AI Threat Alert AI Threat Alert

AI Security Threat Feed

Latest CVEs affecting AI/ML systems, updated continuously. Tracked from NVD, GitHub Advisory, and CISA KEV.

1,604

AI/ML CVEs Tracked

225

Critical

75

New This Week

16

In CISA KEV

Sort: Date CVSS EPSS KEV first Most exploited
Filter: All Critical High Medium KEV only Active exploitation Has patch No patch

Latest AI Security Threats

Showing 20 of 684 results — High severity
Severity CVE ID Summary CVSS EPSS Package Date
HIGH E CVE-2024-1560 MLflow: path traversal allows arbitrary directory deletion 8.1 0.1% mlflow Apr 16 HIGH E CVE-2024-1558 MLflow: path traversal enables arbitrary file read 7.5 0.1% mlflow Apr 16 HIGH E CVE-2024-1483 MLflow: path traversal exposes arbitrary server files 7.5 75.0% mlflow Apr 16 HIGH E CVE-2024-1728 Gradio: path traversal leaks arbitrary files, potential RCE 7.5 86.5% gradio Apr 10 HIGH E CVE-2024-1540 Gradio: CI/CD command injection enables secrets exfil 8.2 0.5% gradio Mar 27 HIGH E CVE-2024-28088 LangChain: path traversal enables RCE and API key theft 8.1 13.4% langchain Mar 4 HIGH E CVE-2023-51449 Gradio: path traversal grants arbitrary file read 7.5 81.5% gradio Dec 22 HIGH E CVE-2023-7018 Transformers: unsafe deserialization enables RCE on load 7.8 0.2% transformers Dec 20 HIGH E CVE-2023-6730 HuggingFace Transformers: RCE via unsafe deserialization 8.8 0.2% transformers Dec 19 HIGH E CVE-2023-6909 MLflow: path traversal exposes arbitrary files (no auth) 7.5 85.7% mlflow Dec 18 HIGH E CVE-2023-6831 MLflow: path traversal allows arbitrary file write 8.1 74.0% mlflow Dec 15 HIGH E CVE-2023-6572 Gradio: command injection enables RCE on ML servers 8.1 2.5% gradio Dec 14 HIGH E CVE-2023-6753 MLflow: path traversal exposes arbitrary file read/write 8.8 2.4% mlflow Dec 13 HIGH E CVE-2023-6709 MLflow: SSTI enables RCE in ML experiment tracking 8.8 0.3% mlflow Dec 12 HIGH E CVE-2023-43472 MLflow: unauth REST API leaks sensitive ML data 7.5 74.4% mlflow Dec 5 HIGH E CVE-2023-6015 MLflow: unauthenticated arbitrary file write via PUT 7.5 0.8% mlflow Nov 16 HIGH CVE-2023-46315 Infinite Image Browsing: path traversal leaks credentials 7.5 0.2% Oct 22 HIGH E CVE-2023-32786 LangChain: prompt injection triggers SSRF via URL fetch 7.5 0.2% langchain Oct 20 HIGH CVE-2023-46229 LangChain: SSRF in URL loader exposes internal network 8.8 1.8% langchain Oct 19 HIGH CVE-2023-27506 Intel TF Opt: buffer overflow enables local priv-esc 7.8 0.1% optimization_for_tensorflow Aug 11

Need deeper analysis?

Get ATLAS technique mappings, compliance reports (ISO 42001, EU AI Act), breaking alerts, and full CISO analysis with a Pro subscription.

Start 14-Day Free Trial