AI Security Threat Feed

Latest CVEs affecting AI/ML systems, updated continuously. Tracked from NVD, GitHub Advisory, and CISA KEV.

1,604

AI/ML CVEs Tracked

225

Critical

New This Week

In CISA KEV

Sort: Date CVSS EPSS KEV first Most exploited

Filter: All Critical High Medium KEV only Active exploitation Has patch No patch

Latest AI Security Threats

Showing 20 of 910 results — Active exploitation

CRITICAL EXPLOIT AVAIL

LangChain: RCE via unsanitized prompt parameter

Code Execution Prompt Injection Data Extraction Framework Agent

langchain CWE-94 2.6K 7 ATLAS

CRITICAL EXPLOIT AVAIL

LangChain PALChain: RCE via unsanitized exec() calls

Code Execution Prompt Injection Framework Agent

langchain CWE-94 2.6K 5 ATLAS

HIGH EXPLOIT AVAIL

MLflow: OS command injection enables local code execution

Code Execution Supply Chain Framework Training Data Model

mlflow CWE-78 624 5 ATLAS

CRITICAL EXPLOIT AVAIL SCANNER

MLflow: path traversal allows arbitrary file read

Data Extraction Data Leakage Supply Chain Framework Model Training Data

mlflow 624 6 ATLAS

CRITICAL EXPLOIT AVAIL

QuickAI: unauthenticated SQLi exposes OpenAI API keys

Data Extraction Auth Bypass API

quickai_openai 13.8K 3 ATLAS

HIGH EXPLOIT AVAIL

LangChain SQLDatabaseChain: SQL injection, DB exfil

Data Extraction Privacy Violation Framework Agent

langchain CWE-89 2.6K 4 ATLAS

CRITICAL EXPLOIT AVAIL

LangChain: RCE via PALChain unsanitized Python exec

Code Execution Supply Chain Data Extraction Framework Agent

langchain CWE-74 2.6K 4 ATLAS

CRITICAL EXPLOIT AVAIL

LangChain: unauthenticated RCE via code injection

Code Execution Supply Chain Data Extraction Framework Agent RAG

langchain CWE-94 2.6K 5 ATLAS

CRITICAL EXPLOIT AVAIL

LangChain: RCE via unsafe load_prompt deserialization

Code Execution Supply Chain Data Extraction Framework Agent

langchain 2.6K 5 ATLAS

CRITICAL EXPLOIT AVAIL

LangChain: RCE via JiraAPIWrapper crafted input

Code Execution Supply Chain Data Extraction Framework Agent Plugin

langchain 2.6K 6 ATLAS

CRITICAL EXPLOIT AVAIL

Gradio: path traversal + SSRF exposes model files & infra

Data Extraction Privacy Violation Auth Bypass Framework API

gradio 679 5 ATLAS

MEDIUM EXPLOIT AVAIL

ChuanhuChatGPT: config exposure leaks API keys

Data Extraction Auth Bypass Framework API

chuanhuchatgpt CWE-306 4 ATLAS

MEDIUM EXPLOIT AVAIL

Transformers: temp file race condition allows local DoS

DoS Supply Chain Framework Training Data

transformers CWE-377 7.9K 3 ATLAS

CRITICAL EXPLOIT AVAIL SCANNER

MLflow: path traversal allows arbitrary file read/write

Data Extraction Code Execution Supply Chain Framework Training Data Model

mlflow 624 5 ATLAS

HIGH EXPLOIT AVAIL

n8n: unauthenticated info disclosure exposes credentials

Data Extraction Data Leakage Auth Bypass Agent Framework API

n8n CWE-668 16 5 ATLAS

HIGH EXPLOIT AVAIL

n8n: privilege escalation exposes full workflow admin

Auth Bypass Code Execution Data Extraction Agent Framework API

n8n 16 5 ATLAS

MEDIUM EXPLOIT AVAIL

n8n: path traversal allows arbitrary file read

Data Extraction Auth Bypass Agent Framework

n8n CWE-22 16 5 ATLAS

MEDIUM EXPLOIT AVAIL

AI ChatBot WP: auth bypass exposes OpenAI config + XSS

Auth Bypass Data Leakage Code Execution Plugin API

wpbot 5 ATLAS

HIGH EXPLOIT AVAIL SCANNER

MLflow: path traversal allows unauthenticated file read

Data Extraction Data Leakage Framework

mlflow 624 5 ATLAS

CRITICAL EXPLOIT AVAIL

LangChain: RCE via prompt injection in LLMMathChain

Prompt Injection Code Execution Framework Agent

langchain CWE-74 2.6K 4 ATLAS

Need deeper analysis?

Get ATLAS technique mappings, compliance reports (ISO 42001, EU AI Act), breaking alerts, and full CISO analysis with a Pro subscription.

Start 14-Day Free Trial

AI Security Threat Feed

Weekly CISO Take + top threats

Latest AI Security Threats

Need deeper analysis?