AI Threat Alert
AI Security Threat Feed
Latest CVEs affecting AI/ML systems, updated continuously. Tracked from NVD, GitHub Advisory, and CISA KEV.
1,604
AI/ML CVEs Tracked
225
Critical
76
New This Week
16
In CISA KEV
Latest AI Security Threats
Showing 20 of 1092 results — no patch Severity CVE ID Summary CVSS EPSS Package Date
MEDI E CVE-2024-4263 MLflow: broken access control allows artifact deletion 5.4 0.1% mlflow May 16 UNKN E CVE-2024-4181 llama_index: RCE via eval() in RunGptLLM connector — 1.6% llamaindex May 16 HIGH E CVE-2024-3848 MLflow: URL fragment bypass leaks SSH and cloud keys 7.5 78.7% mlflow May 16 CRIT E CVE-2024-34359 llama-cpp-python: SSTI in .gguf loader enables RCE 9.6 39.4% — May 14 HIGH CVE-2024-34527 SolidUI: OpenAI API key exposed via log print statement 7.5 0.1% — May 6 HIGH E CVE-2024-34510 Gradio: credential leakage via Windows path encoding bug 7.5 0.1% gradio May 5 HIGH CVE-2024-34072 SageMaker SDK: pickle deserialization enables RCE 7.8 0.6% — May 3 MEDI CVE-2024-31584 PyTorch: OOB read in mobile model loader leaks memory 5.5 0.1% pytorch Apr 19 HIGH CVE-2024-31583 PyTorch: use-after-free in JIT mobile interpreter, RCE 7.8 0.0% pytorch Apr 17 MEDI E CVE-2024-31580 PyTorch: heap buffer overflow causes local DoS 4.0 0.0% pytorch Apr 17 CRIT E CVE-2024-3660 Keras: RCE via malicious model deserialization 9.8 0.4% keras Apr 16 CRIT E CVE-2024-3573 MLflow: LFI via URI parsing allows arbitrary file read 9.3 0.2% mlflow Apr 16 HIGH E CVE-2024-3571 LangChain: path traversal allows arbitrary file R/W 8.8 2.0% langchain Apr 16 CRIT E CVE-2024-2912 BentoML: RCE via insecure deserialization (CVSS 10) 10.0 7.5% — Apr 16 HIGH E CVE-2024-1594 MLflow: path traversal via URI fragment reads arbitrary files 7.5 0.2% mlflow Apr 16 HIGH E CVE-2024-1593 MLflow: path traversal via ';' smuggling exposes files 7.5 0.3% mlflow Apr 16 UNKN CVE-2024-1561 Gradio: path traversal enables arbitrary file read — 93.4% gradio Apr 16 HIGH E CVE-2024-1560 MLflow: path traversal allows arbitrary directory deletion 8.1 0.1% mlflow Apr 16 HIGH E CVE-2024-1558 MLflow: path traversal enables arbitrary file read 7.5 0.1% mlflow Apr 16 HIGH E CVE-2024-1483 MLflow: path traversal exposes arbitrary server files 7.5 75.0% mlflow Apr 16 Need deeper analysis?
Get ATLAS technique mappings, compliance reports (ISO 42001, EU AI Act), breaking alerts, and full CISO analysis with a Pro subscription.
Start 14-Day Free Trial