AI Threat Alert
AI Security Threat Feed
Latest CVEs affecting AI/ML systems, updated continuously. Tracked from NVD, GitHub Advisory, and CISA KEV.
1,604
AI/ML CVEs Tracked
225
Critical
76
New This Week
16
In CISA KEV
Latest AI Security Threats
Showing 20 of 684 results — High severity Severity CVE ID Summary CVSS EPSS Package Date
HIGH E CVE-2025-55553 PyTorch 2.7.0: DoS via proxy_tensor.py syntax error 7.5 0.1% pytorch Sep 25 HIGH E CVE-2025-55552 PyTorch: integer overflow in rot90+randn_like causes DoS 7.5 0.1% pytorch Sep 25 HIGH E CVE-2025-55551 PyTorch: DoS in linalg.lu via malformed slice op 7.5 0.1% pytorch Sep 25 HIGH E CVE-2025-6921 Transformers: ReDoS in optimizer halts training pipelines 7.5 0.0% transformers Sep 23 HIGH E CVE-2025-59527 Flowise: unauthenticated SSRF exposes internal network 7.5 0.1% flowise Sep 22 HIGH E CVE-2025-9906 Keras: safe_mode bypass enables RCE via model load 7.3 0.1% keras Sep 19 HIGH E CVE-2025-9905 Keras: safe_mode bypass enables RCE via .h5 model files 7.3 0.0% keras Sep 19 HIGH E CVE-2025-10155 picklescan: file extension bypass allows model RCE 7.8 0.1% picklescan Sep 17 HIGH E CVE-2025-6638 HuggingFace Transformers: ReDoS in MarianTokenizer 7.5 0.0% transformers Sep 12 HIGH E CVE-2025-10156 Picklescan: CRC bypass hides malicious pickle in ZIP 7.5 1.0% picklescan Sep 10 HIGH E CVE-2025-10157 PickleScan: subclass bypass enables malicious model RCE 8.3 0.2% picklescan Sep 10 HIGH E CVE-2025-58757 MONAI: unsafe pickle deserialization RCE in data pipeline 8.8 0.8% monai Sep 9 HIGH E CVE-2025-58756 MONAI: unsafe deserialization in CheckpointLoader allows RCE 8.8 1.7% monai Sep 9 HIGH E CVE-2025-58755 MONAI: path traversal allows arbitrary file write 8.8 0.1% monai Sep 9 HIGH E CVE-2025-56265 n8n: unrestricted file upload RCE via Chat Trigger 8.8 0.1% n8n Sep 8 HIGH E CVE-2025-6984 EverNoteLoader: XXE exposes host files in LangChain 7.5 1.9% langchain-community Sep 4 HIGH E CVE-2025-5302 llama-index: JSON parsing DoS via deep recursion 8.6 0.1% llama-index-core Aug 26 HIGH E CVE-2025-57809 xgrammar: uncontrolled recursion in grammar parsing causes DoS 7.5 0.0% xgrammar Aug 25 HIGH E CVE-2025-57760 Langflow: privilege escalation to full superuser via CLI 8.8 0.0% langflow Aug 25 HIGH E CVE-2025-48956 vLLM: unauthenticated DoS via oversized HTTP header 7.5 0.3% vllm Aug 21 Need deeper analysis?
Get ATLAS technique mappings, compliance reports (ISO 42001, EU AI Act), breaking alerts, and full CISO analysis with a Pro subscription.
Start 14-Day Free Trial