AI Threat Alert AI Threat Alert

AI Security Threat Feed

Latest CVEs affecting AI/ML systems, updated continuously. Tracked from NVD, GitHub Advisory, and CISA KEV.

1,604

AI/ML CVEs Tracked

225

Critical

76

New This Week

16

In CISA KEV

Sort: Date CVSS EPSS KEV first Most exploited
Filter: All Critical High Medium KEV only Active exploitation Has patch No patch

Latest AI Security Threats

Showing 20 of 1092 results — no patch
CRITICAL EXPLOIT AVAIL

BentoML: unauthenticated RCE via insecure deserialization

CVE-2025-27520
9.8
EPSS 81.0%
Code Execution Supply Chain Framework Inference
bentoml CWE-502 23 5 ATLAS
HIGH EXPLOIT AVAIL

jupyterlab-git: command injection via malicious repo name

CVE-2025-30370
7.4
EPSS 0.1%
Code Execution Supply Chain Framework Plugin
CWE-78 4 ATLAS
LOW EXPLOIT AVAIL

PyTorch: memory corruption in CUDA caching allocator

CVE-2025-3136
3.3
EPSS 0.1%
DoS Framework Inference
pytorch CWE-787 21.9K 2 ATLAS
MEDIUM EXPLOIT AVAIL

PyTorch: memory corruption in JIT flatbuffer loader

CVE-2025-3121
5.5
EPSS 0.1%
DoS Supply Chain Framework Inference
pytorch 21.9K 3 ATLAS
MEDIUM

OpenAI WP Plugin: broken access control on AI settings

CVE-2025-31843
4.3
EPSS 0.2%
Auth Bypass DoS Plugin API
3 ATLAS
MEDIUM EXPLOIT AVAIL

PyTorch: lstm_cell memory corruption, local code exec

CVE-2025-3001
5.3
EPSS 0.1%
Code Execution DoS Framework
pytorch 21.9K 3 ATLAS
MEDIUM EXPLOIT AVAIL

PyTorch: memory corruption in torch.jit.script compiler

CVE-2025-3000
5.3
EPSS 0.1%
Code Execution Supply Chain Framework Inference
pytorch 21.9K 3 ATLAS
MEDIUM EXPLOIT AVAIL

PyTorch: memory corruption in RNN sequence unpacking

CVE-2025-2999
5.3
EPSS 0.1%
Code Execution Data Extraction Supply Chain Framework Training Data Inference
pytorch 21.9K 3 ATLAS
MEDIUM EXPLOIT AVAIL

PyTorch: memory corruption in RNN pad_packed_sequence

CVE-2025-2998
5.3
EPSS 0.1%
Code Execution Supply Chain DoS Framework Training Data
pytorch 21.9K 3 ATLAS
MEDIUM EXPLOIT AVAIL

PyTorch: DoS via mkldnn_max_pool2d resource leak

CVE-2025-2953
5.5
EPSS 0.1%
DoS Supply Chain Framework Inference Model
pytorch CWE-404 21.9K 3 ATLAS
MEDIUM EXPLOIT AVAIL

openairinterface5g: segfault enables DoS via crafted UE message

CVE-2025-26265
6.5
EPSS 0.9%
DoS Inference
openairinterface5g 13.8K 2 ATLAS
HIGH

Mesop: class pollution enables DoS and LLM jailbreak

CVE-2025-30358
8.1
EPSS 2.4%
Jailbreak DoS Auth Bypass Framework Agent
CWE-915 6 ATLAS
CRITICAL EXPLOIT AVAIL

InvokeAI: RCE via unsafe torch.load deserialization

CVE-2024-12029
9.8
EPSS 44.2%
Code Execution Supply Chain Framework Model
CWE-502 5 ATLAS
HIGH EXPLOIT AVAIL

LiteLLM: Langfuse API key leak via error handling

CVE-2025-0330
7.5
EPSS 0.5%
Data Leakage Auth Bypass Data Extraction Framework API Inference
litellm CWE-1230 4 4 ATLAS
HIGH

open-webui: DoS via unauthenticated multipart parsing

GHSA-5ccf-884p-4jjq
7.5
DoS Inference RAG Framework
open-webui CWE-400 3 ATLAS
CRITICAL

vLLM: RCE via pickle deserialization in distributed API

CVE-2024-9052
9.8
EPSS 0.3%
Code Execution Supply Chain Framework Inference
vllm CWE-502 127 3 ATLAS
HIGH EXPLOIT AVAIL

open-webui: Stored XSS enables admin session hijack

CVE-2024-7990
8.4
EPSS 0.3%
Code Execution Data Extraction Auth Bypass Framework API
open-webui CWE-79 3 ATLAS
HIGH EXPLOIT AVAIL

open-webui: unauthenticated DoS via markdown parser

CVE-2024-7983
7.5
EPSS 0.4%
DoS Auth Bypass API Framework
open-webui CWE-400 3 ATLAS
HIGH EXPLOIT AVAIL

pytorch-lightning: unauthenticated DoS crashes LightningApp

CVE-2024-8020
7.5
EPSS 0.1%
DoS Framework API
pytorch-lightning CWE-248 1.6K 3 ATLAS
HIGH EXPLOIT AVAIL

Open-WebUI: unauthenticated PDF endpoint enables DoS

CVE-2024-8053
7.5
EPSS 0.7%
Auth Bypass DoS API Inference
open-webui CWE-287 3 ATLAS

Need deeper analysis?

Get ATLAS technique mappings, compliance reports (ISO 42001, EU AI Act), breaking alerts, and full CISO analysis with a Pro subscription.

Start 14-Day Free Trial