AI Threat Alert
AI Security Threat Feed
Latest CVEs affecting AI/ML systems, updated continuously. Tracked from NVD, GitHub Advisory, and CISA KEV.
AI/ML CVEs Tracked
Critical
New This Week
In CISA KEV
Latest AI Security Threats
Showing 20 of 1092 results — no patchvLLM: image hash collision enables multimodal cache leakage
CVE-2025-46722 vLLM: timing side-channel leaks prompt cache data
CVE-2025-46570 Gradio: CORS origin bypass in ML UI handler
CVE-2025-5320 llama-index-cli: OS command injection enables RCE
CVE-2025-1753 label-studio-ml: PyTorch .pt deserialization RCE in YOLO loader
CVE-2025-5173 vLLM: RCE via exposed TCPStore in distributed inference
CVE-2025-47277 transformers: ReDoS in testing_utils causes DoS
CVE-2025-2099 Ollama: DoS via malicious manifest in /api/pull
CVE-2025-1975 TensorFlow Serving: JSON recursion DoS on inference API
CVE-2025-0649 vLLM: pickle RCE in multi-node inference deployments
CVE-2025-30165 PyTorch NCCL: local DoS in distributed training reduce op
CVE-2025-4287 vLLM: DoS via quadratic multimodal tokenizer input
CVE-2025-46560 vLLM: RCE via pickle deserialization on ZeroMQ
CVE-2025-32444 vLLM: ZeroMQ socket exposure enables DoS in multi-node
CVE-2025-30202 transformers: ReDoS in GPT-NeoX Japanese tokenizer
CVE-2025-1194 n8n: stored XSS enables account takeover
CVE-2025-46343 PyTorch: RCE bypasses weights_only=True safe-load guard
CVE-2025-32434 PyTorch: DoS via ctc_loss resource mishandling
CVE-2025-3730 BentoML: RCE via insecure deserialization in runner
CVE-2025-32375 Langflow: Unauth RCE via code injection endpoint
CVE-2025-3248 Need deeper analysis?
Get ATLAS technique mappings, compliance reports (ISO 42001, EU AI Act), breaking alerts, and full CISO analysis with a Pro subscription.
Start 14-Day Free Trial