AI Threat Alert

AI Security Threat Feed

Latest CVEs affecting AI/ML systems, updated continuously. Tracked from NVD, GitHub Advisory, and CISA KEV.

1,140

AI/ML CVEs Tracked

171

Critical

228

New This Week

2

In CISA KEV

Weekly CISO Take + top threats

Get the week's most critical AI security threats delivered every Monday. Free, no spam.

Sort: Date CVSS EPSS KEV first
Filter: All Critical High Medium KEV only Has patch No patch

Latest AI Security Threats

Showing 50 of 167 results — has patch
MEDIUM GHSA-cffc-mxrf-mhh4

Picklescan is vulnerable to RCE via missing detection when calling numpy.f2py.crackfortran.param_eval

picklescan Patch: 0.0.33 CWE-94
View details
HIGH GHSA-3329-ghmp-jmv5

Picklescan is vulnerable to RCE through missing detection when calling numpy.f2py.crackfortran.myeval

picklescan Patch: 0.0.33 CWE-94
View details
HIGH GHSA-x843-g5mx-g377

Picklescan is vulnerable to RCE through missing detection when calling built-in python operator.methodcaller

picklescan Patch: 0.0.33 CWE-94
View details
HIGH GHSA-r8g5-cgf2-4m4m

Picklescan missing detection when calling numpy.f2py.crackfortran.getlincoef

picklescan Patch: 0.0.33 CWE-502
View details
HIGH GHSA-hgrh-qx5j-jfwx

Picklescan Bypasses Unsafe Globals Check using pty.spawn

CVSS 8.8 picklescan Patch: 0.0.33 CWE-693
View details
HIGH GHSA-vqmv-47xg-9wpr

Picklescan missing detection when calling pty.spawn

picklescan Patch: 0.0.33 CWE-502
View details
HIGH GHSA-84r2-jw7c-4r5q

Picklescan has Incomplete List of Disallowed Inputs

picklescan Patch: 0.0.33 CWE-184
View details
HIGH GHSA-4675-36f9-wf6r

Picklescan does not block ctypes

picklescan Patch: 0.0.33 CWE-184
View details
HIGH GHSA-m273-6v24-x4m4

Picklescan vulnerable to Arbitrary File Writing

picklescan Patch: 0.0.33 CWE-502
View details
HIGH CVE-2025-67748

Fickling has Code Injection vulnerability via pty.spawn()

EPSS 0.0% fickling Patch: 0.1.6 CWE-94
View details
HIGH CVE-2025-67747

Fickling has missing detection for marshal.loads and types.FunctionType in unsafe modules list

EPSS 0.1% fickling Patch: 0.1.6 CWE-184
View details
HIGH CVE-2025-65958

Open WebUI vulnerable to Server-Side Request Forgery (SSRF) via Arbitrary URL Processing in /api/v1/retrieval/process/web

CVSS 8.5 EPSS 0.0% open-webui Patch: 0.6.37 CWE-918
View details
CRITICAL CVE-2025-62593

Ray is vulnerable to Critical RCE via Safari & Firefox Browsers through DNS Rebinding Attack

EPSS 0.0% ray Patch: 2.52.0 CWE-94
View details
HIGH CVE-2025-65106

LangChain is a framework for building agents and LLM-powered applications. From versions 0.3.79 and prior and 1.0.0 to 1.0.6, a template injection vulnerability exists in LangChain's prompt template...

EPSS 0.1% langchain-core Patch: 1.0.7 CWE-1336
View details
HIGH CVE-2025-64496

Open WebUI Affected by an External Model Server (Direct Connections) Code Injection via SSE Events

CVSS 7.3 EPSS 0.2% open-webui Patch: 0.6.35 CWE-95
View details
HIGH CVE-2025-64495

Open WebUI vulnerable to Stored DOM XSS via prompts when 'Insert Prompt as Rich Text' is enabled resulting in ATO/RCE

CVSS 8.7 EPSS 0.0% open-webui Patch: 0.6.35 CWE-79
View details
CRITICAL CVE-2025-12060

The keras.utils.get_file API in Keras, when used with the extract=True option for tar archives, is vulnerable to a path traversal attack. The utility uses Python's tarfile.extractall function without...

