AI Threat Alert
AI Security Threat Feed
Latest CVEs affecting AI/ML systems, updated continuously. Tracked from NVD, GitHub Advisory, and CISA KEV.
1,604
AI/ML CVEs Tracked
225
Critical
76
New This Week
16
In CISA KEV
Latest AI Security Threats
Showing 20 of 1604 results Severity CVE ID Summary CVSS EPSS Package Date
LOW E CVE-2024-6971 lollms: path traversal in RAG database functions 3.4 0.0% lollms Oct 11 MEDI CVE-2024-47872 Gradio: stored XSS via malicious file upload 5.4 0.3% gradio Oct 10 CRIT CVE-2024-47871 Gradio: cleartext MITM exposes ML demo data via share=True 9.1 0.1% gradio Oct 10 HIGH CVE-2024-47870 Gradio: race condition enables backend URL hijacking 8.1 0.2% gradio Oct 10 LOW CVE-2024-47869 Gradio: timing attack exposes analytics dashboard auth 3.7 0.2% gradio Oct 10 HIGH E CVE-2024-47868 Gradio: path traversal leaks arbitrary server files 7.5 0.2% gradio Oct 10 HIGH CVE-2024-47867 Gradio: no integrity check on FRP binary, supply chain RCE 7.5 0.2% gradio Oct 10 MEDI CVE-2024-47168 Gradio: monitoring endpoint bypass leaks app analytics 4.3 0.2% gradio Oct 10 CRIT CVE-2024-47167 Gradio: unauthenticated SSRF in /queue/join, internal pivot 9.8 0.2% gradio Oct 10 MEDI CVE-2024-47166 Gradio: path traversal leaks custom component source 5.3 0.2% gradio Oct 10 MEDI CVE-2024-47165 Gradio: CORS null origin bypass leaks auth tokens 5.4 0.2% gradio Oct 10 MEDI CVE-2024-47164 Gradio: path traversal bypasses directory access controls 6.5 0.2% gradio Oct 10 HIGH CVE-2024-47084 Gradio: CORS bypass exposes local instances to credential theft 8.3 0.1% gradio Oct 10 MEDI GHSA-26jh-r8g2-6fpr Gradio: Dropdown validation bypass enables arbitrary input 5.3 — gradio Oct 10 MEDI E CVE-2024-7037 open-webui: path traversal → arbitrary file write/RCE 6.5 2.3% open-webui Oct 9 MEDI E CVE-2024-7041 open-webui: IDOR enables cross-user memory tampering 6.5 0.1% open-webui Oct 9 LOW E CVE-2024-7038 open-webui: filesystem enumeration via admin error messages 2.7 0.2% open-webui Oct 9 MEDI E CVE-2024-9277 Langflow: ReDoS crashes LLM workflow backend via HTTP POST 6.5 0.2% langflow Sep 27 HIGH E CVE-2024-7714 AYS ChatGPT WP Plugin: auth bypass disables AI service 7.5 23.9% — Sep 27 MEDI E CVE-2024-6845 ChatGPT WP Plugin: OpenAI API key leak via unauth REST 5.3 21.6% — Sep 25 Need deeper analysis?
Get ATLAS technique mappings, compliance reports (ISO 42001, EU AI Act), breaking alerts, and full CISO analysis with a Pro subscription.
Start 14-Day Free Trial