AI Threat Alert AI Threat Alert

AI Security Threat Feed

Latest CVEs affecting AI/ML systems, updated continuously. Tracked from NVD, GitHub Advisory, and CISA KEV.

1,604

AI/ML CVEs Tracked

225

Critical

76

New This Week

16

In CISA KEV

Sort: Date CVSS EPSS KEV first Most exploited
Filter: All Critical High Medium KEV only Active exploitation Has patch No patch

Latest AI Security Threats

Showing 20 of 1604 results
CRITICAL EXPLOIT AVAIL

LangChain-Experimental: RCE via eval in math chain

CVE-2024-46946
9.8
EPSS 0.7%
Code Execution Supply Chain Framework Agent
langchain-experimental 2.6K 4 ATLAS
MEDIUM EXPLOIT AVAIL

ilab/vllm: best_of param causes inference API DoS

CVE-2024-8939
6.2
EPSS 0.0%
DoS Inference API
3 ATLAS
HIGH EXPLOIT AVAIL

vLLM: unauthenticated DoS via empty completion prompt

CVE-2024-8768
7.5
EPSS 0.0%
DoS Inference API Framework
4 ATLAS
HIGH EXPLOIT AVAIL

LangChain: RCE via FAISS pickle deserialization

CVE-2024-5998
7.8
EPSS 0.1%
Code Execution Supply Chain Framework RAG
langchain 2.6K 4 ATLAS
HIGH KEV

LiteLLM: SSRF leaks OpenAI API key to attacker

CVE-2024-6587
7.5
EPSS 88.4%
Data Extraction Auth Bypass API Framework
litellm 4 5 ATLAS
HIGH EXPLOIT AVAIL

MindsDB: RCE via eval() injection in ChromaDB INSERT

CVE-2024-45848
8.8
EPSS 0.4%
Code Execution Data Extraction Framework RAG Plugin
CWE-94 5 ATLAS
HIGH EXPLOIT AVAIL

Ollama: ZIP path traversal exposes host filesystem

CVE-2024-45436
7.5
EPSS 29.1%
Supply Chain Data Extraction Framework Model Inference
ollama CWE-22 1.5K 6 ATLAS
MEDIUM EXPLOIT AVAIL

Streamlit: path traversal leaks Windows NTLM hash

CVE-2024-42474
6.5
EPSS 1.7%
Data Leakage Auth Bypass Framework API
streamlit CWE-22 2.8K 4 ATLAS
HIGH

TensorFlow: DoS via upper_bound rank validation crash

CVE-2023-33976
7.5
EPSS 0.0%
DoS Framework Inference
tensorflow CWE-190 3.7K 3 ATLAS
HIGH EXPLOIT AVAIL

Langflow: mass assignment grants super admin access

CVE-2024-7297
8.8
EPSS 0.3%
Auth Bypass Code Execution Framework Agent
langflow 4 ATLAS
CRITICAL EXPLOIT AVAIL

streamlit-geospatial: blind SSRF via unvalidated URL input

CVE-2024-41120
9.8
EPSS 0.2%
Data Extraction Auth Bypass Framework API
streamlit-geospatial CWE-918 2.8K 3 ATLAS
CRITICAL EXPLOIT AVAIL

streamlit-geospatial: RCE via eval() on vis_params input

CVE-2024-41119
9.8
EPSS 1.6%
Code Execution Framework Inference
streamlit-geospatial 2.8K 4 ATLAS
CRITICAL EXPLOIT AVAIL

streamlit-geospatial: blind SSRF via WMS URL input

CVE-2024-41118
9.8
EPSS 0.2%
Data Extraction Auth Bypass Privacy Violation Framework API
streamlit-geospatial CWE-918 2.8K 4 ATLAS
CRITICAL EXPLOIT AVAIL

streamlit-geospatial: eval() injection allows RCE

CVE-2024-41117
9.8
EPSS 2.3%
Code Execution Framework
streamlit-geospatial 2.8K 4 ATLAS
CRITICAL EXPLOIT AVAIL

streamlit-geospatial: RCE via eval() injection

CVE-2024-41116
9.8
EPSS 2.0%
Code Execution Framework
streamlit-geospatial 2.8K 4 ATLAS
CRITICAL EXPLOIT AVAIL

streamlit-geospatial: eval() injection enables RCE

CVE-2024-41115
9.8
EPSS 1.1%
Code Execution Data Extraction Framework
streamlit-geospatial 2.8K 5 ATLAS
CRITICAL EXPLOIT AVAIL

streamlit-geospatial: RCE via eval() on palette input

CVE-2024-41114
9.8
EPSS 1.3%
Code Execution Data Extraction Framework Inference
streamlit-geospatial 2.8K 4 ATLAS
CRITICAL EXPLOIT AVAIL

streamlit-geospatial: RCE via eval() in Timelapse page

CVE-2024-41113
9.8
EPSS 1.6%
Code Execution Data Extraction Framework
streamlit-geospatial 2.8K 5 ATLAS
CRITICAL EXPLOIT AVAIL

streamlit-geospatial: RCE via eval() on palette input

CVE-2024-41112
9.8
EPSS 1.6%
Code Execution Framework
streamlit-geospatial 2.8K 4 ATLAS
HIGH EXPLOIT AVAIL

TorchServe: default gRPC exposure allows unauth inference

CVE-2024-35199
8.2
EPSS 0.1%
DoS Data Extraction Auth Bypass Inference Framework
torchserve 21.9K 5 ATLAS

Need deeper analysis?

Get ATLAS technique mappings, compliance reports (ISO 42001, EU AI Act), breaking alerts, and full CISO analysis with a Pro subscription.

Start 14-Day Free Trial