AI Threat Alert AI Threat Alert

AI Security Threat Feed

Latest CVEs affecting AI/ML systems, updated continuously. Tracked from NVD, GitHub Advisory, and CISA KEV.

1,616

AI/ML CVEs Tracked

226

Critical

87

New This Week

16

In CISA KEV

Sort: Date CVSS EPSS KEV first Most exploited
Filter: All Critical High Medium KEV only Active exploitation Has patch No patch

Latest AI Security Threats

Showing 20 of 693 results — High severity
Severity CVE ID Summary CVSS EPSS Package Date
HIGH GHSA-w466-2wfc-8g58 open-webui: DoS via starlette memory exhaustion 7.5 open-webui Mar 20 HIGH E CVE-2024-12537 Open-WebUI: unauthenticated DoS via code formatter 7.5 2.7% open-webui Mar 20 HIGH E CVE-2024-12534 open-webui: unauthenticated DoS via login payload flood 7.5 0.6% open-webui Mar 20 HIGH GHSA-hh3j-9m59-p8vc BentoML: DoS via multipart boundary in Gradio login 7.5 bentoml Mar 20 HIGH E CVE-2024-10572 H2O-3: unauthenticated AST parser enables DoS + file write 7.5 0.4% Mar 20 HIGH E CVE-2025-1473 MLflow: CSRF in signup allows rogue account creation 7.1 0.2% mlflow Mar 20 HIGH E CVE-2025-0453 MLflow: GraphQL DoS disables ML tracking server 7.5 0.3% mlflow Mar 20 HIGH E CVE-2025-0317 Ollama: DoS via malicious GGUF model file upload 7.5 2.9% ollama Mar 20 HIGH E CVE-2025-0315 Ollama: GGUF model upload causes memory exhaustion DoS 7.5 0.1% ollama Mar 20 HIGH E CVE-2025-0312 Ollama: null pointer DoS via malicious GGUF model upload 7.5 0.2% ollama Mar 20 HIGH E CVE-2024-9056 BentoML: DoS via multipart boundary exhausts server 7.5 0.3% bentoml Mar 20 HIGH E CVE-2024-8966 Gradio: DoS via malformed multipart boundary 7.5 0.3% video Mar 20 HIGH E CVE-2024-8859 MLflow: path traversal allows arbitrary file read via DBFS 7.5 25.7% mlflow Mar 20 HIGH E CVE-2024-8063 ollama: divide-by-zero DoS via crafted GGUF model import 7.5 0.1% ollama Mar 20 HIGH E CVE-2024-7959 Open-WebUI: SSRF via unchecked OpenAI URL leaks internal secrets 7.7 0.5% open-webui Mar 20 HIGH E CVE-2024-12911 llama-index: SQLi+DoS via prompt injection in query engine 7.1 0.3% llamaindex Mar 20 HIGH E CVE-2024-12720 Transformers: ReDoS in Nougat tokenizer causes DoS 7.5 0.2% transformers Mar 20 HIGH E CVE-2024-12704 llama-index: DoS via infinite loop in LangChain LLM 7.5 0.4% llamaindex Mar 20 HIGH E CVE-2024-12055 Ollama: DoS via malicious gguf model file upload 7.5 0.1% ollama Mar 20 HIGH E CVE-2024-11031 GPT Academic: SSRF in Markdown plugin leaks credentials 7.5 0.2% gpt_academic Mar 20

Need deeper analysis?

Get ATLAS technique mappings, compliance reports (ISO 42001, EU AI Act), breaking alerts, and full CISO analysis with a Pro subscription.

Start 14-Day Free Trial