AI Threat Alert AI Threat Alert

AI Security Threat Feed

Latest CVEs affecting AI/ML systems, updated continuously. Tracked from NVD, GitHub Advisory, and CISA KEV.

1,604

AI/ML CVEs Tracked

225

Critical

77

New This Week

16

In CISA KEV

Sort: Date CVSS EPSS KEV first Most exploited
Filter: All Critical High Medium KEV only Active exploitation Has patch No patch

Latest AI Security Threats

Showing 20 of 1604 results
HIGH EXPLOIT AVAIL

MLflow: path traversal via ';' smuggling exposes files

CVE-2024-1593
7.5
EPSS 0.3%
Data Extraction Auth Bypass Framework Training Data
mlflow 624 4 ATLAS
UNKNOWN KEV SCANNER

Gradio: path traversal enables arbitrary file read

CVE-2024-1561
--
EPSS 93.4%
Data Extraction Data Leakage Framework API
gradio 679 5 ATLAS
HIGH EXPLOIT AVAIL

MLflow: path traversal allows arbitrary directory deletion

CVE-2024-1560
8.1
EPSS 0.1%
Supply Chain DoS Auth Bypass Framework Training Data
mlflow 624 3 ATLAS
HIGH EXPLOIT AVAIL

MLflow: path traversal enables arbitrary file read

CVE-2024-1558
7.5
EPSS 0.1%
Data Extraction Data Leakage Framework
mlflow 624 5 ATLAS
HIGH EXPLOIT AVAIL SCANNER

MLflow: path traversal exposes arbitrary server files

CVE-2024-1483
7.5
EPSS 75.0%
Data Extraction Auth Bypass Framework Training Data
mlflow 624 5 ATLAS
UNKNOWN EXPLOIT AVAIL SCANNER

Gradio: SSRF enables internal network port scanning

CVE-2024-1183
--
EPSS 55.0%
Data Extraction Privacy Violation Framework Inference
gradio 679 3 ATLAS
MEDIUM

stable-diffusion-webui: path traversal file write

CVE-2024-31462
6.3
EPSS 0.2%
Code Execution Framework Inference
3 ATLAS
CRITICAL EXPLOIT AVAIL

HuggingFace Transformers: RCE via pickle deserialization

CVE-2024-3568
9.6
EPSS 24.4%
Code Execution Supply Chain Framework Model
transformers 7.9K 5 ATLAS
HIGH EXPLOIT AVAIL SCANNER

Gradio: path traversal leaks arbitrary files, potential RCE

CVE-2024-1728
7.5
EPSS 86.5%
Data Extraction Code Execution Privacy Violation Framework API Inference
gradio 679 6 ATLAS
MEDIUM EXPLOIT AVAIL

Ollama: DNS rebinding exposes LLM API to remote access

CVE-2024-28224
6.6
EPSS 0.2%
Auth Bypass DoS Data Extraction Inference API Model
ollama 1.5K 4 ATLAS
CRITICAL EXPLOIT AVAIL

gpt_academic: deserialization RCE, no auth required

CVE-2024-31224
9.8
EPSS 3.3%
Code Execution Data Extraction Framework API
gpt_academic 5 ATLAS
UNKNOWN EXPLOIT AVAIL

Gradio: timing attack enables auth bypass on ML UIs

CVE-2024-1729
--
EPSS 0.1%
Auth Bypass Framework Inference
gradio 679 4 ATLAS
HIGH EXPLOIT AVAIL

Gradio: CI/CD command injection enables secrets exfil

CVE-2024-1540
8.2
EPSS 0.5%
Code Execution Supply Chain Framework
gradio 679 4 ATLAS
MEDIUM EXPLOIT AVAIL

Gradio: SSRF exposes internal HuggingFace endpoints

CVE-2024-2206
6.5
EPSS 0.1%
Data Extraction Auth Bypass Framework Inference API
gradio 679 4 ATLAS
MEDIUM EXPLOIT AVAIL

LangChain: Billion Laughs XML expansion causes DoS

CVE-2024-1455
5.9
EPSS 0.1%
DoS Framework
langchain 2.6K 4 ATLAS
UNKNOWN EXPLOIT AVAIL

Gradio: CSRF enables disk exhaustion via file upload DoS

CVE-2024-1727
--
EPSS 0.2%
DoS Auth Bypass Framework
gradio 679 3 ATLAS
HIGH EXPLOIT AVAIL

LangChain: path traversal enables RCE and API key theft

CVE-2024-28088
8.1
EPSS 13.4%
Code Execution Data Leakage Supply Chain Framework Agent API
langchain CWE-22 2.6K 6 ATLAS
CRITICAL EXPLOIT AVAIL

LangChain TFIDFRetriever: SSRF/RCE via load_local

CVE-2024-2057
9.8
EPSS 0.1%
Code Execution Data Extraction Framework RAG
langchain 2.6K 5 ATLAS
CRITICAL EXPLOIT AVAIL

LangChain Experimental: RCE via Python sandbox escape

CVE-2024-27444
9.8
EPSS 0.1%
Code Execution Supply Chain Framework Agent
langchain-experimental 2.6K 4 ATLAS
CRITICAL EXPLOIT AVAIL

MLflow: XSS in recipe runner enables Jupyter RCE

CVE-2024-27133
9.6
EPSS 0.2%
Code Execution Supply Chain Framework
mlflow 624 5 ATLAS

Need deeper analysis?

Get ATLAS technique mappings, compliance reports (ISO 42001, EU AI Act), breaking alerts, and full CISO analysis with a Pro subscription.

Start 14-Day Free Trial