AI Threat Alert

AI Security Threat Feed

Latest CVEs affecting AI/ML systems, updated continuously. Tracked from NVD, GitHub Advisory, and CISA KEV.

1,140

AI/ML CVEs Tracked

171

Critical

228

New This Week

2

In CISA KEV

Weekly CISO Take + top threats

Get the week's most critical AI security threats delivered every Monday. Free, no spam.

Sort: Date CVSS EPSS KEV first

Filter: All Critical High Medium KEV only Has patch No patch

Latest AI Security Threats

Showing 50 of 1140 results

Severity CVE ID Summary CVSS EPSS Package Date

MEDI CVE-2025-61914 n8n is an open source workflow automation... 5.4 — n8n Dec 26 HIGH CVE-2025-67729 lmdeploy vulnerable to Arbitrary Code Execution... 8.8 0.1% — Dec 26 CRIT CVE-2025-68665 LangChain is a framework for building LLM-powered... 9.1 — langchain.js Dec 23 HIGH CVE-2025-68664 LangChain is a framework for building agents and... 8.2 0.0% langchain_core Dec 23 UNKN CVE-2025-14930 Hugging Face Transformers GLM4 Deserialization of... — — transformers Dec 23 UNKN CVE-2025-14929 Hugging Face Transformers X-CLIP Checkpoint... — — transformers Dec 23 UNKN CVE-2025-14928 Hugging Face Transformers HuBERT convert_config... — — transformers Dec 23 UNKN CVE-2025-14927 Hugging Face Transformers SEW-D convert_config... — — transformers Dec 23 UNKN CVE-2025-14926 Hugging Face Transformers SEW convert_config Code... — — transformers Dec 23 UNKN CVE-2025-14924 Hugging Face Transformers megatron_gpt2... — — transformers Dec 23 UNKN CVE-2025-14921 Hugging Face Transformers Transformer-XL Model... — — transformers Dec 23 UNKN CVE-2025-14920 Hugging Face Transformers Perceiver Model... — — transformers Dec 23 MEDI CVE-2025-67743 Local Deep Research is Vulnerable to Server-Side... 6.3 0.0% — Dec 23 HIGH CVE-2025-68613 n8n is an open source workflow automation... 8.8 — n8n Dec 19 HIGH CVE-2025-68478 Langflow is a tool for building and deploying... 7.1 0.1% langflow Dec 19 MEDI CVE-2025-68477 Langflow is a tool for building and deploying... 6.5 0.0% langflow Dec 19 HIGH CVE-2025-53000 nbconvert has an uncontrolled search path that... — 0.0% — Dec 18 MEDI CVE-2025-63390 An authentication bypass vulnerability exists in... 5.3 — — Dec 18 CRIT CVE-2025-63389 A critical authentication bypass vulnerability... 9.8 — ollama Dec 18 HIGH CVE-2025-67748 Fickling has Code Injection vulnerability via... — 0.0% fickling Dec 15 HIGH CVE-2025-67747 Fickling has missing detection for marshal.loads... — 0.1% fickling Dec 15 CRIT CVE-2025-67511 Cybersecurity AI (CAI) is an open-source... 9.6 0.2% — Dec 11 HIGH CVE-2025-67644 LangGraph's SQLite is vulnerable to SQL injection... 7.3 0.0% — Dec 10 HIGH CVE-2025-33213 NVIDIA Merlin Transformers4Rec for Linux contains... 8.8 — — Dec 9 HIGH CVE-2025-65964 n8n is an open source workflow automation... 8.8 — n8n Dec 9 MEDI CVE-2025-13922 The Tag, Category, and Taxonomy Manager – AI... 6.5 — — Dec 6 HIGH CVE-2025-34291 Langflow versions up to and including 1.6.9... 8.8 13.1% langflow Dec 5 HIGH CVE-2025-65958 Open WebUI vulnerable to Server-Side Request... 8.5 0.0% open-webui Dec 4 UNKN CVE-2025-66479 Anthropic Sandbox Runtime is a lightweight... — — — Dec 4 LOW CVE-2025-63681 open-webui is Vulnerable to Incorrect Access... — 0.0% open-webui Dec 4 HIGH CVE-2025-66404 MCP Server Kubernetes is an MCP Server that can... 8.8 — — Dec 3 MEDI CVE-2025-13359 The Tag, Category, and Taxonomy Manager – AI... 6.5 — — Dec 3 MEDI CVE-2025-13354 The Tag, Category, and Taxonomy Manager – AI... 4.3 — — Dec 3 HIGH CVE-2025-66448 vLLM is an inference and serving engine for large... 8.8 0.2% vllm Dec 1 UNKN CVE-2025-12638 Keras version 3.11.3 is affected by a path... — — — Nov 28 CRIT CVE-2025-34351 Ray's New Token Authentication is Disabled By... — 0.5% ray Nov 27 CRIT CVE-2025-62593 Ray is vulnerable to Critical RCE via Safari &... — 0.0% ray Nov 26 HIGH CVE-2025-65106 LangChain is a framework for building agents and... — 0.1% langchain-core Nov 21 HIGH CVE-2025-62609 MLX is an array framework for machine learning on... 7.5 0.1% mlx Nov 21 CRIT CVE-2025-62608 MLX is an array framework for machine learning on... 9.1 0.1% mlx Nov 21 HIGH CVE-2025-12973 The S2B AI Assistant – ChatBot, ChatGPT, OpenAI,... 7.2 — — Nov 21 MEDI CVE-2025-62426 vLLM is an inference and serving engine for large... 6.5 0.1% vllm Nov 21 MEDI CVE-2025-62372 vLLM is an inference and serving engine for large... 6.5 0.1% vllm Nov 21 HIGH CVE-2025-62164 vLLM is an inference and serving engine for large... 8.8 0.1% vllm Nov 21 LOW CVE-2025-63396 An issue was discovered in PyTorch v2.5 and... 3.3 — pytorch Nov 12 MEDI CVE-2025-12732 The WP Import – Ultimate CSV XML Importer for... 4.3 — — Nov 12 MEDI CVE-2025-11972 The Tag, Category, and Taxonomy Manager – AI... 4.9 — — Nov 8 HIGH CVE-2025-64496 Open WebUI Affected by an External Model Server... 7.3 0.2% open-webui Nov 7 HIGH CVE-2025-64495 Open WebUI vulnerable to Stored DOM XSS via... 8.7 0.0% open-webui Nov 7 MEDI CVE-2025-12360 The Better Find and Replace – AI-Powered... 4.3 — — Nov 6

Need deeper analysis?

Get ATLAS technique mappings, compliance reports (ISO 42001, EU AI Act), breaking alerts, and full CISO analysis with a Pro subscription.

Start 14-Day Free Trial