AI Threat Alert AI Threat Alert

AI Security Threat Feed

Latest CVEs affecting AI/ML systems, updated continuously. Tracked from NVD, GitHub Advisory, and CISA KEV.

1,604

AI/ML CVEs Tracked

225

Critical

78

New This Week

16

In CISA KEV

Sort: Date CVSS EPSS KEV first Most exploited
Filter: All Critical High Medium KEV only Active exploitation Has patch No patch

Latest AI Security Threats

Showing 20 of 570 results — Medium severity
MEDIUM

PyTorch: Dropout inconsistency enables membership inference

CVE-2025-46153
5.3
EPSS 0.1%
Data Extraction Privacy Violation Framework Inference Training Data
pytorch 21.9K 3 ATLAS
MEDIUM

PyTorch: OOB write causes incorrect bitwise shift results

CVE-2025-46152
5.3
EPSS 0.1%
Supply Chain DoS Framework Training Data Inference
pytorch 21.9K 3 ATLAS
MEDIUM

PyTorch: torch.compile silent output inconsistency

CVE-2025-46150
5.3
EPSS 0.1%
Adversarial Examples Supply Chain Framework Inference Model
pytorch 21.9K 4 ATLAS
MEDIUM

PyTorch: reachable assertion in nn.Fold with inductor

CVE-2025-46149
5.3
EPSS 0.0%
DoS Data Leakage Supply Chain Framework Inference
pytorch 21.9K 4 ATLAS
MEDIUM

PyTorch: PairwiseDistance silent miscalculation, integrity risk

CVE-2025-46148
5.3
EPSS 0.1%
Adversarial Examples Auth Bypass Framework Inference
pytorch 21.9K 4 ATLAS
MEDIUM

n8n: stored XSS in LangChain chat trigger (public)

CVE-2025-58177
5.4
EPSS 0.0%
Social Engineering Data Extraction Framework Agent
n8n 16 5 ATLAS
MEDIUM EXPLOIT AVAIL

Transformers: ReDoS in EnglishNormalizer exhausts CPU

CVE-2025-6051
5.3
EPSS 0.0%
DoS Framework Inference
transformers CWE-1333 7.9K 4 ATLAS
MEDIUM EXPLOIT AVAIL

xgrammar: DoS via oversized JSON schema grammar parsing

CVE-2025-58446
--
EPSS 0.1%
DoS Inference Framework
xgrammar Patch: 0.1.24 CWE-770 154 3 ATLAS
MEDIUM

picklescan: scanner bypass enables model RCE

GHSA-q77w-mwjj-7mqx
--
Supply Chain Code Execution Framework Model
picklescan Patch: 0.0.30 3 6 ATLAS
MEDIUM

picklescan: scanner bypass enables RCE via ML model files

GHSA-49gj-c84q-6qm9
--
Supply Chain Code Execution Model Framework
picklescan Patch: 0.0.30 3 5 ATLAS
MEDIUM

picklescan: scan bypass allows silent RCE via ML models

GHSA-9w88-8rmg-7g2p
--
Supply Chain Code Execution Model Framework
picklescan Patch: 0.0.30 3 6 ATLAS
MEDIUM

picklescan: detection bypass allows undetected RCE in ML models

GHSA-fqq6-7vqf-w3fg
--
Supply Chain Code Execution Framework Model
picklescan Patch: 0.0.30 3 6 ATLAS
MEDIUM

picklescan: scanner bypass enables pickle RCE in ML models

GHSA-3gf5-cxq9-w223
--
Supply Chain Code Execution Model Framework
picklescan Patch: 0.0.30 3 7 ATLAS
MEDIUM

picklescan: scanner bypass allows pickle-based RCE

GHSA-j343-8v2j-ff7w
--
Supply Chain Code Execution Model Poisoning Model Framework
picklescan Patch: 0.0.30 3 6 ATLAS
MEDIUM

picklescan: scanner bypass enables RCE via ML models

GHSA-m869-42cg-3xwr
--
Supply Chain Code Execution Model Framework
picklescan Patch: 0.0.30 3 7 ATLAS
MEDIUM

picklescan: detection bypass allows pickle RCE in ML pipelines

GHSA-p9w7-82w4-7q8m
--
Supply Chain Code Execution Framework Model
picklescan Patch: 0.0.30 3 5 ATLAS
MEDIUM

picklescan: scanner bypass leads to undetected RCE

GHSA-xp4f-hrf8-rxw7
--
Supply Chain Code Execution Model Framework
picklescan Patch: 0.0.30 3 6 ATLAS
MEDIUM

picklescan: scanner bypass enables PyTorch gadget RCE

GHSA-4whj-rm5r-c2v8
--
Supply Chain Code Execution Framework Model
picklescan Patch: 0.0.30 3 6 ATLAS
MEDIUM

picklescan: scanner bypass enables RCE via model files

GHSA-9xph-j2h6-g47v
--
Supply Chain Code Execution Model Framework
picklescan Patch: 0.0.29 3 6 ATLAS
MEDIUM

picklescan: RCE bypass enables ML supply chain attack

GHSA-8r4j-24qv-fmq9
--
Supply Chain Code Execution Framework Model
picklescan Patch: 0.0.29 3 6 ATLAS

Need deeper analysis?

Get ATLAS technique mappings, compliance reports (ISO 42001, EU AI Act), breaking alerts, and full CISO analysis with a Pro subscription.

Start 14-Day Free Trial