AI Threat Alert
AI Security Threat Feed
Latest CVEs affecting AI/ML systems, updated continuously. Tracked from NVD, GitHub Advisory, and CISA KEV.
AI/ML CVEs Tracked
Critical
New This Week
In CISA KEV
Latest AI Security Threats
Showing 18 of 58 results — Critical severity, has patchkeras: Deserialization enables RCE
CVE-2025-49655 ExecuTorch: OOB read in model loader enables RCE
CVE-2025-54950 ExecuTorch: heap buffer overflow RCE via model loading
CVE-2025-54949 ExecuTorch: heap buffer overflow RCE in model loading
CVE-2025-54951 ExecuTorch: integer overflow in model load → RCE
CVE-2025-30405 ExecuTorch: integer overflow RCE on model load
CVE-2025-30404 llama_index: SQL injection in vector store integrations
CVE-2025-1793 browser-use: URL allowlist bypass enables SSRF in agents
CVE-2025-47241 vLLM: RCE via malicious model, PyTorch < 2.6 bypass
GHSA-ggpf-24jw-3fcw jupyter-remote-desktop-proxy: VNC network exposure
CVE-2025-32428 pytorch-lightning: file upload RCE (Windows)
CVE-2024-8019 llama-index DuckDB retriever: SQLi enables RCE
CVE-2024-11958 spacy-llm: SSTI allows unauthenticated RCE (CVSS 9.8)
CVE-2025-25362 LlamaFactory: RCE via OS command injection in training
CVE-2024-52803 Ray: unauthenticated LFI exposes entire filesystem
CVE-2023-6020 Ray: LFI allows unauthenticated file read
CVE-2023-6021 Ray: unauthenticated RCE via dashboard command injection
CVE-2023-6019 LangChain: prompt injection → SQL RCE (CVSS 9.8)
CVE-2023-32785 Need deeper analysis?
Get ATLAS technique mappings, compliance reports (ISO 42001, EU AI Act), breaking alerts, and full CISO analysis with a Pro subscription.
Start 14-Day Free Trial