AI Threat Alert
AI Security Threat Feed
Latest CVEs affecting AI/ML systems, updated continuously. Tracked from NVD, GitHub Advisory, and CISA KEV.
AI/ML CVEs Tracked
Critical
New This Week
In CISA KEV
Latest AI Security Threats
Showing 20 of 1092 results — no patchGradio: SSRF enables internal network port scanning
CVE-2024-1183 stable-diffusion-webui: path traversal file write
CVE-2024-31462 HuggingFace Transformers: RCE via pickle deserialization
CVE-2024-3568 Gradio: path traversal leaks arbitrary files, potential RCE
CVE-2024-1728 Ollama: DNS rebinding exposes LLM API to remote access
CVE-2024-28224 gpt_academic: deserialization RCE, no auth required
CVE-2024-31224 Gradio: timing attack enables auth bypass on ML UIs
CVE-2024-1729 Gradio: CI/CD command injection enables secrets exfil
CVE-2024-1540 Gradio: SSRF exposes internal HuggingFace endpoints
CVE-2024-2206 LangChain: Billion Laughs XML expansion causes DoS
CVE-2024-1455 Gradio: CSRF enables disk exhaustion via file upload DoS
CVE-2024-1727 LangChain: path traversal enables RCE and API key theft
CVE-2024-28088 LangChain TFIDFRetriever: SSRF/RCE via load_local
CVE-2024-2057 LangChain Experimental: RCE via Python sandbox escape
CVE-2024-27444 MLflow: XSS in recipe runner enables Jupyter RCE
CVE-2024-27133 MLflow: XSS in recipes enables client-side RCE
CVE-2024-27132 Intel TF Opt: buffer overflow enables local privesc
CVE-2023-30767 Gradio: unauthenticated LFI exposes full server filesystem
CVE-2024-0964 LlamaIndex: SQL injection in Text-to-SQL feature
CVE-2024-23751 Gradio: path traversal grants arbitrary file read
CVE-2023-51449 Need deeper analysis?
Get ATLAS technique mappings, compliance reports (ISO 42001, EU AI Act), breaking alerts, and full CISO analysis with a Pro subscription.
Start 14-Day Free Trial