AI Threat Alert

AI Security Threat Feed

Latest CVEs affecting AI/ML systems, updated continuously. Tracked from NVD, GitHub Advisory, and CISA KEV.

1,140

AI/ML CVEs Tracked

171

Critical

228

New This Week

2

In CISA KEV

Weekly CISO Take + top threats

Get the week's most critical AI security threats delivered every Monday. Free, no spam.

Sort: Date CVSS EPSS KEV first

Filter: All Critical High Medium KEV only Has patch No patch

Latest AI Security Threats

Showing 50 of 524 results — High severity

Severity CVE ID Summary CVSS EPSS Package Date

HIGH CVE-2025-30202 vLLM is a high-throughput and memory-efficient... 7.5 0.4% vllm Apr 30 HIGH CVE-2025-46417 Picklescan Vulnerable to Exfiltration via DNS via... — 0.2% picklescan Apr 7 HIGH CVE-2025-30370 jupyterlab-git has a command injection... 7.4 0.1% — Apr 4 HIGH CVE-2025-30358 Mesop is a Python-based UI framework that allows... 8.1 3.1% — Mar 27 HIGH CVE-2025-0330 LiteLLM Has a Leakage of Langfuse API Keys 7.5 0.1% litellm Mar 20 HIGH CVE-2025-0628 LiteLLM Has an Improper Authorization... 8.1 0.1% litellm Mar 20 HIGH CVE-2024-9606 LiteLLM Reveals Portion of API Key via a Logging... 7.5 0.1% litellm Mar 20 HIGH GHSA-5ccf-884p-4jjq Open WebUI Unauthenticated Multipart Boundary... 7.5 — open-webui Mar 20 HIGH CVE-2024-8984 LiteLLM Vulnerable to Denial of Service (DoS) via... 7.5 0.2% litellm Mar 20 HIGH CVE-2024-7990 Open WebUI stored cross-site scripting (XSS)... 8.4 0.2% open-webui Mar 20 HIGH CVE-2024-8060 Open WebUI allows Remote Code Execution via... 8.1 0.9% open-webui Mar 20 HIGH CVE-2024-8053 Open WebUI lacks authentication for the... 7.5 0.8% open-webui Mar 20 HIGH CVE-2024-8020 PyTorch Lightning denial of service vulnerability 7.5 0.1% pytorch-lightning Mar 20 HIGH CVE-2024-7983 Open WebUI denial of service through endpoint for... 7.5 0.2% open-webui Mar 20 HIGH CVE-2024-7806 Open WebUI Cross-Site Request Forgery (CSRF)... 8.0 0.7% open-webui Mar 20 HIGH GHSA-6wj5-5pgr-jwq8 Open WebUI Unauthenticated Multipart Boundary... 7.5 — open-webui Mar 20 HIGH CVE-2024-7053 Open WebUI Vulnerable to a Session Fixation Attack 7.6 0.2% open-webui Mar 20 HIGH CVE-2024-7776 Open Neural Network Exchange (ONNX) Path... 8.1 1.5% onnx Mar 20 HIGH CVE-2024-7039 Open WebUI Allows Admin Deletion via API Endpoint 8.3 0.1% open-webui Mar 20 HIGH CVE-2024-6825 LiteLLM Vulnerable to Remote Code Execution (RCE) 8.8 1.3% litellm Mar 20 HIGH CVE-2024-6982 LoLLMS Code Injection vulnerability 8.4 0.1% lollms Mar 20 HIGH CVE-2024-7036 Open WebUI Uncontrolled Resource Consumption... 7.5 0.5% open-webui Mar 20 HIGH CVE-2024-7043 Open WebUI Allows Arbitrary File Reading and... 8.1 0.1% open-webui Mar 20 HIGH GHSA-w466-2wfc-8g58 Open WebUI has vulnerable dependency on starlette... 7.5 — open-webui Mar 20 HIGH GHSA-hh3j-9m59-p8vc BentoML vulnerable to Uncontrolled Resource... 7.5 — bentoml Mar 20 HIGH CVE-2024-12534 Open WebUI Uncontrolled Resource Consumption... 7.5 0.2% open-webui Mar 20 HIGH CVE-2024-12537 Open WebUI Uncontrolled Resource Consumption... 7.5 0.8% open-webui Mar 20 HIGH CVE-2024-10572 H2O Vulnerable to Denial of Service (DoS) and... 7.5 0.1% — Mar 20 HIGH CVE-2025-1473 A Cross-Site Request Forgery (CSRF) vulnerability... 7.1 0.1% mlflow Mar 20 HIGH CVE-2025-0453 In mlflow/mlflow version 2.17.2, the `/graphql`... 7.5 0.1% mlflow Mar 20 HIGH CVE-2025-0317 A vulnerability in ollama/ollama versions... 7.5 — ollama Mar 20 HIGH CVE-2025-0315 A vulnerability in ollama/ollama <=0.3.14 allows... 7.5 — ollama Mar 20 HIGH CVE-2025-0312 A vulnerability in ollama/ollama versions... 7.5 — ollama Mar 20 HIGH CVE-2024-9056 BentoML version v1.3.4post1 is vulnerable to a... 7.5 0.2% bentoml Mar 20 HIGH CVE-2024-8966 A vulnerability in the file upload process of... 7.5 0.2% video Mar 20 HIGH CVE-2024-8859 A path traversal vulnerability exists in... 7.5 26.9% mlflow Mar 20 HIGH CVE-2024-8063 A divide by zero vulnerability exists in... 7.5 — ollama Mar 20 HIGH CVE-2024-7959 The `/openai/models` endpoint in... 7.7 0.4% open-webui Mar 20 HIGH CVE-2024-12911 A vulnerability in the `default_jsonalyzer`... 7.1 0.2% llamaindex Mar 20 HIGH CVE-2024-12720 A Regular Expression Denial of Service (ReDoS)... 7.5 0.1% transformers Mar 20 HIGH CVE-2024-12704 A vulnerability in the LangChainLLM class of the... 7.5 0.3% llamaindex Mar 20 HIGH CVE-2024-12055 A vulnerability in Ollama versions <=0.3.14... 7.5 — ollama Mar 20 HIGH CVE-2024-11031 In version 3.83 of binary-husky/gpt_academic, a... 7.5 — — Mar 20 HIGH CVE-2024-11030 GPT Academic version 3.83 is vulnerable to a... 7.5 — — Mar 20 HIGH CVE-2024-10648 A path traversal vulnerability exists in the... 8.2 0.2% gradio Mar 20 HIGH CVE-2024-10624 A Regular Expression Denial of Service (ReDoS)... 7.5 0.8% gradio Mar 20 HIGH CVE-2024-10569 A vulnerability in the dataframe component of... 7.5 0.2% gradio Mar 20 HIGH CVE-2024-10188 A vulnerability in BerriAI/litellm, as of commit... 7.5 0.1% litellm Mar 20 HIGH CVE-2025-2148 A vulnerability was found in PyTorch 2.6.0+cu124.... 7.5 — pytorch Mar 10 HIGH CVE-2025-25297 Label Studio allows Server-Side Request Forgery... 8.6 0.2% label-studio Feb 14

Need deeper analysis?

Get ATLAS technique mappings, compliance reports (ISO 42001, EU AI Act), breaking alerts, and full CISO analysis with a Pro subscription.

Start 14-Day Free Trial