AI Threat Alert
AI Security Threat Feed
Latest CVEs affecting AI/ML systems, updated continuously. Tracked from NVD, GitHub Advisory, and CISA KEV.
AI/ML CVEs Tracked
Critical
New This Week
In CISA KEV
Latest AI Security Threats
Showing 20 of 485 results — High severity, no patchGradio: no integrity check on FRP binary, supply chain RCE
CVE-2024-47867 Gradio: CORS bypass exposes local instances to credential theft
CVE-2024-47084 AYS ChatGPT WP Plugin: auth bypass disables AI service
CVE-2024-7714 vLLM: unauthenticated DoS via empty completion prompt
CVE-2024-8768 LangChain: RCE via FAISS pickle deserialization
CVE-2024-5998 LiteLLM: SSRF leaks OpenAI API key to attacker
CVE-2024-6587 MindsDB: RCE via eval() injection in ChromaDB INSERT
CVE-2024-45848 Ollama: ZIP path traversal exposes host filesystem
CVE-2024-45436 TensorFlow: DoS via upper_bound rank validation crash
CVE-2023-33976 Langflow: mass assignment grants super admin access
CVE-2024-7297 TorchServe: default gRPC exposure allows unauth inference
CVE-2024-35199 langchain-experimental: RCE via eval() in VectorSQL chain
CVE-2024-21513 Flowise: CORS wildcard enables file read and data theft
CVE-2024-36421 Flowise: unauthenticated arbitrary file read via API
CVE-2024-36420 LangChain: Python REPL code execution without opt-in
CVE-2024-38459 litellm: arbitrary file deletion via audio endpoint
CVE-2024-4888 LangChain: SSRF in Web Retriever exposes cloud metadata
CVE-2024-3095 MLflow: URI fragment LFI exposes arbitrary files
CVE-2024-2928 MLflow: path traversal enables RCE via dataset loading
CVE-2024-0520 Gradio: LFI via JSON path key exposes server files
CVE-2024-4941 Need deeper analysis?
Get ATLAS technique mappings, compliance reports (ISO 42001, EU AI Act), breaking alerts, and full CISO analysis with a Pro subscription.
Start 14-Day Free Trial