AI Threat Alert AI Threat Alert

AI Security Threat Feed

Latest CVEs affecting AI/ML systems, updated continuously. Tracked from NVD, GitHub Advisory, and CISA KEV.

1,631

AI/ML CVEs Tracked

230

Critical

89

New This Week

16

In CISA KEV

Sort: Date CVSS EPSS KEV first Most exploited
Filter: All Critical High Medium KEV only Active exploitation Has patch No patch

Latest AI Security Threats

Showing 20 of 569 results — Medium severity
Severity CVE ID Summary CVSS EPSS Package Date
MEDI E CVE-2025-2953 PyTorch: DoS via mkldnn_max_pool2d resource leak 5.5 0.1% pytorch Mar 30 MEDI E CVE-2025-26265 openairinterface5g: segfault enables DoS via crafted UE message 6.5 0.9% openairinterface5g Mar 27 MEDI E CVE-2025-0508 SageMaker SDK: MD5 collision silently replaces ML workflows 5.9 0.1% sagemaker Mar 20 MEDI E CVE-2024-7045 open-webui: missing authz exposes admin prompts 4.3 0.2% open-webui Mar 20 MEDI E CVE-2024-7035 Open WebUI: CSRF wipes RAG DB and AI memories via GET 6.9 0.1% open-webui Mar 20 MEDI E CVE-2024-7046 Open WebUI: missing authz leaks admin credentials 4.3 0.2% open-webui Mar 20 MEDI E CVE-2024-7044 Open WebUI: Stored XSS via file upload, session hijack 6.8 0.2% open-webui Mar 20 MEDI E CVE-2024-7033 open-webui: path traversal allows file write and RCE 6.5 1.3% open-webui Mar 20 MEDI E CVE-2024-7034 open-webui: path traversal allows arbitrary file write/RCE 6.5 6.7% open-webui Mar 20 MEDI E CVE-2024-12910 llama-index: DoS via infinite recursion in web reader 5.9 0.4% llama-index Mar 20 MEDI GHSA-564p-rx2q-4c8v BentoML: open redirect exposes ML teams to phishing 6.1 bentoml Mar 20 MEDI E CVE-2025-1474 MLflow: passwordless accounts enable persistent backdoor 5.5 0.1% mlflow Mar 20 MEDI E CVE-2024-8021 Gradio: open redirect exposes AI demo users to phishing 6.1 2.4% gradio Mar 20 MEDI E CVE-2024-6838 MLflow: unconstrained input causes UI denial of service 5.3 0.6% mlflow Mar 20 MEDI E CVE-2024-6577 TorchServe: unverified S3 bucket exposes benchmark data 6.3 0.2% Mar 20 MEDI E CVE-2024-12217 Gradio: NTFS ADS bypass exposes blocked file paths 5.3 0.3% gradio Mar 20 MEDI E CVE-2024-10940 langchain-core: file read via prompt template inputs 5.3 0.3% langchain-core Mar 20 MEDI E CVE-2025-29770 vLLM: DoS via unbounded grammar cache exhausts disk 6.5 0.7% vllm Mar 19 MEDI E CVE-2025-1944 picklescan: ZIP spoof lets malicious PyTorch models bypass scan 6.5 0.1% picklescan Mar 10 MEDI CVE-2025-1979 Ray: Redis password exposed via plaintext logging 6.4 0.1% ray Mar 6

Need deeper analysis?

Get ATLAS technique mappings, compliance reports (ISO 42001, EU AI Act), breaking alerts, and full CISO analysis with a Pro subscription.

Start 14-Day Free Trial