AI Threat Alert
AI Security Threat Feed
Latest CVEs affecting AI/ML systems, updated continuously. Tracked from NVD, GitHub Advisory, and CISA KEV.
1,604
AI/ML CVEs Tracked
225
Critical
76
New This Week
16
In CISA KEV
Latest AI Security Threats
Showing 20 of 1604 results Severity CVE ID Summary CVSS EPSS Package Date
UNKN E CVE-2024-3924 text-generation-inference: workflow injection RCE — 0.4% — May 30 MEDI E CVE-2024-4858 WP Testimonial Carousel: OpenAI API key hijack, no auth 5.3 0.2% — May 25 HIGH CVE-2024-0453 WordPress ChatBot: missing authz deletes OpenAI files 7.7 0.2% wpbot May 22 HIGH E CVE-2024-0452 WordPress AI ChatBot: auth bypass enables OpenAI file upload 7.7 0.2% wpbot May 22 MEDI E CVE-2024-0451 wpbot: missing auth exposes OpenAI account files 5.0 0.4% wpbot May 22 MEDI E CVE-2024-4263 MLflow: broken access control allows artifact deletion 5.4 0.1% mlflow May 16 UNKN E CVE-2024-4181 llama_index: RCE via eval() in RunGptLLM connector — 1.6% llamaindex May 16 HIGH E CVE-2024-3848 MLflow: URL fragment bypass leaks SSH and cloud keys 7.5 78.7% mlflow May 16 CRIT E CVE-2024-34359 llama-cpp-python: SSTI in .gguf loader enables RCE 9.6 39.4% — May 14 HIGH CVE-2024-34527 SolidUI: OpenAI API key exposed via log print statement 7.5 0.1% — May 6 HIGH E CVE-2024-34510 Gradio: credential leakage via Windows path encoding bug 7.5 0.1% gradio May 5 HIGH CVE-2024-34072 SageMaker SDK: pickle deserialization enables RCE 7.8 0.6% — May 3 MEDI CVE-2024-31584 PyTorch: OOB read in mobile model loader leaks memory 5.5 0.1% pytorch Apr 19 HIGH CVE-2024-31583 PyTorch: use-after-free in JIT mobile interpreter, RCE 7.8 0.0% pytorch Apr 17 MEDI E CVE-2024-31580 PyTorch: heap buffer overflow causes local DoS 4.0 0.0% pytorch Apr 17 CRIT E CVE-2024-3660 Keras: RCE via malicious model deserialization 9.8 0.4% keras Apr 16 CRIT E CVE-2024-3573 MLflow: LFI via URI parsing allows arbitrary file read 9.3 0.2% mlflow Apr 16 HIGH E CVE-2024-3571 LangChain: path traversal allows arbitrary file R/W 8.8 2.0% langchain Apr 16 CRIT E CVE-2024-2912 BentoML: RCE via insecure deserialization (CVSS 10) 10.0 7.5% — Apr 16 HIGH E CVE-2024-1594 MLflow: path traversal via URI fragment reads arbitrary files 7.5 0.2% mlflow Apr 16 Need deeper analysis?
Get ATLAS technique mappings, compliance reports (ISO 42001, EU AI Act), breaking alerts, and full CISO analysis with a Pro subscription.
Start 14-Day Free Trial