CVSS 9.8 EPSS 0.1% keras Patch: 3.12.0 CWE-22
View details
MEDIUM CVE-2025-12058

The Keras.Model.load_model method, including when executed with the intended security mitigation safe_mode=True, is vulnerable to arbitrary local file loading and Server-Side Request Forgery (SSRF)....

EPSS 0.1% keras Patch: 3.12.0 CWE-502
View details
CRITICAL CVE-2025-49655

Deserialization of untrusted data can occur in versions of the Keras framework running versions 3.11.0 up to but not including 3.11.3, enabling a maliciously uploaded Keras file containing a...

CVSS 9.8 EPSS 0.0% keras Patch: 3.11.3 CWE-502
View details
HIGH CVE-2025-7707

llama-index has Insecure Temporary File

CVSS 7.1 EPSS 0.0% llama-index Patch: 0.13.0 CWE-377
View details
MEDIUM CVE-2025-61620

vLLM: Resource-Exhaustion (DoS) through Malicious Jinja Template in OpenAI-Compatible Server

CVSS 6.5 vllm Patch: 0.11.0 CWE-20
View details
HIGH CVE-2025-6242

A Server-Side Request Forgery (SSRF) vulnerability exists in the MediaConnector class within the vLLM project's multimodal feature set. The load_from_url and load_from_url_async methods fetch and...

CVSS 7.1 EPSS 0.0% vllm Patch: 0.11.0 CWE-601
View details
HIGH CVE-2025-61784

LLaMA-Factory is a tuning library for large language models. Prior to version 0.9.4, a Server-Side Request Forgery (SSRF) vulnerability in the chat API allows any authenticated user to force the...

CVSS 8.1 EPSS 0.1% llamafactory Patch: 0.9.4 CWE-918
View details
MEDIUM CVE-2025-8917

clearml is vulnerable to Path Traversal through its `safe_extract` function

CVSS 5.8 EPSS 0.0% clearml Patch: 2.0.2 CWE-22
View details
HIGH CVE-2025-7647

llama-index-core insecurely handles temporary files

CVSS 7.3 EPSS 0.0% llama-index-core Patch: 0.13.0 CWE-378
View details
HIGH CVE-2025-10156

Picklescan: ZIP archive scan bypass is possible through non-exhaustive Cyclic Redundancy Check

CVSS 7.5 EPSS 0.4% picklescan Patch: 0.0.31 CWE-693
View details
HIGH CVE-2025-10157

Picklescan is Vulnerable to Unsafe Globals Check Bypass through Subclass Imports

CVSS 8.3 EPSS 0.1% picklescan Patch: 0.0.31 CWE-693
View details
HIGH CVE-2025-58757

Monai: Unsafe use of Pickle deserialization may lead to RCE

CVSS 8.8 EPSS 0.6% monai Patch: 1.5.1 CWE-502
View details
HIGH CVE-2025-58756

MONAI: Unsafe torch usage may lead to arbitrary code execution

CVSS 8.8 EPSS 1.2% monai Patch: 1.5.1 CWE-502
View details
HIGH CVE-2025-58755

MONAI does not prevent path traversal, potentially leading to arbitrary file writes

CVSS 8.8 EPSS 0.1% monai Patch: 1.5.1 CWE-22
View details
MEDIUM CVE-2025-58446

xgrammar vulnerable to denial of service by huge enum grammar

EPSS 0.1% xgrammar Patch: 0.1.24 CWE-770
View details
HIGH CVE-2025-6984

The langchain-ai/langchain project, specifically the EverNoteLoader component, is vulnerable to XML External Entity (XXE) attacks due to insecure XML parsing. The affected version is 0.3.63. The...

