AI Threat Alert
AI Security Threat Feed
Latest CVEs affecting AI/ML systems, updated continuously. Tracked from NVD, GitHub Advisory, and CISA KEV.
1,604
AI/ML CVEs Tracked
225
Critical
75
New This Week
16
In CISA KEV
Latest AI Security Threats
Showing 20 of 684 results — High severity Severity CVE ID Summary CVSS EPSS Package Date
HIGH E CVE-2024-8768 vLLM: unauthenticated DoS via empty completion prompt 7.5 0.0% — Sep 17 HIGH E CVE-2024-5998 LangChain: RCE via FAISS pickle deserialization 7.8 0.1% langchain Sep 17 HIGH CVE-2024-6587 LiteLLM: SSRF leaks OpenAI API key to attacker 7.5 88.4% litellm Sep 13 HIGH E CVE-2024-45848 MindsDB: RCE via eval() injection in ChromaDB INSERT 8.8 0.4% — Sep 12 HIGH E CVE-2024-45436 Ollama: ZIP path traversal exposes host filesystem 7.5 29.1% ollama Aug 29 HIGH CVE-2023-33976 TensorFlow: DoS via upper_bound rank validation crash 7.5 0.0% tensorflow Jul 30 HIGH E CVE-2024-7297 Langflow: mass assignment grants super admin access 8.8 0.3% langflow Jul 30 HIGH E CVE-2024-35199 TorchServe: default gRPC exposure allows unauth inference 8.2 0.1% torchserve Jul 19 HIGH E CVE-2024-21513 langchain-experimental: RCE via eval() in VectorSQL chain 8.5 16.7% langchain-experimental Jul 15 HIGH E CVE-2024-36421 Flowise: CORS wildcard enables file read and data theft 7.5 1.6% flowise Jul 1 HIGH E CVE-2024-36420 Flowise: unauthenticated arbitrary file read via API 7.5 0.3% flowise Jul 1 HIGH E CVE-2024-38459 LangChain: Python REPL code execution without opt-in 7.8 0.1% langchain-experimental Jun 16 HIGH E CVE-2024-5187 ONNX: path traversal in model download enables RCE 8.8 1.4% onnx Jun 6 HIGH E CVE-2024-4888 litellm: arbitrary file deletion via audio endpoint 8.1 0.1% litellm Jun 6 HIGH E CVE-2024-3095 LangChain: SSRF in Web Retriever exposes cloud metadata 7.7 0.2% langchain Jun 6 HIGH E CVE-2024-2928 MLflow: URI fragment LFI exposes arbitrary files 7.5 91.6% mlflow Jun 6 HIGH E CVE-2024-0520 MLflow: path traversal enables RCE via dataset loading 8.8 4.9% mlflow Jun 6 HIGH E CVE-2024-4941 Gradio: LFI via JSON path key exposes server files 7.5 0.7% gradio Jun 6 HIGH CVE-2024-4325 Gradio: SSRF exposes internal network and cloud metadata 8.6 65.1% gradio Jun 6 HIGH E CVE-2024-37061 MLflow: RCE via malicious MLproject file execution 8.8 3.9% mlflow Jun 4 Need deeper analysis?
Get ATLAS technique mappings, compliance reports (ISO 42001, EU AI Act), breaking alerts, and full CISO analysis with a Pro subscription.
Start 14-Day Free Trial