AI Threat Alert
AI Security Threat Feed
Latest CVEs affecting AI/ML systems, updated continuously. Tracked from NVD, GitHub Advisory, and CISA KEV.
AI/ML CVEs Tracked
Critical
New This Week
In CISA KEV
Weekly CISO Take + top threats
Get the week's most critical AI security threats delivered every Monday. Free, no spam.
Latest AI Security Threats
Showing 24 of 74 results — High severity, has patch CVE-2025-58755 MONAI does not prevent path traversal, potentially leading to arbitrary file writes
CVE-2025-6984 The langchain-ai/langchain project, specifically the EverNoteLoader component, is vulnerable to XML External Entity (XXE) attacks due to insecure XML parsing. The affected version is 0.3.63. The...
CVE-2025-5302 LlamaIndex affected by a Denial of Service (DOS) in JSONReader
CVE-2025-57809 XGrammar affected by Denial of Service by infinite recursion grammars
CVE-2025-9141 vLLM has remote code execution vulnerability in the tool call parser for Qwen3-Coder
GHSA-9gvj-pp9x-gcfr Picklescan has pickle parsing logic flaw that leads to malicious pickle file bypass
CVE-2025-30402 ExecuTorch vulnerable to Heap-based Buffer Overflow attack
CVE-2025-6209 LlamaIndex vulnerable to Path Traversal attack through its encode_image function
CVE-2025-47783 label-studio vulnerable to Cross-Site Scripting (Reflected) via the label_config parameter.
CVE-2025-1752 LlamaIndex Vulnerable to Denial of Service (DoS)
CVE-2025-46567 LLama Factory enables fine-tuning of large language models. Prior to version 1.0.0, a critical vulnerability exists in the `llamafy_baichuan2.py` script of the LLaMA-Factory project. The script...
CVE-2025-46417 Picklescan Vulnerable to Exfiltration via DNS via linecache and ssl.get_server_certificate
CVE-2025-0628 LiteLLM Has an Improper Authorization Vulnerability
CVE-2024-9606 LiteLLM Reveals Portion of API Key via a Logging File
CVE-2024-8984 LiteLLM Vulnerable to Denial of Service (DoS) via Crafted HTTP Request
CVE-2024-8060 Open WebUI allows Remote Code Execution via Arbitrary File Upload to /audio/api/v1/transcriptions
CVE-2024-7776 Open Neural Network Exchange (ONNX) Path Traversal Vulnerability
CVE-2024-7806 Open WebUI Cross-Site Request Forgery (CSRF) Vulnerability
GHSA-6wj5-5pgr-jwq8 Open WebUI Unauthenticated Multipart Boundary Denial of Service (DoS) Vulnerability in api/chat/file
CVE-2024-6982 LoLLMS Code Injection vulnerability
CVE-2024-10188 A vulnerability in BerriAI/litellm, as of commit 26c03c9, allows unauthenticated users to cause a Denial of Service (DoS) by exploiting the use of ast.literal_eval to parse user input. This function...
CVE-2025-25297 Label Studio allows Server-Side Request Forgery in the S3 Storage Endpoint
CVE-2024-5187 onnx allows Arbitrary File Overwrite in download_model_with_test_data
CVE-2018-8768 Jupyter Notebook file bypasses sanitization, executes JavaScript
Need deeper analysis?
Get ATLAS technique mappings, compliance reports (ISO 42001, EU AI Act), breaking alerts, and full CISO analysis with a Pro subscription.
Start 14-Day Free Trial