AI Threat Alert
AI Security Threat Feed
Latest CVEs affecting AI/ML systems, updated continuously. Tracked from NVD, GitHub Advisory, and CISA KEV.
1,631
AI/ML CVEs Tracked
230
Critical
89
New This Week
16
In CISA KEV
Latest AI Security Threats
Showing 20 of 569 results — Medium severity Severity CVE ID Summary CVSS EPSS Package Date
MEDI GHSA-r54c-2xmf-2cf3 ms-swift: RCE via pickle deserialization in adapter models — — — Jul 31 MEDI CVE-2025-54558 OpenAI Codex CLI: sandbox bypass via ripgrep flag abuse 4.1 0.0% — Jul 25 MEDI CVE-2025-7780 WordPress AI Engine: SSRF leaks files via OpenAI API 6.5 0.1% — Jul 24 MEDI E CVE-2025-51471 Ollama: auth token hijack via crafted WWW-Authenticate 6.9 0.0% ollama Jul 22 MEDI E CVE-2025-51481 Dagster: path traversal exposes arbitrary file read via gRPC 6.6 0.0% — Jul 22 MEDI CVE-2025-53621 DSpace: XXE injection enables server file disclosure 6.9 0.3% — Jul 15 MEDI E CVE-2025-3933 Transformers: ReDoS in DonutProcessor causes DoS 5.3 0.1% transformers Jul 11 MEDI E CVE-2025-6716 Contest Gallery WP Plugin: Stored XSS in OpenAI integration 6.4 0.2% — Jul 11 MEDI E CVE-2025-7021 OpenAI Operator: fullscreen spoofing captures credentials 6.5 0.2% operator Jul 10 MEDI E CVE-2025-6211 llama-index: DocugamiReader MD5 hash collision drops chunks 6.5 0.3% llama-index-readers-docugami Jul 10 MEDI E CVE-2025-5472 llama-index: JSONReader DoS via recursive JSON parsing 6.5 0.2% llama-index-core Jul 7 MEDI E CVE-2025-6210 llama-index Obsidian reader: hardlink path traversal leaks files 6.2 0.1% llama-index-readers-obsidian Jul 7 MEDI E CVE-2025-3044 llama-index ArxivReader: MD5 collision corrupts training data 5.3 0.2% llama-index-readers-papers Jul 7 MEDI E CVE-2025-3264 Transformers: ReDoS in dynamic module loader causes DoS 5.3 0.1% transformers Jul 7 MEDI E CVE-2025-3263 Transformers: ReDoS in config loader causes serving DoS 5.3 0.1% transformers Jul 7 MEDI E CVE-2025-3108 llama-index: RCE via unsafe pickle deserialization 5.0 1.9% llama-index-core Jul 7 MEDI CVE-2025-52554 n8n: broken authz enables cross-user workflow termination 4.3 0.3% n8n Jul 3 MEDI E CVE-2025-45809 LiteLLM: SQL injection in key management API 5.4 0.2% litellm Jul 3 MEDI E CVE-2025-49595 n8n: DoS via empty filesystem URI in binary-data API 4.9 0.3% n8n Jul 3 MEDI E CVE-2025-6854 Langchain-Chatchat: path traversal in file API exposes host FS 4.3 0.5% langchain-chatchat Jun 29 Need deeper analysis?
Get ATLAS technique mappings, compliance reports (ISO 42001, EU AI Act), breaking alerts, and full CISO analysis with a Pro subscription.
Start 14-Day Free Trial