AI Threat Alert
AI Security Threat Feed
Latest CVEs affecting AI/ML systems, updated continuously. Tracked from NVD, GitHub Advisory, and CISA KEV.
1,631
AI/ML CVEs Tracked
230
Critical
89
New This Week
16
In CISA KEV
Latest AI Security Threats
Showing 20 of 569 results — Medium severity Severity CVE ID Summary CVSS EPSS Package Date
MEDI E CVE-2025-1716 picklescan: scanner bypass enables supply chain RCE — 16.2% picklescan Mar 3 MEDI E CVE-2025-1889 picklescan: extension bypass enables RCE on model load — 0.1% picklescan Mar 3 MEDI E CVE-2025-25296 Label Studio: reflected XSS via label_config param 6.1 20.0% label-studio Feb 14 MEDI CVE-2024-13698 Jobify WP: missing authz allows OpenAI key abuse, SSRF 6.5 0.5% — Jan 24 MEDI E CVE-2024-53526 Composio: command injection in AI agent tool calls 6.4 0.8% — Jan 8 MEDI E CVE-2024-55459 Keras: path traversal enables arbitrary file write 6.5 0.1% keras Jan 8 MEDI E CVE-2024-11896 WP Text Prompter: Stored XSS in OpenAI shortcode plugin 6.4 0.1% — Dec 24 MEDI CVE-2024-52524 Giskard: ReDoS in text perturbation causes DoS — 2.0% — Nov 14 MEDI E CVE-2024-51751 Gradio: path traversal exposes arbitrary server files 6.5 0.3% gradio Nov 6 MEDI E CVE-2024-48052 Gradio: SSRF in DownloadButton exposes internal resources 6.5 0.1% gradio Nov 4 MEDI E CVE-2024-6581 Lollms: SVG upload XSS enables session hijack and RCE 6.5 1.6% lollms Oct 29 MEDI E CVE-2024-6985 lollms: path traversal allows arbitrary directory read 4.4 0.1% lollms Oct 11 MEDI CVE-2024-47872 Gradio: stored XSS via malicious file upload 5.4 0.3% gradio Oct 10 MEDI CVE-2024-47168 Gradio: monitoring endpoint bypass leaks app analytics 4.3 0.2% gradio Oct 10 MEDI CVE-2024-47166 Gradio: path traversal leaks custom component source 5.3 0.2% gradio Oct 10 MEDI CVE-2024-47165 Gradio: CORS null origin bypass leaks auth tokens 5.4 0.2% gradio Oct 10 MEDI CVE-2024-47164 Gradio: path traversal bypasses directory access controls 6.5 0.2% gradio Oct 10 MEDI GHSA-26jh-r8g2-6fpr Gradio: Dropdown validation bypass enables arbitrary input 5.3 — gradio Oct 10 MEDI E CVE-2024-7037 open-webui: path traversal → arbitrary file write/RCE 6.5 2.3% open-webui Oct 9 MEDI E CVE-2024-7041 open-webui: IDOR enables cross-user memory tampering 6.5 0.1% open-webui Oct 9 Need deeper analysis?
Get ATLAS technique mappings, compliance reports (ISO 42001, EU AI Act), breaking alerts, and full CISO analysis with a Pro subscription.
Start 14-Day Free Trial