AI Threat Alert
AI Security Threat Feed
Latest CVEs affecting AI/ML systems, updated continuously. Tracked from NVD, GitHub Advisory, and CISA KEV.
AI/ML CVEs Tracked
Critical
New This Week
In CISA KEV
Latest AI Security Threats
Showing 20 of 160 results — Critical severity, Active exploitationGradio: path traversal + SSRF exposes model files & infra
CVE-2023-34239 MLflow: path traversal allows arbitrary file read/write
CVE-2023-2780 LangChain: RCE via prompt injection in LLMMathChain
CVE-2023-29374 TensorFlow: unauthenticated RCE via heap buffer overflow
CVE-2023-25668 TensorFlow: heap overflow in AvgPoolGrad, RCE risk
CVE-2023-25664 MLflow: path traversal allows arbitrary file read/write
CVE-2023-1177 Gradio: hardcoded SSH key leaks via share=True demos
CVE-2023-25823 TensorFlow Grappler: OOB read/crash via crafted model
CVE-2022-41902 PyTorch: RCE via unsafe eval in JIT annotations
CVE-2022-45907 TensorFlow: heap OOB RCE in FractionalMaxPool op
CVE-2022-41900 TensorFlow: heap OOB read in candidate sampler op
CVE-2022-41880 pytorch-lightning: code injection enables full RCE
CVE-2022-0845 TensorFlow: integer overflow in Grappler enables RCE
CVE-2022-23587 TensorFlow: path traversal in get_file allows file overwrite
CVE-2021-35958 TFLite: OOB read/write via tensor dimension mismatch
CVE-2020-15208 TFLite: OOB write via unchecked negative axis index
CVE-2020-15207 TensorFlow: heap overflow in StringNGrams, ASLR bypass
CVE-2020-15205 TensorFlow: Shard API int truncation enables memory corruption
CVE-2020-15202 TensorFlow: heap OOB read in sparse/ragged count ops
CVE-2020-15196 scikit-learn: RCE via malicious joblib model deserialization
CVE-2020-13092 Need deeper analysis?
Get ATLAS technique mappings, compliance reports (ISO 42001, EU AI Act), breaking alerts, and full CISO analysis with a Pro subscription.
Start 14-Day Free Trial