AI Threat Alert
AI Security Threat Feed
Latest CVEs affecting AI/ML systems, updated continuously. Tracked from NVD, GitHub Advisory, and CISA KEV.
1,604
AI/ML CVEs Tracked
225
Critical
76
New This Week
16
In CISA KEV
Latest AI Security Threats
Showing 20 of 684 results — High severity Severity CVE ID Summary CVSS EPSS Package Date
HIGH E CVE-2025-62609 mlx: security flaw enables exploitation 7.5 0.1% mlx Nov 21 HIGH E CVE-2025-12973 AI component: Arbitrary File Upload enables RCE 7.2 0.1% — Nov 21 HIGH CVE-2025-62164 vllm: Input Validation flaw enables exploitation 8.8 0.2% vllm Nov 21 HIGH E CVE-2025-64496 open-webui: Code Injection enables RCE 7.3 0.1% open-webui Nov 7 HIGH E CVE-2025-64495 Open WebUI: XSS-to-RCE via malicious prompt injection 8.7 0.0% open-webui Nov 7 HIGH E CVE-2025-64439 langgraph-checkpoint: Deserialization enables RCE — 1.1% langgraph-checkpoint Nov 5 HIGH CVE-2025-62726 n8n: security flaw enables exploitation 8.8 0.1% n8n Oct 30 HIGH E CVE-2025-64104 langgraph-checkpoint-sqlite: SQL Injection exposes database 7.3 0.0% langgraph-checkpoint-sqlite Oct 29 HIGH E CVE-2025-8709 langgraph-checkpoint-sqlite: SQL Injection exposes database 7.3 0.0% langgraph-checkpoint-sqlite Oct 26 HIGH CVE-2025-7707 llama-index: world-writable NLTK dir allows local tampering 7.1 0.0% llama-index Oct 13 HIGH E CVE-2025-6242 vLLM: SSRF in media loader exposes internal network 7.1 0.1% vllm Oct 7 HIGH E CVE-2025-61784 LLaMA-Factory: SSRF+LFI in multimodal chat API 8.1 0.1% llamafactory Oct 7 HIGH E CVE-2025-59425 vLLM: timing attack enables API key bypass 7.5 0.4% vllm Oct 7 HIGH E CVE-2025-6985 langchain-text-splitters: XXE enables arbitrary file read 7.5 0.2% langchain-text-splitters Oct 6 HIGH E CVE-2025-61687 Flowise: unrestricted file upload enables persistent RCE 8.8 0.3% flowise Oct 6 HIGH E CVE-2025-7647 llama-index-core: insecure /tmp dir, model theft risk 7.3 0.0% llama-index-core Sep 27 HIGH E CVE-2025-55560 PyTorch: DoS via sparse/dense tensor Inductor compile 7.5 0.1% pytorch Sep 25 HIGH E CVE-2025-55559 TensorFlow: DoS via Conv2D valid padding crash 7.5 0.1% tensorflow Sep 25 HIGH E CVE-2025-55558 PyTorch: Inductor compiler buffer overflow causes DoS 7.5 0.1% pytorch Sep 25 HIGH E CVE-2025-55557 PyTorch: DoS via cummin+Inductor NameError in 2.7.0 7.5 0.1% pytorch Sep 25 Need deeper analysis?
Get ATLAS technique mappings, compliance reports (ISO 42001, EU AI Act), breaking alerts, and full CISO analysis with a Pro subscription.
Start 14-Day Free Trial