AI Threat Alert AI Threat Alert

AI Security Threat Feed

Latest CVEs affecting AI/ML systems, updated continuously. Tracked from NVD, GitHub Advisory, and CISA KEV.

1,604

AI/ML CVEs Tracked

225

Critical

76

New This Week

16

In CISA KEV

Sort: Date CVSS EPSS KEV first Most exploited
Filter: All Critical High Medium KEV only Active exploitation Has patch No patch

Latest AI Security Threats

Showing 20 of 1092 results — no patch
Severity CVE ID Summary CVSS EPSS Package Date
MEDI E CVE-2025-54952 ExecuTorch: integer overflow enables RCE via model loading 0.4% executorch Aug 8 CRIT E CVE-2025-53767 Azure OpenAI: SSRF EoP, no auth required (CVSS 10) 10.0 0.5% azure_openai Aug 7 MEDI E CVE-2025-44779 Ollama: arbitrary file deletion via /api/pull 6.6 0.0% ollama Aug 7 MEDI E CVE-2025-5197 Transformers: ReDoS in TF-to-PyTorch weight converter 5.3 0.0% transformers Aug 6 CRIT E CVE-2025-45150 ChatGLM-Webui: arbitrary file read, no auth required 9.8 0.1% langchain-chatglm-webui Aug 1 HIGH CVE-2025-7725 WP Contest Gallery: Stored XSS exposes OpenAI API creds 7.2 0.3% Aug 1 MEDI GHSA-r54c-2xmf-2cf3 ms-swift: RCE via pickle deserialization in adapter models Jul 31 CRIT E CVE-2025-54381 BentoML: unauthenticated SSRF via file upload URLs 9.9 0.7% bentoml Jul 29 CRIT E CVE-2025-46059 LangChain GmailToolkit: indirect prompt injection to RCE 9.8 0.3% Jul 29 CRIT E CVE-2025-5120 smolagents: sandbox escape enables unauthenticated RCE 10.0 0.4% smolagents Jul 27 MEDI CVE-2025-54558 OpenAI Codex CLI: sandbox bypass via ripgrep flag abuse 4.1 0.0% Jul 25 MEDI CVE-2025-7780 WordPress AI Engine: SSRF leaks files via OpenAI API 6.5 0.1% Jul 24 MEDI E CVE-2025-51471 Ollama: auth token hijack via crafted WWW-Authenticate 6.9 0.0% ollama Jul 22 MEDI E CVE-2025-51481 Dagster: path traversal exposes arbitrary file read via gRPC 6.6 0.0% Jul 22 MEDI CVE-2025-53621 DSpace: XXE injection enables server file disclosure 6.9 0.1% Jul 15 MEDI E CVE-2025-3933 Transformers: ReDoS in DonutProcessor causes DoS 5.3 0.1% transformers Jul 11 MEDI E CVE-2025-6716 Contest Gallery WP Plugin: Stored XSS in OpenAI integration 6.4 0.2% Jul 11 MEDI E CVE-2025-7021 OpenAI Operator: fullscreen spoofing captures credentials 6.5 0.2% operator Jul 10 HIGH CVE-2025-6386 lollms: timing attack enables credential enumeration 7.5 0.3% lollms Jul 7 LOW E CVE-2025-3777 Transformers: URL validation bypass exposes image pipeline 3.5 0.1% transformers Jul 7

Need deeper analysis?

Get ATLAS technique mappings, compliance reports (ISO 42001, EU AI Act), breaking alerts, and full CISO analysis with a Pro subscription.

Start 14-Day Free Trial