AI Threat Alert
AI Security Threat Feed
Latest CVEs affecting AI/ML systems, updated continuously. Tracked from NVD, GitHub Advisory, and CISA KEV.
1,604
AI/ML CVEs Tracked
225
Critical
77
New This Week
16
In CISA KEV
Latest AI Security Threats
Showing 20 of 910 results — Active exploitation Severity CVE ID Summary CVSS EPSS Package Date
HIGH E CVE-2024-39720 Ollama: OOB read in GGUF parser enables remote DoS 8.2 0.3% ollama Oct 31 HIGH E CVE-2024-39719 Ollama: file existence oracle via api/create errors 7.5 44.5% ollama Oct 31 CRIT E CVE-2024-42835 Langflow: Unauthenticated RCE via PythonCodeTool 9.8 14.3% langflow Oct 31 CRIT E CVE-2024-48063 PyTorch: RCE via RemoteModule deserialization 9.8 25.1% pytorch Oct 29 MEDI E CVE-2024-6581 Lollms: SVG upload XSS enables session hijack and RCE 6.5 1.6% lollms Oct 29 CRIT E CVE-2024-8309 LangChain GraphCypher: prompt injection enables DB wipe 9.8 2.0% langchain Oct 29 CRIT E CVE-2024-7774 LangChain.js: path traversal, arbitrary file read/write 9.1 0.6% langchain.js Oct 29 CRIT E CVE-2024-7042 LangChainJS: prompt injection enables full graph DB takeover 9.8 0.1% langchain Oct 29 CRIT E CVE-2024-49326 Affiliator WP Plugin: Unauthenticated Web Shell Upload 9.8 0.6% affiliator Oct 20 MEDI E CVE-2024-6985 lollms: path traversal allows arbitrary directory read 4.4 0.1% lollms Oct 11 LOW E CVE-2024-6971 lollms: path traversal in RAG database functions 3.4 0.0% lollms Oct 11 HIGH E CVE-2024-47868 Gradio: path traversal leaks arbitrary server files 7.5 0.2% gradio Oct 10 MEDI E CVE-2024-7041 open-webui: IDOR enables cross-user memory tampering 6.5 0.1% open-webui Oct 9 MEDI E CVE-2024-7037 open-webui: path traversal → arbitrary file write/RCE 6.5 2.3% open-webui Oct 9 LOW E CVE-2024-7038 open-webui: filesystem enumeration via admin error messages 2.7 0.2% open-webui Oct 9 MEDI E CVE-2024-9277 Langflow: ReDoS crashes LLM workflow backend via HTTP POST 6.5 0.2% langflow Sep 27 HIGH E CVE-2024-7714 AYS ChatGPT WP Plugin: auth bypass disables AI service 7.5 23.9% — Sep 27 MEDI E CVE-2024-6845 ChatGPT WP Plugin: OpenAI API key leak via unauth REST 5.3 21.6% — Sep 25 CRIT E CVE-2024-46946 LangChain-Experimental: RCE via eval in math chain 9.8 0.7% langchain-experimental Sep 19 MEDI E CVE-2024-8939 ilab/vllm: best_of param causes inference API DoS 6.2 0.0% — Sep 17 Need deeper analysis?
Get ATLAS technique mappings, compliance reports (ISO 42001, EU AI Act), breaking alerts, and full CISO analysis with a Pro subscription.
Start 14-Day Free Trial