AI Security Threat Feed

Latest CVEs affecting AI/ML systems, updated continuously. Tracked from NVD, GitHub Advisory, and CISA KEV.

1,604

AI/ML CVEs Tracked

225

Critical

New This Week

In CISA KEV

Sort: Date CVSS EPSS KEV first Most exploited

Filter: All Critical High Medium KEV only Active exploitation Has patch No patch

Latest AI Security Threats

Showing 20 of 910 results — Active exploitation

HIGH EXPLOIT AVAIL

MLflow: path traversal enables RCE via dataset loading

Code Execution Supply Chain Data Leakage Framework Training Data

mlflow 624 5 ATLAS

CRITICAL EXPLOIT AVAIL

pytorch-lightning: RCE via deepdiff Delta deserialization

Code Execution Supply Chain Framework

pytorch_lightning CWE-913 21.9K 5 ATLAS

HIGH EXPLOIT AVAIL

Gradio: LFI via JSON path key exposes server files

Data Extraction Data Leakage Framework Inference

gradio 679 4 ATLAS

HIGH KEV SCANNER

Gradio: SSRF exposes internal network and cloud metadata

Data Extraction Auth Bypass Framework Inference

gradio 679 4 ATLAS

UNKNOWN EXPLOIT AVAIL

Gradio: secrets exfiltration via unsafe fork PR workflow

CVE-2024-4254

EPSS 0.4%

1y ago

Supply Chain Data Extraction Auth Bypass Framework Model

gradio 679 5 ATLAS

HIGH EXPLOIT AVAIL

MLflow: RCE via malicious MLproject file execution

Code Execution Supply Chain Framework Training Data

mlflow CWE-94 624 6 ATLAS

HIGH EXPLOIT AVAIL

MLflow: RCE via deserialization in crafted Recipes

Code Execution Supply Chain Framework Training Data

mlflow CWE-502 624 5 ATLAS

HIGH EXPLOIT AVAIL

MLflow: RCE via malicious PyTorch model deserialization

Code Execution Supply Chain Framework Model

mlflow CWE-502 624 4 ATLAS

HIGH EXPLOIT AVAIL

MLflow: RCE via malicious LangChain model deserialization

Supply Chain Code Execution Framework Model Agent

mlflow CWE-502 624 5 ATLAS

HIGH EXPLOIT AVAIL

MLflow: RCE via malicious TensorFlow model deserialization

Supply Chain Code Execution Framework Model

mlflow CWE-502 624 5 ATLAS

HIGH EXPLOIT AVAIL

MLflow: RCE via LightGBM model deserialization

Supply Chain Code Execution Framework Model

mlflow CWE-502 624 5 ATLAS

HIGH EXPLOIT AVAIL

MLflow: RCE via pmdarima model deserialization

Code Execution Supply Chain Framework Model

mlflow CWE-502 624 5 ATLAS

HIGH EXPLOIT AVAIL

MLflow: deserialization RCE via malicious PyFunc model

Supply Chain Code Execution Framework Model

mlflow CWE-502 624 5 ATLAS

HIGH EXPLOIT AVAIL

MLflow: RCE via malicious scikit-learn model deserialization

Supply Chain Code Execution Framework Model

mlflow CWE-502 624 5 ATLAS

HIGH EXPLOIT AVAIL

MLflow: RCE via malicious scikit-learn model upload

Code Execution Supply Chain Framework Model

mlflow CWE-502 624 5 ATLAS

CRITICAL EXPLOIT AVAIL

Gradio: CI/CD command injection enables secrets exfiltration

Supply Chain Code Execution Data Extraction Framework Inference API

gradio 679 5 ATLAS

HIGH KEV

Ollama: path traversal enables RCE via model blob API

Code Execution Data Extraction Inference Framework API

ollama 1.5K 4 ATLAS

UNKNOWN EXPLOIT AVAIL

text-generation-inference: workflow injection RCE

CVE-2024-3924

EPSS 0.4%

1y ago

Supply Chain Code Execution Framework Inference

4 ATLAS

MEDIUM EXPLOIT AVAIL

WP Testimonial Carousel: OpenAI API key hijack, no auth

Auth Bypass DoS API Plugin

CWE-862 4 ATLAS

HIGH EXPLOIT AVAIL

WordPress AI ChatBot: auth bypass enables OpenAI file upload

Auth Bypass Data Leakage Model Poisoning API Plugin

wpbot CWE-862 5 ATLAS

Need deeper analysis?

Get ATLAS technique mappings, compliance reports (ISO 42001, EU AI Act), breaking alerts, and full CISO analysis with a Pro subscription.

Start 14-Day Free Trial

AI Security Threat Feed

Weekly CISO Take + top threats

Latest AI Security Threats

Need deeper analysis?