AI Threat Alert
AI Security Threat Feed
Latest CVEs affecting AI/ML systems, updated continuously. Tracked from NVD, GitHub Advisory, and CISA KEV.
AI/ML CVEs Tracked
Critical
New This Week
In CISA KEV
Latest AI Security Threats
Showing 20 of 766 results — Active exploitation, no patchKeras: safe_mode bypass enables RCE via .h5 model files
CVE-2025-9905 picklescan: file extension bypass allows model RCE
CVE-2025-10155 Transformers: ReDoS in EnglishNormalizer exhausts CPU
CVE-2025-6051 Flowise: auth bypass in reset flow allows full ATO
CVE-2025-58434 langchaingo: Jinja2 SSTI allows host filesystem read
CVE-2025-9556 HuggingFace Transformers: ReDoS in MarianTokenizer
CVE-2025-6638 n8n: unrestricted file upload RCE via Chat Trigger
CVE-2025-56265 n8n-workflows: path traversal in download_workflow endpoint
CVE-2025-55526 Langflow: privilege escalation to full superuser via CLI
CVE-2025-57760 vLLM: unauthenticated DoS via oversized HTTP header
CVE-2025-48956 Keras: safe mode bypass enables RCE via model load
CVE-2025-8747 ExecuTorch: integer overflow enables RCE via model loading
CVE-2025-54952 Azure OpenAI: SSRF EoP, no auth required (CVSS 10)
CVE-2025-53767 Ollama: arbitrary file deletion via /api/pull
CVE-2025-44779 Transformers: ReDoS in TF-to-PyTorch weight converter
CVE-2025-5197 ChatGLM-Webui: arbitrary file read, no auth required
CVE-2025-45150 BentoML: unauthenticated SSRF via file upload URLs
CVE-2025-54381 LangChain GmailToolkit: indirect prompt injection to RCE
CVE-2025-46059 smolagents: sandbox escape enables unauthenticated RCE
CVE-2025-5120 Ollama: auth token hijack via crafted WWW-Authenticate
CVE-2025-51471 Need deeper analysis?
Get ATLAS technique mappings, compliance reports (ISO 42001, EU AI Act), breaking alerts, and full CISO analysis with a Pro subscription.
Start 14-Day Free Trial