AI Threat Alert AI Threat Alert

AI Security Threat Feed

Latest CVEs affecting AI/ML systems, updated continuously. Tracked from NVD, GitHub Advisory, and CISA KEV.

1,604

AI/ML CVEs Tracked

225

Critical

79

New This Week

16

In CISA KEV

Sort: Date CVSS EPSS KEV first Most exploited
Filter: All Critical High Medium KEV only Active exploitation Has patch No patch

Latest AI Security Threats

Showing 20 of 144 results — Active exploitation, has patch
HIGH EXPLOIT AVAIL

xgrammar: uncontrolled recursion in grammar parsing causes DoS

CVE-2025-57809
7.5
EPSS 0.0%
DoS Supply Chain Framework Inference
xgrammar Patch: 0.1.21 CWE-674 152 3 ATLAS
HIGH EXPLOIT AVAIL

skops: joblib fallback enables RCE via model load

CVE-2025-54886
8.4
EPSS 0.4%
Supply Chain Code Execution Framework Model
skops Patch: 0.13.0 CWE-502 668 5 ATLAS
CRITICAL EXPLOIT AVAIL

ExecuTorch: OOB read in model loader enables RCE

CVE-2025-54950
9.8
EPSS 0.3%
Code Execution Supply Chain Framework Model Inference
executorch Patch: 0.7.0 CWE-125 2 4 ATLAS
HIGH EXPLOIT AVAIL

skops: RCE via MethodNode unsafe deserialization

CVE-2025-54413
--
EPSS 0.0%
Code Execution Supply Chain Framework Model
skops Patch: 0.12.0 CWE-351 668 4 ATLAS
HIGH EXPLOIT AVAIL

skops: OperatorFuncNode type confusion → RCE

CVE-2025-54412
--
EPSS 0.0%
Supply Chain Code Execution Framework Model
skops Patch: 0.12.0 CWE-351 668 4 ATLAS
MEDIUM EXPLOIT AVAIL

llama-index: DocugamiReader MD5 hash collision drops chunks

CVE-2025-6211
6.5
EPSS 0.3%
Supply Chain Data Leakage Framework RAG
llama-index-readers-docugami Patch: 0.3.1 CWE-440 229 4 ATLAS
HIGH EXPLOIT AVAIL

llama_index: path traversal allows arbitrary file read

CVE-2025-6209
7.5
EPSS 0.4%
Data Extraction Data Leakage Framework RAG
llama-index-core Patch: 0.12.41 CWE-29 1.1K 4 ATLAS
MEDIUM EXPLOIT AVAIL

llama-index Obsidian reader: hardlink path traversal leaks files

CVE-2025-6210
6.2
EPSS 0.1%
Data Extraction Supply Chain Framework RAG
llama-index-readers-obsidian Patch: 0.5.2 CWE-22 229 3 ATLAS
MEDIUM EXPLOIT AVAIL

llama-index: JSONReader DoS via recursive JSON parsing

CVE-2025-5472
6.5
EPSS 0.2%
DoS Framework
llama-index-core Patch: 0.12.38 CWE-674 1.1K 3 ATLAS
HIGH EXPLOIT AVAIL

LlamaIndex Obsidian: symlink traversal exposes host files

CVE-2025-3046
7.5
EPSS 0.5%
Data Extraction Data Leakage Framework RAG
llama-index-readers-obsidian Patch: 0.5.1 CWE-22 229 4 ATLAS
HIGH EXPLOIT AVAIL

llama-index Papers Loader: XML expansion DoS

CVE-2025-3225
7.5
EPSS 0.3%
DoS Supply Chain Framework RAG
llama-index-readers-papers Patch: 0.3.2 CWE-776 229 3 ATLAS
MEDIUM EXPLOIT AVAIL

llama-index ArxivReader: MD5 collision corrupts training data

CVE-2025-3044
5.3
EPSS 0.2%
Supply Chain Model Poisoning Data Leakage Framework Training Data RAG
llama-index-readers-papers Patch: 0.3.1 CWE-440 229 5 ATLAS
MEDIUM EXPLOIT AVAIL

llama-index: RCE via unsafe pickle deserialization

CVE-2025-3108
5.0
EPSS 1.9%
Code Execution Supply Chain Framework RAG Agent
llama-index-core Patch: 0.12.41 CWE-1112 1.1K 4 ATLAS
CRITICAL EXPLOIT AVAIL

llama_index: SQL injection in vector store integrations

CVE-2025-1793
9.8
EPSS 0.1%
Data Extraction Data Leakage Supply Chain Framework RAG
llama-index Patch: 0.12.28 CWE-89 229 5 ATLAS
HIGH EXPLOIT AVAIL

Label Studio: XSS enables unauthorized actions via CSRF

CVE-2025-47783
--
EPSS 0.2%
Code Execution Data Leakage Social Engineering Framework Training Data
label-studio Patch: 1.18.0 CWE-79 1 5 ATLAS
HIGH EXPLOIT AVAIL

llama_index: DoS via uncapped recursion in web reader

CVE-2025-1752
7.5
EPSS 0.2%
DoS Framework RAG
llama-index Patch: 0.12.21 CWE-400 229 3 ATLAS
CRITICAL EXPLOIT AVAIL

browser-use: URL allowlist bypass enables SSRF in agents

CVE-2025-47241
9.3
EPSS 0.2%
Auth Bypass Data Extraction Agent Framework
browser-use Patch: 0.1.45 CWE-647 65 5 ATLAS
HIGH EXPLOIT AVAIL

LLaMA-Factory: RCE via torch.load() unsafe deserialization

CVE-2025-46567
7.8
EPSS 0.2%
Code Execution Supply Chain Framework Training Data
llamafactory Patch: 0.9.3 CWE-502 1 5 ATLAS
CRITICAL EXPLOIT AVAIL

jupyter-remote-desktop-proxy: VNC network exposure

CVE-2025-32428
--
EPSS 0.2%
Auth Bypass Data Leakage Privacy Violation Framework
jupyter-remote-desktop-proxy Patch: 3.0.1 CWE-668 1.9K 5 ATLAS
HIGH EXPLOIT AVAIL

picklescan: scanner bypass enables DNS data exfiltration

CVE-2025-46417
--
EPSS 0.2%
Supply Chain Data Extraction Data Leakage Framework Model
picklescan Patch: 0.0.25 CWE-184 3 6 ATLAS

Need deeper analysis?

Get ATLAS technique mappings, compliance reports (ISO 42001, EU AI Act), breaking alerts, and full CISO analysis with a Pro subscription.

Start 14-Day Free Trial