AI Security Threat Feed

Latest CVEs affecting AI/ML systems, updated continuously. Tracked from NVD, GitHub Advisory, and CISA KEV.

1,604

AI/ML CVEs Tracked

225

Critical

New This Week

In CISA KEV

Sort: Date CVSS EPSS KEV first Most exploited

Filter: All Critical High Medium KEV only Active exploitation Has patch No patch

Latest AI Security Threats

Showing 20 of 267 results — Medium severity, Active exploitation

MEDIUM EXPLOIT AVAIL

Gradio: path traversal exposes arbitrary server files

Data Extraction Data Leakage Framework

gradio CWE-22 674 3 ATLAS

MEDIUM EXPLOIT AVAIL

Gradio: SSRF in DownloadButton exposes internal resources

Data Extraction Privacy Violation Framework Inference

gradio CWE-918 674 4 ATLAS

MEDIUM EXPLOIT AVAIL

Lollms: SVG upload XSS enables session hijack and RCE

Code Execution Data Leakage Social Engineering Framework API

lollms CWE-79 4 ATLAS

MEDIUM EXPLOIT AVAIL

lollms: path traversal allows arbitrary directory read

Data Extraction Auth Bypass Framework Agent

lollms CWE-23 4 ATLAS

MEDIUM EXPLOIT AVAIL

open-webui: path traversal → arbitrary file write/RCE

Code Execution Supply Chain Framework Plugin

open-webui CWE-22 4 ATLAS

MEDIUM EXPLOIT AVAIL

open-webui: IDOR enables cross-user memory tampering

Auth Bypass Model Poisoning Privacy Violation API Agent Framework

open-webui CWE-250 4 ATLAS

MEDIUM EXPLOIT AVAIL

Langflow: ReDoS crashes LLM workflow backend via HTTP POST

langflow CWE-1333 3 ATLAS

MEDIUM EXPLOIT AVAIL SCANNER

ChatGPT WP Plugin: OpenAI API key leak via unauth REST

Data Extraction Auth Bypass API Plugin

CWE-862 5 ATLAS 1 incident

MEDIUM EXPLOIT AVAIL

ilab/vllm: best_of param causes inference API DoS

Streamlit: path traversal leaks Windows NTLM hash

Data Leakage Auth Bypass Framework API

streamlit CWE-22 2.8K 4 ATLAS

MEDIUM EXPLOIT AVAIL

Flowise: reflected XSS enables credential theft

Data Extraction Auth Bypass Social Engineering Agent Framework

flowise CWE-79 5 ATLAS

MEDIUM EXPLOIT AVAIL

Flowise: reflected XSS enables file read chain via chatflow

Code Execution Data Extraction Privacy Violation Agent Framework

flowise CWE-79 5 ATLAS

MEDIUM EXPLOIT AVAIL

Flowise: reflected XSS in chatflow API enables session hijack

Data Extraction Auth Bypass Code Execution Framework Agent

flowise CWE-79 5 ATLAS

MEDIUM EXPLOIT AVAIL

Flowise: reflected XSS enables session hijack and file read

Data Leakage Data Extraction Framework Agent

flowise CWE-79 4 ATLAS

MEDIUM EXPLOIT AVAIL SCANNER

Gradio: open redirect enables phishing against ML users

Social Engineering Privacy Violation Framework Inference

gradio 674 5 ATLAS

MEDIUM EXPLOIT AVAIL

langchain-community: DoS via recursive sitemap loop

DoS Supply Chain Framework RAG

langchain Patch: 0.2.5 CWE-400 2.6K 3 ATLAS

MEDIUM EXPLOIT AVAIL

scikit-learn: TfidfVectorizer leaks training data tokens

Data Leakage Data Extraction Privacy Violation Framework Training Data

scikit-learn CWE-922 27.9K 5 ATLAS

MEDIUM EXPLOIT AVAIL

MLflow: URL encoding bypass enables model poisoning

Model Poisoning DoS Framework Model

mlflow 624 5 ATLAS

MEDIUM EXPLOIT AVAIL

WP Testimonial Carousel: OpenAI API key hijack, no auth

Auth Bypass DoS API Plugin

CWE-862 4 ATLAS

MEDIUM EXPLOIT AVAIL

wpbot: missing auth exposes OpenAI account files

Data Extraction Auth Bypass API Plugin

wpbot CWE-862 5 ATLAS

Need deeper analysis?

Get ATLAS technique mappings, compliance reports (ISO 42001, EU AI Act), breaking alerts, and full CISO analysis with a Pro subscription.

Start 14-Day Free Trial

AI Security Threat Feed

Weekly CISO Take + top threats

Latest AI Security Threats

Need deeper analysis?