AI Threat Alert AI Threat Alert

AI Security Threat Feed

Latest CVEs affecting AI/ML systems, updated continuously. Tracked from NVD, GitHub Advisory, and CISA KEV.

1,604

AI/ML CVEs Tracked

225

Critical

76

New This Week

16

In CISA KEV

Sort: Date CVSS EPSS KEV first Most exploited
Filter: All Critical High Medium KEV only Active exploitation Has patch No patch

Latest AI Security Threats

Showing 20 of 1092 results — no patch
MEDIUM EXPLOIT AVAIL

MLflow: broken access control allows artifact deletion

CVE-2024-4263
5.4
EPSS 0.1%
Auth Bypass Framework Training Data
mlflow 624 3 ATLAS
UNKNOWN EXPLOIT AVAIL

llama_index: RCE via eval() in RunGptLLM connector

CVE-2024-4181
--
EPSS 1.6%
Code Execution Supply Chain Framework Inference
llamaindex 3 ATLAS
HIGH EXPLOIT AVAIL SCANNER

MLflow: URL fragment bypass leaks SSH and cloud keys

CVE-2024-3848
7.5
EPSS 78.7%
Data Extraction Auth Bypass Framework
mlflow CWE-22 624 4 ATLAS
CRITICAL EXPLOIT AVAIL

llama-cpp-python: SSTI in .gguf loader enables RCE

CVE-2024-34359
9.6
EPSS 39.4%
Code Execution Supply Chain Framework Model Inference
5 ATLAS
HIGH

SolidUI: OpenAI API key exposed via log print statement

CVE-2024-34527
7.5
EPSS 0.1%
Data Leakage Data Extraction API Framework
5 ATLAS
HIGH EXPLOIT AVAIL

Gradio: credential leakage via Windows path encoding bug

CVE-2024-34510
7.5
EPSS 0.1%
Data Leakage Data Extraction Framework Inference API
gradio CWE-116 679 5 ATLAS
HIGH

SageMaker SDK: pickle deserialization enables RCE

CVE-2024-34072
7.8
EPSS 0.6%
Code Execution Supply Chain Framework Training Data
4 ATLAS
MEDIUM

PyTorch: OOB read in mobile model loader leaks memory

CVE-2024-31584
5.5
EPSS 0.1%
Supply Chain Data Extraction Framework Model
pytorch 21.9K 5 ATLAS
HIGH

PyTorch: use-after-free in JIT mobile interpreter, RCE

CVE-2024-31583
7.8
EPSS 0.0%
Supply Chain Code Execution Framework Inference
pytorch 21.9K 3 ATLAS
MEDIUM EXPLOIT AVAIL

PyTorch: heap buffer overflow causes local DoS

CVE-2024-31580
4.0
EPSS 0.0%
DoS Framework
pytorch 21.9K 3 ATLAS
CRITICAL EXPLOIT AVAIL

Keras: RCE via malicious model deserialization

CVE-2024-3660
9.8
EPSS 0.4%
Code Execution Supply Chain Framework Model
keras CWE-94 1.5K 5 ATLAS
CRITICAL EXPLOIT AVAIL

MLflow: LFI via URI parsing allows arbitrary file read

CVE-2024-3573
9.3
EPSS 0.2%
Data Extraction Auth Bypass Framework
mlflow CWE-22 624 5 ATLAS
HIGH EXPLOIT AVAIL

LangChain: path traversal allows arbitrary file R/W

CVE-2024-3571
8.8
EPSS 2.0%
Code Execution Data Extraction Framework Agent
langchain 2.6K 6 ATLAS
CRITICAL EXPLOIT AVAIL

BentoML: RCE via insecure deserialization (CVSS 10)

CVE-2024-2912
10.0
EPSS 7.5%
Code Execution Supply Chain Framework Inference
5 ATLAS
HIGH EXPLOIT AVAIL

MLflow: path traversal via URI fragment reads arbitrary files

CVE-2024-1594
7.5
EPSS 0.2%
Data Extraction Data Leakage Framework Training Data
mlflow 624 5 ATLAS
HIGH EXPLOIT AVAIL

MLflow: path traversal via ';' smuggling exposes files

CVE-2024-1593
7.5
EPSS 0.3%
Data Extraction Auth Bypass Framework Training Data
mlflow 624 4 ATLAS
UNKNOWN KEV SCANNER

Gradio: path traversal enables arbitrary file read

CVE-2024-1561
--
EPSS 93.4%
Data Extraction Data Leakage Framework API
gradio 679 5 ATLAS
HIGH EXPLOIT AVAIL

MLflow: path traversal allows arbitrary directory deletion

CVE-2024-1560
8.1
EPSS 0.1%
Supply Chain DoS Auth Bypass Framework Training Data
mlflow 624 3 ATLAS
HIGH EXPLOIT AVAIL

MLflow: path traversal enables arbitrary file read

CVE-2024-1558
7.5
EPSS 0.1%
Data Extraction Data Leakage Framework
mlflow 624 5 ATLAS
HIGH EXPLOIT AVAIL SCANNER

MLflow: path traversal exposes arbitrary server files

CVE-2024-1483
7.5
EPSS 75.0%
Data Extraction Auth Bypass Framework Training Data
mlflow 624 5 ATLAS

Need deeper analysis?

Get ATLAS technique mappings, compliance reports (ISO 42001, EU AI Act), breaking alerts, and full CISO analysis with a Pro subscription.

Start 14-Day Free Trial