CVSS 7.5 EPSS 2.1% langchain-community Patch: 0.3.27 CWE-200
View details
MEDIUM GHSA-q77w-mwjj-7mqx

Picklescan is missing detection when calling built-in python library asyncio.unix_events._UnixSubprocessTransport._start

picklescan Patch: 0.0.30
View details
MEDIUM GHSA-49gj-c84q-6qm9

Picklescan is missing detection when calling built-in python cProfile.run

picklescan Patch: 0.0.30
View details
MEDIUM GHSA-9w88-8rmg-7g2p

Picklescan is missing detection when calling built-in python cProfile.runctx

picklescan Patch: 0.0.30
View details
MEDIUM GHSA-fqq6-7vqf-w3fg

Picklescan is missing detection when calling built-in python doctest.debug_script

picklescan Patch: 0.0.30
View details
MEDIUM GHSA-3gf5-cxq9-w223

Picklescan is missing detection when calling built-in python idlelib.pyshell.ModifiedInterpreter.runcode

picklescan Patch: 0.0.30
View details
MEDIUM GHSA-j343-8v2j-ff7w

Picklescan is missing detection when calling built-in python idlelib.pyshell.ModifiedInterpreter.runcommand

picklescan Patch: 0.0.30
View details
MEDIUM GHSA-m869-42cg-3xwr

Picklescan is missing detection when calling built-in python idlelib.run.Executive.runcode

picklescan Patch: 0.0.30
View details
MEDIUM GHSA-p9w7-82w4-7q8m

Picklescan is missing detection when calling built-in python lib2to3.pgen2.pgen.ParserGenerator.make_label

picklescan Patch: 0.0.30
View details
MEDIUM GHSA-xp4f-hrf8-rxw7

Picklescan is missing detection when calling built-in python ensurepip._run_pip

picklescan Patch: 0.0.30
View details
MEDIUM GHSA-4whj-rm5r-c2v8

Picklescan is missing detection when calling pytorch function torch.utils.bottleneck.__main__.run_autograd_prof

picklescan Patch: 0.0.30
View details
MEDIUM GHSA-9xph-j2h6-g47v

Picklescan has a missing detection when calling built-in python library idlelib.calltip.get_entity

picklescan Patch: 0.0.29
View details
MEDIUM GHSA-8r4j-24qv-fmq9

Picklescan has a missing detection when calling built-in python idlelib.calltip.Calltip

picklescan Patch: 0.0.29
View details
MEDIUM GHSA-cj3c-v495-4xqh

Picklescan has a missing detection when calling built-in python code.InteractiveInterpreter

picklescan Patch: 0.0.29
View details
MEDIUM GHSA-7cq8-mj8x-j263

Picklescan has a missing detection when calling built-in python idlelib.autocomplete.AutoComplete.fetch_completions

picklescan Patch: 0.0.29
View details
MEDIUM GHSA-6w4w-5w54-rjvr

Picklescan has a missing detection when calling built-in python idlelib.autocomplete.AutoComplete.get_entity

picklescan Patch: 0.0.29
View details
MEDIUM GHSA-3vg9-h568-4w9m

Picklescan has a missing detection when calling built-in python idlelib.debugobj.ObjectTreeItem

picklescan Patch: 0.0.29
View details
MEDIUM GHSA-f54q-57x4-jg88

Picklescan has a missing detection when calling built-in python lib2to3.pgen2.grammar.Grammar.loads

picklescan Patch: 0.0.29
View details
MEDIUM GHSA-6vqj-c2q5-j97w

Picklescan has a missing detection when calling built-in python profile.Profile.runctx

picklescan Patch: 0.0.29
View details

Need deeper analysis?

Get ATLAS technique mappings, compliance reports (ISO 42001, EU AI Act), breaking alerts, and full CISO analysis with a Pro subscription.

Start 14-Day Free Trial