AI Threat Alert
AI Security Threat Feed
Latest CVEs affecting AI/ML systems, updated continuously. Tracked from NVD, GitHub Advisory, and CISA KEV.
1,604
AI/ML CVEs Tracked
225
Critical
76
New This Week
16
In CISA KEV
Latest AI Security Threats
Showing 20 of 1604 results Severity CVE ID Summary CVSS EPSS Package Date
CRIT E CVE-2024-12909 llama-index finchat: SQL injection enables RCE 10.0 4.1% llama-index-packs-finchat Mar 20 HIGH GHSA-w466-2wfc-8g58 open-webui: DoS via starlette memory exhaustion 7.5 — open-webui Mar 20 MEDI E CVE-2024-12910 llama-index: DoS via infinite recursion in web reader 5.9 0.4% llama-index Mar 20 HIGH GHSA-hh3j-9m59-p8vc BentoML: DoS via multipart boundary in Gradio login 7.5 — bentoml Mar 20 MEDI GHSA-564p-rx2q-4c8v BentoML: open redirect exposes ML teams to phishing 6.1 — bentoml Mar 20 HIGH E CVE-2024-12537 Open-WebUI: unauthenticated DoS via code formatter 7.5 2.7% open-webui Mar 20 HIGH E CVE-2024-12534 open-webui: unauthenticated DoS via login payload flood 7.5 0.6% open-webui Mar 20 CRIT E CVE-2024-11958 llama-index DuckDB retriever: SQLi enables RCE 9.8 4.1% llama-index-retrievers-duckdb-retriever Mar 20 HIGH E CVE-2024-10572 H2O-3: unauthenticated AST parser enables DoS + file write 7.5 0.4% — Mar 20 MEDI E CVE-2025-1474 MLflow: passwordless accounts enable persistent backdoor 5.5 0.1% mlflow Mar 20 HIGH E CVE-2025-1473 MLflow: CSRF in signup allows rogue account creation 7.1 0.2% mlflow Mar 20 HIGH E CVE-2025-0453 MLflow: GraphQL DoS disables ML tracking server 7.5 0.3% mlflow Mar 20 HIGH E CVE-2025-0317 Ollama: DoS via malicious GGUF model file upload 7.5 2.9% ollama Mar 20 HIGH E CVE-2025-0315 Ollama: GGUF model upload causes memory exhaustion DoS 7.5 0.1% ollama Mar 20 HIGH E CVE-2025-0312 Ollama: null pointer DoS via malicious GGUF model upload 7.5 0.2% ollama Mar 20 UNKN E CVE-2025-0187 Gradio: DoS via oversized upload filename — 0.8% gradio Mar 20 CRIT E CVE-2024-9070 BentoML: unauthenticated RCE via runner deserialization 9.8 0.4% bentoml Mar 20 HIGH E CVE-2024-9056 BentoML: DoS via multipart boundary exhausts server 7.5 0.3% bentoml Mar 20 CRIT E CVE-2024-9053 vllm: RCE via unsafe pickle deserialization in RPC server 9.8 10.0% vllm Mar 20 HIGH E CVE-2024-8966 Gradio: DoS via malformed multipart boundary 7.5 0.3% video Mar 20 Need deeper analysis?
Get ATLAS technique mappings, compliance reports (ISO 42001, EU AI Act), breaking alerts, and full CISO analysis with a Pro subscription.
Start 14-Day Free Trial