AI Threat Alert AI Threat Alert

AI Security Threat Feed

Latest CVEs affecting AI/ML systems, updated continuously. Tracked from NVD, GitHub Advisory, and CISA KEV.

1,604

AI/ML CVEs Tracked

225

Critical

76

New This Week

16

In CISA KEV

Sort: Date CVSS EPSS KEV first Most exploited
Filter: All Critical High Medium KEV only Active exploitation Has patch No patch

Latest AI Security Threats

Showing 20 of 1604 results
CRITICAL

Sage AI Plugin: unrestricted upload → web shell RCE

CVE-2024-52384
9.9
EPSS 0.9%
Code Execution Data Extraction Auth Bypass Plugin API
5 ATLAS
HIGH EXPLOIT AVAIL

Intel Extension for Transformers: path traversal privesc

CVE-2024-21799
7.1
EPSS 0.1%
Code Execution Supply Chain Framework
4 ATLAS
HIGH

TorchGeo: RCE via code injection in geospatial ML lib

CVE-2024-49048
8.1
EPSS 0.6%
Code Execution Supply Chain Framework Training Data
CWE-94 5 ATLAS
HIGH

LightGBM: heap buffer overflow enables network RCE

CVE-2024-43598
8.1
EPSS 1.7%
Code Execution Supply Chain Framework Inference Training Data
lightgbm CWE-122 991 4 ATLAS
MEDIUM EXPLOIT AVAIL

Gradio: path traversal exposes arbitrary server files

CVE-2024-51751
6.5
EPSS 0.3%
Data Extraction Data Leakage Framework
gradio CWE-22 679 3 ATLAS
CRITICAL EXPLOIT AVAIL

Langflow: RCE via unsandboxed code component execution

CVE-2024-48061
9.8
EPSS 13.2%
Code Execution Auth Bypass Framework Agent
langflow CWE-94 5 ATLAS
MEDIUM EXPLOIT AVAIL

Gradio: SSRF in DownloadButton exposes internal resources

CVE-2024-48052
6.5
EPSS 0.1%
Data Extraction Privacy Violation Framework Inference
gradio CWE-918 679 4 ATLAS
HIGH EXPLOIT AVAIL

Ollama: path traversal exposes server filesystem

CVE-2024-39722
7.5
EPSS 62.2%
Data Extraction Data Leakage Inference API
ollama 1.5K 4 ATLAS
HIGH EXPLOIT AVAIL

Ollama: DoS via /dev/random causes goroutine exhaustion

CVE-2024-39721
7.5
EPSS 0.3%
DoS Inference API Framework
ollama 1.5K 3 ATLAS
HIGH EXPLOIT AVAIL

Ollama: OOB read in GGUF parser enables remote DoS

CVE-2024-39720
8.2
EPSS 0.3%
DoS Code Execution Inference Framework
ollama 1.5K 3 ATLAS
HIGH EXPLOIT AVAIL

Ollama: file existence oracle via api/create errors

CVE-2024-39719
7.5
EPSS 44.5%
Data Extraction Privacy Violation Inference API
ollama 1.5K 4 ATLAS
CRITICAL EXPLOIT AVAIL

Langflow: Unauthenticated RCE via PythonCodeTool

CVE-2024-42835
9.8
EPSS 14.3%
Code Execution Supply Chain Data Extraction Framework Agent Plugin
langflow 6 ATLAS
CRITICAL EXPLOIT AVAIL

PyTorch: RCE via RemoteModule deserialization

CVE-2024-48063
9.8
EPSS 25.1%
Code Execution Supply Chain Framework Training Data
pytorch CWE-502 21.9K 4 ATLAS
MEDIUM EXPLOIT AVAIL

Lollms: SVG upload XSS enables session hijack and RCE

CVE-2024-6581
6.5
EPSS 1.6%
Code Execution Data Leakage Social Engineering Framework API
lollms CWE-79 4 ATLAS
CRITICAL EXPLOIT AVAIL

LangChain GraphCypher: prompt injection enables DB wipe

CVE-2024-8309
9.8
EPSS 2.0%
Prompt Injection Data Extraction DoS Framework Agent RAG
langchain CWE-74 2.6K 7 ATLAS
CRITICAL EXPLOIT AVAIL

LangChain.js: path traversal, arbitrary file read/write

CVE-2024-7774
9.1
EPSS 0.6%
Data Extraction Code Execution Data Leakage Framework Agent
langchain.js CWE-22 2.6K 5 ATLAS
CRITICAL EXPLOIT AVAIL

LangChainJS: prompt injection enables full graph DB takeover

CVE-2024-7042
9.8
EPSS 0.1%
Prompt Injection Data Extraction Code Execution Framework Agent API
langchain 2.6K 6 ATLAS
UNKNOWN

Cursor IDE: prompt injection triggers terminal RCE

CVE-2024-48919
--
EPSS 0.3%
Prompt Injection Code Execution Agent API
5 ATLAS
CRITICAL EXPLOIT AVAIL

Affiliator WP Plugin: Unauthenticated Web Shell Upload

CVE-2024-49326
9.8
EPSS 0.6%
Code Execution Auth Bypass Supply Chain Framework API
affiliator 1.5K 6 ATLAS
MEDIUM EXPLOIT AVAIL

lollms: path traversal allows arbitrary directory read

CVE-2024-6985
4.4
EPSS 0.1%
Data Extraction Auth Bypass Framework Agent
lollms CWE-23 4 ATLAS

Need deeper analysis?

Get ATLAS technique mappings, compliance reports (ISO 42001, EU AI Act), breaking alerts, and full CISO analysis with a Pro subscription.

Start 14-Day Free Trial