AI Threat Alert AI Threat Alert

AI Security Threat Feed

Latest CVEs affecting AI/ML systems, updated continuously. Tracked from NVD, GitHub Advisory, and CISA KEV.

1,604

AI/ML CVEs Tracked

225

Critical

79

New This Week

16

In CISA KEV

Sort: Date CVSS EPSS KEV first Most exploited
Filter: All Critical High Medium KEV only Active exploitation Has patch No patch

Latest AI Security Threats

Showing 20 of 435 results — High severity, Active exploitation
HIGH EXPLOIT AVAIL

ONNX: path traversal in download_model enables RCE

CVE-2024-7776
8.1
EPSS 5.3%
Supply Chain Code Execution Framework Model
onnx Patch: 1.17.0 CWE-22 1.1K 3 ATLAS
HIGH EXPLOIT AVAIL

open-webui: XSS enables admin session hijack via chat

CVE-2024-7053
7.6
EPSS 0.2%
Auth Bypass Code Execution Data Extraction Framework API
open-webui CWE-79 6 ATLAS
HIGH EXPLOIT AVAIL

Open-WebUI: CSRF enables RCE via pipeline code injection

CVE-2024-7806
8.0
EPSS 1.8%
Code Execution Auth Bypass Framework API
open-webui Patch: 0.3.33 CWE-352 6 ATLAS
HIGH EXPLOIT AVAIL

open-webui: unauthenticated DoS disables Admin panel

CVE-2024-7036
7.5
EPSS 1.8%
DoS Framework API
open-webui CWE-400 3 ATLAS
HIGH EXPLOIT AVAIL

open-webui: Privilege bypass enables admin account deletion

CVE-2024-7039
8.3
EPSS 0.2%
Auth Bypass Data Extraction API Framework
open-webui CWE-863 3 ATLAS
HIGH EXPLOIT AVAIL

LiteLLM: RCE via post_call_rules callback injection

CVE-2024-6825
8.8
EPSS 3.0%
Code Execution Supply Chain Auth Bypass Framework API Inference
litellm CWE-77 4 5 ATLAS
HIGH EXPLOIT AVAIL

Open WebUI: auth bypass exposes all user files

CVE-2024-7043
8.1
EPSS 0.2%
Auth Bypass Data Extraction Data Leakage API Framework
open-webui CWE-821 4 ATLAS
HIGH EXPLOIT AVAIL

lollms: RCE via eval() sandbox bypass in Calculate

CVE-2024-6982
8.4
EPSS 0.2%
Code Execution Auth Bypass Framework API
lollms Patch: 11.0.0 CWE-94 4 ATLAS
HIGH EXPLOIT AVAIL

open-webui: unauthenticated DoS via login payload flood

CVE-2024-12534
7.5
EPSS 0.6%
DoS API Framework
open-webui CWE-400 3 ATLAS
HIGH EXPLOIT AVAIL

Open-WebUI: unauthenticated DoS via code formatter

CVE-2024-12537
7.5
EPSS 2.7%
DoS Auth Bypass API Framework
open-webui CWE-400 3 ATLAS
HIGH EXPLOIT AVAIL

H2O-3: unauthenticated AST parser enables DoS + file write

CVE-2024-10572
7.5
EPSS 0.4%
DoS Code Execution Framework Training Data
CWE-94 3 ATLAS
HIGH EXPLOIT AVAIL

MLflow: CSRF in signup allows rogue account creation

CVE-2025-1473
7.1
EPSS 0.2%
Auth Bypass Data Extraction Framework Training Data
mlflow CWE-352 624 4 ATLAS
HIGH EXPLOIT AVAIL

MLflow: GraphQL DoS disables ML tracking server

CVE-2025-0453
7.5
EPSS 0.3%
DoS Framework
mlflow CWE-400 624 3 ATLAS
HIGH EXPLOIT AVAIL

Ollama: DoS via malicious GGUF model file upload

CVE-2025-0317
7.5
EPSS 2.9%
DoS Inference Model
ollama CWE-369 1.4K 4 ATLAS
HIGH EXPLOIT AVAIL

Ollama: GGUF model upload causes memory exhaustion DoS

CVE-2025-0315
7.5
EPSS 0.1%
DoS Inference Model
ollama CWE-770 1.4K 3 ATLAS
HIGH EXPLOIT AVAIL

Ollama: null pointer DoS via malicious GGUF model upload

CVE-2025-0312
7.5
EPSS 0.2%
DoS Inference Model Framework
ollama CWE-476 1.4K 4 ATLAS
HIGH EXPLOIT AVAIL

BentoML: DoS via multipart boundary exhausts server

CVE-2024-9056
7.5
EPSS 0.3%
DoS Framework Inference
bentoml CWE-400 22 3 ATLAS
HIGH EXPLOIT AVAIL

Gradio: DoS via malformed multipart boundary

CVE-2024-8966
7.5
EPSS 0.3%
DoS Framework
video CWE-400 674 3 ATLAS
HIGH EXPLOIT AVAIL

MLflow: path traversal allows arbitrary file read via DBFS

CVE-2024-8859
7.5
EPSS 25.7%
Data Extraction Data Leakage Framework Training Data
mlflow CWE-22 624 5 ATLAS
HIGH EXPLOIT AVAIL

ollama: divide-by-zero DoS via crafted GGUF model import

CVE-2024-8063
7.5
EPSS 0.1%
DoS Supply Chain Inference Model Framework
ollama 1.4K 4 ATLAS

Need deeper analysis?

Get ATLAS technique mappings, compliance reports (ISO 42001, EU AI Act), breaking alerts, and full CISO analysis with a Pro subscription.

Start 14-Day Free Trial