AI Threat Alert AI Threat Alert

AI Security Threat Feed

Latest CVEs affecting AI/ML systems, updated continuously. Tracked from NVD, GitHub Advisory, and CISA KEV.

1,604

AI/ML CVEs Tracked

225

Critical

77

New This Week

16

In CISA KEV

Sort: Date CVSS EPSS KEV first Most exploited
Filter: All Critical High Medium KEV only Active exploitation Has patch No patch

Latest AI Security Threats

Showing 20 of 910 results — Active exploitation
Severity CVE ID Summary CVSS EPSS Package Date
MEDI E CVE-2024-0451 wpbot: missing auth exposes OpenAI account files 5.0 0.4% wpbot May 22 MEDI E CVE-2024-4263 MLflow: broken access control allows artifact deletion 5.4 0.1% mlflow May 16 UNKN E CVE-2024-4181 llama_index: RCE via eval() in RunGptLLM connector 1.6% llamaindex May 16 HIGH E CVE-2024-3848 MLflow: URL fragment bypass leaks SSH and cloud keys 7.5 78.7% mlflow May 16 CRIT E CVE-2024-34359 llama-cpp-python: SSTI in .gguf loader enables RCE 9.6 39.4% May 14 HIGH E CVE-2024-34510 Gradio: credential leakage via Windows path encoding bug 7.5 0.1% gradio May 5 MEDI E CVE-2024-31580 PyTorch: heap buffer overflow causes local DoS 4.0 0.0% pytorch Apr 17 CRIT E CVE-2024-3660 Keras: RCE via malicious model deserialization 9.8 0.4% keras Apr 16 CRIT E CVE-2024-3573 MLflow: LFI via URI parsing allows arbitrary file read 9.3 0.2% mlflow Apr 16 HIGH E CVE-2024-3571 LangChain: path traversal allows arbitrary file R/W 8.8 2.0% langchain Apr 16 CRIT E CVE-2024-2912 BentoML: RCE via insecure deserialization (CVSS 10) 10.0 7.5% Apr 16 HIGH E CVE-2024-1594 MLflow: path traversal via URI fragment reads arbitrary files 7.5 0.2% mlflow Apr 16 HIGH E CVE-2024-1593 MLflow: path traversal via ';' smuggling exposes files 7.5 0.3% mlflow Apr 16 UNKN CVE-2024-1561 Gradio: path traversal enables arbitrary file read 93.4% gradio Apr 16 HIGH E CVE-2024-1560 MLflow: path traversal allows arbitrary directory deletion 8.1 0.1% mlflow Apr 16 HIGH E CVE-2024-1558 MLflow: path traversal enables arbitrary file read 7.5 0.1% mlflow Apr 16 HIGH E CVE-2024-1483 MLflow: path traversal exposes arbitrary server files 7.5 75.0% mlflow Apr 16 UNKN E CVE-2024-1183 Gradio: SSRF enables internal network port scanning 55.0% gradio Apr 16 CRIT E CVE-2024-3568 HuggingFace Transformers: RCE via pickle deserialization 9.6 24.4% transformers Apr 10 HIGH E CVE-2024-1728 Gradio: path traversal leaks arbitrary files, potential RCE 7.5 86.5% gradio Apr 10

Need deeper analysis?

Get ATLAS technique mappings, compliance reports (ISO 42001, EU AI Act), breaking alerts, and full CISO analysis with a Pro subscription.

Start 14-Day Free Trial