AI Threat Alert

AI Security Threat Feed

Latest CVEs affecting AI/ML systems, updated continuously. Tracked from NVD, GitHub Advisory, and CISA KEV.

1,140

AI/ML CVEs Tracked

171

Critical

228

New This Week

2

In CISA KEV

Weekly CISO Take + top threats

Get the week's most critical AI security threats delivered every Monday. Free, no spam.

Sort: Date CVSS EPSS KEV first

Filter: All Critical High Medium KEV only Has patch No patch

Latest AI Security Threats

Showing 50 of 1140 results

Severity CVE ID Summary CVSS EPSS Package Date

MEDI CVE-2024-42474 Streamlit is a data oriented application... 6.5 — streamlit Aug 12 HIGH CVE-2023-33976 TensorFlow is an end-to-end open source platform... 7.5 — tensorflow Jul 30 HIGH CVE-2024-7297 Langflow versions prior to 1.0.13 suffer from a... 8.8 — langflow Jul 30 CRIT CVE-2024-41120 streamlit-geospatial is a streamlit multipage app... 9.8 — streamlit-geospatial Jul 26 CRIT CVE-2024-41119 streamlit-geospatial is a streamlit multipage app... 9.8 — streamlit-geospatial Jul 26 CRIT CVE-2024-41118 streamlit-geospatial is a streamlit multipage app... 9.8 — streamlit-geospatial Jul 26 CRIT CVE-2024-41117 streamlit-geospatial is a streamlit multipage app... 9.8 — streamlit-geospatial Jul 26 CRIT CVE-2024-41116 streamlit-geospatial is a streamlit multipage app... 9.8 — streamlit-geospatial Jul 26 CRIT CVE-2024-41115 streamlit-geospatial is a streamlit multipage app... 9.8 — streamlit-geospatial Jul 26 CRIT CVE-2024-41114 streamlit-geospatial is a streamlit multipage app... 9.8 — streamlit-geospatial Jul 26 CRIT CVE-2024-41113 streamlit-geospatial is a streamlit multipage app... 9.8 — streamlit-geospatial Jul 26 CRIT CVE-2024-41112 streamlit-geospatial is a streamlit multipage app... 9.8 — streamlit-geospatial Jul 26 HIGH CVE-2024-35199 TorchServe is a flexible and easy-to-use tool for... 8.2 — torchserve Jul 19 CRIT CVE-2024-35198 TorchServe is a flexible and easy-to-use tool for... 9.8 — torchserve Jul 19 HIGH CVE-2024-21513 Versions of the package langchain-experimental... 8.5 — langchain-experimental Jul 15 LOW CVE-2024-40594 The OpenAI ChatGPT app before 2024-07-05 for... 2.3 — — Jul 6 UNKN CVE-2024-4897 parisneo/lollms-webui, in its latest version, is... — — — Jul 2 CRIT CVE-2024-39236 Gradio v4.36.1 was discovered to contain a code... 9.8 — gradio Jul 1 HIGH CVE-2024-36420 Flowise is a drag & drop user interface to build... 7.5 — — Jul 1 LOW CVE-2024-4839 A Cross-Site Request Forgery (CSRF) vulnerability... 3.3 — — Jun 24 MEDI CVE-2024-4940 An open redirect vulnerability exists in the... 6.1 — gradio Jun 22 HIGH CVE-2024-38459 langchain_experimental (aka LangChain... 7.8 — langchain-experimental Jun 16 CRIT CVE-2024-37014 Langflow through 0.6.19 allows remote code... 9.8 6.5% langflow Jun 10 HIGH CVE-2024-5187 onnx allows Arbitrary File Overwrite in... 8.8 1.4% onnx Jun 6 MEDI CVE-2024-2965 Denial of service in langchain-community 4.2 0.0% langchain Jun 6 MEDI CVE-2024-5206 A sensitive data leakage vulnerability was... 4.7 — scikit-learn Jun 6 HIGH CVE-2024-4888 BerriAI's litellm, in its latest version, is... 8.1 — litellm Jun 6 CRIT CVE-2024-3234 The gaizhenbiao/chuanhuchatgpt application is... 9.8 — — Jun 6 MEDI CVE-2024-3099 A vulnerability in mlflow/mlflow version 2.11.1... 5.4 — mlflow Jun 6 HIGH CVE-2024-3095 A Server-Side Request Forgery (SSRF)... 7.7 — langchain Jun 6 HIGH CVE-2024-2928 A Local File Inclusion (LFI) vulnerability was... 7.5 — mlflow Jun 6 HIGH CVE-2024-0520 A vulnerability in mlflow/mlflow version 8.2.1... 8.8 — mlflow Jun 6 CRIT CVE-2024-5452 A remote code execution (RCE) vulnerability... 9.8 56.7% pytorch_lightning Jun 6 HIGH CVE-2024-4941 A local file inclusion vulnerability exists in... 7.5 — gradio Jun 6 HIGH CVE-2024-4325 A Server-Side Request Forgery (SSRF)... 8.6 — gradio Jun 6 UNKN CVE-2024-4254 The 'deploy-website.yml' workflow in the... — — gradio Jun 4 HIGH CVE-2024-37061 Remote Code Execution can occur in versions of... 8.8 — mlflow Jun 4 HIGH CVE-2024-37060 Deserialization of untrusted data can occur in... 8.8 — mlflow Jun 4 HIGH CVE-2024-37059 Deserialization of untrusted data can occur in... 8.8 0.4% mlflow Jun 4 HIGH CVE-2024-37058 Deserialization of untrusted data can occur in... 8.8 — mlflow Jun 4 HIGH CVE-2024-37057 Deserialization of untrusted data can occur in... 8.8 — mlflow Jun 4 HIGH CVE-2024-37056 Deserialization of untrusted data can occur in... 8.8 — mlflow Jun 4 HIGH CVE-2024-37055 Deserialization of untrusted data can occur in... 8.8 — mlflow Jun 4 HIGH CVE-2024-37054 Deserialization of untrusted data can occur in... 8.8 — mlflow Jun 4 HIGH CVE-2024-37053 Deserialization of untrusted data can occur in... 8.8 — mlflow Jun 4 HIGH CVE-2024-37052 Deserialization of untrusted data can occur in... 8.8 — mlflow Jun 4 CRIT CVE-2024-4253 A command injection vulnerability exists in the... 9.1 — gradio Jun 4 HIGH CVE-2024-37032 Ollama before 0.1.34 does not validate the format... 8.8 — ollama May 31 UNKN CVE-2024-3924 A code injection vulnerability exists in the... — — — May 30 MEDI CVE-2024-4858 The Testimonial Carousel For Elementor plugin for... 5.3 — — May 25

Need deeper analysis?

Get ATLAS technique mappings, compliance reports (ISO 42001, EU AI Act), breaking alerts, and full CISO analysis with a Pro subscription.

Start 14-Day Free Trial