AI Threat Alert
AI Security Threat Feed
Latest CVEs affecting AI/ML systems, updated continuously. Tracked from NVD, GitHub Advisory, and CISA KEV.
1,604
AI/ML CVEs Tracked
225
Critical
79
New This Week
16
In CISA KEV
Latest AI Security Threats
Showing 15 of 15 results — KEV only, no patch Severity CVE ID Summary CVSS EPSS Package Date
CRIT CVE-2026-33017 langflow: Code Injection enables RCE 9.8 41.2% langflow Mar 20 HIGH CVE-2026-0770 langflow: security flaw enables exploitation — 11.9% langflow Jan 23 CRIT CVE-2026-21858 n8n: Input Validation flaw enables exploitation 10.0 6.6% n8n Jan 8 HIGH CVE-2025-68613 n8n: security flaw enables exploitation 8.8 81.7% n8n Dec 19 HIGH CVE-2025-34291 langflow: security flaw enables exploitation 8.8 13.3% langflow Dec 5 CRIT CVE-2025-3248 Langflow: Unauth RCE via code injection endpoint 9.8 91.8% langflow Apr 7 HIGH CVE-2024-6587 LiteLLM: SSRF leaks OpenAI API key to attacker 7.5 88.4% litellm Sep 13 HIGH CVE-2024-4325 Gradio: SSRF exposes internal network and cloud metadata 8.6 65.1% gradio Jun 6 HIGH CVE-2024-37032 Ollama: path traversal enables RCE via model blob API 8.8 93.7% ollama May 31 UNKN CVE-2024-1561 Gradio: path traversal enables arbitrary file read — 93.4% gradio Apr 16 CRIT CVE-2023-48022 Ray: unauthenticated RCE via job submission API 9.8 92.2% ray Nov 28 HIGH CVE-2023-46229 LangChain: SSRF in URL loader exposes internal network 8.8 1.8% langchain Oct 19 CRIT CVE-2023-44467 LangChain: RCE bypass via __import__ in PAL chain 9.8 0.1% langchain_experimental Oct 9 CRIT CVE-2023-43654 TorchServe: SSRF + RCE via unrestricted model URL loading 9.8 91.6% torchserve Sep 28 CRIT CVE-2023-1177 MLflow: path traversal allows arbitrary file read/write 9.8 93.3% mlflow Mar 24 Need deeper analysis?
Get ATLAS technique mappings, compliance reports (ISO 42001, EU AI Act), breaking alerts, and full CISO analysis with a Pro subscription.
Start 14-Day Free Trial