AI Threat Alert
AI Security Threat Feed
Latest CVEs affecting AI/ML systems, updated continuously. Tracked from NVD, GitHub Advisory, and CISA KEV.
AI/ML CVEs Tracked
Critical
New This Week
In CISA KEV
Latest AI Security Threats
Showing 20 of 1604 resultsMLflow: URL encoding bypass enables model poisoning
CVE-2024-3099 LangChain: SSRF in Web Retriever exposes cloud metadata
CVE-2024-3095 MLflow: URI fragment LFI exposes arbitrary files
CVE-2024-2928 MLflow: path traversal enables RCE via dataset loading
CVE-2024-0520 pytorch-lightning: RCE via deepdiff Delta deserialization
CVE-2024-5452 Gradio: LFI via JSON path key exposes server files
CVE-2024-4941 Gradio: SSRF exposes internal network and cloud metadata
CVE-2024-4325 Gradio: secrets exfiltration via unsafe fork PR workflow
CVE-2024-4254 MLflow: RCE via malicious MLproject file execution
CVE-2024-37061 MLflow: RCE via deserialization in crafted Recipes
CVE-2024-37060 MLflow: RCE via malicious PyTorch model deserialization
CVE-2024-37059 MLflow: RCE via malicious LangChain model deserialization
CVE-2024-37058 MLflow: RCE via malicious TensorFlow model deserialization
CVE-2024-37057 MLflow: RCE via LightGBM model deserialization
CVE-2024-37056 MLflow: RCE via pmdarima model deserialization
CVE-2024-37055 MLflow: deserialization RCE via malicious PyFunc model
CVE-2024-37054 MLflow: RCE via malicious scikit-learn model deserialization
CVE-2024-37053 MLflow: RCE via malicious scikit-learn model upload
CVE-2024-37052 Gradio: CI/CD command injection enables secrets exfiltration
CVE-2024-4253 Ollama: path traversal enables RCE via model blob API
CVE-2024-37032 Need deeper analysis?
Get ATLAS technique mappings, compliance reports (ISO 42001, EU AI Act), breaking alerts, and full CISO analysis with a Pro subscription.
Start 14-Day Free Trial