AI Threat Alert
AI Security Threat Feed
Latest CVEs affecting AI/ML systems, updated continuously. Tracked from NVD, GitHub Advisory, and CISA KEV.
AI/ML CVEs Tracked
Critical
New This Week
In CISA KEV
Latest AI Security Threats
Showing 20 of 766 results — Active exploitation, no patchMLflow: path traversal allows arbitrary file read
CVE-2023-3765 QuickAI: unauthenticated SQLi exposes OpenAI API keys
CVE-2023-3686 LangChain SQLDatabaseChain: SQL injection, DB exfil
CVE-2023-36189 LangChain: RCE via PALChain unsanitized Python exec
CVE-2023-36188 LangChain: unauthenticated RCE via code injection
CVE-2023-36258 LangChain: RCE via unsafe load_prompt deserialization
CVE-2023-34541 LangChain: RCE via JiraAPIWrapper crafted input
CVE-2023-34540 Gradio: path traversal + SSRF exposes model files & infra
CVE-2023-34239 ChuanhuChatGPT: config exposure leaks API keys
CVE-2023-34094 Transformers: temp file race condition allows local DoS
CVE-2023-2800 MLflow: path traversal allows arbitrary file read/write
CVE-2023-2780 n8n: unauthenticated info disclosure exposes credentials
CVE-2023-27564 n8n: privilege escalation exposes full workflow admin
CVE-2023-27563 n8n: path traversal allows arbitrary file read
CVE-2023-27562 AI ChatBot WP: auth bypass exposes OpenAI config + XSS
CVE-2023-1651 MLflow: path traversal allows unauthenticated file read
CVE-2023-2356 LangChain: RCE via prompt injection in LLMMathChain
CVE-2023-29374 TensorFlow: DoS via malformed Convolution3D input
CVE-2023-25661 TensorFlow: double-free in pooling ops enables RCE
CVE-2023-25801 TensorFlow: null pointer DoS in RandomShuffle (XLA)
CVE-2023-25674 Need deeper analysis?
Get ATLAS technique mappings, compliance reports (ISO 42001, EU AI Act), breaking alerts, and full CISO analysis with a Pro subscription.
Start 14-Day Free Trial