AI Threat Alert
AI Security Threat Feed
Latest CVEs affecting AI/ML systems, updated continuously. Tracked from NVD, GitHub Advisory, and CISA KEV.
1,604
AI/ML CVEs Tracked
225
Critical
76
New This Week
16
In CISA KEV
Latest AI Security Threats
Showing 20 of 1604 results Severity CVE ID Summary CVSS EPSS Package Date
HIGH E CVE-2024-1593 MLflow: path traversal via ';' smuggling exposes files 7.5 0.3% mlflow Apr 16 UNKN CVE-2024-1561 Gradio: path traversal enables arbitrary file read — 93.4% gradio Apr 16 HIGH E CVE-2024-1560 MLflow: path traversal allows arbitrary directory deletion 8.1 0.1% mlflow Apr 16 HIGH E CVE-2024-1558 MLflow: path traversal enables arbitrary file read 7.5 0.1% mlflow Apr 16 HIGH E CVE-2024-1483 MLflow: path traversal exposes arbitrary server files 7.5 75.0% mlflow Apr 16 UNKN E CVE-2024-1183 Gradio: SSRF enables internal network port scanning — 55.0% gradio Apr 16 MEDI CVE-2024-31462 stable-diffusion-webui: path traversal file write 6.3 0.2% — Apr 12 CRIT E CVE-2024-3568 HuggingFace Transformers: RCE via pickle deserialization 9.6 24.4% transformers Apr 10 HIGH E CVE-2024-1728 Gradio: path traversal leaks arbitrary files, potential RCE 7.5 86.5% gradio Apr 10 MEDI E CVE-2024-28224 Ollama: DNS rebinding exposes LLM API to remote access 6.6 0.2% ollama Apr 8 CRIT E CVE-2024-31224 gpt_academic: deserialization RCE, no auth required 9.8 3.3% gpt_academic Apr 8 UNKN E CVE-2024-1729 Gradio: timing attack enables auth bypass on ML UIs — 0.1% gradio Mar 29 HIGH E CVE-2024-1540 Gradio: CI/CD command injection enables secrets exfil 8.2 0.5% gradio Mar 27 MEDI E CVE-2024-2206 Gradio: SSRF exposes internal HuggingFace endpoints 6.5 0.1% gradio Mar 27 MEDI E CVE-2024-1455 LangChain: Billion Laughs XML expansion causes DoS 5.9 0.1% langchain Mar 26 UNKN E CVE-2024-1727 Gradio: CSRF enables disk exhaustion via file upload DoS — 0.2% gradio Mar 21 HIGH E CVE-2024-28088 LangChain: path traversal enables RCE and API key theft 8.1 13.4% langchain Mar 4 CRIT E CVE-2024-2057 LangChain TFIDFRetriever: SSRF/RCE via load_local 9.8 0.1% langchain Mar 1 CRIT E CVE-2024-27444 LangChain Experimental: RCE via Python sandbox escape 9.8 0.1% langchain-experimental Feb 26 CRIT E CVE-2024-27133 MLflow: XSS in recipe runner enables Jupyter RCE 9.6 0.2% mlflow Feb 23 Need deeper analysis?
Get ATLAS technique mappings, compliance reports (ISO 42001, EU AI Act), breaking alerts, and full CISO analysis with a Pro subscription.
Start 14-Day Free Trial