AI Threat Alert
AI Security Threat Feed
Latest CVEs affecting AI/ML systems, updated continuously. Tracked from NVD, GitHub Advisory, and CISA KEV.
AI/ML CVEs Tracked
Critical
New This Week
In CISA KEV
Latest AI Security Threats
Showing 20 of 1604 resultsMLflow: XSS in recipes enables client-side RCE
CVE-2024-27132 Intel TF Opt: buffer overflow enables local privesc
CVE-2023-30767 Gradio: unauthenticated LFI exposes full server filesystem
CVE-2024-0964 LlamaIndex: SQL injection in Text-to-SQL feature
CVE-2024-23751 Gradio: path traversal grants arbitrary file read
CVE-2023-51449 Transformers: unsafe deserialization enables RCE on load
CVE-2023-7018 HuggingFace Transformers: RCE via unsafe deserialization
CVE-2023-6730 MLflow: path traversal exposes arbitrary files (no auth)
CVE-2023-6909 MLflow: path traversal allows arbitrary file write
CVE-2023-6831 Gradio: command injection enables RCE on ML servers
CVE-2023-6572 MLflow: path traversal exposes arbitrary file read/write
CVE-2023-6753 MLflow: SSTI enables RCE in ML experiment tracking
CVE-2023-6709 MLflow: reflected XSS via Content-Type header injection
CVE-2023-6568 MLflow: unauth REST API leaks sensitive ML data
CVE-2023-43472 Ray: unauthenticated RCE via job submission API
CVE-2023-48022 TorchServe: ZipSlip arbitrary file write via model upload
CVE-2023-48299 Ray: unauthenticated LFI exposes entire filesystem
CVE-2023-6020 MLflow: auth bypass allows arbitrary account creation
CVE-2023-6014 Ray: unauthenticated RCE via dashboard command injection
CVE-2023-6019 Ray: LFI allows unauthenticated file read
CVE-2023-6021 Need deeper analysis?
Get ATLAS technique mappings, compliance reports (ISO 42001, EU AI Act), breaking alerts, and full CISO analysis with a Pro subscription.
Start 14-Day Free Trial