AI Threat Alert AI Threat Alert

AI Security Threat Feed

Latest CVEs affecting AI/ML systems, updated continuously. Tracked from NVD, GitHub Advisory, and CISA KEV.

1,604

AI/ML CVEs Tracked

225

Critical

77

New This Week

16

In CISA KEV

Sort: Date CVSS EPSS KEV first Most exploited
Filter: All Critical High Medium KEV only Active exploitation Has patch No patch

Latest AI Security Threats

Showing 20 of 485 results — High severity, no patch
HIGH KEV SCANNER

Gradio: SSRF exposes internal network and cloud metadata

CVE-2024-4325
8.6
EPSS 65.1%
Data Extraction Auth Bypass Framework Inference
gradio 679 4 ATLAS
HIGH EXPLOIT AVAIL

MLflow: RCE via malicious MLproject file execution

CVE-2024-37061
8.8
EPSS 3.9%
Code Execution Supply Chain Framework Training Data
mlflow CWE-94 624 6 ATLAS
HIGH EXPLOIT AVAIL

MLflow: RCE via deserialization in crafted Recipes

CVE-2024-37060
8.8
EPSS 0.4%
Code Execution Supply Chain Framework Training Data
mlflow CWE-502 624 5 ATLAS
HIGH EXPLOIT AVAIL

MLflow: RCE via malicious PyTorch model deserialization

CVE-2024-37059
8.8
EPSS 0.4%
Code Execution Supply Chain Framework Model
mlflow CWE-502 624 4 ATLAS
HIGH EXPLOIT AVAIL

MLflow: RCE via malicious LangChain model deserialization

CVE-2024-37058
8.8
EPSS 0.4%
Supply Chain Code Execution Framework Model Agent
mlflow CWE-502 624 5 ATLAS
HIGH EXPLOIT AVAIL

MLflow: RCE via malicious TensorFlow model deserialization

CVE-2024-37057
8.8
EPSS 0.4%
Supply Chain Code Execution Framework Model
mlflow CWE-502 624 5 ATLAS
HIGH EXPLOIT AVAIL

MLflow: RCE via LightGBM model deserialization

CVE-2024-37056
8.8
EPSS 0.4%
Supply Chain Code Execution Framework Model
mlflow CWE-502 624 5 ATLAS
HIGH EXPLOIT AVAIL

MLflow: RCE via pmdarima model deserialization

CVE-2024-37055
8.8
EPSS 0.4%
Code Execution Supply Chain Framework Model
mlflow CWE-502 624 5 ATLAS
HIGH EXPLOIT AVAIL

MLflow: deserialization RCE via malicious PyFunc model

CVE-2024-37054
8.8
EPSS 0.2%
Supply Chain Code Execution Framework Model
mlflow CWE-502 624 5 ATLAS
HIGH EXPLOIT AVAIL

MLflow: RCE via malicious scikit-learn model deserialization

CVE-2024-37053
8.8
EPSS 0.4%
Supply Chain Code Execution Framework Model
mlflow CWE-502 624 5 ATLAS
HIGH EXPLOIT AVAIL

MLflow: RCE via malicious scikit-learn model upload

CVE-2024-37052
8.8
EPSS 0.3%
Code Execution Supply Chain Framework Model
mlflow CWE-502 624 5 ATLAS
HIGH KEV

Ollama: path traversal enables RCE via model blob API

CVE-2024-37032
8.8
EPSS 93.7%
Code Execution Data Extraction Inference Framework API
ollama 1.5K 4 ATLAS
HIGH

WordPress ChatBot: missing authz deletes OpenAI files

CVE-2024-0453
7.7
EPSS 0.2%
Auth Bypass Data Extraction API Plugin
wpbot CWE-862 4 ATLAS
HIGH EXPLOIT AVAIL

WordPress AI ChatBot: auth bypass enables OpenAI file upload

CVE-2024-0452
7.7
EPSS 0.2%
Auth Bypass Data Leakage Model Poisoning API Plugin
wpbot CWE-862 5 ATLAS
HIGH EXPLOIT AVAIL SCANNER

MLflow: URL fragment bypass leaks SSH and cloud keys

CVE-2024-3848
7.5
EPSS 78.7%
Data Extraction Auth Bypass Framework
mlflow CWE-22 624 4 ATLAS
HIGH

SolidUI: OpenAI API key exposed via log print statement

CVE-2024-34527
7.5
EPSS 0.1%
Data Leakage Data Extraction API Framework
5 ATLAS
HIGH EXPLOIT AVAIL

Gradio: credential leakage via Windows path encoding bug

CVE-2024-34510
7.5
EPSS 0.1%
Data Leakage Data Extraction Framework Inference API
gradio CWE-116 679 5 ATLAS
HIGH

SageMaker SDK: pickle deserialization enables RCE

CVE-2024-34072
7.8
EPSS 0.6%
Code Execution Supply Chain Framework Training Data
4 ATLAS
HIGH

PyTorch: use-after-free in JIT mobile interpreter, RCE

CVE-2024-31583
7.8
EPSS 0.0%
Supply Chain Code Execution Framework Inference
pytorch 21.9K 3 ATLAS
HIGH EXPLOIT AVAIL

LangChain: path traversal allows arbitrary file R/W

CVE-2024-3571
8.8
EPSS 2.0%
Code Execution Data Extraction Framework Agent
langchain 2.6K 6 ATLAS

Need deeper analysis?

Get ATLAS technique mappings, compliance reports (ISO 42001, EU AI Act), breaking alerts, and full CISO analysis with a Pro subscription.

Start 14-Day Free Trial