AI Threat Alert
AI Security Threat Feed
Latest CVEs affecting AI/ML systems, updated continuously. Tracked from NVD, GitHub Advisory, and CISA KEV.
AI/ML CVEs Tracked
Critical
New This Week
In CISA KEV
Latest AI Security Threats
Showing 20 of 1092 results — no patchLLaVA: path traversal allows arbitrary file read
CVE-2024-12065 Ollama: DoS via malicious gguf model file upload
CVE-2024-12055 vllm: RCE via unsafe pickle deserialization in MessageQueue
CVE-2024-11041 gpt_academic: path traversal exposes LLM API keys
CVE-2024-11037 GPT Academic: SSRF in Markdown plugin leaks credentials
CVE-2024-11031 GPT Academic: SSRF via unsanitized HotReload plugin
CVE-2024-11030 gpt_academic: RCE via unsandboxed prompt injection
CVE-2024-10950 ChuanhuChatGPT: path traversal exposes server files unauthed
CVE-2024-10707 ChuanhuChatGPT: DoS via multipart payload exhaustion
CVE-2024-10650 Gradio: path traversal enables arbitrary file deletion DoS
CVE-2024-10648 Gradio: ReDoS in DateTime causes CPU exhaustion DoS
CVE-2024-10624 Gradio: zip bomb DoS via dataframe CSV upload
CVE-2024-10569 vLLM: RCE via unsafe deserialization in Mooncake KV
CVE-2025-29783 vLLM: DoS via unbounded grammar cache exhausts disk
CVE-2025-29770 Keras: safe_mode bypass enables RCE via model loading
CVE-2025-1550 PyTorch: improper init in quantized sigmoid skews model output
CVE-2025-2149 PyTorch: memory corruption in JIT profiler callback handler
CVE-2025-2148 picklescan: ZIP flag bypass enables RCE in PyTorch models
CVE-2025-1945 vLLM AIBrix: weak hash in prefix cache leaks inference patterns
CVE-2025-1953 gpt_academic: symlink traversal exposes all server files
CVE-2025-25185 Need deeper analysis?
Get ATLAS technique mappings, compliance reports (ISO 42001, EU AI Act), breaking alerts, and full CISO analysis with a Pro subscription.
Start 14-Day Free Trial