AI Threat Alert
AI Security Threat Feed
Latest CVEs affecting AI/ML systems, updated continuously. Tracked from NVD, GitHub Advisory, and CISA KEV.
1,604
AI/ML CVEs Tracked
225
Critical
76
New This Week
16
In CISA KEV
Latest AI Security Threats
Showing 20 of 1604 results Severity CVE ID Summary CVSS EPSS Package Date
CRIT E CVE-2024-35198 TorchServe: URL bypass enables arbitrary model loading 9.8 0.2% torchserve Jul 19 HIGH E CVE-2024-21513 langchain-experimental: RCE via eval() in VectorSQL chain 8.5 16.7% langchain-experimental Jul 15 LOW E CVE-2024-40594 ChatGPT macOS: cleartext conversation storage exposed 2.3 0.0% — Jul 6 UNKN E CVE-2024-4897 lollms-webui: RCE via malicious GGUF model loading — 0.8% — Jul 2 CRIT E CVE-2024-39236 Gradio: code injection via component metadata (CVSS 9.8) 9.8 1.9% gradio Jul 1 MEDI E CVE-2024-37146 Flowise: reflected XSS enables credential theft 6.1 0.3% flowise Jul 1 MEDI E CVE-2024-37145 Flowise: reflected XSS enables file read chain via chatflow 6.1 0.4% flowise Jul 1 MEDI E CVE-2024-36423 Flowise: reflected XSS in chatflow API enables session hijack 6.1 0.3% flowise Jul 1 MEDI E CVE-2024-36422 Flowise: reflected XSS enables session hijack and file read 6.1 0.2% flowise Jul 1 HIGH E CVE-2024-36421 Flowise: CORS wildcard enables file read and data theft 7.5 1.6% flowise Jul 1 HIGH E CVE-2024-36420 Flowise: unauthenticated arbitrary file read via API 7.5 0.3% flowise Jul 1 LOW E CVE-2024-4839 lollms-webui: CSRF allows unauthorized AI service install 3.3 0.0% lollms-webui Jun 24 MEDI E CVE-2024-4940 Gradio: open redirect enables phishing against ML users 6.1 7.2% gradio Jun 22 HIGH E CVE-2024-38459 LangChain: Python REPL code execution without opt-in 7.8 0.1% langchain-experimental Jun 16 CRIT E CVE-2024-37014 Langflow: unauthenticated RCE via custom component API 9.8 6.5% langflow Jun 10 HIGH E CVE-2024-5187 ONNX: path traversal in model download enables RCE 8.8 1.4% onnx Jun 6 MEDI E CVE-2024-2965 langchain-community: DoS via recursive sitemap loop 4.2 0.0% langchain Jun 6 MEDI E CVE-2024-5206 scikit-learn: TfidfVectorizer leaks training data tokens 4.7 0.0% scikit-learn Jun 6 HIGH E CVE-2024-4888 litellm: arbitrary file deletion via audio endpoint 8.1 0.1% litellm Jun 6 CRIT E CVE-2024-3234 ChuanhuChatGPT: path traversal exposes LLM API keys 9.8 84.0% chuanhuchatgpt Jun 6 Need deeper analysis?
Get ATLAS technique mappings, compliance reports (ISO 42001, EU AI Act), breaking alerts, and full CISO analysis with a Pro subscription.
Start 14-Day Free Trial