AI Threat Alert AI Threat Alert

AI Security Threat Feed

Latest CVEs affecting AI/ML systems, updated continuously. Tracked from NVD, GitHub Advisory, and CISA KEV.

1,604

AI/ML CVEs Tracked

225

Critical

76

New This Week

16

In CISA KEV

Sort: Date CVSS EPSS KEV first Most exploited
Filter: All Critical High Medium KEV only Active exploitation Has patch No patch

Latest AI Security Threats

Showing 20 of 1092 results — no patch
Severity CVE ID Summary CVSS EPSS Package Date
UNKN CVE-2025-14920 transformers: Deserialization enables RCE 0.5% transformers Dec 23 MEDI E CVE-2025-67743 local-deep-research: SSRF allows internal network access 6.3 0.1% Dec 23 HIGH CVE-2025-68613 n8n: security flaw enables exploitation 8.8 81.7% n8n Dec 19 HIGH E CVE-2025-68478 langflow: File Control enables path manipulation 7.1 0.0% langflow Dec 19 MEDI E CVE-2025-68477 langflow: SSRF allows internal network access 6.5 0.0% langflow Dec 19 HIGH E CVE-2025-53000 nbconvert: security flaw enables exploitation 0.0% Dec 18 MEDI CVE-2025-63390 anythingllm: Missing Auth allows unauthenticated access 5.3 0.0% Dec 18 CRIT CVE-2025-63389 ollama: Missing Auth allows unauthenticated access 9.8 0.2% ollama Dec 18 CRIT E CVE-2025-67511 cai-framework: Command Injection enables RCE 9.6 0.1% Dec 11 HIGH CVE-2025-33213 NVIDIA: Deserialization enables RCE 8.8 0.1% Dec 9 HIGH E CVE-2025-65964 n8n: security flaw enables exploitation 8.8 0.0% n8n Dec 9 MEDI E CVE-2025-13922 AI component: SQL Injection exposes database 6.5 0.0% Dec 6 HIGH CVE-2025-34291 langflow: security flaw enables exploitation 8.8 10.9% langflow Dec 5 UNKN CVE-2025-66479 Anthropic: Protection Bypass circumvents security controls 0.0% Dec 4 LOW E CVE-2025-63681 open-webui: Access Control bypass enables privilege escalation 0.0% open-webui Dec 4 HIGH E CVE-2025-66404 mcp-server-kubernetes: Command Injection enables RCE 8.8 0.3% Dec 3 MEDI CVE-2025-13359 taxopress: SQL Injection exposes database 6.5 0.0% Dec 3 MEDI CVE-2025-13354 taxopress: Missing Auth allows unauthorized operations 4.3 0.0% Dec 3 HIGH CVE-2025-66448 vllm: Code Injection enables RCE 8.8 0.0% vllm Dec 1 UNKN E CVE-2025-12638 Keras: Path Traversal enables file access 0.0% Nov 28

Need deeper analysis?

Get ATLAS technique mappings, compliance reports (ISO 42001, EU AI Act), breaking alerts, and full CISO analysis with a Pro subscription.

Start 14-Day Free Trial