO 42001, EU AI Act), breaking alerts, and full CISO analysis with a Pro subscription.
Start 14-Day Free Trial