AI Threat Alert AI Threat Alert

AI Security Threat Feed

Latest CVEs affecting AI/ML systems, updated continuously. Tracked from NVD, GitHub Advisory, and CISA KEV.

1,604

AI/ML CVEs Tracked

225

Critical

77

New This Week

16

In CISA KEV

Sort: Date CVSS EPSS KEV first Most exploited
Filter: All Critical High Medium KEV only Active exploitation Has patch No patch

Latest AI Security Threats

Showing 20 of 1604 results
Severity CVE ID Summary CVSS EPSS Package Date
CRIT E CVE-2024-27132 MLflow: XSS in recipes enables client-side RCE 9.6 0.2% mlflow Feb 23 MEDI CVE-2023-30767 Intel TF Opt: buffer overflow enables local privesc 6.7 0.1% optimization_for_tensorflow Feb 14 CRIT E CVE-2024-0964 Gradio: unauthenticated LFI exposes full server filesystem 9.4 0.1% gradio Feb 5 CRIT E CVE-2024-23751 LlamaIndex: SQL injection in Text-to-SQL feature 9.8 0.4% llamaindex Jan 22 HIGH E CVE-2023-51449 Gradio: path traversal grants arbitrary file read 7.5 81.5% gradio Dec 22 HIGH E CVE-2023-7018 Transformers: unsafe deserialization enables RCE on load 7.8 0.2% transformers Dec 20 HIGH E CVE-2023-6730 HuggingFace Transformers: RCE via unsafe deserialization 8.8 0.2% transformers Dec 19 HIGH E CVE-2023-6909 MLflow: path traversal exposes arbitrary files (no auth) 7.5 85.7% mlflow Dec 18 HIGH E CVE-2023-6831 MLflow: path traversal allows arbitrary file write 8.1 74.0% mlflow Dec 15 HIGH E CVE-2023-6572 Gradio: command injection enables RCE on ML servers 8.1 2.5% gradio Dec 14 HIGH E CVE-2023-6753 MLflow: path traversal exposes arbitrary file read/write 8.8 2.4% mlflow Dec 13 HIGH E CVE-2023-6709 MLflow: SSTI enables RCE in ML experiment tracking 8.8 0.3% mlflow Dec 12 MEDI E CVE-2023-6568 MLflow: reflected XSS via Content-Type header injection 6.1 33.4% mlflow Dec 7 HIGH E CVE-2023-43472 MLflow: unauth REST API leaks sensitive ML data 7.5 74.4% mlflow Dec 5 CRIT CVE-2023-48022 Ray: unauthenticated RCE via job submission API 9.8 92.2% ray Nov 28 MEDI CVE-2023-48299 TorchServe: ZipSlip arbitrary file write via model upload 5.3 0.4% torchserve Nov 21 CRIT E CVE-2023-6020 Ray: unauthenticated LFI exposes entire filesystem 9.3 81.4% ray Nov 16 CRIT E CVE-2023-6014 MLflow: auth bypass allows arbitrary account creation 9.8 0.9% mlflow Nov 16 CRIT E CVE-2023-6019 Ray: unauthenticated RCE via dashboard command injection 9.8 88.8% ray Nov 16 CRIT E CVE-2023-6021 Ray: LFI allows unauthenticated file read 9.3 87.3% ray Nov 16

Need deeper analysis?

Get ATLAS technique mappings, compliance reports (ISO 42001, EU AI Act), breaking alerts, and full CISO analysis with a Pro subscription.

Start 14-Day Free Trial