AI Threat Alert

AI Security Threat Feed

Latest CVEs affecting AI/ML systems, updated continuously. Tracked from NVD, GitHub Advisory, and CISA KEV.

1,140

AI/ML CVEs Tracked

171

Critical

228

New This Week

2

In CISA KEV

Weekly CISO Take + top threats

Get the week's most critical AI security threats delivered every Monday. Free, no spam.

Sort: Date CVSS EPSS KEV first

Filter: All Critical High Medium KEV only Has patch No patch

Latest AI Security Threats

Showing 50 of 973 results — no patch

Severity CVE ID Summary CVSS EPSS Package Date

HIGH CVE-2025-30370 jupyterlab-git has a command injection... 7.4 0.1% — Apr 4 LOW CVE-2025-3136 A vulnerability, which was classified as... 3.3 — pytorch Apr 3 MEDI CVE-2025-3121 A vulnerability classified as problematic has... 5.5 — pytorch Apr 2 MEDI CVE-2025-31843 Missing Authorization vulnerability in Wilson... 4.3 — — Apr 1 MEDI CVE-2025-3001 A vulnerability classified as critical was found... 5.3 — pytorch Mar 31 MEDI CVE-2025-3000 A vulnerability classified as critical has been... 5.3 — pytorch Mar 31 MEDI CVE-2025-2999 A vulnerability was found in PyTorch 2.6.0. It... 5.3 — pytorch Mar 31 MEDI CVE-2025-2998 A vulnerability was found in PyTorch 2.6.0. It... 5.3 — pytorch Mar 31 MEDI CVE-2025-2953 A vulnerability, which was classified as... 5.5 0.2% pytorch Mar 30 HIGH CVE-2025-30358 Mesop is a Python-based UI framework that allows... 8.1 3.1% — Mar 27 CRIT CVE-2024-12029 InvokeAI Deserialization of Untrusted Data... 9.8 49.1% — Mar 21 HIGH CVE-2025-0330 LiteLLM Has a Leakage of Langfuse API Keys 7.5 0.1% litellm Mar 20 HIGH GHSA-5ccf-884p-4jjq Open WebUI Unauthenticated Multipart Boundary... 7.5 — open-webui Mar 20 CRIT CVE-2024-9052 vLLM deserialization vulnerability in... 9.8 0.3% vllm Mar 20 HIGH CVE-2024-7990 Open WebUI stored cross-site scripting (XSS)... 8.4 0.2% open-webui Mar 20 HIGH CVE-2024-8053 Open WebUI lacks authentication for the... 7.5 0.8% open-webui Mar 20 HIGH CVE-2024-7983 Open WebUI denial of service through endpoint for... 7.5 0.2% open-webui Mar 20 HIGH CVE-2024-8020 PyTorch Lightning denial of service vulnerability 7.5 0.1% pytorch-lightning Mar 20 MEDI CVE-2024-7046 Open WebUI Allows Viewing of Admin Details 4.3 0.1% open-webui Mar 20 MEDI CVE-2024-7035 Open WebUI Vulnerable to Cross-Site Request... 6.9 0.0% open-webui Mar 20 MEDI CVE-2024-7045 Open WebUI Has Improper Access Control Leading to... 4.3 0.1% open-webui Mar 20 HIGH CVE-2024-7053 Open WebUI Vulnerable to a Session Fixation Attack 7.6 0.2% open-webui Mar 20 MEDI CVE-2024-7034 Open WebUI Allows Arbitrary File Write via the... 6.5 3.0% open-webui Mar 20 HIGH CVE-2024-7036 Open WebUI Uncontrolled Resource Consumption... 7.5 0.5% open-webui Mar 20 HIGH CVE-2024-7039 Open WebUI Allows Admin Deletion via API Endpoint 8.3 0.1% open-webui Mar 20 HIGH CVE-2024-7043 Open WebUI Allows Arbitrary File Reading and... 8.1 0.1% open-webui Mar 20 MEDI CVE-2024-7044 Open WebUI Vulnerable to Cross-Site Scripting... 6.8 0.3% open-webui Mar 20 HIGH CVE-2024-6825 LiteLLM Vulnerable to Remote Code Execution (RCE) 8.8 1.3% litellm Mar 20 MEDI CVE-2024-7033 Open WebUI Allows Arbitrary File Write via the... 6.5 1.2% open-webui Mar 20 HIGH GHSA-w466-2wfc-8g58 Open WebUI has vulnerable dependency on starlette... 7.5 — open-webui Mar 20 HIGH CVE-2024-12537 Open WebUI Uncontrolled Resource Consumption... 7.5 0.8% open-webui Mar 20 MEDI GHSA-564p-rx2q-4c8v BentoML Open Redirect vulnerability 6.1 — bentoml Mar 20 HIGH CVE-2024-12534 Open WebUI Uncontrolled Resource Consumption... 7.5 0.2% open-webui Mar 20 HIGH GHSA-hh3j-9m59-p8vc BentoML vulnerable to Uncontrolled Resource... 7.5 — bentoml Mar 20 CRIT CVE-2024-11958 LlamaIndex Retrievers Integration:... 9.8 1.2% — Mar 20 HIGH CVE-2024-10572 H2O Vulnerable to Denial of Service (DoS) and... 7.5 0.1% — Mar 20 MEDI CVE-2025-1474 In mlflow/mlflow version 2.18, an admin is able... 5.5 0.1% mlflow Mar 20 HIGH CVE-2025-1473 A Cross-Site Request Forgery (CSRF) vulnerability... 7.1 0.1% mlflow Mar 20 HIGH CVE-2025-0453 In mlflow/mlflow version 2.17.2, the `/graphql`... 7.5 0.1% mlflow Mar 20 HIGH CVE-2025-0317 A vulnerability in ollama/ollama versions... 7.5 — ollama Mar 20 HIGH CVE-2025-0315 A vulnerability in ollama/ollama <=0.3.14 allows... 7.5 — ollama Mar 20 HIGH CVE-2025-0312 A vulnerability in ollama/ollama versions... 7.5 — ollama Mar 20 UNKN CVE-2025-0187 A Denial of Service (DoS) vulnerability was... — — gradio Mar 20 CRIT CVE-2024-9070 A deserialization vulnerability exists in... 9.8 0.3% bentoml Mar 20 HIGH CVE-2024-9056 BentoML version v1.3.4post1 is vulnerable to a... 7.5 0.2% bentoml Mar 20 CRIT CVE-2024-9053 vllm-project vllm version 0.6.0 contains a... 9.8 2.2% vllm Mar 20 HIGH CVE-2024-8966 A vulnerability in the file upload process of... 7.5 0.2% video Mar 20 HIGH CVE-2024-8859 A path traversal vulnerability exists in... 7.5 26.9% mlflow Mar 20 HIGH CVE-2024-8063 A divide by zero vulnerability exists in... 7.5 — ollama Mar 20 MEDI CVE-2024-8021 An open redirect vulnerability exists in the... 6.1 2.7% gradio Mar 20

Need deeper analysis?

Get ATLAS technique mappings, compliance reports (ISO 42001, EU AI Act), breaking alerts, and full CISO analysis with a Pro subscription.

Start 14-Day Free Trial