AI Threat Alert AI Threat Alert

AI Security Threat Feed

Latest CVEs affecting AI/ML systems, updated continuously. Tracked from NVD, GitHub Advisory, and CISA KEV.

1,604

AI/ML CVEs Tracked

225

Critical

76

New This Week

16

In CISA KEV

Sort: Date CVSS EPSS KEV first Most exploited
Filter: All Critical High Medium KEV only Active exploitation Has patch No patch

Latest AI Security Threats

Showing 20 of 1092 results — no patch
CRITICAL

Gradio: cleartext MITM exposes ML demo data via share=True

CVE-2024-47871
9.1
EPSS 0.1%
Data Extraction Data Leakage Privacy Violation Framework Inference API
gradio CWE-311 679 4 ATLAS
HIGH

Gradio: race condition enables backend URL hijacking

CVE-2024-47870
8.1
EPSS 0.2%
Data Extraction Privacy Violation Auth Bypass Framework Inference
gradio CWE-362 679 4 ATLAS
LOW

Gradio: timing attack exposes analytics dashboard auth

CVE-2024-47869
3.7
EPSS 0.2%
Auth Bypass Data Extraction Framework API
gradio CWE-203 679 3 ATLAS
HIGH EXPLOIT AVAIL

Gradio: path traversal leaks arbitrary server files

CVE-2024-47868
7.5
EPSS 0.2%
Data Extraction Data Leakage Framework Inference
gradio CWE-22 679 5 ATLAS
HIGH

Gradio: no integrity check on FRP binary, supply chain RCE

CVE-2024-47867
7.5
EPSS 0.2%
Supply Chain Code Execution Framework
gradio CWE-345 679 3 ATLAS
MEDIUM

Gradio: monitoring endpoint bypass leaks app analytics

CVE-2024-47168
4.3
EPSS 0.2%
Data Leakage Privacy Violation Auth Bypass Framework Inference
gradio CWE-670 679 3 ATLAS
CRITICAL

Gradio: unauthenticated SSRF in /queue/join, internal pivot

CVE-2024-47167
9.8
EPSS 0.2%
Data Extraction Auth Bypass Code Execution Framework Inference
gradio CWE-918 679 4 ATLAS
MEDIUM

Gradio: path traversal leaks custom component source

CVE-2024-47166
5.3
EPSS 0.2%
Data Extraction Data Leakage Framework
gradio CWE-22 679 4 ATLAS
MEDIUM

Gradio: CORS null origin bypass leaks auth tokens

CVE-2024-47165
5.4
EPSS 0.2%
Auth Bypass Data Extraction Framework API
gradio CWE-285 679 3 ATLAS
MEDIUM

Gradio: path traversal bypasses directory access controls

CVE-2024-47164
6.5
EPSS 0.2%
Data Extraction Auth Bypass Framework Inference
gradio CWE-22 679 5 ATLAS
HIGH

Gradio: CORS bypass exposes local instances to credential theft

CVE-2024-47084
8.3
EPSS 0.1%
Auth Bypass Data Extraction Data Leakage Framework Inference
gradio CWE-285 679 5 ATLAS
MEDIUM EXPLOIT AVAIL

open-webui: IDOR enables cross-user memory tampering

CVE-2024-7041
6.5
EPSS 0.1%
Auth Bypass Model Poisoning Privacy Violation API Agent Framework
open-webui CWE-250 4 ATLAS
MEDIUM EXPLOIT AVAIL

open-webui: path traversal → arbitrary file write/RCE

CVE-2024-7037
6.5
EPSS 2.3%
Code Execution Supply Chain Framework Plugin
open-webui CWE-22 4 ATLAS
LOW EXPLOIT AVAIL

open-webui: filesystem enumeration via admin error messages

CVE-2024-7038
2.7
EPSS 0.2%
Data Extraction Data Leakage Framework Inference RAG
open-webui CWE-200 3 ATLAS
MEDIUM EXPLOIT AVAIL

Langflow: ReDoS crashes LLM workflow backend via HTTP POST

CVE-2024-9277
6.5
EPSS 0.2%
DoS Framework
langflow CWE-1333 3 ATLAS
HIGH EXPLOIT AVAIL SCANNER

AYS ChatGPT WP Plugin: auth bypass disables AI service

CVE-2024-7714
7.5
EPSS 23.9%
Auth Bypass Data Leakage DoS Plugin API
4 ATLAS 1 incident
MEDIUM EXPLOIT AVAIL SCANNER

ChatGPT WP Plugin: OpenAI API key leak via unauth REST

CVE-2024-6845
5.3
EPSS 21.6%
Data Extraction Auth Bypass API Plugin
CWE-862 5 ATLAS 1 incident
CRITICAL EXPLOIT AVAIL

LangChain-Experimental: RCE via eval in math chain

CVE-2024-46946
9.8
EPSS 0.7%
Code Execution Supply Chain Framework Agent
langchain-experimental 2.6K 4 ATLAS
MEDIUM EXPLOIT AVAIL

ilab/vllm: best_of param causes inference API DoS

CVE-2024-8939
6.2
EPSS 0.0%
DoS Inference API
3 ATLAS
HIGH EXPLOIT AVAIL

vLLM: unauthenticated DoS via empty completion prompt

CVE-2024-8768
7.5
EPSS 0.0%
DoS Inference API Framework
4 ATLAS

Need deeper analysis?

Get ATLAS technique mappings, compliance reports (ISO 42001, EU AI Act), breaking alerts, and full CISO analysis with a Pro subscription.

Start 14-Day Free Trial