AI Threat Alert

AI Security Threat Feed

Latest CVEs affecting AI/ML systems, updated continuously. Tracked from NVD, GitHub Advisory, and CISA KEV.

1,140

AI/ML CVEs Tracked

171

Critical

228

New This Week

2

In CISA KEV

Weekly CISO Take + top threats

Get the week's most critical AI security threats delivered every Monday. Free, no spam.

Sort: Date CVSS EPSS KEV first

Filter: All Critical High Medium KEV only Has patch No patch

Latest AI Security Threats

Showing 50 of 167 results — has patch

Severity CVE ID Summary CVSS EPSS Package Date

MEDI GHSA-cffc-mxrf-mhh4 Picklescan is vulnerable to RCE via missing... — — picklescan Dec 29 HIGH GHSA-3329-ghmp-jmv5 Picklescan is vulnerable to RCE through missing... — — picklescan Dec 29 HIGH GHSA-x843-g5mx-g377 Picklescan is vulnerable to RCE through missing... — — picklescan Dec 29 HIGH GHSA-r8g5-cgf2-4m4m Picklescan missing detection when calling... — — picklescan Dec 29 HIGH GHSA-hgrh-qx5j-jfwx Picklescan Bypasses Unsafe Globals Check using... 8.8 — picklescan Dec 29 HIGH GHSA-vqmv-47xg-9wpr Picklescan missing detection when calling... — — picklescan Dec 29 HIGH GHSA-84r2-jw7c-4r5q Picklescan has Incomplete List of Disallowed... — — picklescan Dec 29 HIGH GHSA-4675-36f9-wf6r Picklescan does not block ctypes — — picklescan Dec 29 HIGH GHSA-m273-6v24-x4m4 Picklescan vulnerable to Arbitrary File Writing — — picklescan Dec 29 HIGH CVE-2025-67748 Fickling has Code Injection vulnerability via... — 0.0% fickling Dec 15 HIGH CVE-2025-67747 Fickling has missing detection for marshal.loads... — 0.1% fickling Dec 15 HIGH CVE-2025-65958 Open WebUI vulnerable to Server-Side Request... 8.5 0.0% open-webui Dec 4 CRIT CVE-2025-62593 Ray is vulnerable to Critical RCE via Safari &... — 0.0% ray Nov 26 HIGH CVE-2025-65106 LangChain is a framework for building agents and... — 0.1% langchain-core Nov 21 HIGH CVE-2025-64496 Open WebUI Affected by an External Model Server... 7.3 0.2% open-webui Nov 7 HIGH CVE-2025-64495 Open WebUI vulnerable to Stored DOM XSS via... 8.7 0.0% open-webui Nov 7 CRIT CVE-2025-12060 The keras.utils.get_file API in Keras, when used... 9.8 0.1% keras Oct 30 MEDI CVE-2025-12058 The Keras.Model.load_model method, including when... — 0.1% keras Oct 29 CRIT CVE-2025-49655 Deserialization of untrusted data can occur in... 9.8 0.0% keras Oct 17 HIGH CVE-2025-7707 llama-index has Insecure Temporary File 7.1 0.0% llama-index Oct 13 MEDI CVE-2025-61620 vLLM: Resource-Exhaustion (DoS) through Malicious... 6.5 — vllm Oct 7 HIGH CVE-2025-6242 A Server-Side Request Forgery (SSRF)... 7.1 0.0% vllm Oct 7 HIGH CVE-2025-61784 LLaMA-Factory is a tuning library for large... 8.1 0.1% llamafactory Oct 7 MEDI CVE-2025-8917 clearml is vulnerable to Path Traversal through... 5.8 0.0% clearml Oct 5 HIGH CVE-2025-7647 llama-index-core insecurely handles temporary... 7.3 0.0% llama-index-core Sep 27 HIGH CVE-2025-10156 Picklescan: ZIP archive scan bypass is possible... 7.5 0.4% picklescan Sep 10 HIGH CVE-2025-10157 Picklescan is Vulnerable to Unsafe Globals Check... 8.3 0.1% picklescan Sep 10 HIGH CVE-2025-58757 Monai: Unsafe use of Pickle deserialization may... 8.8 0.6% monai Sep 9 HIGH CVE-2025-58756 MONAI: Unsafe torch usage may lead to arbitrary... 8.8 1.2% monai Sep 9 HIGH CVE-2025-58755 MONAI does not prevent path traversal,... 8.8 0.1% monai Sep 9 MEDI CVE-2025-58446 xgrammar vulnerable to denial of service by huge... — 0.1% xgrammar Sep 5 HIGH CVE-2025-6984 The langchain-ai/langchain project, specifically... 7.5 2.1% langchain-community Sep 4 MEDI GHSA-q77w-mwjj-7mqx Picklescan is missing detection when calling... — — picklescan Aug 26 MEDI GHSA-49gj-c84q-6qm9 Picklescan is missing detection when calling... — — picklescan Aug 26 MEDI GHSA-9w88-8rmg-7g2p Picklescan is missing detection when calling... — — picklescan Aug 26 MEDI GHSA-fqq6-7vqf-w3fg Picklescan is missing detection when calling... — — picklescan Aug 26 MEDI GHSA-3gf5-cxq9-w223 Picklescan is missing detection when calling... — — picklescan Aug 26 MEDI GHSA-j343-8v2j-ff7w Picklescan is missing detection when calling... — — picklescan Aug 26 MEDI GHSA-m869-42cg-3xwr Picklescan is missing detection when calling... — — picklescan Aug 26 MEDI GHSA-p9w7-82w4-7q8m Picklescan is missing detection when calling... — — picklescan Aug 26 MEDI GHSA-xp4f-hrf8-rxw7 Picklescan is missing detection when calling... — — picklescan Aug 26 MEDI GHSA-4whj-rm5r-c2v8 Picklescan is missing detection when calling... — — picklescan Aug 26 MEDI GHSA-9xph-j2h6-g47v Picklescan has a missing detection when calling... — — picklescan Aug 26 MEDI GHSA-8r4j-24qv-fmq9 Picklescan has a missing detection when calling... — — picklescan Aug 26 MEDI GHSA-cj3c-v495-4xqh Picklescan has a missing detection when calling... — — picklescan Aug 26 MEDI GHSA-7cq8-mj8x-j263 Picklescan has a missing detection when calling... — — picklescan Aug 26 MEDI GHSA-6w4w-5w54-rjvr Picklescan has a missing detection when calling... — — picklescan Aug 26 MEDI GHSA-3vg9-h568-4w9m Picklescan has a missing detection when calling... — — picklescan Aug 26 MEDI GHSA-f54q-57x4-jg88 Picklescan has a missing detection when calling... — — picklescan Aug 26 MEDI GHSA-6vqj-c2q5-j97w Picklescan has a missing detection when calling... — — picklescan Aug 26

Need deeper analysis?

Get ATLAS technique mappings, compliance reports (ISO 42001, EU AI Act), breaking alerts, and full CISO analysis with a Pro subscription.

Start 14-Day Free Trial