AI Threat Alert AI Threat Alert

AI Security Threat Feed

Latest CVEs affecting AI/ML systems, updated continuously. Tracked from NVD, GitHub Advisory, and CISA KEV.

1,604

AI/ML CVEs Tracked

225

Critical

78

New This Week

16

In CISA KEV

Sort: Date CVSS EPSS KEV first Most exploited
Filter: All Critical High Medium KEV only Active exploitation Has patch No patch

Latest AI Security Threats

Showing 20 of 485 results — High severity, no patch
HIGH EXPLOIT AVAIL

Keras: safe_mode bypass enables RCE via model load

CVE-2025-9906
7.3
EPSS 0.1%
Code Execution Supply Chain Framework Model
keras CWE-502 1.5K 6 ATLAS
HIGH EXPLOIT AVAIL

Keras: safe_mode bypass enables RCE via .h5 model files

CVE-2025-9905
7.3
EPSS 0.0%
Code Execution Supply Chain Framework Model
keras CWE-913 1.5K 5 ATLAS
HIGH EXPLOIT AVAIL

picklescan: file extension bypass allows model RCE

CVE-2025-10155
7.8
EPSS 0.1%
Supply Chain Code Execution Model Framework
picklescan CWE-20 3 5 ATLAS
HIGH EXPLOIT AVAIL

HuggingFace Transformers: ReDoS in MarianTokenizer

CVE-2025-6638
7.5
EPSS 0.0%
DoS Supply Chain Framework Inference
transformers CWE-1333 7.8K 4 ATLAS
HIGH EXPLOIT AVAIL

n8n: unrestricted file upload RCE via Chat Trigger

CVE-2025-56265
8.8
EPSS 0.1%
Code Execution Data Extraction Auth Bypass Framework Agent Plugin
n8n 16 5 ATLAS
HIGH EXPLOIT AVAIL

Langflow: privilege escalation to full superuser via CLI

CVE-2025-57760
8.8
EPSS 0.0%
Auth Bypass Code Execution Framework Agent
langflow CWE-269 5 ATLAS
HIGH EXPLOIT AVAIL

vLLM: unauthenticated DoS via oversized HTTP header

CVE-2025-48956
7.5
EPSS 0.3%
DoS Inference API Framework
vllm CWE-400 126 3 ATLAS
HIGH

Merlin Transformers4Rec: code injection via Python dep

CVE-2025-23298
7.8
EPSS 0.0%
Supply Chain Code Execution Framework
4 ATLAS
HIGH EXPLOIT AVAIL

Keras: safe mode bypass enables RCE via model load

CVE-2025-8747
7.8
EPSS 0.0%
Code Execution Supply Chain Framework Model
keras CWE-502 1.5K 5 ATLAS
HIGH

WP Contest Gallery: Stored XSS exposes OpenAI API creds

CVE-2025-7725
7.2
EPSS 0.3%
Data Extraction Code Execution Plugin API
4 ATLAS
HIGH

lollms: timing attack enables credential enumeration

CVE-2025-6386
7.5
EPSS 0.3%
Auth Bypass Data Extraction Framework Agent
lollms CWE-203 4 ATLAS
HIGH EXPLOIT AVAIL

Transformers: ReDoS in chat.py causes CPU exhaustion

CVE-2025-3262
7.5
EPSS 0.3%
DoS Framework
transformers CWE-1333 7.8K 3 ATLAS
HIGH EXPLOIT AVAIL

Langchain-Chatchat: path traversal exposes system files

CVE-2025-6855
8.8
EPSS 0.7%
Data Extraction Code Execution Framework RAG
langchain-chatchat CWE-22 2.6K 5 ATLAS
HIGH

Hive Support WP: OpenAI key theft + prompt hijack

CVE-2025-5018
7.1
EPSS 0.2%
Auth Bypass Data Extraction Prompt Injection API Plugin
6 ATLAS
HIGH EXPLOIT AVAIL

jupyter_core: config hijack enables cross-user code exec

CVE-2025-30167
7.3
EPSS 0.1%
Code Execution Supply Chain Data Extraction Framework Training Data
CWE-427 4 ATLAS
HIGH EXPLOIT AVAIL

Gradio: unauthenticated file copy enables disk DoS

CVE-2025-48889
7.5
EPSS 1.5%
DoS Framework Inference
gradio CWE-434 674 3 ATLAS
HIGH

vLLM: image hash collision enables multimodal cache leakage

CVE-2025-46722
7.3
EPSS 0.2%
Data Leakage Privacy Violation Inference Framework
vllm CWE-1023 126 4 ATLAS
HIGH EXPLOIT AVAIL

llama-index-cli: OS command injection enables RCE

CVE-2025-1753
7.8
EPSS 0.1%
Code Execution Supply Chain Framework Agent
llama-index CWE-78 229 4 ATLAS
HIGH

label-studio-ml: PyTorch .pt deserialization RCE in YOLO loader

CVE-2025-5173
7.8
EPSS 0.1%
Supply Chain Code Execution Framework Model
label-studio-ml CWE-502 1 4 ATLAS
HIGH EXPLOIT AVAIL

transformers: ReDoS in testing_utils causes DoS

CVE-2025-2099
7.5
EPSS 0.1%
DoS Framework
transformers CWE-1333 7.8K 3 ATLAS

Need deeper analysis?

Get ATLAS technique mappings, compliance reports (ISO 42001, EU AI Act), breaking alerts, and full CISO analysis with a Pro subscription.

Start 14-Day Free Trial