AI Threat Alert
AI Security Threat Feed
Latest CVEs affecting AI/ML systems, updated continuously. Tracked from NVD, GitHub Advisory, and CISA KEV.
1,604
AI/ML CVEs Tracked
225
Critical
76
New This Week
16
In CISA KEV
Latest AI Security Threats
Showing 20 of 1092 results — no patch Severity CVE ID Summary CVSS EPSS Package Date
HIGH E CVE-2024-4941 Gradio: LFI via JSON path key exposes server files 7.5 0.7% gradio Jun 6 HIGH CVE-2024-4325 Gradio: SSRF exposes internal network and cloud metadata 8.6 65.1% gradio Jun 6 UNKN E CVE-2024-4254 Gradio: secrets exfiltration via unsafe fork PR workflow — 0.4% gradio Jun 4 HIGH E CVE-2024-37061 MLflow: RCE via malicious MLproject file execution 8.8 3.9% mlflow Jun 4 HIGH E CVE-2024-37060 MLflow: RCE via deserialization in crafted Recipes 8.8 0.4% mlflow Jun 4 HIGH E CVE-2024-37059 MLflow: RCE via malicious PyTorch model deserialization 8.8 0.4% mlflow Jun 4 HIGH E CVE-2024-37058 MLflow: RCE via malicious LangChain model deserialization 8.8 0.4% mlflow Jun 4 HIGH E CVE-2024-37057 MLflow: RCE via malicious TensorFlow model deserialization 8.8 0.4% mlflow Jun 4 HIGH E CVE-2024-37056 MLflow: RCE via LightGBM model deserialization 8.8 0.4% mlflow Jun 4 HIGH E CVE-2024-37055 MLflow: RCE via pmdarima model deserialization 8.8 0.4% mlflow Jun 4 HIGH E CVE-2024-37054 MLflow: deserialization RCE via malicious PyFunc model 8.8 0.2% mlflow Jun 4 HIGH E CVE-2024-37053 MLflow: RCE via malicious scikit-learn model deserialization 8.8 0.4% mlflow Jun 4 HIGH E CVE-2024-37052 MLflow: RCE via malicious scikit-learn model upload 8.8 0.3% mlflow Jun 4 CRIT E CVE-2024-4253 Gradio: CI/CD command injection enables secrets exfiltration 9.1 1.9% gradio Jun 4 HIGH CVE-2024-37032 Ollama: path traversal enables RCE via model blob API 8.8 93.7% ollama May 31 UNKN E CVE-2024-3924 text-generation-inference: workflow injection RCE — 0.4% — May 30 MEDI E CVE-2024-4858 WP Testimonial Carousel: OpenAI API key hijack, no auth 5.3 0.2% — May 25 HIGH CVE-2024-0453 WordPress ChatBot: missing authz deletes OpenAI files 7.7 0.2% wpbot May 22 HIGH E CVE-2024-0452 WordPress AI ChatBot: auth bypass enables OpenAI file upload 7.7 0.2% wpbot May 22 MEDI E CVE-2024-0451 wpbot: missing auth exposes OpenAI account files 5.0 0.4% wpbot May 22 Need deeper analysis?
Get ATLAS technique mappings, compliance reports (ISO 42001, EU AI Act), breaking alerts, and full CISO analysis with a Pro subscription.
Start 14-Day Free Trial