AI Threat Alert
AI Security Threat Feed
Latest CVEs affecting AI/ML systems, updated continuously. Tracked from NVD, GitHub Advisory, and CISA KEV.
AI/ML CVEs Tracked
Critical
New This Week
In CISA KEV
Latest AI Security Threats
Showing 20 of 1604 resultstext-generation-inference: workflow injection RCE
CVE-2024-3924 WP Testimonial Carousel: OpenAI API key hijack, no auth
CVE-2024-4858 WordPress ChatBot: missing authz deletes OpenAI files
CVE-2024-0453 WordPress AI ChatBot: auth bypass enables OpenAI file upload
CVE-2024-0452 wpbot: missing auth exposes OpenAI account files
CVE-2024-0451 MLflow: broken access control allows artifact deletion
CVE-2024-4263 llama_index: RCE via eval() in RunGptLLM connector
CVE-2024-4181 MLflow: URL fragment bypass leaks SSH and cloud keys
CVE-2024-3848 llama-cpp-python: SSTI in .gguf loader enables RCE
CVE-2024-34359 SolidUI: OpenAI API key exposed via log print statement
CVE-2024-34527 Gradio: credential leakage via Windows path encoding bug
CVE-2024-34510 SageMaker SDK: pickle deserialization enables RCE
CVE-2024-34072 PyTorch: OOB read in mobile model loader leaks memory
CVE-2024-31584 PyTorch: use-after-free in JIT mobile interpreter, RCE
CVE-2024-31583 PyTorch: heap buffer overflow causes local DoS
CVE-2024-31580 Keras: RCE via malicious model deserialization
CVE-2024-3660 MLflow: LFI via URI parsing allows arbitrary file read
CVE-2024-3573 LangChain: path traversal allows arbitrary file R/W
CVE-2024-3571 BentoML: RCE via insecure deserialization (CVSS 10)
CVE-2024-2912 MLflow: path traversal via URI fragment reads arbitrary files
CVE-2024-1594 Need deeper analysis?
Get ATLAS technique mappings, compliance reports (ISO 42001, EU AI Act), breaking alerts, and full CISO analysis with a Pro subscription.
Start 14-Day Free Trial