AI Threat Alert
AI Security Threat Feed
Latest CVEs affecting AI/ML systems, updated continuously. Tracked from NVD, GitHub Advisory, and CISA KEV.
AI/ML CVEs Tracked
Critical
New This Week
In CISA KEV
Latest AI Security Threats
Showing 20 of 435 results — High severity, Active exploitationHuggingFace Transformers: ReDoS in MarianTokenizer
CVE-2025-6638 Picklescan: CRC bypass hides malicious pickle in ZIP
CVE-2025-10156 PickleScan: subclass bypass enables malicious model RCE
CVE-2025-10157 MONAI: unsafe pickle deserialization RCE in data pipeline
CVE-2025-58757 MONAI: unsafe deserialization in CheckpointLoader allows RCE
CVE-2025-58756 MONAI: path traversal allows arbitrary file write
CVE-2025-58755 n8n: unrestricted file upload RCE via Chat Trigger
CVE-2025-56265 EverNoteLoader: XXE exposes host files in LangChain
CVE-2025-6984 llama-index: JSON parsing DoS via deep recursion
CVE-2025-5302 xgrammar: uncontrolled recursion in grammar parsing causes DoS
CVE-2025-57809 Langflow: privilege escalation to full superuser via CLI
CVE-2025-57760 vLLM: unauthenticated DoS via oversized HTTP header
CVE-2025-48956 Keras: safe mode bypass enables RCE via model load
CVE-2025-8747 skops: joblib fallback enables RCE via model load
CVE-2025-54886 skops: RCE via MethodNode unsafe deserialization
CVE-2025-54413 skops: OperatorFuncNode type confusion → RCE
CVE-2025-54412 llama_index: path traversal allows arbitrary file read
CVE-2025-6209 LlamaIndex Obsidian: symlink traversal exposes host files
CVE-2025-3046 llama-index Papers Loader: XML expansion DoS
CVE-2025-3225 Transformers: ReDoS in chat.py causes CPU exhaustion
CVE-2025-3262 Need deeper analysis?
Get ATLAS technique mappings, compliance reports (ISO 42001, EU AI Act), breaking alerts, and full CISO analysis with a Pro subscription.
Start 14-Day Free Trial