AI Threat Alert
AI Security Threat Feed
Latest CVEs affecting AI/ML systems, updated continuously. Tracked from NVD, GitHub Advisory, and CISA KEV.
1,604
AI/ML CVEs Tracked
225
Critical
76
New This Week
16
In CISA KEV
Latest AI Security Threats
Showing 20 of 1092 results — no patch Severity CVE ID Summary CVSS EPSS Package Date
UNKN E CVE-2024-4897 lollms-webui: RCE via malicious GGUF model loading — 0.8% — Jul 2 CRIT E CVE-2024-39236 Gradio: code injection via component metadata (CVSS 9.8) 9.8 1.9% gradio Jul 1 MEDI E CVE-2024-37146 Flowise: reflected XSS enables credential theft 6.1 0.3% flowise Jul 1 MEDI E CVE-2024-37145 Flowise: reflected XSS enables file read chain via chatflow 6.1 0.4% flowise Jul 1 MEDI E CVE-2024-36423 Flowise: reflected XSS in chatflow API enables session hijack 6.1 0.3% flowise Jul 1 MEDI E CVE-2024-36422 Flowise: reflected XSS enables session hijack and file read 6.1 0.2% flowise Jul 1 HIGH E CVE-2024-36421 Flowise: CORS wildcard enables file read and data theft 7.5 1.6% flowise Jul 1 HIGH E CVE-2024-36420 Flowise: unauthenticated arbitrary file read via API 7.5 0.3% flowise Jul 1 LOW E CVE-2024-4839 lollms-webui: CSRF allows unauthorized AI service install 3.3 0.0% lollms-webui Jun 24 MEDI E CVE-2024-4940 Gradio: open redirect enables phishing against ML users 6.1 7.2% gradio Jun 22 HIGH E CVE-2024-38459 LangChain: Python REPL code execution without opt-in 7.8 0.1% langchain-experimental Jun 16 CRIT E CVE-2024-37014 Langflow: unauthenticated RCE via custom component API 9.8 6.5% langflow Jun 10 MEDI E CVE-2024-5206 scikit-learn: TfidfVectorizer leaks training data tokens 4.7 0.0% scikit-learn Jun 6 HIGH E CVE-2024-4888 litellm: arbitrary file deletion via audio endpoint 8.1 0.1% litellm Jun 6 CRIT E CVE-2024-3234 ChuanhuChatGPT: path traversal exposes LLM API keys 9.8 84.0% chuanhuchatgpt Jun 6 MEDI E CVE-2024-3099 MLflow: URL encoding bypass enables model poisoning 5.4 0.1% mlflow Jun 6 HIGH E CVE-2024-3095 LangChain: SSRF in Web Retriever exposes cloud metadata 7.7 0.2% langchain Jun 6 HIGH E CVE-2024-2928 MLflow: URI fragment LFI exposes arbitrary files 7.5 91.6% mlflow Jun 6 HIGH E CVE-2024-0520 MLflow: path traversal enables RCE via dataset loading 8.8 4.9% mlflow Jun 6 CRIT E CVE-2024-5452 pytorch-lightning: RCE via deepdiff Delta deserialization 9.8 62.6% pytorch_lightning Jun 6 Need deeper analysis?
Get ATLAS technique mappings, compliance reports (ISO 42001, EU AI Act), breaking alerts, and full CISO analysis with a Pro subscription.
Start 14-Day Free Trial