AI Threat Alert AI Threat Alert

AI Security Threat Feed

Latest CVEs affecting AI/ML systems, updated continuously. Tracked from NVD, GitHub Advisory, and CISA KEV.

1,604

AI/ML CVEs Tracked

225

Critical

78

New This Week

16

In CISA KEV

Sort: Date CVSS EPSS KEV first Most exploited
Filter: All Critical High Medium KEV only Active exploitation Has patch No patch

Latest AI Security Threats

Showing 20 of 570 results — Medium severity
MEDIUM EXPLOIT AVAIL

Langchain-Chatchat: path traversal in file API exposes host FS

CVE-2025-6854
4.3
EPSS 0.5%
Data Extraction Data Leakage Framework API RAG
langchain-chatchat CWE-22 2.6K 5 ATLAS
MEDIUM

n8n: open redirect enables phishing via login flow

CVE-2025-49592
5.4
EPSS 0.2%
Social Engineering Auth Bypass Agent Framework
n8n 16 5 ATLAS
MEDIUM

MLflow: unauthenticated SSRF in gateway proxy

CVE-2025-52967
5.8
EPSS 0.2%
Auth Bypass Data Extraction Framework API
mlflow Patch: 3.1.0 CWE-918 624 4 ATLAS
MEDIUM EXPLOIT AVAIL

vLLM: input validation DoS crashes inference worker

CVE-2025-48944
6.5
EPSS 0.3%
DoS Inference API Framework
vllm CWE-20 126 3 ATLAS
MEDIUM EXPLOIT AVAIL

vLLM: ReDoS crashes inference server via malformed regex

CVE-2025-48943
6.5
EPSS 0.2%
DoS Inference Framework
vllm CWE-248 126 4 ATLAS
MEDIUM EXPLOIT AVAIL

vLLM: DoS via malformed JSON schema guided param

CVE-2025-48942
6.5
EPSS 0.2%
DoS Inference API
vllm CWE-248 126 3 ATLAS
MEDIUM EXPLOIT AVAIL

vLLM: ReDoS in tool parser causes service outage

CVE-2025-48887
6.5
EPSS 0.3%
DoS Inference API Framework
vllm CWE-1333 126 3 ATLAS
MEDIUM

vllm: ReDoS in inference endpoints enables DoS

GHSA-j828-28rj-hfhp
4.3
DoS Inference Framework
vllm Patch: 0.9.0 CWE-1333 126 3 ATLAS
MEDIUM EXPLOIT AVAIL

transformers: ReDoS in GPT-NeoX Japanese tokenizer

CVE-2025-1194
6.5
EPSS 0.1%
DoS Framework
transformers CWE-1333 7.8K 4 ATLAS
MEDIUM

n8n: stored XSS enables account takeover

CVE-2025-46343
5.4
EPSS 0.1%
Auth Bypass Code Execution Agent Framework
n8n 16 5 ATLAS
MEDIUM EXPLOIT AVAIL

PyTorch: DoS via ctc_loss resource mishandling

CVE-2025-3730
5.5
EPSS 0.1%
DoS Framework
pytorch CWE-404 21.7K 3 ATLAS
MEDIUM

vLLM: DoS via unbounded XGrammar schema cache

GHSA-hf3c-wxg2-49q9
6.5
DoS Supply Chain Inference Framework API
vllm Patch: 0.8.4 CWE-770 126 5 ATLAS
MEDIUM

xgrammar: unbounded grammar cache causes LLM server DoS

CVE-2025-32381
6.5
EPSS 0.3%
DoS Inference Framework
xgrammar Patch: 0.1.18 CWE-770 152 3 ATLAS
MEDIUM

picklescan: bypass allows silent RCE in ML pipelines

GHSA-v7x6-rv5q-mhwc
--
Supply Chain Code Execution Model Framework
picklescan Patch: 0.0.25 CWE-184 3 6 ATLAS
MEDIUM

picklescan: numpy bypass enables RCE in ML model pipelines

GHSA-fj43-3qmq-673f
--
Supply Chain Code Execution Framework Model
picklescan Patch: 0.0.25 CWE-502 3 7 ATLAS
MEDIUM EXPLOIT AVAIL

PyTorch: memory corruption in JIT flatbuffer loader

CVE-2025-3121
5.5
EPSS 0.1%
DoS Supply Chain Framework Inference
pytorch 21.7K 3 ATLAS
MEDIUM

OpenAI WP Plugin: broken access control on AI settings

CVE-2025-31843
4.3
EPSS 0.2%
Auth Bypass DoS Plugin API
3 ATLAS
MEDIUM EXPLOIT AVAIL

PyTorch: lstm_cell memory corruption, local code exec

CVE-2025-3001
5.3
EPSS 0.1%
Code Execution DoS Framework
pytorch 21.7K 3 ATLAS
MEDIUM EXPLOIT AVAIL

PyTorch: memory corruption in torch.jit.script compiler

CVE-2025-3000
5.3
EPSS 0.1%
Code Execution Supply Chain Framework Inference
pytorch 21.7K 3 ATLAS
MEDIUM EXPLOIT AVAIL

PyTorch: memory corruption in RNN sequence unpacking

CVE-2025-2999
5.3
EPSS 0.1%
Code Execution Data Extraction Supply Chain Framework Training Data Inference
pytorch 21.7K 3 ATLAS

Need deeper analysis?

Get ATLAS technique mappings, compliance reports (ISO 42001, EU AI Act), breaking alerts, and full CISO analysis with a Pro subscription.

Start 14-Day Free Trial