AI Threat Alert AI Threat Alert

AI Security Threat Feed

Latest CVEs affecting AI/ML systems, updated continuously. Tracked from NVD, GitHub Advisory, and CISA KEV.

1,604

AI/ML CVEs Tracked

225

Critical

79

New This Week

16

In CISA KEV

Sort: Date CVSS EPSS KEV first Most exploited
Filter: All Critical High Medium KEV only Active exploitation Has patch No patch

Latest AI Security Threats

Showing 20 of 512 results — has patch
MEDIUM EXPLOIT AVAIL

llama-index Obsidian reader: hardlink path traversal leaks files

CVE-2025-6210
6.2
EPSS 0.1%
Data Extraction Supply Chain Framework RAG
llama-index-readers-obsidian Patch: 0.5.2 CWE-22 229 3 ATLAS
HIGH EXPLOIT AVAIL

LlamaIndex Obsidian: symlink traversal exposes host files

CVE-2025-3046
7.5
EPSS 0.5%
Data Extraction Data Leakage Framework RAG
llama-index-readers-obsidian Patch: 0.5.1 CWE-22 229 4 ATLAS
MEDIUM EXPLOIT AVAIL

llama-index ArxivReader: MD5 collision corrupts training data

CVE-2025-3044
5.3
EPSS 0.2%
Supply Chain Model Poisoning Data Leakage Framework Training Data RAG
llama-index-readers-papers Patch: 0.3.1 CWE-440 229 5 ATLAS
HIGH EXPLOIT AVAIL

llama-index Papers Loader: XML expansion DoS

CVE-2025-3225
7.5
EPSS 0.3%
DoS Supply Chain Framework RAG
llama-index-readers-papers Patch: 0.3.2 CWE-776 229 3 ATLAS
MEDIUM EXPLOIT AVAIL

llama-index: RCE via unsafe pickle deserialization

CVE-2025-3108
5.0
EPSS 1.9%
Code Execution Supply Chain Framework RAG Agent
llama-index-core Patch: 0.12.41 CWE-1112 1.1K 4 ATLAS
MEDIUM

MLflow: unauthenticated SSRF in gateway proxy

CVE-2025-52967
5.8
EPSS 0.2%
Auth Bypass Data Extraction Framework API
mlflow Patch: 3.1.0 CWE-918 624 4 ATLAS
CRITICAL EXPLOIT AVAIL

llama_index: SQL injection in vector store integrations

CVE-2025-1793
9.8
EPSS 0.1%
Data Extraction Data Leakage Supply Chain Framework RAG
llama-index Patch: 0.12.28 CWE-89 229 5 ATLAS
MEDIUM

vllm: ReDoS in inference endpoints enables DoS

GHSA-j828-28rj-hfhp
4.3
DoS Inference Framework
vllm Patch: 0.9.0 CWE-1333 126 3 ATLAS
HIGH EXPLOIT AVAIL

Label Studio: XSS enables unauthorized actions via CSRF

CVE-2025-47783
--
EPSS 0.2%
Code Execution Data Leakage Social Engineering Framework Training Data
label-studio Patch: 1.18.0 CWE-79 1 5 ATLAS
HIGH EXPLOIT AVAIL

llama_index: DoS via uncapped recursion in web reader

CVE-2025-1752
7.5
EPSS 0.2%
DoS Framework RAG
llama-index Patch: 0.12.21 CWE-400 229 3 ATLAS
CRITICAL EXPLOIT AVAIL

browser-use: URL allowlist bypass enables SSRF in agents

CVE-2025-47241
9.3
EPSS 0.2%
Auth Bypass Data Extraction Agent Framework
browser-use Patch: 0.1.45 CWE-647 65 5 ATLAS
HIGH EXPLOIT AVAIL

LLaMA-Factory: RCE via torch.load() unsafe deserialization

CVE-2025-46567
7.8
EPSS 0.2%
Code Execution Supply Chain Framework Training Data
llamafactory Patch: 0.9.3 CWE-502 1 5 ATLAS
CRITICAL

vLLM: RCE via malicious model, PyTorch < 2.6 bypass

GHSA-ggpf-24jw-3fcw
9.8
Code Execution Supply Chain Framework Inference Model
vllm Patch: 0.8.0 CWE-1395 126 5 ATLAS
MEDIUM

vLLM: DoS via unbounded XGrammar schema cache

GHSA-hf3c-wxg2-49q9
6.5
DoS Supply Chain Inference Framework API
vllm Patch: 0.8.4 CWE-770 126 5 ATLAS
CRITICAL EXPLOIT AVAIL

jupyter-remote-desktop-proxy: VNC network exposure

CVE-2025-32428
--
EPSS 0.2%
Auth Bypass Data Leakage Privacy Violation Framework
jupyter-remote-desktop-proxy Patch: 3.0.1 CWE-668 1.9K 5 ATLAS
MEDIUM

xgrammar: unbounded grammar cache causes LLM server DoS

CVE-2025-32381
6.5
EPSS 0.3%
DoS Inference Framework
xgrammar Patch: 0.1.18 CWE-770 152 3 ATLAS
MEDIUM

picklescan: bypass allows silent RCE in ML pipelines

GHSA-v7x6-rv5q-mhwc
--
Supply Chain Code Execution Model Framework
picklescan Patch: 0.0.25 CWE-184 3 6 ATLAS
MEDIUM

picklescan: numpy bypass enables RCE in ML model pipelines

GHSA-fj43-3qmq-673f
--
Supply Chain Code Execution Framework Model
picklescan Patch: 0.0.25 CWE-502 3 7 ATLAS
HIGH EXPLOIT AVAIL

picklescan: scanner bypass enables DNS data exfiltration

CVE-2025-46417
--
EPSS 0.2%
Supply Chain Data Extraction Data Leakage Framework Model
picklescan Patch: 0.0.25 CWE-184 3 6 ATLAS
HIGH EXPLOIT AVAIL

litellm: privilege escalation viewer→proxy admin via bad API key

CVE-2025-0628
8.1
EPSS 0.3%
Auth Bypass Data Extraction API Framework
litellm Patch: 1.61.15 CWE-266 4 4 ATLAS

Need deeper analysis?

Get ATLAS technique mappings, compliance reports (ISO 42001, EU AI Act), breaking alerts, and full CISO analysis with a Pro subscription.

Start 14-Day Free Trial