AI Threat Alert
AI Security Threat Feed
Latest CVEs affecting AI/ML systems, updated continuously. Tracked from NVD, GitHub Advisory, and CISA KEV.
1,625
AI/ML CVEs Tracked
230
Critical
87
New This Week
16
In CISA KEV
Latest AI Security Threats
Showing 20 of 569 results — Medium severity Severity CVE ID Summary CVSS EPSS Package Date
MEDI E CVE-2024-9277 Langflow: ReDoS crashes LLM workflow backend via HTTP POST 6.5 0.2% langflow Sep 27 MEDI E CVE-2024-6845 ChatGPT WP Plugin: OpenAI API key leak via unauth REST 5.3 21.6% — Sep 25 MEDI E CVE-2024-8939 ilab/vllm: best_of param causes inference API DoS 6.2 0.0% — Sep 17 MEDI E CVE-2024-42474 Streamlit: path traversal leaks Windows NTLM hash 6.5 1.7% streamlit Aug 12 MEDI E CVE-2024-37146 Flowise: reflected XSS enables credential theft 6.1 0.3% flowise Jul 1 MEDI E CVE-2024-37145 Flowise: reflected XSS enables file read chain via chatflow 6.1 0.4% flowise Jul 1 MEDI E CVE-2024-36423 Flowise: reflected XSS in chatflow API enables session hijack 6.1 0.3% flowise Jul 1 MEDI E CVE-2024-36422 Flowise: reflected XSS enables session hijack and file read 6.1 0.2% flowise Jul 1 MEDI E CVE-2024-4940 Gradio: open redirect enables phishing against ML users 6.1 7.2% gradio Jun 22 MEDI E CVE-2024-2965 langchain-community: DoS via recursive sitemap loop 4.2 0.0% langchain Jun 6 MEDI E CVE-2024-5206 scikit-learn: TfidfVectorizer leaks training data tokens 4.7 0.0% scikit-learn Jun 6 MEDI E CVE-2024-3099 MLflow: URL encoding bypass enables model poisoning 5.4 0.1% mlflow Jun 6 MEDI E CVE-2024-4858 WP Testimonial Carousel: OpenAI API key hijack, no auth 5.3 0.2% — May 25 MEDI E CVE-2024-0451 wpbot: missing auth exposes OpenAI account files 5.0 0.4% wpbot May 22 MEDI E CVE-2024-4263 MLflow: broken access control allows artifact deletion 5.4 0.1% mlflow May 16 MEDI CVE-2024-31584 PyTorch: OOB read in mobile model loader leaks memory 5.5 0.1% pytorch Apr 19 MEDI E CVE-2024-31580 PyTorch: heap buffer overflow causes local DoS 4.0 0.0% pytorch Apr 17 MEDI CVE-2024-31462 stable-diffusion-webui: path traversal file write 6.3 0.2% — Apr 12 MEDI E CVE-2024-28224 Ollama: DNS rebinding exposes LLM API to remote access 6.6 0.2% ollama Apr 8 MEDI E CVE-2024-2206 Gradio: SSRF exposes internal HuggingFace endpoints 6.5 0.1% gradio Mar 27 Need deeper analysis?
Get ATLAS technique mappings, compliance reports (ISO 42001, EU AI Act), breaking alerts, and full CISO analysis with a Pro subscription.
Start 14-Day Free Trial