AI Threat Alert AI Threat Alert

AI Security Threat Feed

Latest CVEs affecting AI/ML systems, updated continuously. Tracked from NVD, GitHub Advisory, and CISA KEV.

1,616

AI/ML CVEs Tracked

226

Critical

87

New This Week

16

In CISA KEV

Sort: Date CVSS EPSS KEV first Most exploited
Filter: All Critical High Medium KEV only Active exploitation Has patch No patch

Latest AI Security Threats

Showing 20 of 693 results — High severity
Severity CVE ID Summary CVSS EPSS Package Date
HIGH E CVE-2024-11030 GPT Academic: SSRF via unsanitized HotReload plugin 7.5 0.3% gpt_academic Mar 20 HIGH E CVE-2024-10648 Gradio: path traversal enables arbitrary file deletion DoS 8.2 0.3% gradio Mar 20 HIGH E CVE-2024-10624 Gradio: ReDoS in DateTime causes CPU exhaustion DoS 7.5 0.8% gradio Mar 20 HIGH E CVE-2024-10569 Gradio: zip bomb DoS via dataframe CSV upload 7.5 0.5% gradio Mar 20 HIGH CVE-2024-10188 litellm: unauthenticated DoS crashes LLM proxy server 7.5 0.3% litellm Mar 20 HIGH E CVE-2025-2148 PyTorch: memory corruption in JIT profiler callback handler 7.5 0.1% pytorch Mar 10 HIGH E CVE-2025-25185 gpt_academic: symlink traversal exposes all server files 7.5 0.6% gpt_academic Mar 3 HIGH CVE-2025-25297 Label Studio: SSRF via S3 endpoint exposes internal services 8.6 0.1% label-studio Feb 14 HIGH E CVE-2025-25295 Label Studio SDK: path traversal leaks server filesystem 0.1% label-studio-sdk Feb 14 HIGH CVE-2025-24357 vLLM: unsafe deserialization RCE via model loading 8.8 1.0% vllm Jan 27 HIGH CVE-2025-23205 nbgrader: Clickjacking exposes formgrader via IFrame 0.3% Jan 17 HIGH E CVE-2025-23042 Gradio: ACL bypass via path case manipulation 7.5 0.1% gradio Jan 14 HIGH E CVE-2024-32965 Lobe Chat: pre-auth SSRF leaks OpenAI API keys 8.6 0.2% Nov 26 HIGH CVE-2024-27134 MLflow: local privilege escalation via spark_udf ToCToU 7.0 0.0% mlflow Nov 25 HIGH E CVE-2024-11394 Transformers: RCE via Trax model deserialization 8.8 65.0% transformers Nov 22 HIGH E CVE-2024-11393 Transformers: RCE via MaskFormer model deserialization 8.8 79.5% transformers Nov 22 HIGH E CVE-2024-11392 HuggingFace Transformers: RCE via config deserialization 8.8 59.3% transformers Nov 22 HIGH E CVE-2024-21799 Intel Extension for Transformers: path traversal privesc 7.1 0.1% Nov 13 HIGH CVE-2024-49048 TorchGeo: RCE via code injection in geospatial ML lib 8.1 0.6% Nov 12 HIGH CVE-2024-43598 LightGBM: heap buffer overflow enables network RCE 8.1 1.7% lightgbm Nov 12

Need deeper analysis?

Get ATLAS technique mappings, compliance reports (ISO 42001, EU AI Act), breaking alerts, and full CISO analysis with a Pro subscription.

Start 14-Day Free Trial