AI Threat Alert
AI Security Threat Feed
Latest CVEs affecting AI/ML systems, updated continuously. Tracked from NVD, GitHub Advisory, and CISA KEV.
1,604
AI/ML CVEs Tracked
225
Critical
75
New This Week
16
In CISA KEV
Latest AI Security Threats
Showing 20 of 684 results — High severity Severity CVE ID Summary CVSS EPSS Package Date
HIGH CVE-2025-5173 label-studio-ml: PyTorch .pt deserialization RCE in YOLO loader 7.8 0.1% label-studio-ml May 26 HIGH E CVE-2025-2099 transformers: ReDoS in testing_utils causes DoS 7.5 0.1% transformers May 19 HIGH E CVE-2025-47783 Label Studio: XSS enables unauthorized actions via CSRF — 0.2% label-studio May 15 HIGH E CVE-2025-1752 llama_index: DoS via uncapped recursion in web reader 7.5 0.2% llama-index May 10 HIGH CVE-2025-0649 TensorFlow Serving: JSON recursion DoS on inference API 7.5 0.1% tensorflow_serving May 6 HIGH CVE-2025-30165 vLLM: pickle RCE in multi-node inference deployments 8.0 1.3% vllm May 6 HIGH E CVE-2025-46567 LLaMA-Factory: RCE via torch.load() unsafe deserialization 7.8 0.2% llamafactory May 1 HIGH E CVE-2025-46560 vLLM: DoS via quadratic multimodal tokenizer input 7.5 0.6% vllm Apr 30 HIGH E CVE-2025-30202 vLLM: ZeroMQ socket exposure enables DoS in multi-node 7.5 0.4% vllm Apr 30 HIGH E CVE-2025-46417 picklescan: scanner bypass enables DNS data exfiltration — 0.2% picklescan Apr 7 HIGH E CVE-2025-30370 jupyterlab-git: command injection via malicious repo name 7.4 0.1% — Apr 4 HIGH CVE-2025-30358 Mesop: class pollution enables DoS and LLM jailbreak 8.1 2.4% — Mar 27 HIGH E CVE-2025-0330 LiteLLM: Langfuse API key leak via error handling 7.5 0.5% litellm Mar 20 HIGH E CVE-2025-0628 litellm: privilege escalation viewer→proxy admin via bad API key 8.1 0.3% litellm Mar 20 HIGH CVE-2024-9606 LiteLLM: API key leakage in logs exposes credentials 7.5 0.2% litellm Mar 20 HIGH GHSA-5ccf-884p-4jjq open-webui: DoS via unauthenticated multipart parsing 7.5 — open-webui Mar 20 HIGH E CVE-2024-8984 litellm: unauthenticated DoS via multipart boundary parsing 7.5 0.6% litellm Mar 20 HIGH E CVE-2024-7983 open-webui: unauthenticated DoS via markdown parser 7.5 0.4% open-webui Mar 20 HIGH E CVE-2024-8060 OpenWebUI: path traversal RCE via audio upload API 8.1 2.1% open-webui Mar 20 HIGH E CVE-2024-8020 pytorch-lightning: unauthenticated DoS crashes LightningApp 7.5 0.1% pytorch-lightning Mar 20 Need deeper analysis?
Get ATLAS technique mappings, compliance reports (ISO 42001, EU AI Act), breaking alerts, and full CISO analysis with a Pro subscription.
Start 14-Day Free Trial