AI Security Threat Feed

Latest CVEs affecting AI/ML systems, updated continuously. Tracked from NVD, GitHub Advisory, and CISA KEV.

1,604

AI/ML CVEs Tracked

225

Critical

New This Week

In CISA KEV

Sort: Date CVSS EPSS KEV first Most exploited

Filter: All Critical High Medium KEV only Active exploitation Has patch No patch

Latest AI Security Threats

Showing 20 of 1604 results

HIGH EXPLOIT AVAIL

LlamaIndex Obsidian: symlink traversal exposes host files

Data Extraction Data Leakage Framework RAG

llama-index-readers-obsidian Patch: 0.5.1 CWE-22 229 4 ATLAS

MEDIUM EXPLOIT AVAIL

llama-index ArxivReader: MD5 collision corrupts training data

Supply Chain Model Poisoning Data Leakage Framework Training Data RAG

llama-index-readers-papers Patch: 0.3.1 CWE-440 229 5 ATLAS

HIGH EXPLOIT AVAIL

llama-index Papers Loader: XML expansion DoS

DoS Supply Chain Framework RAG

llama-index-readers-papers Patch: 0.3.2 CWE-776 229 3 ATLAS

LOW EXPLOIT AVAIL

Transformers: URL validation bypass exposes image pipeline

Data Leakage Social Engineering Framework

transformers CWE-20 7.9K 4 ATLAS

MEDIUM EXPLOIT AVAIL

Transformers: ReDoS in dynamic module loader causes DoS

DoS Supply Chain Framework Model

transformers CWE-1333 7.9K 4 ATLAS

MEDIUM EXPLOIT AVAIL

Transformers: ReDoS in config loader causes serving DoS

transformers CWE-1333 7.9K 4 ATLAS

HIGH EXPLOIT AVAIL

Transformers: ReDoS in chat.py causes CPU exhaustion

transformers CWE-1333 7.9K 3 ATLAS

MEDIUM EXPLOIT AVAIL

llama-index: RCE via unsafe pickle deserialization

Code Execution Supply Chain Framework RAG Agent

llama-index-core Patch: 0.12.41 CWE-1112 1.1K 4 ATLAS

MEDIUM

n8n: broken authz enables cross-user workflow termination

Auth Bypass DoS Agent Framework

n8n 16 4 ATLAS

MEDIUM EXPLOIT AVAIL

LiteLLM: SQL injection in key management API

Data Extraction Auth Bypass API Framework

litellm 4 5 ATLAS

MEDIUM EXPLOIT AVAIL

n8n: DoS via empty filesystem URI in binary-data API

UNKNOWN EXPLOIT AVAIL

Slack MCP: zero-click exfiltration via link unfurling

CVE-2025-34072

EPSS 0.4%

10mo ago

Prompt Injection Data Extraction Data Leakage Agent Plugin API

6 ATLAS

HIGH EXPLOIT AVAIL

Langchain-Chatchat: path traversal exposes system files

Data Extraction Code Execution Framework RAG

langchain-chatchat CWE-22 2.6K 5 ATLAS

MEDIUM EXPLOIT AVAIL

Langchain-Chatchat: path traversal in file API exposes host FS

Data Extraction Data Leakage Framework API RAG

langchain-chatchat CWE-22 2.6K 5 ATLAS

CRITICAL EXPLOIT AVAIL

Langchain-Chatchat: path traversal in KB upload

Code Execution Data Extraction Supply Chain Framework RAG

langchain-chatchat CWE-22 2.6K 5 ATLAS

MEDIUM

n8n: open redirect enables phishing via login flow

Social Engineering Auth Bypass Agent Framework

n8n 16 5 ATLAS

CRITICAL EXPLOIT AVAIL

LLaMA-Factory: RCE via unsafe checkpoint deserialization

Code Execution Supply Chain Framework Model

llamafactory CWE-94 1 6 ATLAS

CRITICAL EXPLOIT AVAIL

LangChain RequestsToolkit: SSRF exposes cloud metadata

Data Extraction Auth Bypass Framework Agent

langchain CWE-918 2.6K 5 ATLAS

MEDIUM

MLflow: unauthenticated SSRF in gateway proxy

Auth Bypass Data Extraction Framework API

mlflow Patch: 3.1.0 CWE-918 624 4 ATLAS

HIGH

Hive Support WP: OpenAI key theft + prompt hijack

Auth Bypass Data Extraction Prompt Injection API Plugin

6 ATLAS

Need deeper analysis?

Get ATLAS technique mappings, compliance reports (ISO 42001, EU AI Act), breaking alerts, and full CISO analysis with a Pro subscription.

Start 14-Day Free Trial

AI Security Threat Feed

Weekly CISO Take + top threats

Latest AI Security Threats

Need deeper analysis?