AI Threat Alert
AI Security Threat Feed
Latest CVEs affecting AI/ML systems, updated continuously. Tracked from NVD, GitHub Advisory, and CISA KEV.
1,604
AI/ML CVEs Tracked
225
Critical
79
New This Week
16
In CISA KEV
Latest AI Security Threats
Showing 20 of 225 results — Critical severity Severity CVE ID Summary CVSS EPSS Package Date
CRIT E CVE-2023-6014 MLflow: auth bypass allows arbitrary account creation 9.8 0.9% mlflow Nov 16 CRIT E CVE-2023-6021 Ray: LFI allows unauthenticated file read 9.3 87.3% ray Nov 16 CRIT E CVE-2023-6019 Ray: unauthenticated RCE via dashboard command injection 9.8 88.8% ray Nov 16 CRIT E CVE-2023-6018 MLflow: unauth file overwrite enables model poisoning 9.8 91.3% mlflow Nov 16 CRIT E CVE-2023-5245 MLeap: zip slip in model loading enables RCE 9.8 0.4% — Nov 15 CRIT CVE-2023-32785 LangChain: prompt injection → SQL RCE (CVSS 9.8) 9.8 — langchain Oct 21 CRIT CVE-2023-44467 LangChain: RCE bypass via __import__ in PAL chain 9.8 0.1% langchain_experimental Oct 9 CRIT CVE-2023-43654 TorchServe: SSRF + RCE via unrestricted model URL loading 9.8 91.6% torchserve Sep 28 CRIT E CVE-2023-39631 LangChain: RCE via numexpr evaluate injection 9.8 1.6% langchain Sep 1 CRIT E CVE-2023-36281 LangChain: RCE via malicious JSON prompt template 9.8 62.2% langchain Aug 22 CRIT E CVE-2023-39659 LangChain: RCE via unsanitized PythonAstREPL input 9.8 1.2% langchain Aug 15 CRIT E CVE-2023-38896 LangChain: RCE via unsandboxed LLM code execution 9.8 0.8% langchain Aug 15 CRIT E CVE-2023-38860 LangChain: RCE via unsanitized prompt parameter 9.8 1.4% langchain Aug 15 CRIT E CVE-2023-36095 LangChain PALChain: RCE via unsanitized exec() calls 9.8 3.1% langchain Aug 5 CRIT E CVE-2023-3765 MLflow: path traversal allows arbitrary file read 10.0 91.5% mlflow Jul 19 CRIT E CVE-2023-3686 QuickAI: unauthenticated SQLi exposes OpenAI API keys 9.8 0.1% quickai_openai Jul 16 CRIT E CVE-2023-36188 LangChain: RCE via PALChain unsanitized Python exec 9.8 6.6% langchain Jul 6 CRIT E CVE-2023-36258 LangChain: unauthenticated RCE via code injection 9.8 0.6% langchain Jul 3 CRIT E CVE-2023-34541 LangChain: RCE via unsafe load_prompt deserialization 9.8 0.2% langchain Jun 20 CRIT E CVE-2023-34540 LangChain: RCE via JiraAPIWrapper crafted input 9.8 1.9% langchain Jun 14 Need deeper analysis?
Get ATLAS technique mappings, compliance reports (ISO 42001, EU AI Act), breaking alerts, and full CISO analysis with a Pro subscription.
Start 14-Day Free Trial