AI Threat Alert AI Threat Alert

AI Security Threat Feed

Latest CVEs affecting AI/ML systems, updated continuously. Tracked from NVD, GitHub Advisory, and CISA KEV.

1,604

AI/ML CVEs Tracked

225

Critical

76

New This Week

16

In CISA KEV

Sort: Date CVSS EPSS KEV first Most exploited
Filter: All Critical High Medium KEV only Active exploitation Has patch No patch

Latest AI Security Threats

Showing 20 of 1604 results
Severity CVE ID Summary CVSS EPSS Package Date
MEDI E CVE-2024-3099 MLflow: URL encoding bypass enables model poisoning 5.4 0.1% mlflow Jun 6 HIGH E CVE-2024-3095 LangChain: SSRF in Web Retriever exposes cloud metadata 7.7 0.2% langchain Jun 6 HIGH E CVE-2024-2928 MLflow: URI fragment LFI exposes arbitrary files 7.5 91.6% mlflow Jun 6 HIGH E CVE-2024-0520 MLflow: path traversal enables RCE via dataset loading 8.8 4.9% mlflow Jun 6 CRIT E CVE-2024-5452 pytorch-lightning: RCE via deepdiff Delta deserialization 9.8 62.6% pytorch_lightning Jun 6 HIGH E CVE-2024-4941 Gradio: LFI via JSON path key exposes server files 7.5 0.7% gradio Jun 6 HIGH CVE-2024-4325 Gradio: SSRF exposes internal network and cloud metadata 8.6 65.1% gradio Jun 6 UNKN E CVE-2024-4254 Gradio: secrets exfiltration via unsafe fork PR workflow 0.4% gradio Jun 4 HIGH E CVE-2024-37061 MLflow: RCE via malicious MLproject file execution 8.8 3.9% mlflow Jun 4 HIGH E CVE-2024-37060 MLflow: RCE via deserialization in crafted Recipes 8.8 0.4% mlflow Jun 4 HIGH E CVE-2024-37059 MLflow: RCE via malicious PyTorch model deserialization 8.8 0.4% mlflow Jun 4 HIGH E CVE-2024-37058 MLflow: RCE via malicious LangChain model deserialization 8.8 0.4% mlflow Jun 4 HIGH E CVE-2024-37057 MLflow: RCE via malicious TensorFlow model deserialization 8.8 0.4% mlflow Jun 4 HIGH E CVE-2024-37056 MLflow: RCE via LightGBM model deserialization 8.8 0.4% mlflow Jun 4 HIGH E CVE-2024-37055 MLflow: RCE via pmdarima model deserialization 8.8 0.4% mlflow Jun 4 HIGH E CVE-2024-37054 MLflow: deserialization RCE via malicious PyFunc model 8.8 0.2% mlflow Jun 4 HIGH E CVE-2024-37053 MLflow: RCE via malicious scikit-learn model deserialization 8.8 0.4% mlflow Jun 4 HIGH E CVE-2024-37052 MLflow: RCE via malicious scikit-learn model upload 8.8 0.3% mlflow Jun 4 CRIT E CVE-2024-4253 Gradio: CI/CD command injection enables secrets exfiltration 9.1 1.9% gradio Jun 4 HIGH CVE-2024-37032 Ollama: path traversal enables RCE via model blob API 8.8 93.7% ollama May 31

Need deeper analysis?

Get ATLAS technique mappings, compliance reports (ISO 42001, EU AI Act), breaking alerts, and full CISO analysis with a Pro subscription.

Start 14-Day Free Trial