AI Security Threat Feed

Latest CVEs affecting AI/ML systems, updated continuously. Tracked from NVD, GitHub Advisory, and CISA KEV.

1,140

AI/ML CVEs Tracked

171

Critical

228

New This Week

In CISA KEV

Weekly CISO Take + top threats

Get the week's most critical AI security threats delivered every Monday. Free, no spam.

Sort: Date CVSS EPSS KEV first

Filter: All Critical High Medium KEV only Has patch No patch

Latest AI Security Threats

Showing 50 of 973 results — no patch

Severity CVE ID Summary CVSS EPSS Package Date

UNKN CVE-2025-14924 Hugging Face Transformers megatron_gpt2... — — transformers Dec 23 UNKN CVE-2025-14921 Hugging Face Transformers Transformer-XL Model... — — transformers Dec 23 UNKN CVE-2025-14920 Hugging Face Transformers Perceiver Model... — — transformers Dec 23 MEDI CVE-2025-67743 Local Deep Research is Vulnerable to Server-Side... 6.3 0.0% — Dec 23 HIGH CVE-2025-68613 n8n is an open source workflow automation... 8.8 — n8n Dec 19 HIGH CVE-2025-68478 Langflow is a tool for building and deploying... 7.1 0.1% langflow Dec 19 MEDI CVE-2025-68477 Langflow is a tool for building and deploying... 6.5 0.0% langflow Dec 19 HIGH CVE-2025-53000 nbconvert has an uncontrolled search path that... — 0.0% — Dec 18 MEDI CVE-2025-63390 An authentication bypass vulnerability exists in... 5.3 — — Dec 18 CRIT CVE-2025-63389 A critical authentication bypass vulnerability... 9.8 — ollama Dec 18 CRIT CVE-2025-67511 Cybersecurity AI (CAI) is an open-source... 9.6 0.2% — Dec 11 HIGH CVE-2025-67644 LangGraph's SQLite is vulnerable to SQL injection... 7.3 0.0% — Dec 10 HIGH CVE-2025-33213 NVIDIA Merlin Transformers4Rec for Linux contains... 8.8 — — Dec 9 HIGH CVE-2025-65964 n8n is an open source workflow automation... 8.8 — n8n Dec 9 MEDI CVE-2025-13922 The Tag, Category, and Taxonomy Manager – AI... 6.5 — — Dec 6 HIGH CVE-2025-34291 Langflow versions up to and including 1.6.9... 8.8 13.1% langflow Dec 5 UNKN CVE-2025-66479 Anthropic Sandbox Runtime is a lightweight... — — — Dec 4 LOW CVE-2025-63681 open-webui is Vulnerable to Incorrect Access... — 0.0% open-webui Dec 4 HIGH CVE-2025-66404 MCP Server Kubernetes is an MCP Server that can... 8.8 — — Dec 3 MEDI CVE-2025-13359 The Tag, Category, and Taxonomy Manager – AI... 6.5 — — Dec 3 MEDI CVE-2025-13354 The Tag, Category, and Taxonomy Manager – AI... 4.3 — — Dec 3 HIGH CVE-2025-66448 vLLM is an inference and serving engine for large... 8.8 0.2% vllm Dec 1 UNKN CVE-2025-12638 Keras version 3.11.3 is affected by a path... — — — Nov 28 CRIT CVE-2025-34351 Ray's New Token Authentication is Disabled By... — 0.5% ray Nov 27 HIGH CVE-2025-62609 MLX is an array framework for machine learning on... 7.5 0.1% mlx Nov 21 CRIT CVE-2025-62608 MLX is an array framework for machine learning on... 9.1 0.1% mlx Nov 21 HIGH CVE-2025-12973 The S2B AI Assistant – ChatBot, ChatGPT, OpenAI,... 7.2 — — Nov 21 MEDI CVE-2025-62426 vLLM is an inference and serving engine for large... 6.5 0.1% vllm Nov 21 MEDI CVE-2025-62372 vLLM is an inference and serving engine for large... 6.5 0.1% vllm Nov 21 HIGH CVE-2025-62164 vLLM is an inference and serving engine for large... 8.8 0.1% vllm Nov 21 LOW CVE-2025-63396 An issue was discovered in PyTorch v2.5 and... 3.3 — pytorch Nov 12 MEDI CVE-2025-12732 The WP Import – Ultimate CSV XML Importer for... 4.3 — — Nov 12 MEDI CVE-2025-11972 The Tag, Category, and Taxonomy Manager – AI... 4.9 — — Nov 8 MEDI CVE-2025-12360 The Better Find and Replace – AI-Powered... 4.3 — — Nov 6 HIGH CVE-2025-64439 LangGraph Checkpoint affected by RCE in "json"... — 0.8% — Nov 5 MEDI CVE-2025-12695 The overly permissive sandbox configuration in... 5.9 0.0% — Nov 4 HIGH CVE-2025-62726 n8n is an open source workflow automation... 8.8 — n8n Oct 30 LOW CVE-2025-50736 Byaidu PDFMathTranslate vulnerable to open... — 0.0% — Oct 30 HIGH CVE-2025-64104 LangGraph SQLite Checkpoint Filter Key SQL... 7.3 0.1% — Oct 29 UNKN CVE-2025-11203 LiteLLM Information health API_KEY Information... — — — Oct 29 CRIT CVE-2025-11201 MLflow Tracking Server Model Creation Directory... 9.8 9.1% mlflow Oct 29 CRIT CVE-2025-11200 MLflow Weak Password Requirements Authentication... 9.8 0.2% mlflow Oct 29 HIGH CVE-2025-8709 A SQL injection vulnerability exists in the... 7.3 0.0% — Oct 26 MEDI CVE-2025-11844 Hugging Face Smolagents version 1.20.0 contains... 5.4 0.0% smolagents Oct 22 MEDI CVE-2025-60511 Moodle OpenAI Chat Block plugin 3.0.1... 4.3 — — Oct 21 CRIT GHSA-m9mp-6x32-5rhg scio is vunerable to Remote Command Execution... — — — Oct 9 HIGH CVE-2025-59425 vLLM is an inference and serving engine for large... 7.5 0.4% vllm Oct 7 HIGH CVE-2025-6985 The HTMLSectionSplitter class in... 7.5 0.2% — Oct 6 LOW CVE-2025-59842 JupyterLab LaTeX typesetter links did not enforce... — 0.0% — Sep 26 HIGH CVE-2025-55560 An issue in pytorch v2.7.0 can lead to a Denial... 7.5 — pytorch Sep 25

Need deeper analysis?

Get ATLAS technique mappings, compliance reports (ISO 42001, EU AI Act), breaking alerts, and full CISO analysis with a Pro subscription.

Start 14-Day Free Trial