AI Threat Alert

AI Security Threat Feed

Latest CVEs affecting AI/ML systems — LLM frameworks, ML libraries, AI agents, vector databases, and inference servers. Vulnerabilities are tracked from NVD, GitHub Advisory, CISA KEV, MITRE ATLAS, and enriched with CVSS, EPSS, exploitation confidence, AI-component classification, and compliance mappings to ISO 42001, EU AI Act, NIST AI RMF, and OWASP LLM Top 10. Updated continuously as new CVEs are published.

Sources
Each CVE is enriched with
  • CVSS severity
  • EPSS exploit probability
  • Exploitation confidence
  • AI-component classification
  • Compliance mappings
2,375

AI/ML CVEs Tracked

336

Critical

408

New This Week

18

In CISA KEV

Sort: Date CVSS EPSS KEV first Most exploited
Filter: All Critical High Medium KEV only Active exploitation Has patch No patch

Latest AI Security Threats

Showing 16 of 336 results — Critical severity
Severity CVE ID Summary CVSS EPSS Package Date
CRIT E CVE-2022-45907 PyTorch: RCE via unsafe eval in JIT annotations 9.8 1.2% pytorch Nov 26 CRIT E CVE-2022-41900 TensorFlow: heap OOB RCE in FractionalMaxPool op 9.8 0.6% tensorflow Nov 18 CRIT E CVE-2022-41880 TensorFlow: heap OOB read in candidate sampler op 9.1 0.4% tensorflow Nov 18 CRIT CVE-2022-35939 TensorFlow: ScatterNd OOB write enables RCE/crash 9.8 0.4% tensorflow Sep 16 CRIT CVE-2022-35938 TensorFlow: OOB read in GatherNd causes crash/data leak 9.1 0.4% tensorflow Sep 16 CRIT CVE-2022-35937 TensorFlow: GatherNd OOB read crashes inference servers 9.1 0.4% tensorflow Sep 16 CRIT E CVE-2022-0845 pytorch-lightning: code injection enables full RCE 9.8 1.0% pytorch_lightning Mar 5 CRIT E CVE-2022-23587 TensorFlow: integer overflow in Grappler enables RCE 9.8 0.9% tensorflow Feb 4 CRIT E CVE-2021-35958 TensorFlow: path traversal in get_file allows file overwrite 9.1 1.9% tensorflow Jun 30 CRIT E CVE-2020-15208 TFLite: OOB read/write via tensor dimension mismatch 9.8 0.9% tensorflow Sep 25 CRIT E CVE-2020-15207 TFLite: OOB write via unchecked negative axis index 9.0 1.2% tensorflow Sep 25 CRIT E CVE-2020-15205 TensorFlow: heap overflow in StringNGrams, ASLR bypass 9.8 1.0% tensorflow Sep 25 CRIT E CVE-2020-15202 TensorFlow: Shard API int truncation enables memory corruption 9.0 1.2% tensorflow Sep 25 CRIT E CVE-2020-15196 TensorFlow: heap OOB read in sparse/ragged count ops 9.9 0.9% tensorflow Sep 25 CRIT E CVE-2020-13092 scikit-learn: RCE via malicious joblib model deserialization 9.8 2.6% scikit-learn May 15 CRIT CVE-2019-16778 TensorFlow: heap overflow in UnsortedSegmentSum op 9.8 0.8% tensorflow Dec 16

Frequently asked questions

What is an AI security threat feed?

An AI security threat feed is a continuously updated stream of vulnerabilities (CVEs) affecting AI and machine-learning systems — LLM frameworks, ML libraries, AI agents, vector databases, and inference servers — filtered out of the broader CVE firehose and enriched for relevance.

Which sources are the AI CVEs tracked from?

CVEs are tracked from NVD, GitHub Advisory, CISA KEV, and MITRE ATLAS, then enriched with CVSS, EPSS, exploitation confidence, AI-component classification, and compliance mappings.

What AI systems do these vulnerabilities affect?

Coverage spans LLM frameworks, ML libraries, AI agents, vector databases, and inference servers — the components most security teams now run in production.

How often is the AI threat feed updated?

The feed updates continuously as new CVEs are published and enriched, so the most recent AI/ML vulnerabilities appear at the top.

Is the AI security feed free?

Yes — the public feed is free to browse. A Pro subscription adds breaking alerts, MITRE ATLAS mappings, compliance reports (ISO 42001, EU AI Act), and full CISO analysis.

Need deeper analysis?

Get ATLAS technique mappings, compliance reports (ISO 42001, EU AI Act), breaking alerts, and full CISO analysis with a Pro subscription.

Start 14-Day Free Trial