AI Threat Alert
AI Security Threat Feed
Latest CVEs affecting AI/ML systems, updated continuously. Tracked from NVD, GitHub Advisory, and CISA KEV.
AI/ML CVEs Tracked
Critical
New This Week
In CISA KEV
Latest AI Security Threats
Showing 20 of 684 results — High severityOllama: null pointer DoS via malicious GGUF model upload
CVE-2025-0312 BentoML: DoS via multipart boundary exhausts server
CVE-2024-9056 Gradio: DoS via malformed multipart boundary
CVE-2024-8966 MLflow: path traversal allows arbitrary file read via DBFS
CVE-2024-8859 ollama: divide-by-zero DoS via crafted GGUF model import
CVE-2024-8063 Open-WebUI: SSRF via unchecked OpenAI URL leaks internal secrets
CVE-2024-7959 llama-index: SQLi+DoS via prompt injection in query engine
CVE-2024-12911 Transformers: ReDoS in Nougat tokenizer causes DoS
CVE-2024-12720 llama-index: DoS via infinite loop in LangChain LLM
CVE-2024-12704 Ollama: DoS via malicious gguf model file upload
CVE-2024-12055 GPT Academic: SSRF in Markdown plugin leaks credentials
CVE-2024-11031 GPT Academic: SSRF via unsanitized HotReload plugin
CVE-2024-11030 Gradio: path traversal enables arbitrary file deletion DoS
CVE-2024-10648 Gradio: ReDoS in DateTime causes CPU exhaustion DoS
CVE-2024-10624 Gradio: zip bomb DoS via dataframe CSV upload
CVE-2024-10569 litellm: unauthenticated DoS crashes LLM proxy server
CVE-2024-10188 PyTorch: memory corruption in JIT profiler callback handler
CVE-2025-2148 gpt_academic: symlink traversal exposes all server files
CVE-2025-25185 Label Studio: SSRF via S3 endpoint exposes internal services
CVE-2025-25297 Label Studio SDK: path traversal leaks server filesystem
CVE-2025-25295 Need deeper analysis?
Get ATLAS technique mappings, compliance reports (ISO 42001, EU AI Act), breaking alerts, and full CISO analysis with a Pro subscription.
Start 14-Day Free Trial