AI Threat Alert AI Threat Alert

AI Security Threat Feed

Latest CVEs affecting AI/ML systems, updated continuously. Tracked from NVD, GitHub Advisory, and CISA KEV.

1,604

AI/ML CVEs Tracked

225

Critical

79

New This Week

16

In CISA KEV

Sort: Date CVSS EPSS KEV first Most exploited
Filter: All Critical High Medium KEV only Active exploitation Has patch No patch

Latest AI Security Threats

Showing 12 of 512 results — has patch
HIGH EXPLOIT AVAIL

Label Studio SDK: path traversal leaks server filesystem

CVE-2025-25295
--
EPSS 0.1%
Data Extraction Data Leakage Privacy Violation Framework Training Data
label-studio-sdk Patch: 1.0.10 CWE-26 1 5 ATLAS
CRITICAL EXPLOIT AVAIL

LlamaFactory: RCE via OS command injection in training

CVE-2024-52803
9.8
EPSS 3.2%
Code Execution Supply Chain Framework Training Data
llamafactory Patch: 0.9.1 CWE-78 1 6 ATLAS
MEDIUM

Gradio: Dropdown validation bypass enables arbitrary input

GHSA-26jh-r8g2-6fpr
5.3
Auth Bypass Code Execution Framework Inference API
gradio Patch: 5.0.0 674 3 ATLAS
HIGH EXPLOIT AVAIL

ONNX: path traversal in model download enables RCE

CVE-2024-5187
8.8
EPSS 1.4%
Supply Chain Code Execution Framework Model
onnx Patch: 1.16.2 CWE-22 1.1K 4 ATLAS
MEDIUM EXPLOIT AVAIL

langchain-community: DoS via recursive sitemap loop

CVE-2024-2965
4.2
EPSS 0.0%
DoS Supply Chain Framework RAG
langchain Patch: 0.2.5 CWE-400 2.6K 3 ATLAS
CRITICAL EXPLOIT AVAIL SCANNER

Ray: unauthenticated LFI exposes entire filesystem

CVE-2023-6020
9.3
EPSS 81.4%
Data Extraction Auth Bypass Framework Training Data Model
ray Patch: 2.8.1 CWE-598 845 5 ATLAS
CRITICAL EXPLOIT AVAIL

Ray: unauthenticated RCE via dashboard command injection

CVE-2023-6019
9.8
EPSS 88.8%
Code Execution Auth Bypass Supply Chain Framework Inference Training Data
ray Patch: 2.8.1 CWE-78 845 6 ATLAS
CRITICAL EXPLOIT AVAIL SCANNER

Ray: LFI allows unauthenticated file read

CVE-2023-6021
9.3
EPSS 87.3%
Data Extraction Auth Bypass Framework Inference
ray Patch: 2.8.1 CWE-22 845 5 ATLAS
CRITICAL

LangChain: prompt injection → SQL RCE (CVSS 9.8)

CVE-2023-32785
9.8
Prompt Injection Code Execution Data Extraction Framework Agent
langchain Patch: 0.0.247 CWE-74 2.6K 5 ATLAS
MEDIUM EXPLOIT AVAIL

Label Studio: SSRF + file read, self-reg bypass

CVE-2022-36551
6.5
EPSS 9.2%
Data Extraction Auth Bypass Data Leakage Training Data Framework
label-studio Patch: 1.6.0 CWE-918 1 6 ATLAS
MEDIUM

Jupyter Notebook: XSS via missing CSP on served files

CVE-2018-21030
5.3
EPSS 0.4%
Code Execution Data Leakage Framework
notebook Patch: 5.5.0rc1 CWE-79 2.9K 3 ATLAS
HIGH

Jupyter Notebook: XSS via malicious .ipynb file

CVE-2018-8768
7.8
EPSS 0.1%
Code Execution Supply Chain Data Extraction Framework
notebook Patch: 5.4.1 2.9K 5 ATLAS

Need deeper analysis?

Get ATLAS technique mappings, compliance reports (ISO 42001, EU AI Act), breaking alerts, and full CISO analysis with a Pro subscription.

Start 14-Day Free Trial