AI Threat Alert
AI Security Threat Feed
Latest CVEs affecting AI/ML systems, updated continuously. Tracked from NVD, GitHub Advisory, and CISA KEV.
1,604
AI/ML CVEs Tracked
225
Critical
76
New This Week
16
In CISA KEV
Latest AI Security Threats
Showing 20 of 1092 results — no patch Severity CVE ID Summary CVSS EPSS Package Date
CRIT CVE-2023-25574 JupyterHub LTI13: JWT forgery enables full auth bypass 10.0 0.4% — Feb 25 CRIT CVE-2024-12366 PandasAI: prompt injection enables unauthenticated RCE 9.8 5.9% — Feb 11 LOW CVE-2025-25183 vLLM: hash collision enables prefix cache poisoning 2.6 0.3% vllm Feb 7 HIGH CVE-2025-24357 vLLM: unsafe deserialization RCE via model loading 8.8 1.0% vllm Jan 27 MEDI CVE-2024-13698 Jobify WP: missing authz allows OpenAI key abuse, SSRF 6.5 0.5% — Jan 24 HIGH CVE-2025-23205 nbgrader: Clickjacking exposes formgrader via IFrame — 0.3% — Jan 17 HIGH E CVE-2025-23042 Gradio: ACL bypass via path case manipulation 7.5 0.1% gradio Jan 14 MEDI E CVE-2024-53526 Composio: command injection in AI agent tool calls 6.4 0.8% — Jan 8 MEDI E CVE-2024-55459 Keras: path traversal enables arbitrary file write 6.5 0.1% keras Jan 8 UNKN CVE-2025-21604 AIDeepin: MD5 collision enables RAG knowledge base poisoning — 0.1% — Jan 6 UNKN CVE-2024-56516 free-one-api: MD5 hashing allows credential cracking — 0.1% — Dec 30 MEDI E CVE-2024-11896 WP Text Prompter: Stored XSS in OpenAI shortcode plugin 6.4 0.1% — Dec 24 HIGH E CVE-2024-32965 Lobe Chat: pre-auth SSRF leaks OpenAI API keys 8.6 0.2% — Nov 26 HIGH CVE-2024-27134 MLflow: local privilege escalation via spark_udf ToCToU 7.0 0.0% mlflow Nov 25 HIGH E CVE-2024-11394 Transformers: RCE via Trax model deserialization 8.8 65.0% transformers Nov 22 HIGH E CVE-2024-11393 Transformers: RCE via MaskFormer model deserialization 8.8 79.5% transformers Nov 22 HIGH E CVE-2024-11392 HuggingFace Transformers: RCE via config deserialization 8.8 59.3% transformers Nov 22 MEDI CVE-2024-52524 Giskard: ReDoS in text perturbation causes DoS — 2.0% — Nov 14 CRIT CVE-2024-52384 Sage AI Plugin: unrestricted upload → web shell RCE 9.9 0.9% — Nov 14 HIGH E CVE-2024-21799 Intel Extension for Transformers: path traversal privesc 7.1 0.1% — Nov 13 Need deeper analysis?
Get ATLAS technique mappings, compliance reports (ISO 42001, EU AI Act), breaking alerts, and full CISO analysis with a Pro subscription.
Start 14-Day Free Trial