AI Security Threat Feed

Latest CVEs affecting AI/ML systems, updated continuously. Tracked from NVD, GitHub Advisory, and CISA KEV.

1,604

AI/ML CVEs Tracked

225

Critical

New This Week

In CISA KEV

Sort: Date CVSS EPSS KEV first Most exploited

Filter: All Critical High Medium KEV only Active exploitation Has patch No patch

Latest AI Security Threats

Showing 20 of 1604 results

HIGH EXPLOIT AVAIL

open-webui: unauthenticated DoS via markdown parser

DoS Auth Bypass API Framework

open-webui CWE-400 3 ATLAS

HIGH EXPLOIT AVAIL

open-webui: Stored XSS enables admin session hijack

Code Execution Data Extraction Auth Bypass Framework API

open-webui CWE-79 3 ATLAS

HIGH EXPLOIT AVAIL

OpenWebUI: path traversal RCE via audio upload API

Code Execution Data Extraction Framework API

open-webui Patch: 0.5.17 CWE-22 5 ATLAS

HIGH EXPLOIT AVAIL

pytorch-lightning: unauthenticated DoS crashes LightningApp

pytorch-lightning CWE-248 1.6K 3 ATLAS

CRITICAL EXPLOIT AVAIL

pytorch-lightning: file upload RCE (Windows)

Code Execution Supply Chain Framework Training Data

pytorch-lightning Patch: 2.4.0 CWE-434 1.6K 4 ATLAS

HIGH EXPLOIT AVAIL

Open-WebUI: CSRF enables RCE via pipeline code injection

Code Execution Auth Bypass Framework API

open-webui Patch: 0.3.33 CWE-352 6 ATLAS

HIGH

open-webui: DoS via malformed multipart boundary

GHSA-6wj5-5pgr-jwq8

7.5

1y ago

DoS Framework API

open-webui Patch: 0.4.7 CWE-400 3 ATLAS

HIGH EXPLOIT AVAIL

ONNX: path traversal in download_model enables RCE

Supply Chain Code Execution Framework Model

onnx Patch: 1.17.0 CWE-22 1.2K 3 ATLAS

HIGH EXPLOIT AVAIL

open-webui: XSS enables admin session hijack via chat

Auth Bypass Code Execution Data Extraction Framework API

open-webui CWE-79 6 ATLAS

MEDIUM EXPLOIT AVAIL

Open WebUI: missing authz leaks admin credentials

Auth Bypass Data Extraction Privacy Violation API Framework

open-webui CWE-475 3 ATLAS

MEDIUM EXPLOIT AVAIL

open-webui: missing authz exposes admin prompts

Auth Bypass Data Leakage API Framework

open-webui CWE-862 5 ATLAS

MEDIUM EXPLOIT AVAIL

Open WebUI: CSRF wipes RAG DB and AI memories via GET

DoS Auth Bypass RAG API Framework

open-webui CWE-352 5 ATLAS

MEDIUM EXPLOIT AVAIL

open-webui: path traversal allows arbitrary file write/RCE

Code Execution Supply Chain Framework Inference API

open-webui CWE-22 4 ATLAS

HIGH EXPLOIT AVAIL

Open WebUI: auth bypass exposes all user files

Auth Bypass Data Extraction Data Leakage API Framework

open-webui CWE-821 4 ATLAS

MEDIUM EXPLOIT AVAIL

open-webui: path traversal allows file write and RCE

Code Execution DoS Framework Inference

open-webui CWE-29 3 ATLAS

HIGH EXPLOIT AVAIL

open-webui: unauthenticated DoS disables Admin panel

open-webui CWE-400 3 ATLAS

HIGH EXPLOIT AVAIL

LiteLLM: RCE via post_call_rules callback injection

Code Execution Supply Chain Auth Bypass Framework API Inference

litellm CWE-77 4 5 ATLAS

HIGH EXPLOIT AVAIL

open-webui: Privilege bypass enables admin account deletion

Auth Bypass Data Extraction API Framework

open-webui CWE-863 3 ATLAS

MEDIUM EXPLOIT AVAIL

Open WebUI: Stored XSS via file upload, session hijack

Auth Bypass Data Extraction Social Engineering Framework API

open-webui CWE-79 5 ATLAS

HIGH EXPLOIT AVAIL

lollms: RCE via eval() sandbox bypass in Calculate

Code Execution Auth Bypass Framework API

lollms Patch: 11.0.0 CWE-94 4 ATLAS

Need deeper analysis?

Get ATLAS technique mappings, compliance reports (ISO 42001, EU AI Act), breaking alerts, and full CISO analysis with a Pro subscription.

Start 14-Day Free Trial

AI Security Threat Feed

Weekly CISO Take + top threats

Latest AI Security Threats

Need deeper analysis?