AI Threat Alert
AI Security Threat Feed
Latest CVEs affecting AI/ML systems, updated continuously. Tracked from NVD, GitHub Advisory, and CISA KEV.
1,604
AI/ML CVEs Tracked
225
Critical
76
New This Week
16
In CISA KEV
Latest AI Security Threats
Showing 12 of 512 results — has patch Severity CVE ID Summary CVSS EPSS Package Date
HIGH E CVE-2025-25295 Label Studio SDK: path traversal leaks server filesystem — 0.1% label-studio-sdk Feb 14 CRIT E CVE-2024-52803 LlamaFactory: RCE via OS command injection in training 9.8 3.2% llamafactory Nov 21 MEDI GHSA-26jh-r8g2-6fpr Gradio: Dropdown validation bypass enables arbitrary input 5.3 — gradio Oct 10 HIGH E CVE-2024-5187 ONNX: path traversal in model download enables RCE 8.8 1.4% onnx Jun 6 MEDI E CVE-2024-2965 langchain-community: DoS via recursive sitemap loop 4.2 0.0% langchain Jun 6 CRIT E CVE-2023-6020 Ray: unauthenticated LFI exposes entire filesystem 9.3 81.4% ray Nov 16 CRIT E CVE-2023-6019 Ray: unauthenticated RCE via dashboard command injection 9.8 88.8% ray Nov 16 CRIT E CVE-2023-6021 Ray: LFI allows unauthenticated file read 9.3 87.3% ray Nov 16 CRIT CVE-2023-32785 LangChain: prompt injection → SQL RCE (CVSS 9.8) 9.8 — langchain Oct 21 MEDI E CVE-2022-36551 Label Studio: SSRF + file read, self-reg bypass 6.5 9.2% label-studio Oct 4 MEDI CVE-2018-21030 Jupyter Notebook: XSS via missing CSP on served files 5.3 0.4% notebook Nov 8 HIGH CVE-2018-8768 Jupyter Notebook: XSS via malicious .ipynb file 7.8 0.1% notebook Jul 12 Need deeper analysis?
Get ATLAS technique mappings, compliance reports (ISO 42001, EU AI Act), breaking alerts, and full CISO analysis with a Pro subscription.
Start 14-Day Free Trial