AI Threat Alert

AI Security Threat Feed

Latest CVEs affecting AI/ML systems, updated continuously. Tracked from NVD, GitHub Advisory, and CISA KEV.

1,604

AI/ML CVEs Tracked

225

Critical

75

New This Week

16

In CISA KEV

Sort: Date CVSS EPSS KEV first Most exploited

Filter: All Critical High Medium KEV only Active exploitation Has patch No patch

Latest AI Security Threats

Showing 20 of 1604 results

Severity CVE ID Summary CVSS EPSS Package Date

CRIT CVE-2025-14931 Hugging Face smolagents: Unsafe deserialization... 10.0 4.6% smolagents Dec 23 UNKN CVE-2025-14930 transformers: Deserialization enables RCE — 0.5% transformers Dec 23 UNKN CVE-2025-14929 transformers: Deserialization enables RCE — 0.2% transformers Dec 23 UNKN CVE-2025-14928 transformers: Code Injection enables RCE — 0.1% transformers Dec 23 UNKN CVE-2025-14927 transformers: Code Injection enables RCE — 0.1% transformers Dec 23 UNKN CVE-2025-14926 transformers: Code Injection enables RCE — 0.1% transformers Dec 23 UNKN CVE-2025-14924 transformers: Deserialization enables RCE — 0.5% transformers Dec 23 UNKN CVE-2025-14921 transformers: Deserialization enables RCE — 0.5% transformers Dec 23 UNKN CVE-2025-14920 transformers: Deserialization enables RCE — 0.5% transformers Dec 23 MEDI E CVE-2025-67743 local-deep-research: SSRF allows internal network access 6.3 0.1% — Dec 23 HIGH CVE-2025-68613 n8n: security flaw enables exploitation 8.8 81.7% n8n Dec 19 HIGH E CVE-2025-68478 langflow: File Control enables path manipulation 7.1 0.0% langflow Dec 19 MEDI E CVE-2025-68477 langflow: SSRF allows internal network access 6.5 0.0% langflow Dec 19 HIGH E CVE-2025-53000 nbconvert: security flaw enables exploitation — 0.0% — Dec 18 MEDI CVE-2025-63390 anythingllm: Missing Auth allows unauthenticated access 5.3 0.0% — Dec 18 CRIT CVE-2025-63389 ollama: Missing Auth allows unauthenticated access 9.8 0.2% ollama Dec 18 HIGH E CVE-2025-67748 fickling: Code Injection enables RCE — 0.0% fickling Dec 15 HIGH E CVE-2025-67747 fickling: Allowlist Bypass evades input filtering — 0.1% fickling Dec 15 CRIT E CVE-2025-67511 cai-framework: Command Injection enables RCE 9.6 0.1% — Dec 11 HIGH CVE-2025-67644 langgraph-checkpoint-sqlite: SQL Injection exposes database 7.3 0.0% langgraph-checkpoint-sqlite Dec 10

Need deeper analysis?

Get ATLAS technique mappings, compliance reports (ISO 42001, EU AI Act), breaking alerts, and full CISO analysis with a Pro subscription.

Start 14-Day Free Trial