AI Threat Alert
AI Security Threat Feed
Latest CVEs affecting AI/ML systems, updated continuously. Tracked from NVD, GitHub Advisory, and CISA KEV.
AI/ML CVEs Tracked
Critical
New This Week
In CISA KEV
Latest AI Security Threats
Showing 20 of 160 results — Critical severity, Active exploitationLangchain-Chatchat: path traversal in KB upload
CVE-2025-6853 LLaMA-Factory: RCE via unsafe checkpoint deserialization
CVE-2025-53002 LangChain RequestsToolkit: SSRF exposes cloud metadata
CVE-2025-2828 llama_index: SQL injection in vector store integrations
CVE-2025-1793 vLLM: RCE via exposed TCPStore in distributed inference
CVE-2025-47277 browser-use: URL allowlist bypass enables SSRF in agents
CVE-2025-47241 vLLM: RCE via pickle deserialization on ZeroMQ
CVE-2025-32444 PyTorch: RCE bypasses weights_only=True safe-load guard
CVE-2025-32434 jupyter-remote-desktop-proxy: VNC network exposure
CVE-2025-32428 BentoML: RCE via insecure deserialization in runner
CVE-2025-32375 Langflow: Unauth RCE via code injection endpoint
CVE-2025-3248 BentoML: unauthenticated RCE via insecure deserialization
CVE-2025-27520 InvokeAI: RCE via unsafe torch.load deserialization
CVE-2024-12029 pytorch-lightning: file upload RCE (Windows)
CVE-2024-8019 llama-index finchat: SQL injection enables RCE
CVE-2024-12909 llama-index DuckDB retriever: SQLi enables RCE
CVE-2024-11958 BentoML: unauthenticated RCE via runner deserialization
CVE-2024-9070 vllm: RCE via unsafe pickle deserialization in RPC server
CVE-2024-9053 vllm: RCE via unsafe pickle deserialization in MessageQueue
CVE-2024-11041 vLLM: RCE via unsafe deserialization in Mooncake KV
CVE-2025-29783 Need deeper analysis?
Get ATLAS technique mappings, compliance reports (ISO 42001, EU AI Act), breaking alerts, and full CISO analysis with a Pro subscription.
Start 14-Day Free Trial