AI Threat Alert
AI Security Threat Feed
Latest CVEs affecting AI/ML systems, updated continuously. Tracked from NVD, GitHub Advisory, and CISA KEV.
AI/ML CVEs Tracked
Critical
New This Week
In CISA KEV
Latest AI Security Threats
Showing 20 of 684 results — High severityvLLM: RCE via eval() in Qwen3 Coder tool parser
CVE-2025-9141 Merlin Transformers4Rec: code injection via Python dep
CVE-2025-23298 picklescan: detection bypass allows malicious pickle exec
GHSA-9gvj-pp9x-gcfr Keras: safe mode bypass enables RCE via model load
CVE-2025-8747 skops: joblib fallback enables RCE via model load
CVE-2025-54886 WP Contest Gallery: Stored XSS exposes OpenAI API creds
CVE-2025-7725 skops: RCE via MethodNode unsafe deserialization
CVE-2025-54413 skops: OperatorFuncNode type confusion → RCE
CVE-2025-54412 ExecuTorch: heap overflow in method load, RCE risk
CVE-2025-30402 llama_index: path traversal allows arbitrary file read
CVE-2025-6209 lollms: timing attack enables credential enumeration
CVE-2025-6386 LlamaIndex Obsidian: symlink traversal exposes host files
CVE-2025-3046 llama-index Papers Loader: XML expansion DoS
CVE-2025-3225 Transformers: ReDoS in chat.py causes CPU exhaustion
CVE-2025-3262 Langchain-Chatchat: path traversal exposes system files
CVE-2025-6855 Hive Support WP: OpenAI key theft + prompt hijack
CVE-2025-5018 jupyter_core: config hijack enables cross-user code exec
CVE-2025-30167 Gradio: unauthenticated file copy enables disk DoS
CVE-2025-48889 vLLM: image hash collision enables multimodal cache leakage
CVE-2025-46722 llama-index-cli: OS command injection enables RCE
CVE-2025-1753 Need deeper analysis?
Get ATLAS technique mappings, compliance reports (ISO 42001, EU AI Act), breaking alerts, and full CISO analysis with a Pro subscription.
Start 14-Day Free Trial