AI Threat Alert AI Threat Alert

AI Security Threat Feed

Latest CVEs affecting AI/ML systems, updated continuously. Tracked from NVD, GitHub Advisory, and CISA KEV.

1,604

AI/ML CVEs Tracked

225

Critical

76

New This Week

16

In CISA KEV

Sort: Date CVSS EPSS KEV first Most exploited
Filter: All Critical High Medium KEV only Active exploitation Has patch No patch

Latest AI Security Threats

Showing 20 of 1092 results — no patch
Severity CVE ID Summary CVSS EPSS Package Date
CRIT CVE-2024-47871 Gradio: cleartext MITM exposes ML demo data via share=True 9.1 0.1% gradio Oct 10 HIGH CVE-2024-47870 Gradio: race condition enables backend URL hijacking 8.1 0.2% gradio Oct 10 LOW CVE-2024-47869 Gradio: timing attack exposes analytics dashboard auth 3.7 0.2% gradio Oct 10 HIGH E CVE-2024-47868 Gradio: path traversal leaks arbitrary server files 7.5 0.2% gradio Oct 10 HIGH CVE-2024-47867 Gradio: no integrity check on FRP binary, supply chain RCE 7.5 0.2% gradio Oct 10 MEDI CVE-2024-47168 Gradio: monitoring endpoint bypass leaks app analytics 4.3 0.2% gradio Oct 10 CRIT CVE-2024-47167 Gradio: unauthenticated SSRF in /queue/join, internal pivot 9.8 0.2% gradio Oct 10 MEDI CVE-2024-47166 Gradio: path traversal leaks custom component source 5.3 0.2% gradio Oct 10 MEDI CVE-2024-47165 Gradio: CORS null origin bypass leaks auth tokens 5.4 0.2% gradio Oct 10 MEDI CVE-2024-47164 Gradio: path traversal bypasses directory access controls 6.5 0.2% gradio Oct 10 HIGH CVE-2024-47084 Gradio: CORS bypass exposes local instances to credential theft 8.3 0.1% gradio Oct 10 MEDI E CVE-2024-7041 open-webui: IDOR enables cross-user memory tampering 6.5 0.1% open-webui Oct 9 MEDI E CVE-2024-7037 open-webui: path traversal → arbitrary file write/RCE 6.5 2.3% open-webui Oct 9 LOW E CVE-2024-7038 open-webui: filesystem enumeration via admin error messages 2.7 0.2% open-webui Oct 9 MEDI E CVE-2024-9277 Langflow: ReDoS crashes LLM workflow backend via HTTP POST 6.5 0.2% langflow Sep 27 HIGH E CVE-2024-7714 AYS ChatGPT WP Plugin: auth bypass disables AI service 7.5 23.9% Sep 27 MEDI E CVE-2024-6845 ChatGPT WP Plugin: OpenAI API key leak via unauth REST 5.3 21.6% Sep 25 CRIT E CVE-2024-46946 LangChain-Experimental: RCE via eval in math chain 9.8 0.7% langchain-experimental Sep 19 MEDI E CVE-2024-8939 ilab/vllm: best_of param causes inference API DoS 6.2 0.0% Sep 17 HIGH E CVE-2024-8768 vLLM: unauthenticated DoS via empty completion prompt 7.5 0.0% Sep 17

Need deeper analysis?

Get ATLAS technique mappings, compliance reports (ISO 42001, EU AI Act), breaking alerts, and full CISO analysis with a Pro subscription.

Start 14-Day Free Trial