AI Threat Alert AI Threat Alert

AI Security Threat Feed

Latest CVEs affecting AI/ML systems, updated continuously. Tracked from NVD, GitHub Advisory, and CISA KEV.

1,604

AI/ML CVEs Tracked

225

Critical

77

New This Week

16

In CISA KEV

Sort: Date CVSS EPSS KEV first Most exploited
Filter: All Critical High Medium KEV only Active exploitation Has patch No patch

Latest AI Security Threats

Showing 20 of 910 results — Active exploitation
Severity CVE ID Summary CVSS EPSS Package Date
MEDI E CVE-2024-28224 Ollama: DNS rebinding exposes LLM API to remote access 6.6 0.2% ollama Apr 8 CRIT E CVE-2024-31224 gpt_academic: deserialization RCE, no auth required 9.8 3.3% gpt_academic Apr 8 UNKN E CVE-2024-1729 Gradio: timing attack enables auth bypass on ML UIs 0.1% gradio Mar 29 HIGH E CVE-2024-1540 Gradio: CI/CD command injection enables secrets exfil 8.2 0.5% gradio Mar 27 MEDI E CVE-2024-2206 Gradio: SSRF exposes internal HuggingFace endpoints 6.5 0.1% gradio Mar 27 MEDI E CVE-2024-1455 LangChain: Billion Laughs XML expansion causes DoS 5.9 0.1% langchain Mar 26 UNKN E CVE-2024-1727 Gradio: CSRF enables disk exhaustion via file upload DoS 0.2% gradio Mar 21 HIGH E CVE-2024-28088 LangChain: path traversal enables RCE and API key theft 8.1 13.4% langchain Mar 4 CRIT E CVE-2024-2057 LangChain TFIDFRetriever: SSRF/RCE via load_local 9.8 0.1% langchain Mar 1 CRIT E CVE-2024-27444 LangChain Experimental: RCE via Python sandbox escape 9.8 0.1% langchain-experimental Feb 26 CRIT E CVE-2024-27133 MLflow: XSS in recipe runner enables Jupyter RCE 9.6 0.2% mlflow Feb 23 CRIT E CVE-2024-27132 MLflow: XSS in recipes enables client-side RCE 9.6 0.2% mlflow Feb 23 CRIT E CVE-2024-0964 Gradio: unauthenticated LFI exposes full server filesystem 9.4 0.1% gradio Feb 5 CRIT E CVE-2024-23751 LlamaIndex: SQL injection in Text-to-SQL feature 9.8 0.4% llamaindex Jan 22 HIGH E CVE-2023-51449 Gradio: path traversal grants arbitrary file read 7.5 81.5% gradio Dec 22 HIGH E CVE-2023-7018 Transformers: unsafe deserialization enables RCE on load 7.8 0.2% transformers Dec 20 HIGH E CVE-2023-6730 HuggingFace Transformers: RCE via unsafe deserialization 8.8 0.2% transformers Dec 19 HIGH E CVE-2023-6909 MLflow: path traversal exposes arbitrary files (no auth) 7.5 85.7% mlflow Dec 18 HIGH E CVE-2023-6831 MLflow: path traversal allows arbitrary file write 8.1 74.0% mlflow Dec 15 HIGH E CVE-2023-6572 Gradio: command injection enables RCE on ML servers 8.1 2.5% gradio Dec 14

Need deeper analysis?

Get ATLAS technique mappings, compliance reports (ISO 42001, EU AI Act), breaking alerts, and full CISO analysis with a Pro subscription.

Start 14-Day Free Trial