AI Threat Alert AI Threat Alert

AI Security Threat Feed

Latest CVEs affecting AI/ML systems, updated continuously. Tracked from NVD, GitHub Advisory, and CISA KEV.

1,604

AI/ML CVEs Tracked

225

Critical

75

New This Week

16

In CISA KEV

Sort: Date CVSS EPSS KEV first Most exploited
Filter: All Critical High Medium KEV only Active exploitation Has patch No patch

Latest AI Security Threats

Showing 20 of 684 results — High severity
Severity CVE ID Summary CVSS EPSS Package Date
HIGH E CVE-2024-37060 MLflow: RCE via deserialization in crafted Recipes 8.8 0.4% mlflow Jun 4 HIGH E CVE-2024-37059 MLflow: RCE via malicious PyTorch model deserialization 8.8 0.4% mlflow Jun 4 HIGH E CVE-2024-37058 MLflow: RCE via malicious LangChain model deserialization 8.8 0.4% mlflow Jun 4 HIGH E CVE-2024-37057 MLflow: RCE via malicious TensorFlow model deserialization 8.8 0.4% mlflow Jun 4 HIGH E CVE-2024-37056 MLflow: RCE via LightGBM model deserialization 8.8 0.4% mlflow Jun 4 HIGH E CVE-2024-37055 MLflow: RCE via pmdarima model deserialization 8.8 0.4% mlflow Jun 4 HIGH E CVE-2024-37054 MLflow: deserialization RCE via malicious PyFunc model 8.8 0.2% mlflow Jun 4 HIGH E CVE-2024-37053 MLflow: RCE via malicious scikit-learn model deserialization 8.8 0.4% mlflow Jun 4 HIGH E CVE-2024-37052 MLflow: RCE via malicious scikit-learn model upload 8.8 0.3% mlflow Jun 4 HIGH CVE-2024-37032 Ollama: path traversal enables RCE via model blob API 8.8 93.7% ollama May 31 HIGH CVE-2024-0453 WordPress ChatBot: missing authz deletes OpenAI files 7.7 0.2% wpbot May 22 HIGH E CVE-2024-0452 WordPress AI ChatBot: auth bypass enables OpenAI file upload 7.7 0.2% wpbot May 22 HIGH E CVE-2024-3848 MLflow: URL fragment bypass leaks SSH and cloud keys 7.5 78.7% mlflow May 16 HIGH CVE-2024-34527 SolidUI: OpenAI API key exposed via log print statement 7.5 0.1% May 6 HIGH E CVE-2024-34510 Gradio: credential leakage via Windows path encoding bug 7.5 0.1% gradio May 5 HIGH CVE-2024-34072 SageMaker SDK: pickle deserialization enables RCE 7.8 0.6% May 3 HIGH CVE-2024-31583 PyTorch: use-after-free in JIT mobile interpreter, RCE 7.8 0.0% pytorch Apr 17 HIGH E CVE-2024-3571 LangChain: path traversal allows arbitrary file R/W 8.8 2.0% langchain Apr 16 HIGH E CVE-2024-1594 MLflow: path traversal via URI fragment reads arbitrary files 7.5 0.2% mlflow Apr 16 HIGH E CVE-2024-1593 MLflow: path traversal via ';' smuggling exposes files 7.5 0.3% mlflow Apr 16

Need deeper analysis?

Get ATLAS technique mappings, compliance reports (ISO 42001, EU AI Act), breaking alerts, and full CISO analysis with a Pro subscription.

Start 14-Day Free Trial