AI Threat Alert
AI Security Threat Feed
Latest CVEs affecting AI/ML systems, updated continuously. Tracked from NVD, GitHub Advisory, and CISA KEV.
AI/ML CVEs Tracked
Critical
New This Week
In CISA KEV
Latest AI Security Threats
Showing 20 of 160 results — Critical severity, Active exploitationn8n: Protection Bypass circumvents security controls
CVE-2025-68668 langchain.js: Deserialization enables RCE
CVE-2025-68665 cai-framework: Command Injection enables RCE
CVE-2025-67511 ray: Code Injection enables RCE
CVE-2025-62593 mlx: security flaw enables exploitation
CVE-2025-62608 keras: Path Traversal enables file access
CVE-2025-12060 mlflow: Path Traversal enables file access
CVE-2025-11201 keras: Deserialization enables RCE
CVE-2025-49655 Flowise: path traversal in file tools leads to RCE
CVE-2025-61913 Flowise: Unauthenticated RCE via MCP config injection
CVE-2025-59528 Flowise Cloud: cross-tenant env var exposure leaks API keys
CVE-2025-59434 Flowise: auth bypass in reset flow allows full ATO
CVE-2025-58434 langchaingo: Jinja2 SSTI allows host filesystem read
CVE-2025-9556 n8n-workflows: path traversal in download_workflow endpoint
CVE-2025-55526 ExecuTorch: OOB read in model loader enables RCE
CVE-2025-54950 Azure OpenAI: SSRF EoP, no auth required (CVSS 10)
CVE-2025-53767 ChatGLM-Webui: arbitrary file read, no auth required
CVE-2025-45150 BentoML: unauthenticated SSRF via file upload URLs
CVE-2025-54381 LangChain GmailToolkit: indirect prompt injection to RCE
CVE-2025-46059 smolagents: sandbox escape enables unauthenticated RCE
CVE-2025-5120 Need deeper analysis?
Get ATLAS technique mappings, compliance reports (ISO 42001, EU AI Act), breaking alerts, and full CISO analysis with a Pro subscription.
Start 14-Day Free Trial