AI Threat Alert AI Threat Alert

AI Security Threat Feed

Latest CVEs affecting AI/ML systems, updated continuously. Tracked from NVD, GitHub Advisory, and CISA KEV.

1,604

AI/ML CVEs Tracked

225

Critical

79

New This Week

16

In CISA KEV

Sort: Date CVSS EPSS KEV first Most exploited
Filter: All Critical High Medium KEV only Active exploitation Has patch No patch

Latest AI Security Threats

Showing 20 of 766 results — Active exploitation, no patch
MEDIUM EXPLOIT AVAIL

Dagster: path traversal exposes arbitrary file read via gRPC

CVE-2025-51481
6.6
EPSS 0.0%
Data Extraction Data Leakage Framework Training Data
CWE-22 5 ATLAS
MEDIUM EXPLOIT AVAIL

Transformers: ReDoS in DonutProcessor causes DoS

CVE-2025-3933
5.3
EPSS 0.1%
DoS Framework Inference
transformers CWE-1333 7.8K 4 ATLAS
MEDIUM EXPLOIT AVAIL

Contest Gallery WP Plugin: Stored XSS in OpenAI integration

CVE-2025-6716
6.4
EPSS 0.2%
Code Execution Data Leakage Plugin API
4 ATLAS
MEDIUM EXPLOIT AVAIL

OpenAI Operator: fullscreen spoofing captures credentials

CVE-2025-7021
6.5
EPSS 0.2%
Social Engineering Privacy Violation Agent API
operator 13.6K 6 ATLAS
LOW EXPLOIT AVAIL

Transformers: URL validation bypass exposes image pipeline

CVE-2025-3777
3.5
EPSS 0.1%
Data Leakage Social Engineering Framework
transformers CWE-20 7.8K 4 ATLAS
MEDIUM EXPLOIT AVAIL

Transformers: ReDoS in dynamic module loader causes DoS

CVE-2025-3264
5.3
EPSS 0.1%
DoS Supply Chain Framework Model
transformers CWE-1333 7.8K 4 ATLAS
MEDIUM EXPLOIT AVAIL

Transformers: ReDoS in config loader causes serving DoS

CVE-2025-3263
5.3
EPSS 0.1%
DoS Framework
transformers CWE-1333 7.8K 4 ATLAS
HIGH EXPLOIT AVAIL

Transformers: ReDoS in chat.py causes CPU exhaustion

CVE-2025-3262
7.5
EPSS 0.3%
DoS Framework
transformers CWE-1333 7.8K 3 ATLAS
MEDIUM EXPLOIT AVAIL

LiteLLM: SQL injection in key management API

CVE-2025-45809
5.4
EPSS 0.2%
Data Extraction Auth Bypass API Framework
litellm 4 5 ATLAS
MEDIUM EXPLOIT AVAIL

n8n: DoS via empty filesystem URI in binary-data API

CVE-2025-49595
4.9
EPSS 0.3%
DoS Agent Framework
n8n 16 3 ATLAS
UNKNOWN EXPLOIT AVAIL

Slack MCP: zero-click exfiltration via link unfurling

CVE-2025-34072
--
EPSS 0.4%
Prompt Injection Data Extraction Data Leakage Agent Plugin API
6 ATLAS
HIGH EXPLOIT AVAIL

Langchain-Chatchat: path traversal exposes system files

CVE-2025-6855
8.8
EPSS 0.7%
Data Extraction Code Execution Framework RAG
langchain-chatchat CWE-22 2.6K 5 ATLAS
MEDIUM EXPLOIT AVAIL

Langchain-Chatchat: path traversal in file API exposes host FS

CVE-2025-6854
4.3
EPSS 0.5%
Data Extraction Data Leakage Framework API RAG
langchain-chatchat CWE-22 2.6K 5 ATLAS
CRITICAL EXPLOIT AVAIL

Langchain-Chatchat: path traversal in KB upload

CVE-2025-6853
9.8
EPSS 0.6%
Code Execution Data Extraction Supply Chain Framework RAG
langchain-chatchat CWE-22 2.6K 5 ATLAS
CRITICAL EXPLOIT AVAIL

LLaMA-Factory: RCE via unsafe checkpoint deserialization

CVE-2025-53002
9.8
EPSS 4.2%
Code Execution Supply Chain Framework Model
llamafactory CWE-94 1 6 ATLAS
CRITICAL EXPLOIT AVAIL

LangChain RequestsToolkit: SSRF exposes cloud metadata

CVE-2025-2828
10.0
EPSS 0.2%
Data Extraction Auth Bypass Framework Agent
langchain CWE-918 2.6K 5 ATLAS
HIGH EXPLOIT AVAIL

jupyter_core: config hijack enables cross-user code exec

CVE-2025-30167
7.3
EPSS 0.1%
Code Execution Supply Chain Data Extraction Framework Training Data
CWE-427 4 ATLAS
MEDIUM EXPLOIT AVAIL

vLLM: input validation DoS crashes inference worker

CVE-2025-48944
6.5
EPSS 0.3%
DoS Inference API Framework
vllm CWE-20 126 3 ATLAS
MEDIUM EXPLOIT AVAIL

vLLM: ReDoS crashes inference server via malformed regex

CVE-2025-48943
6.5
EPSS 0.2%
DoS Inference Framework
vllm CWE-248 126 4 ATLAS
MEDIUM EXPLOIT AVAIL

vLLM: DoS via malformed JSON schema guided param

CVE-2025-48942
6.5
EPSS 0.2%
DoS Inference API
vllm CWE-248 126 3 ATLAS

Need deeper analysis?

Get ATLAS technique mappings, compliance reports (ISO 42001, EU AI Act), breaking alerts, and full CISO analysis with a Pro subscription.

Start 14-Day Free Trial