AI Threat Alert AI Threat Alert

AI Security Threat Feed

Latest CVEs affecting AI/ML systems, updated continuously. Tracked from NVD, GitHub Advisory, and CISA KEV.

1,604

AI/ML CVEs Tracked

225

Critical

76

New This Week

16

In CISA KEV

Sort: Date CVSS EPSS KEV first Most exploited
Filter: All Critical High Medium KEV only Active exploitation Has patch No patch

Latest AI Security Threats

Showing 20 of 1604 results
HIGH EXPLOIT AVAIL

MLflow: path traversal allows arbitrary file read via DBFS

CVE-2024-8859
7.5
EPSS 25.7%
Data Extraction Data Leakage Framework Training Data
mlflow CWE-22 624 5 ATLAS
HIGH EXPLOIT AVAIL

ollama: divide-by-zero DoS via crafted GGUF model import

CVE-2024-8063
7.5
EPSS 0.1%
DoS Supply Chain Inference Model Framework
ollama 1.5K 4 ATLAS
MEDIUM EXPLOIT AVAIL

Gradio: open redirect exposes AI demo users to phishing

CVE-2024-8021
6.1
EPSS 2.4%
Social Engineering Auth Bypass Framework API
gradio CWE-601 679 4 ATLAS
HIGH EXPLOIT AVAIL

Open-WebUI: SSRF via unchecked OpenAI URL leaks internal secrets

CVE-2024-7959
7.7
EPSS 0.5%
Data Extraction Auth Bypass Code Execution API Framework
open-webui CWE-918 5 ATLAS
MEDIUM EXPLOIT AVAIL

MLflow: unconstrained input causes UI denial of service

CVE-2024-6838
5.3
EPSS 0.6%
DoS Framework
mlflow CWE-400 624 3 ATLAS
MEDIUM EXPLOIT AVAIL

TorchServe: unverified S3 bucket exposes benchmark data

CVE-2024-6577
6.3
EPSS 0.2%
Supply Chain Data Leakage Data Extraction Framework Inference
3 ATLAS
HIGH EXPLOIT AVAIL

llama-index: SQLi+DoS via prompt injection in query engine

CVE-2024-12911
7.1
EPSS 0.3%
Prompt Injection Code Execution DoS Framework Agent
llamaindex CWE-89 6 ATLAS
UNKNOWN EXPLOIT AVAIL

Dify: SSRF via custom tool URL enables credential theft

CVE-2024-12775
--
EPSS 0.3%
Data Extraction Auth Bypass Framework API Agent
5 ATLAS
HIGH EXPLOIT AVAIL

Transformers: ReDoS in Nougat tokenizer causes DoS

CVE-2024-12720
7.5
EPSS 0.2%
DoS Framework Inference
transformers CWE-1333 7.9K 3 ATLAS
HIGH EXPLOIT AVAIL

llama-index: DoS via infinite loop in LangChain LLM

CVE-2024-12704
7.5
EPSS 0.4%
DoS Framework
llamaindex CWE-755 3 ATLAS
MEDIUM EXPLOIT AVAIL

Gradio: NTFS ADS bypass exposes blocked file paths

CVE-2024-12217
5.3
EPSS 0.3%
Data Extraction Data Leakage Auth Bypass Framework API
gradio CWE-22 679 3 ATLAS
UNKNOWN EXPLOIT AVAIL

LLaVA: path traversal allows arbitrary file read

CVE-2024-12065
--
EPSS 0.6%
Data Extraction Data Leakage Framework Inference
4 ATLAS
HIGH EXPLOIT AVAIL

Ollama: DoS via malicious gguf model file upload

CVE-2024-12055
7.5
EPSS 0.1%
DoS Supply Chain Inference Model Framework
ollama 1.5K 4 ATLAS
CRITICAL EXPLOIT AVAIL

vllm: RCE via unsafe pickle deserialization in MessageQueue

CVE-2024-11041
9.8
EPSS 5.6%
Code Execution Framework Inference
vllm CWE-502 127 4 ATLAS
UNKNOWN EXPLOIT AVAIL

gpt_academic: path traversal exposes LLM API keys

CVE-2024-11037
--
EPSS 0.2%
Data Extraction Auth Bypass API Framework
gpt_academic 5 ATLAS
HIGH EXPLOIT AVAIL

GPT Academic: SSRF in Markdown plugin leaks credentials

CVE-2024-11031
7.5
EPSS 0.2%
Data Extraction Auth Bypass Framework Plugin
gpt_academic 4 ATLAS
HIGH EXPLOIT AVAIL

GPT Academic: SSRF via unsanitized HotReload plugin

CVE-2024-11030
7.5
EPSS 0.3%
Data Extraction Auth Bypass Framework Plugin
gpt_academic 4 ATLAS
UNKNOWN EXPLOIT AVAIL

gpt_academic: RCE via unsandboxed prompt injection

CVE-2024-10950
--
EPSS 2.8%
Prompt Injection Code Execution Framework Plugin
gpt_academic 6 ATLAS
MEDIUM EXPLOIT AVAIL

langchain-core: file read via prompt template inputs

CVE-2024-10940
5.3
EPSS 0.3%
Data Extraction Data Leakage Privacy Violation Framework Agent
langchain-core Patch: 0.1.53 CWE-497 4.4K 4 ATLAS
UNKNOWN EXPLOIT AVAIL

ChuanhuChatGPT: path traversal exposes server files unauthed

CVE-2024-10707
--
EPSS 0.2%
Data Extraction Auth Bypass Framework API
chuanhuchatgpt 3 ATLAS

Need deeper analysis?

Get ATLAS technique mappings, compliance reports (ISO 42001, EU AI Act), breaking alerts, and full CISO analysis with a Pro subscription.

Start 14-Day Free Trial