AI Threat Alert AI Threat Alert

AI Security Threat Feed

Latest CVEs affecting AI/ML systems, updated continuously. Tracked from NVD, GitHub Advisory, and CISA KEV.

1,604

AI/ML CVEs Tracked

225

Critical

76

New This Week

16

In CISA KEV

Sort: Date CVSS EPSS KEV first Most exploited
Filter: All Critical High Medium KEV only Active exploitation Has patch No patch

Latest AI Security Threats

Showing 20 of 1604 results
Severity CVE ID Summary CVSS EPSS Package Date
CRIT E CVE-2024-46946 LangChain-Experimental: RCE via eval in math chain 9.8 0.7% langchain-experimental Sep 19 MEDI E CVE-2024-8939 ilab/vllm: best_of param causes inference API DoS 6.2 0.0% Sep 17 HIGH E CVE-2024-8768 vLLM: unauthenticated DoS via empty completion prompt 7.5 0.0% Sep 17 HIGH E CVE-2024-5998 LangChain: RCE via FAISS pickle deserialization 7.8 0.1% langchain Sep 17 HIGH CVE-2024-6587 LiteLLM: SSRF leaks OpenAI API key to attacker 7.5 88.4% litellm Sep 13 HIGH E CVE-2024-45848 MindsDB: RCE via eval() injection in ChromaDB INSERT 8.8 0.4% Sep 12 HIGH E CVE-2024-45436 Ollama: ZIP path traversal exposes host filesystem 7.5 29.1% ollama Aug 29 MEDI E CVE-2024-42474 Streamlit: path traversal leaks Windows NTLM hash 6.5 1.7% streamlit Aug 12 HIGH CVE-2023-33976 TensorFlow: DoS via upper_bound rank validation crash 7.5 0.0% tensorflow Jul 30 HIGH E CVE-2024-7297 Langflow: mass assignment grants super admin access 8.8 0.3% langflow Jul 30 CRIT E CVE-2024-41120 streamlit-geospatial: blind SSRF via unvalidated URL input 9.8 0.2% streamlit-geospatial Jul 26 CRIT E CVE-2024-41119 streamlit-geospatial: RCE via eval() on vis_params input 9.8 1.6% streamlit-geospatial Jul 26 CRIT E CVE-2024-41118 streamlit-geospatial: blind SSRF via WMS URL input 9.8 0.2% streamlit-geospatial Jul 26 CRIT E CVE-2024-41117 streamlit-geospatial: eval() injection allows RCE 9.8 2.3% streamlit-geospatial Jul 26 CRIT E CVE-2024-41116 streamlit-geospatial: RCE via eval() injection 9.8 2.0% streamlit-geospatial Jul 26 CRIT E CVE-2024-41115 streamlit-geospatial: eval() injection enables RCE 9.8 1.1% streamlit-geospatial Jul 26 CRIT E CVE-2024-41114 streamlit-geospatial: RCE via eval() on palette input 9.8 1.3% streamlit-geospatial Jul 26 CRIT E CVE-2024-41113 streamlit-geospatial: RCE via eval() in Timelapse page 9.8 1.6% streamlit-geospatial Jul 26 CRIT E CVE-2024-41112 streamlit-geospatial: RCE via eval() on palette input 9.8 1.6% streamlit-geospatial Jul 26 HIGH E CVE-2024-35199 TorchServe: default gRPC exposure allows unauth inference 8.2 0.1% torchserve Jul 19

Need deeper analysis?

Get ATLAS technique mappings, compliance reports (ISO 42001, EU AI Act), breaking alerts, and full CISO analysis with a Pro subscription.

Start 14-Day Free Trial