AI Threat Alert AI Threat Alert

AI Security Threat Feed

Latest CVEs affecting AI/ML systems, updated continuously. Tracked from NVD, GitHub Advisory, and CISA KEV.

1,604

AI/ML CVEs Tracked

225

Critical

77

New This Week

16

In CISA KEV

Sort: Date CVSS EPSS KEV first Most exploited
Filter: All Critical High Medium KEV only Active exploitation Has patch No patch

Latest AI Security Threats

Showing 20 of 910 results — Active exploitation
Severity CVE ID Summary CVSS EPSS Package Date
HIGH E CVE-2024-8768 vLLM: unauthenticated DoS via empty completion prompt 7.5 0.0% Sep 17 HIGH E CVE-2024-5998 LangChain: RCE via FAISS pickle deserialization 7.8 0.1% langchain Sep 17 HIGH CVE-2024-6587 LiteLLM: SSRF leaks OpenAI API key to attacker 7.5 88.4% litellm Sep 13 HIGH E CVE-2024-45848 MindsDB: RCE via eval() injection in ChromaDB INSERT 8.8 0.4% Sep 12 HIGH E CVE-2024-45436 Ollama: ZIP path traversal exposes host filesystem 7.5 29.1% ollama Aug 29 MEDI E CVE-2024-42474 Streamlit: path traversal leaks Windows NTLM hash 6.5 1.7% streamlit Aug 12 HIGH E CVE-2024-7297 Langflow: mass assignment grants super admin access 8.8 0.3% langflow Jul 30 CRIT E CVE-2024-41120 streamlit-geospatial: blind SSRF via unvalidated URL input 9.8 0.2% streamlit-geospatial Jul 26 CRIT E CVE-2024-41119 streamlit-geospatial: RCE via eval() on vis_params input 9.8 1.6% streamlit-geospatial Jul 26 CRIT E CVE-2024-41118 streamlit-geospatial: blind SSRF via WMS URL input 9.8 0.2% streamlit-geospatial Jul 26 CRIT E CVE-2024-41117 streamlit-geospatial: eval() injection allows RCE 9.8 2.3% streamlit-geospatial Jul 26 CRIT E CVE-2024-41116 streamlit-geospatial: RCE via eval() injection 9.8 2.0% streamlit-geospatial Jul 26 CRIT E CVE-2024-41115 streamlit-geospatial: eval() injection enables RCE 9.8 1.1% streamlit-geospatial Jul 26 CRIT E CVE-2024-41114 streamlit-geospatial: RCE via eval() on palette input 9.8 1.3% streamlit-geospatial Jul 26 CRIT E CVE-2024-41113 streamlit-geospatial: RCE via eval() in Timelapse page 9.8 1.6% streamlit-geospatial Jul 26 CRIT E CVE-2024-41112 streamlit-geospatial: RCE via eval() on palette input 9.8 1.6% streamlit-geospatial Jul 26 HIGH E CVE-2024-35199 TorchServe: default gRPC exposure allows unauth inference 8.2 0.1% torchserve Jul 19 CRIT E CVE-2024-35198 TorchServe: URL bypass enables arbitrary model loading 9.8 0.2% torchserve Jul 19 HIGH E CVE-2024-21513 langchain-experimental: RCE via eval() in VectorSQL chain 8.5 16.7% langchain-experimental Jul 15 LOW E CVE-2024-40594 ChatGPT macOS: cleartext conversation storage exposed 2.3 0.0% Jul 6

Need deeper analysis?

Get ATLAS technique mappings, compliance reports (ISO 42001, EU AI Act), breaking alerts, and full CISO analysis with a Pro subscription.

Start 14-Day Free Trial