AI Threat Alert
AI Security Threat Feed
Latest CVEs affecting AI/ML systems, updated continuously. Tracked from NVD, GitHub Advisory, and CISA KEV.
AI/ML CVEs Tracked
Critical
New This Week
In CISA KEV
Latest AI Security Threats
Showing 20 of 435 results — High severity, Active exploitationLangchain-Chatchat: path traversal exposes system files
CVE-2025-6855 jupyter_core: config hijack enables cross-user code exec
CVE-2025-30167 Gradio: unauthenticated file copy enables disk DoS
CVE-2025-48889 llama-index-cli: OS command injection enables RCE
CVE-2025-1753 transformers: ReDoS in testing_utils causes DoS
CVE-2025-2099 Label Studio: XSS enables unauthorized actions via CSRF
CVE-2025-47783 llama_index: DoS via uncapped recursion in web reader
CVE-2025-1752 LLaMA-Factory: RCE via torch.load() unsafe deserialization
CVE-2025-46567 vLLM: DoS via quadratic multimodal tokenizer input
CVE-2025-46560 vLLM: ZeroMQ socket exposure enables DoS in multi-node
CVE-2025-30202 picklescan: scanner bypass enables DNS data exfiltration
CVE-2025-46417 jupyterlab-git: command injection via malicious repo name
CVE-2025-30370 litellm: privilege escalation viewer→proxy admin via bad API key
CVE-2025-0628 LiteLLM: Langfuse API key leak via error handling
CVE-2025-0330 litellm: unauthenticated DoS via multipart boundary parsing
CVE-2024-8984 open-webui: Stored XSS enables admin session hijack
CVE-2024-7990 pytorch-lightning: unauthenticated DoS crashes LightningApp
CVE-2024-8020 OpenWebUI: path traversal RCE via audio upload API
CVE-2024-8060 open-webui: unauthenticated DoS via markdown parser
CVE-2024-7983 Open-WebUI: unauthenticated PDF endpoint enables DoS
CVE-2024-8053 Need deeper analysis?
Get ATLAS technique mappings, compliance reports (ISO 42001, EU AI Act), breaking alerts, and full CISO analysis with a Pro subscription.
Start 14-Day Free Trial