AI Threat Alert
AI Security Threat Feed
Latest CVEs affecting AI/ML systems, updated continuously. Tracked from NVD, GitHub Advisory, and CISA KEV.
AI/ML CVEs Tracked
Critical
New This Week
In CISA KEV
Latest AI Security Threats
Showing 20 of 1604 resultsChuanhuChatGPT: DoS via multipart payload exhaustion
CVE-2024-10650 Gradio: path traversal enables arbitrary file deletion DoS
CVE-2024-10648 Gradio: ReDoS in DateTime causes CPU exhaustion DoS
CVE-2024-10624 Gradio: zip bomb DoS via dataframe CSV upload
CVE-2024-10569 litellm: unauthenticated DoS crashes LLM proxy server
CVE-2024-10188 vLLM: RCE via unsafe deserialization in Mooncake KV
CVE-2025-29783 vLLM: DoS via unbounded grammar cache exhausts disk
CVE-2025-29770 Keras: safe_mode bypass enables RCE via model loading
CVE-2025-1550 PyTorch: improper init in quantized sigmoid skews model output
CVE-2025-2149 PyTorch: memory corruption in JIT profiler callback handler
CVE-2025-2148 picklescan: ZIP flag bypass enables RCE in PyTorch models
CVE-2025-1945 picklescan: ZIP spoof lets malicious PyTorch models bypass scan
CVE-2025-1944 Ray: Redis password exposed via plaintext logging
CVE-2025-1979 spacy-llm: SSTI allows unauthenticated RCE (CVSS 9.8)
CVE-2025-25362 vLLM AIBrix: weak hash in prefix cache leaks inference patterns
CVE-2025-1953 picklescan: scanner bypass enables supply chain RCE
CVE-2025-1716 picklescan: extension bypass enables RCE on model load
CVE-2025-1889 gpt_academic: symlink traversal exposes all server files
CVE-2025-25185 JupyterHub LTI13: JWT forgery enables full auth bypass
CVE-2023-25574 Label Studio: SSRF via S3 endpoint exposes internal services
CVE-2025-25297 Need deeper analysis?
Get ATLAS technique mappings, compliance reports (ISO 42001, EU AI Act), breaking alerts, and full CISO analysis with a Pro subscription.
Start 14-Day Free Trial