AI Threat Alert
AI Security Threat Feed
Latest CVEs affecting AI/ML systems, updated continuously. Tracked from NVD, GitHub Advisory, and CISA KEV.
1,604
AI/ML CVEs Tracked
225
Critical
76
New This Week
16
In CISA KEV
Latest AI Security Threats
Showing 20 of 1604 results Severity CVE ID Summary CVSS EPSS Package Date
HIGH E CVE-2025-3046 LlamaIndex Obsidian: symlink traversal exposes host files 7.5 0.5% llama-index-readers-obsidian Jul 7 MEDI E CVE-2025-3044 llama-index ArxivReader: MD5 collision corrupts training data 5.3 0.2% llama-index-readers-papers Jul 7 HIGH E CVE-2025-3225 llama-index Papers Loader: XML expansion DoS 7.5 0.3% llama-index-readers-papers Jul 7 LOW E CVE-2025-3777 Transformers: URL validation bypass exposes image pipeline 3.5 0.1% transformers Jul 7 MEDI E CVE-2025-3264 Transformers: ReDoS in dynamic module loader causes DoS 5.3 0.1% transformers Jul 7 MEDI E CVE-2025-3263 Transformers: ReDoS in config loader causes serving DoS 5.3 0.1% transformers Jul 7 HIGH E CVE-2025-3262 Transformers: ReDoS in chat.py causes CPU exhaustion 7.5 0.3% transformers Jul 7 MEDI E CVE-2025-3108 llama-index: RCE via unsafe pickle deserialization 5.0 1.9% llama-index-core Jul 7 MEDI CVE-2025-52554 n8n: broken authz enables cross-user workflow termination 4.3 0.3% n8n Jul 3 MEDI E CVE-2025-45809 LiteLLM: SQL injection in key management API 5.4 0.2% litellm Jul 3 MEDI E CVE-2025-49595 n8n: DoS via empty filesystem URI in binary-data API 4.9 0.3% n8n Jul 3 UNKN E CVE-2025-34072 Slack MCP: zero-click exfiltration via link unfurling — 0.4% — Jul 2 HIGH E CVE-2025-6855 Langchain-Chatchat: path traversal exposes system files 8.8 0.7% langchain-chatchat Jun 29 MEDI E CVE-2025-6854 Langchain-Chatchat: path traversal in file API exposes host FS 4.3 0.5% langchain-chatchat Jun 29 CRIT E CVE-2025-6853 Langchain-Chatchat: path traversal in KB upload 9.8 0.6% langchain-chatchat Jun 29 MEDI CVE-2025-49592 n8n: open redirect enables phishing via login flow 5.4 0.2% n8n Jun 26 CRIT E CVE-2025-53002 LLaMA-Factory: RCE via unsafe checkpoint deserialization 9.8 4.2% llamafactory Jun 26 CRIT E CVE-2025-2828 LangChain RequestsToolkit: SSRF exposes cloud metadata 10.0 0.2% langchain Jun 23 MEDI CVE-2025-52967 MLflow: unauthenticated SSRF in gateway proxy 5.8 0.2% mlflow Jun 23 HIGH CVE-2025-5018 Hive Support WP: OpenAI key theft + prompt hijack 7.1 0.2% — Jun 6 Need deeper analysis?
Get ATLAS technique mappings, compliance reports (ISO 42001, EU AI Act), breaking alerts, and full CISO analysis with a Pro subscription.
Start 14-Day Free Trial