AI Threat Alert AI Threat Alert

AI Security Threat Feed

Latest CVEs affecting AI/ML systems, updated continuously. Tracked from NVD, GitHub Advisory, and CISA KEV.

1,604

AI/ML CVEs Tracked

225

Critical

78

New This Week

16

In CISA KEV

Sort: Date CVSS EPSS KEV first Most exploited
Filter: All Critical High Medium KEV only Active exploitation Has patch No patch

Latest AI Security Threats

Showing 20 of 570 results — Medium severity
MEDIUM

Ray: Redis password exposed via plaintext logging

CVE-2025-1979
6.4
EPSS 0.1%
Data Leakage Data Extraction Framework Training Data
ray Patch: 2.43.0 CWE-532 845 4 ATLAS
MEDIUM EXPLOIT AVAIL

picklescan: scanner bypass enables supply chain RCE

CVE-2025-1716
--
EPSS 16.2%
Supply Chain Code Execution Model Framework
picklescan Patch: 0.0.22 CWE-184 3 5 ATLAS
MEDIUM EXPLOIT AVAIL

picklescan: extension bypass enables RCE on model load

CVE-2025-1889
--
EPSS 0.1%
Supply Chain Code Execution Model Framework
picklescan Patch: 0.0.22 CWE-646 3 5 ATLAS
MEDIUM EXPLOIT AVAIL

Label Studio: reflected XSS via label_config param

CVE-2025-25296
6.1
EPSS 20.0%
Code Execution Data Extraction Training Data Framework
label-studio Patch: 1.16.0 CWE-79 1 4 ATLAS
MEDIUM

Jobify WP: missing authz allows OpenAI key abuse, SSRF

CVE-2024-13698
6.5
EPSS 0.5%
Auth Bypass DoS Data Extraction API Plugin
5 ATLAS
MEDIUM EXPLOIT AVAIL

Composio: command injection in AI agent tool calls

CVE-2024-53526
6.4
EPSS 0.8%
Code Execution Supply Chain Framework Agent API
CWE-77 5 ATLAS
MEDIUM EXPLOIT AVAIL

Keras: path traversal enables arbitrary file write

CVE-2024-55459
6.5
EPSS 0.1%
Supply Chain Code Execution Framework Training Data
keras CWE-22 1.5K 4 ATLAS
MEDIUM EXPLOIT AVAIL

WP Text Prompter: Stored XSS in OpenAI shortcode plugin

CVE-2024-11896
6.4
EPSS 0.1%
Code Execution Data Extraction Plugin API
4 ATLAS
MEDIUM

Giskard: ReDoS in text perturbation causes DoS

CVE-2024-52524
--
EPSS 2.0%
DoS Supply Chain Framework
CWE-1333 3 ATLAS
MEDIUM EXPLOIT AVAIL

Gradio: path traversal exposes arbitrary server files

CVE-2024-51751
6.5
EPSS 0.3%
Data Extraction Data Leakage Framework
gradio CWE-22 674 3 ATLAS
MEDIUM EXPLOIT AVAIL

Gradio: SSRF in DownloadButton exposes internal resources

CVE-2024-48052
6.5
EPSS 0.1%
Data Extraction Privacy Violation Framework Inference
gradio CWE-918 674 4 ATLAS
MEDIUM EXPLOIT AVAIL

Lollms: SVG upload XSS enables session hijack and RCE

CVE-2024-6581
6.5
EPSS 1.6%
Code Execution Data Leakage Social Engineering Framework API
lollms CWE-79 4 ATLAS
MEDIUM EXPLOIT AVAIL

lollms: path traversal allows arbitrary directory read

CVE-2024-6985
4.4
EPSS 0.1%
Data Extraction Auth Bypass Framework Agent
lollms CWE-23 4 ATLAS
MEDIUM

Gradio: stored XSS via malicious file upload

CVE-2024-47872
5.4
EPSS 0.3%
Data Extraction Privacy Violation Framework Inference
gradio CWE-79 674 5 ATLAS
MEDIUM

Gradio: monitoring endpoint bypass leaks app analytics

CVE-2024-47168
4.3
EPSS 0.2%
Data Leakage Privacy Violation Auth Bypass Framework Inference
gradio CWE-670 674 3 ATLAS
MEDIUM

Gradio: path traversal leaks custom component source

CVE-2024-47166
5.3
EPSS 0.2%
Data Extraction Data Leakage Framework
gradio CWE-22 674 4 ATLAS
MEDIUM

Gradio: CORS null origin bypass leaks auth tokens

CVE-2024-47165
5.4
EPSS 0.2%
Auth Bypass Data Extraction Framework API
gradio CWE-285 674 3 ATLAS
MEDIUM

Gradio: path traversal bypasses directory access controls

CVE-2024-47164
6.5
EPSS 0.2%
Data Extraction Auth Bypass Framework Inference
gradio CWE-22 674 5 ATLAS
MEDIUM

Gradio: Dropdown validation bypass enables arbitrary input

GHSA-26jh-r8g2-6fpr
5.3
Auth Bypass Code Execution Framework Inference API
gradio Patch: 5.0.0 674 3 ATLAS
MEDIUM EXPLOIT AVAIL

open-webui: path traversal → arbitrary file write/RCE

CVE-2024-7037
6.5
EPSS 2.3%
Code Execution Supply Chain Framework Plugin
open-webui CWE-22 4 ATLAS

Need deeper analysis?

Get ATLAS technique mappings, compliance reports (ISO 42001, EU AI Act), breaking alerts, and full CISO analysis with a Pro subscription.

Start 14-Day Free Trial