AI Security Threat Feed

Latest CVEs affecting AI/ML systems, updated continuously. Tracked from NVD, GitHub Advisory, and CISA KEV.

1,604

AI/ML CVEs Tracked

225

Critical

New This Week

In CISA KEV

Sort: Date CVSS EPSS KEV first Most exploited

Filter: All Critical High Medium KEV only Active exploitation Has patch No patch

Latest AI Security Threats

Showing 20 of 910 results — Active exploitation

MEDIUM EXPLOIT AVAIL

Ollama: DNS rebinding exposes LLM API to remote access

Auth Bypass DoS Data Extraction Inference API Model

ollama 1.5K 4 ATLAS

CRITICAL EXPLOIT AVAIL

gpt_academic: deserialization RCE, no auth required

Code Execution Data Extraction Framework API

gpt_academic 5 ATLAS

UNKNOWN EXPLOIT AVAIL

Gradio: timing attack enables auth bypass on ML UIs

CVE-2024-1729

EPSS 0.1%

2y ago

Auth Bypass Framework Inference

gradio 679 4 ATLAS

HIGH EXPLOIT AVAIL

Gradio: CI/CD command injection enables secrets exfil

Code Execution Supply Chain Framework

gradio 679 4 ATLAS

MEDIUM EXPLOIT AVAIL

Gradio: SSRF exposes internal HuggingFace endpoints

Data Extraction Auth Bypass Framework Inference API

gradio 679 4 ATLAS

MEDIUM EXPLOIT AVAIL

LangChain: Billion Laughs XML expansion causes DoS

langchain 2.6K 4 ATLAS

UNKNOWN EXPLOIT AVAIL

Gradio: CSRF enables disk exhaustion via file upload DoS

CVE-2024-1727

EPSS 0.2%

2y ago

DoS Auth Bypass Framework

gradio 679 3 ATLAS

HIGH EXPLOIT AVAIL

LangChain: path traversal enables RCE and API key theft

Code Execution Data Leakage Supply Chain Framework Agent API

langchain CWE-22 2.6K 6 ATLAS

CRITICAL EXPLOIT AVAIL

LangChain TFIDFRetriever: SSRF/RCE via load_local

Code Execution Data Extraction Framework RAG

langchain 2.6K 5 ATLAS

CRITICAL EXPLOIT AVAIL

LangChain Experimental: RCE via Python sandbox escape

Code Execution Supply Chain Framework Agent

langchain-experimental 2.6K 4 ATLAS

CRITICAL EXPLOIT AVAIL

MLflow: XSS in recipe runner enables Jupyter RCE

Code Execution Supply Chain Framework

mlflow 624 5 ATLAS

CRITICAL EXPLOIT AVAIL

MLflow: XSS in recipes enables client-side RCE

Code Execution Supply Chain Data Extraction Framework Training Data

mlflow 624 5 ATLAS

CRITICAL EXPLOIT AVAIL

Gradio: unauthenticated LFI exposes full server filesystem

Data Extraction Data Leakage Auth Bypass Framework Inference API

gradio CWE-22 679 5 ATLAS

CRITICAL EXPLOIT AVAIL

LlamaIndex: SQL injection in Text-to-SQL feature

Code Execution Data Extraction Prompt Injection Framework Agent

llamaindex CWE-89 5 ATLAS

HIGH EXPLOIT AVAIL SCANNER

Gradio: path traversal grants arbitrary file read

Data Extraction Privacy Violation Framework Inference

gradio 679 5 ATLAS

HIGH EXPLOIT AVAIL

Transformers: unsafe deserialization enables RCE on load

Supply Chain Code Execution Framework Model

transformers 7.9K 5 ATLAS

HIGH EXPLOIT AVAIL

HuggingFace Transformers: RCE via unsafe deserialization

Supply Chain Code Execution Framework Model

transformers CWE-502 7.9K 5 ATLAS

HIGH EXPLOIT AVAIL SCANNER

MLflow: path traversal exposes arbitrary files (no auth)

Data Extraction Framework

mlflow 624 4 ATLAS

HIGH EXPLOIT AVAIL SCANNER

MLflow: path traversal allows arbitrary file write

Supply Chain Code Execution Framework Training Data

mlflow CWE-22 624 4 ATLAS

HIGH EXPLOIT AVAIL

Gradio: command injection enables RCE on ML servers

Code Execution Data Extraction Supply Chain Framework Inference API

gradio 679 5 ATLAS

Need deeper analysis?

Get ATLAS technique mappings, compliance reports (ISO 42001, EU AI Act), breaking alerts, and full CISO analysis with a Pro subscription.

Start 14-Day Free Trial

AI Security Threat Feed

Weekly CISO Take + top threats

Latest AI Security Threats

Need deeper analysis?