AI Threat Alert AI Threat Alert

AI Security Threat Feed

Latest CVEs affecting AI/ML systems, updated continuously. Tracked from NVD, GitHub Advisory, and CISA KEV.

1,604

AI/ML CVEs Tracked

225

Critical

76

New This Week

16

In CISA KEV

Sort: Date CVSS EPSS KEV first Most exploited
Filter: All Critical High Medium KEV only Active exploitation Has patch No patch

Latest AI Security Threats

Showing 20 of 1092 results — no patch
Severity CVE ID Summary CVSS EPSS Package Date
MEDI CVE-2023-41626 Gradio: arbitrary file upload via /upload endpoint 4.8 0.1% gradio Sep 15 CRIT E CVE-2023-39631 LangChain: RCE via numexpr evaluate injection 9.8 1.6% langchain Sep 1 CRIT E CVE-2023-36281 LangChain: RCE via malicious JSON prompt template 9.8 62.2% langchain Aug 22 CRIT E CVE-2023-39659 LangChain: RCE via unsanitized PythonAstREPL input 9.8 1.2% langchain Aug 15 CRIT E CVE-2023-38896 LangChain: RCE via unsandboxed LLM code execution 9.8 0.8% langchain Aug 15 CRIT E CVE-2023-38860 LangChain: RCE via unsanitized prompt parameter 9.8 1.4% langchain Aug 15 HIGH CVE-2023-27506 Intel TF Opt: buffer overflow enables local priv-esc 7.8 0.1% optimization_for_tensorflow Aug 11 CRIT E CVE-2023-36095 LangChain PALChain: RCE via unsanitized exec() calls 9.8 3.1% langchain Aug 5 HIGH E CVE-2023-4033 MLflow: OS command injection enables local code execution 7.8 0.2% mlflow Aug 1 CRIT E CVE-2023-3765 MLflow: path traversal allows arbitrary file read 10.0 91.5% mlflow Jul 19 CRIT E CVE-2023-3686 QuickAI: unauthenticated SQLi exposes OpenAI API keys 9.8 0.1% quickai_openai Jul 16 HIGH E CVE-2023-36189 LangChain SQLDatabaseChain: SQL injection, DB exfil 7.5 0.2% langchain Jul 6 CRIT E CVE-2023-36188 LangChain: RCE via PALChain unsanitized Python exec 9.8 6.6% langchain Jul 6 CRIT E CVE-2023-36258 LangChain: unauthenticated RCE via code injection 9.8 0.6% langchain Jul 3 CRIT E CVE-2023-34541 LangChain: RCE via unsafe load_prompt deserialization 9.8 0.2% langchain Jun 20 CRIT E CVE-2023-34540 LangChain: RCE via JiraAPIWrapper crafted input 9.8 1.9% langchain Jun 14 CRIT E CVE-2023-34239 Gradio: path traversal + SSRF exposes model files & infra 9.1 0.3% gradio Jun 8 MEDI E CVE-2023-34094 ChuanhuChatGPT: config exposure leaks API keys 5.3 0.3% chuanhuchatgpt Jun 2 MEDI E CVE-2023-2800 Transformers: temp file race condition allows local DoS 4.7 0.0% transformers May 18 CRIT E CVE-2023-2780 MLflow: path traversal allows arbitrary file read/write 9.8 86.8% mlflow May 17

Need deeper analysis?

Get ATLAS technique mappings, compliance reports (ISO 42001, EU AI Act), breaking alerts, and full CISO analysis with a Pro subscription.

Start 14-Day Free Trial