AI Threat Alert AI Threat Alert

AI Security Threat Feed

Latest CVEs affecting AI/ML systems, updated continuously. Tracked from NVD, GitHub Advisory, and CISA KEV.

1,604

AI/ML CVEs Tracked

225

Critical

78

New This Week

16

In CISA KEV

Sort: Date CVSS EPSS KEV first Most exploited
Filter: All Critical High Medium KEV only Active exploitation Has patch No patch

Latest AI Security Threats

Showing 20 of 684 results — High severity
HIGH

vLLM: unsafe deserialization RCE via model loading

CVE-2025-24357
8.8
EPSS 1.0%
Supply Chain Code Execution Framework Inference Model
vllm CWE-502 127 5 ATLAS
HIGH

nbgrader: Clickjacking exposes formgrader via IFrame

CVE-2025-23205
--
EPSS 0.3%
Data Extraction Social Engineering Auth Bypass Framework
CWE-668 4 ATLAS
HIGH EXPLOIT AVAIL

Gradio: ACL bypass via path case manipulation

CVE-2025-23042
7.5
EPSS 0.1%
Auth Bypass Data Extraction Framework API
gradio CWE-178 679 4 ATLAS
HIGH EXPLOIT AVAIL

Lobe Chat: pre-auth SSRF leaks OpenAI API keys

CVE-2024-32965
8.6
EPSS 0.2%
Data Extraction Auth Bypass API Framework
6 ATLAS
HIGH

MLflow: local privilege escalation via spark_udf ToCToU

CVE-2024-27134
7.0
EPSS 0.0%
Code Execution Auth Bypass Framework Training Data
mlflow CWE-276 624 5 ATLAS
HIGH EXPLOIT AVAIL

Transformers: RCE via Trax model deserialization

CVE-2024-11394
8.8
EPSS 65.0%
Code Execution Supply Chain Framework Model
transformers CWE-502 7.9K 6 ATLAS
HIGH EXPLOIT AVAIL

Transformers: RCE via MaskFormer model deserialization

CVE-2024-11393
8.8
EPSS 79.5%
Code Execution Supply Chain Framework Model
transformers CWE-502 7.9K 6 ATLAS
HIGH EXPLOIT AVAIL

HuggingFace Transformers: RCE via config deserialization

CVE-2024-11392
8.8
EPSS 59.3%
Supply Chain Code Execution Framework Model
transformers CWE-502 7.9K 6 ATLAS
HIGH EXPLOIT AVAIL

Intel Extension for Transformers: path traversal privesc

CVE-2024-21799
7.1
EPSS 0.1%
Code Execution Supply Chain Framework
4 ATLAS
HIGH

TorchGeo: RCE via code injection in geospatial ML lib

CVE-2024-49048
8.1
EPSS 0.6%
Code Execution Supply Chain Framework Training Data
CWE-94 5 ATLAS
HIGH

LightGBM: heap buffer overflow enables network RCE

CVE-2024-43598
8.1
EPSS 1.7%
Code Execution Supply Chain Framework Inference Training Data
lightgbm CWE-122 991 4 ATLAS
HIGH EXPLOIT AVAIL

Ollama: path traversal exposes server filesystem

CVE-2024-39722
7.5
EPSS 62.2%
Data Extraction Data Leakage Inference API
ollama 1.5K 4 ATLAS
HIGH EXPLOIT AVAIL

Ollama: DoS via /dev/random causes goroutine exhaustion

CVE-2024-39721
7.5
EPSS 0.3%
DoS Inference API Framework
ollama 1.5K 3 ATLAS
HIGH EXPLOIT AVAIL

Ollama: OOB read in GGUF parser enables remote DoS

CVE-2024-39720
8.2
EPSS 0.3%
DoS Code Execution Inference Framework
ollama 1.5K 3 ATLAS
HIGH EXPLOIT AVAIL

Ollama: file existence oracle via api/create errors

CVE-2024-39719
7.5
EPSS 44.5%
Data Extraction Privacy Violation Inference API
ollama 1.5K 4 ATLAS
HIGH

Gradio: race condition enables backend URL hijacking

CVE-2024-47870
8.1
EPSS 0.2%
Data Extraction Privacy Violation Auth Bypass Framework Inference
gradio CWE-362 679 4 ATLAS
HIGH EXPLOIT AVAIL

Gradio: path traversal leaks arbitrary server files

CVE-2024-47868
7.5
EPSS 0.2%
Data Extraction Data Leakage Framework Inference
gradio CWE-22 679 5 ATLAS
HIGH

Gradio: no integrity check on FRP binary, supply chain RCE

CVE-2024-47867
7.5
EPSS 0.2%
Supply Chain Code Execution Framework
gradio CWE-345 679 3 ATLAS
HIGH

Gradio: CORS bypass exposes local instances to credential theft

CVE-2024-47084
8.3
EPSS 0.1%
Auth Bypass Data Extraction Data Leakage Framework Inference
gradio CWE-285 679 5 ATLAS
HIGH EXPLOIT AVAIL SCANNER

AYS ChatGPT WP Plugin: auth bypass disables AI service

CVE-2024-7714
7.5
EPSS 23.9%
Auth Bypass Data Leakage DoS Plugin API
4 ATLAS 1 incident

Need deeper analysis?

Get ATLAS technique mappings, compliance reports (ISO 42001, EU AI Act), breaking alerts, and full CISO analysis with a Pro subscription.

Start 14-Day Free Trial