AI Threat Alert
AI Security Threat Feed
Latest CVEs affecting AI/ML systems, updated continuously. Tracked from NVD, GitHub Advisory, and CISA KEV.
AI/ML CVEs Tracked
Critical
New This Week
In CISA KEV
Latest AI Security Threats
Showing 20 of 1092 results — no patchGradio: LFI via JSON path key exposes server files
CVE-2024-4941 Gradio: SSRF exposes internal network and cloud metadata
CVE-2024-4325 Gradio: secrets exfiltration via unsafe fork PR workflow
CVE-2024-4254 MLflow: RCE via malicious MLproject file execution
CVE-2024-37061 MLflow: RCE via deserialization in crafted Recipes
CVE-2024-37060 MLflow: RCE via malicious PyTorch model deserialization
CVE-2024-37059 MLflow: RCE via malicious LangChain model deserialization
CVE-2024-37058 MLflow: RCE via malicious TensorFlow model deserialization
CVE-2024-37057 MLflow: RCE via LightGBM model deserialization
CVE-2024-37056 MLflow: RCE via pmdarima model deserialization
CVE-2024-37055 MLflow: deserialization RCE via malicious PyFunc model
CVE-2024-37054 MLflow: RCE via malicious scikit-learn model deserialization
CVE-2024-37053 MLflow: RCE via malicious scikit-learn model upload
CVE-2024-37052 Gradio: CI/CD command injection enables secrets exfiltration
CVE-2024-4253 Ollama: path traversal enables RCE via model blob API
CVE-2024-37032 text-generation-inference: workflow injection RCE
CVE-2024-3924 WP Testimonial Carousel: OpenAI API key hijack, no auth
CVE-2024-4858 WordPress ChatBot: missing authz deletes OpenAI files
CVE-2024-0453 WordPress AI ChatBot: auth bypass enables OpenAI file upload
CVE-2024-0452 wpbot: missing auth exposes OpenAI account files
CVE-2024-0451 Need deeper analysis?
Get ATLAS technique mappings, compliance reports (ISO 42001, EU AI Act), breaking alerts, and full CISO analysis with a Pro subscription.
Start 14-Day Free Trial