AI Security Threat Feed

Latest CVEs affecting AI/ML systems, updated continuously. Tracked from NVD, GitHub Advisory, and CISA KEV.

1,604

AI/ML CVEs Tracked

225

Critical

New This Week

In CISA KEV

Sort: Date CVSS EPSS KEV first Most exploited

Filter: All Critical High Medium KEV only Active exploitation Has patch No patch

Latest AI Security Threats

Showing 20 of 684 results — High severity

HIGH EXPLOIT AVAIL

mlx: security flaw enables exploitation

DoS Supply Chain Framework Model

mlx CWE-476 290 5 ATLAS

HIGH EXPLOIT AVAIL

AI component: Arbitrary File Upload enables RCE

Code Execution Supply Chain Data Extraction Plugin API

6 ATLAS 1 incident

HIGH

vllm: Input Validation flaw enables exploitation

Code Execution DoS Supply Chain Inference API Framework

vllm CWE-20 127 5 ATLAS

HIGH EXPLOIT AVAIL

open-webui: Code Injection enables RCE

Code Execution Auth Bypass Social Engineering Inference API Plugin

open-webui Patch: 0.6.35 CWE-95 9 ATLAS

HIGH EXPLOIT AVAIL

Open WebUI: XSS-to-RCE via malicious prompt injection

Code Execution Data Extraction Auth Bypass Framework Agent API

open-webui Patch: 0.6.35 CWE-79 7 ATLAS

HIGH EXPLOIT AVAIL

langgraph-checkpoint: Deserialization enables RCE

CVE-2025-64439

EPSS 1.1%

6mo ago

Code Execution Supply Chain Framework Agent

langgraph-checkpoint Patch: 3.0.0 CWE-502 3.1K 5 ATLAS

HIGH

n8n: security flaw enables exploitation

Code Execution Supply Chain Data Extraction Agent Framework Plugin

n8n 16 6 ATLAS

HIGH EXPLOIT AVAIL

langgraph-checkpoint-sqlite: SQL Injection exposes database

Auth Bypass Data Extraction Data Leakage Framework Agent

langgraph-checkpoint-sqlite Patch: 2.0.11 CWE-89 3.1K 4 ATLAS

HIGH EXPLOIT AVAIL

langgraph-checkpoint-sqlite: SQL Injection exposes database

Data Extraction Auth Bypass Data Leakage Framework Agent

langgraph-checkpoint-sqlite Patch: 2.0.11 CWE-89 3.1K 5 ATLAS

HIGH

llama-index: world-writable NLTK dir allows local tampering

DoS Supply Chain Model Poisoning Framework RAG

llama-index Patch: 0.13.0 CWE-377 229 4 ATLAS

HIGH EXPLOIT AVAIL

vLLM: SSRF in media loader exposes internal network

Data Extraction Auth Bypass Inference Framework

vllm Patch: 0.11.0 CWE-601 127 4 ATLAS

HIGH EXPLOIT AVAIL

LLaMA-Factory: SSRF+LFI in multimodal chat API

Data Extraction Privacy Violation Code Execution Framework API Training Data

llamafactory Patch: 0.9.4 CWE-918 1 6 ATLAS

HIGH EXPLOIT AVAIL

vLLM: timing attack enables API key bypass

Auth Bypass Inference API

vllm CWE-385 127 5 ATLAS

HIGH EXPLOIT AVAIL

langchain-text-splitters: XXE enables arbitrary file read

Data Extraction Supply Chain Data Leakage Framework RAG Agent

langchain-text-splitters Patch: 0.3.9 CWE-611 2.6K 5 ATLAS

HIGH EXPLOIT AVAIL

Flowise: unrestricted file upload enables persistent RCE

Code Execution Data Leakage Supply Chain Agent Framework

flowise 6 ATLAS

HIGH EXPLOIT AVAIL

llama-index-core: insecure /tmp dir, model theft risk

Data Extraction Model Poisoning Supply Chain Framework RAG

llama-index-core Patch: 0.13.0 CWE-378 1.1K 5 ATLAS

HIGH EXPLOIT AVAIL

PyTorch: DoS via sparse/dense tensor Inductor compile

DoS Framework Inference

pytorch 21.9K 4 ATLAS

HIGH EXPLOIT AVAIL

TensorFlow: DoS via Conv2D valid padding crash

DoS Framework Inference

tensorflow 3.7K 3 ATLAS

HIGH EXPLOIT AVAIL

PyTorch: Inductor compiler buffer overflow causes DoS

DoS Framework Inference

pytorch 21.9K 4 ATLAS

HIGH EXPLOIT AVAIL

PyTorch: DoS via cummin+Inductor NameError in 2.7.0

pytorch 21.9K 3 ATLAS

Need deeper analysis?

Get ATLAS technique mappings, compliance reports (ISO 42001, EU AI Act), breaking alerts, and full CISO analysis with a Pro subscription.

Start 14-Day Free Trial

AI Security Threat Feed

Weekly CISO Take + top threats

Latest AI Security Threats

Need deeper analysis?