AI Threat Alert AI Threat Alert

AI Security Threat Feed

Latest CVEs affecting AI/ML systems, updated continuously. Tracked from NVD, GitHub Advisory, and CISA KEV.

1,604

AI/ML CVEs Tracked

225

Critical

79

New This Week

16

In CISA KEV

Sort: Date CVSS EPSS KEV first Most exploited
Filter: All Critical High Medium KEV only Active exploitation Has patch No patch

Latest AI Security Threats

Showing 20 of 267 results — Medium severity, Active exploitation
MEDIUM EXPLOIT AVAIL

Transformers: ReDoS in config loader causes serving DoS

CVE-2025-3263
5.3
EPSS 0.1%
DoS Framework
transformers CWE-1333 7.8K 4 ATLAS
MEDIUM EXPLOIT AVAIL

llama-index: RCE via unsafe pickle deserialization

CVE-2025-3108
5.0
EPSS 1.9%
Code Execution Supply Chain Framework RAG Agent
llama-index-core Patch: 0.12.41 CWE-1112 1.1K 4 ATLAS
MEDIUM EXPLOIT AVAIL

LiteLLM: SQL injection in key management API

CVE-2025-45809
5.4
EPSS 0.2%
Data Extraction Auth Bypass API Framework
litellm 4 5 ATLAS
MEDIUM EXPLOIT AVAIL

n8n: DoS via empty filesystem URI in binary-data API

CVE-2025-49595
4.9
EPSS 0.3%
DoS Agent Framework
n8n 16 3 ATLAS
MEDIUM EXPLOIT AVAIL

Langchain-Chatchat: path traversal in file API exposes host FS

CVE-2025-6854
4.3
EPSS 0.5%
Data Extraction Data Leakage Framework API RAG
langchain-chatchat CWE-22 2.6K 5 ATLAS
MEDIUM EXPLOIT AVAIL

vLLM: input validation DoS crashes inference worker

CVE-2025-48944
6.5
EPSS 0.3%
DoS Inference API Framework
vllm CWE-20 126 3 ATLAS
MEDIUM EXPLOIT AVAIL

vLLM: ReDoS crashes inference server via malformed regex

CVE-2025-48943
6.5
EPSS 0.2%
DoS Inference Framework
vllm CWE-248 126 4 ATLAS
MEDIUM EXPLOIT AVAIL

vLLM: DoS via malformed JSON schema guided param

CVE-2025-48942
6.5
EPSS 0.2%
DoS Inference API
vllm CWE-248 126 3 ATLAS
MEDIUM EXPLOIT AVAIL

vLLM: ReDoS in tool parser causes service outage

CVE-2025-48887
6.5
EPSS 0.3%
DoS Inference API Framework
vllm CWE-1333 126 3 ATLAS
MEDIUM EXPLOIT AVAIL

transformers: ReDoS in GPT-NeoX Japanese tokenizer

CVE-2025-1194
6.5
EPSS 0.1%
DoS Framework
transformers CWE-1333 7.8K 4 ATLAS
MEDIUM EXPLOIT AVAIL

PyTorch: DoS via ctc_loss resource mishandling

CVE-2025-3730
5.5
EPSS 0.1%
DoS Framework
pytorch CWE-404 21.7K 3 ATLAS
MEDIUM EXPLOIT AVAIL

PyTorch: memory corruption in JIT flatbuffer loader

CVE-2025-3121
5.5
EPSS 0.1%
DoS Supply Chain Framework Inference
pytorch 21.7K 3 ATLAS
MEDIUM EXPLOIT AVAIL

PyTorch: lstm_cell memory corruption, local code exec

CVE-2025-3001
5.3
EPSS 0.2%
Code Execution DoS Framework
pytorch 21.7K 3 ATLAS
MEDIUM EXPLOIT AVAIL

PyTorch: memory corruption in torch.jit.script compiler

CVE-2025-3000
5.3
EPSS 0.1%
Code Execution Supply Chain Framework Inference
pytorch 21.7K 3 ATLAS
MEDIUM EXPLOIT AVAIL

PyTorch: memory corruption in RNN sequence unpacking

CVE-2025-2999
5.3
EPSS 0.2%
Code Execution Data Extraction Supply Chain Framework Training Data Inference
pytorch 21.7K 3 ATLAS
MEDIUM EXPLOIT AVAIL

PyTorch: memory corruption in RNN pad_packed_sequence

CVE-2025-2998
5.3
EPSS 0.2%
Code Execution Supply Chain DoS Framework Training Data
pytorch 21.7K 3 ATLAS
MEDIUM EXPLOIT AVAIL

PyTorch: DoS via mkldnn_max_pool2d resource leak

CVE-2025-2953
5.5
EPSS 0.1%
DoS Supply Chain Framework Inference Model
pytorch CWE-404 21.7K 3 ATLAS
MEDIUM EXPLOIT AVAIL

openairinterface5g: segfault enables DoS via crafted UE message

CVE-2025-26265
6.5
EPSS 1.2%
DoS Inference
openairinterface5g 13.6K 2 ATLAS
MEDIUM EXPLOIT AVAIL

SageMaker SDK: MD5 collision silently replaces ML workflows

CVE-2025-0508
5.9
EPSS 0.1%
Supply Chain Model Poisoning Framework Training Data
sagemaker Patch: 2.237.3 CWE-328 51 3 ATLAS
MEDIUM EXPLOIT AVAIL

Open WebUI: missing authz leaks admin credentials

CVE-2024-7046
4.3
EPSS 0.2%
Auth Bypass Data Extraction Privacy Violation API Framework
open-webui CWE-475 3 ATLAS

Need deeper analysis?

Get ATLAS technique mappings, compliance reports (ISO 42001, EU AI Act), breaking alerts, and full CISO analysis with a Pro subscription.

Start 14-Day Free Trial