AI Threat Alert AI Threat Alert

AI Security Threat Feed

Latest CVEs affecting AI/ML systems, updated continuously. Tracked from NVD, GitHub Advisory, and CISA KEV.

1,604

AI/ML CVEs Tracked

225

Critical

76

New This Week

16

In CISA KEV

Sort: Date CVSS EPSS KEV first Most exploited
Filter: All Critical High Medium KEV only Active exploitation Has patch No patch

Latest AI Security Threats

Showing 20 of 1092 results — no patch
Severity CVE ID Summary CVSS EPSS Package Date
HIGH CVE-2024-49048 TorchGeo: RCE via code injection in geospatial ML lib 8.1 0.6% Nov 12 HIGH CVE-2024-43598 LightGBM: heap buffer overflow enables network RCE 8.1 1.7% lightgbm Nov 12 MEDI E CVE-2024-51751 Gradio: path traversal exposes arbitrary server files 6.5 0.3% gradio Nov 6 CRIT E CVE-2024-48061 Langflow: RCE via unsandboxed code component execution 9.8 13.2% langflow Nov 4 MEDI E CVE-2024-48052 Gradio: SSRF in DownloadButton exposes internal resources 6.5 0.1% gradio Nov 4 HIGH E CVE-2024-39722 Ollama: path traversal exposes server filesystem 7.5 62.2% ollama Oct 31 HIGH E CVE-2024-39721 Ollama: DoS via /dev/random causes goroutine exhaustion 7.5 0.3% ollama Oct 31 HIGH E CVE-2024-39720 Ollama: OOB read in GGUF parser enables remote DoS 8.2 0.3% ollama Oct 31 HIGH E CVE-2024-39719 Ollama: file existence oracle via api/create errors 7.5 44.5% ollama Oct 31 CRIT E CVE-2024-42835 Langflow: Unauthenticated RCE via PythonCodeTool 9.8 14.3% langflow Oct 31 CRIT E CVE-2024-48063 PyTorch: RCE via RemoteModule deserialization 9.8 25.1% pytorch Oct 29 MEDI E CVE-2024-6581 Lollms: SVG upload XSS enables session hijack and RCE 6.5 1.6% lollms Oct 29 CRIT E CVE-2024-8309 LangChain GraphCypher: prompt injection enables DB wipe 9.8 2.0% langchain Oct 29 CRIT E CVE-2024-7774 LangChain.js: path traversal, arbitrary file read/write 9.1 0.6% langchain.js Oct 29 CRIT E CVE-2024-7042 LangChainJS: prompt injection enables full graph DB takeover 9.8 0.1% langchain Oct 29 UNKN CVE-2024-48919 Cursor IDE: prompt injection triggers terminal RCE 0.3% Oct 22 CRIT E CVE-2024-49326 Affiliator WP Plugin: Unauthenticated Web Shell Upload 9.8 0.6% affiliator Oct 20 MEDI E CVE-2024-6985 lollms: path traversal allows arbitrary directory read 4.4 0.1% lollms Oct 11 LOW E CVE-2024-6971 lollms: path traversal in RAG database functions 3.4 0.0% lollms Oct 11 MEDI CVE-2024-47872 Gradio: stored XSS via malicious file upload 5.4 0.3% gradio Oct 10

Need deeper analysis?

Get ATLAS technique mappings, compliance reports (ISO 42001, EU AI Act), breaking alerts, and full CISO analysis with a Pro subscription.

Start 14-Day Free Trial