AI Threat Alert AI Threat Alert

AI Security Threat Feed

Latest CVEs affecting AI/ML systems, updated continuously. Tracked from NVD, GitHub Advisory, and CISA KEV.

1,604

AI/ML CVEs Tracked

225

Critical

78

New This Week

16

In CISA KEV

Sort: Date CVSS EPSS KEV first Most exploited
Filter: All Critical High Medium KEV only Active exploitation Has patch No patch

Latest AI Security Threats

Showing 20 of 570 results — Medium severity
MEDIUM EXPLOIT AVAIL

Transformers: ReDoS in TF-to-PyTorch weight converter

CVE-2025-5197
5.3
EPSS 0.0%
DoS Supply Chain Framework
transformers CWE-1333 7.9K 4 ATLAS
MEDIUM

ms-swift: RCE via pickle deserialization in adapter models

GHSA-r54c-2xmf-2cf3
--
Supply Chain Code Execution Model Poisoning Framework Model Training Data
CWE-502 6 ATLAS
MEDIUM

OpenAI Codex CLI: sandbox bypass via ripgrep flag abuse

CVE-2025-54558
4.1
EPSS 0.0%
Code Execution Auth Bypass Agent Plugin
4 ATLAS
MEDIUM

WordPress AI Engine: SSRF leaks files via OpenAI API

CVE-2025-7780
6.5
EPSS 0.1%
Data Extraction Data Leakage Auth Bypass Plugin API
4 ATLAS
MEDIUM EXPLOIT AVAIL

Ollama: auth token hijack via crafted WWW-Authenticate

CVE-2025-51471
6.9
EPSS 0.0%
Auth Bypass Data Extraction Supply Chain Inference API Model
ollama 1.5K 5 ATLAS
MEDIUM EXPLOIT AVAIL

Dagster: path traversal exposes arbitrary file read via gRPC

CVE-2025-51481
6.6
EPSS 0.0%
Data Extraction Data Leakage Framework Training Data
CWE-22 5 ATLAS
MEDIUM

DSpace: XXE injection enables server file disclosure

CVE-2025-53621
6.9
EPSS 0.1%
Data Extraction Supply Chain API Training Data
5 ATLAS
MEDIUM EXPLOIT AVAIL

Transformers: ReDoS in DonutProcessor causes DoS

CVE-2025-3933
5.3
EPSS 0.1%
DoS Framework Inference
transformers CWE-1333 7.9K 4 ATLAS
MEDIUM EXPLOIT AVAIL

Contest Gallery WP Plugin: Stored XSS in OpenAI integration

CVE-2025-6716
6.4
EPSS 0.2%
Code Execution Data Leakage Plugin API
4 ATLAS
MEDIUM EXPLOIT AVAIL

OpenAI Operator: fullscreen spoofing captures credentials

CVE-2025-7021
6.5
EPSS 0.2%
Social Engineering Privacy Violation Agent API
operator 13.8K 6 ATLAS
MEDIUM EXPLOIT AVAIL

llama-index: DocugamiReader MD5 hash collision drops chunks

CVE-2025-6211
6.5
EPSS 0.3%
Supply Chain Data Leakage Framework RAG
llama-index-readers-docugami Patch: 0.3.1 CWE-440 229 4 ATLAS
MEDIUM EXPLOIT AVAIL

llama-index Obsidian reader: hardlink path traversal leaks files

CVE-2025-6210
6.2
EPSS 0.1%
Data Extraction Supply Chain Framework RAG
llama-index-readers-obsidian Patch: 0.5.2 CWE-22 229 3 ATLAS
MEDIUM EXPLOIT AVAIL

llama-index: JSONReader DoS via recursive JSON parsing

CVE-2025-5472
6.5
EPSS 0.2%
DoS Framework
llama-index-core Patch: 0.12.38 CWE-674 1.1K 3 ATLAS
MEDIUM EXPLOIT AVAIL

llama-index ArxivReader: MD5 collision corrupts training data

CVE-2025-3044
5.3
EPSS 0.2%
Supply Chain Model Poisoning Data Leakage Framework Training Data RAG
llama-index-readers-papers Patch: 0.3.1 CWE-440 229 5 ATLAS
MEDIUM EXPLOIT AVAIL

Transformers: ReDoS in dynamic module loader causes DoS

CVE-2025-3264
5.3
EPSS 0.1%
DoS Supply Chain Framework Model
transformers CWE-1333 7.9K 4 ATLAS
MEDIUM EXPLOIT AVAIL

Transformers: ReDoS in config loader causes serving DoS

CVE-2025-3263
5.3
EPSS 0.1%
DoS Framework
transformers CWE-1333 7.9K 4 ATLAS
MEDIUM EXPLOIT AVAIL

llama-index: RCE via unsafe pickle deserialization

CVE-2025-3108
5.0
EPSS 1.9%
Code Execution Supply Chain Framework RAG Agent
llama-index-core Patch: 0.12.41 CWE-1112 1.1K 4 ATLAS
MEDIUM

n8n: broken authz enables cross-user workflow termination

CVE-2025-52554
4.3
EPSS 0.3%
Auth Bypass DoS Agent Framework
n8n 16 4 ATLAS
MEDIUM EXPLOIT AVAIL

LiteLLM: SQL injection in key management API

CVE-2025-45809
5.4
EPSS 0.2%
Data Extraction Auth Bypass API Framework
litellm 4 5 ATLAS
MEDIUM EXPLOIT AVAIL

n8n: DoS via empty filesystem URI in binary-data API

CVE-2025-49595
4.9
EPSS 0.3%
DoS Agent Framework
n8n 16 3 ATLAS

Need deeper analysis?

Get ATLAS technique mappings, compliance reports (ISO 42001, EU AI Act), breaking alerts, and full CISO analysis with a Pro subscription.

Start 14-Day Free Trial